package com.ibm.ISecurityLocalObjectTokenBaseImpl;

import com.ibm.CORBA.iiop.ExtendedClientRequestInfo;
import com.ibm.CORBA.iiop.ORB;
import com.ibm.IExtendedSecurityReplaceablePriv.SessionEntryHolder;
import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ISecurityL13SupportImpl.SecurityMessages;
import com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthFailReason;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2TaggedComponent;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2TaggedComponentHolder;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.ClientSessionKey;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSEncodeDecodeException;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSFactory;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionManager;
import com.ibm.ISecurityUtilityImpl.CSIUtil;
import com.ibm.ISecurityUtilityImpl.MechanismAmbiguityException;
import com.ibm.ISecurityUtilityImpl.MechanismFactory;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ISecurityUtilityImpl.SecurityConfiguration;
import com.ibm.ISecurityUtilityImpl.SecurityMinorCodes;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.ISecurityUtilityImpl.VaultConstants;
import com.ibm.ISecurityUtilityImpl.WSSecurityContextFactory;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.websphere.security.auth.WSSecurityContextException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.runtime.service.EndPointMgr;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.util.AccessController;
import com.ibm.wsspi.security.token.TokenHolder;
import com.ibm.wsspi.security.token.WSOpaqueTokenHelper;
import com.ibm.wsspi.security.token.WSSecurityPropagationHelper;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.security.auth.Subject;
import org.omg.CORBA.Any;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.INTERNAL;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.StringHolder;
import org.omg.CORBA.SystemException;
import org.omg.CORBA.TypeCodePackage.BadKind;
import org.omg.CSI.AuthorizationElement;
import org.omg.CSI.CompleteEstablishContext;
import org.omg.CSI.ContextError;
import org.omg.CSI.EstablishContext;
import org.omg.CSI.IdentityToken;
import org.omg.CSI.KRB5MechOID;
import org.omg.CSI.SASContextBody;
import org.omg.GSSUP.GSSUPMechOID;
import org.omg.GSSUP.InitialContextToken;
import org.omg.GSSUP.InitialContextTokenHelper;
import org.omg.IOP.Codec;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ClientRequestInfo;
import org.omg.PortableInterceptor.RequestInfo;
import org.omg.PortableInterceptor.ServerRequestInfo;
import org.omg.Security.AssociationStatus;
import org.omg.Security.OpaqueHolder;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ISecurityLocalObjectTokenBaseImpl/SecurityContextImpl.class */
public class SecurityContextImpl extends com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl {
    private static final long serialVersionUID = -1426189254434020015L;
    private ORB orb;
    private Codec codec;
    private SecurityConfiguration secConfig;
    private VaultImpl vault;
    private String mechType;
    static Class class$com$ibm$wsspi$security$token$TokenHolder;

    public SecurityContextImpl() {
        this.orb = null;
        this.codec = null;
        this.secConfig = null;
        this.vault = null;
        this.mechType = null;
    }

    public SecurityContextImpl(VaultImpl vaultImpl, String str) {
        super(vaultImpl, str);
        this.orb = null;
        this.codec = null;
        this.secConfig = null;
        this.vault = null;
        this.mechType = null;
        if (vaultImpl != null) {
            this.vault = vaultImpl;
            this.orb = vaultImpl.getORB();
            MechanismFactory mechanismFactory = vaultImpl.getMechanismFactory();
            this.secConfig = VaultImpl.getSecurityConfiguration();
            if (mechanismFactory != null) {
                try {
                    this._mechanismType = mechanismFactory.getMechanismTypeIdentity(this.secConfig.getWSSecurityContextActiveOID());
                } catch (MechanismAmbiguityException e) {
                    FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.SecurityContextImpl", "184", this);
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("SecurityContextImpl.SecurityContextImpl", "MechanismAmbiguityException occurred in getMechanismTypeIdentity.");
                        SecurityLogger.traceException("SecurityContextImpl.SecurityContextImpl", (Exception) e, 0, 0);
                    }
                }
            }
        }
    }

    public SecurityContextImpl(VaultImpl vaultImpl, String str, String str2) {
        super(vaultImpl, str);
        this.orb = null;
        this.codec = null;
        this.secConfig = null;
        this.vault = null;
        this.mechType = null;
        if (vaultImpl != null) {
            this.vault = vaultImpl;
            this.secConfig = VaultImpl.getSecurityConfiguration();
            this._mechanismType = str2;
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl
    public synchronized AssociationStatus csi_continue_security_context(ClientRequestInfo clientRequestInfo, com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl securityContextImpl) {
        CSIUtil cSIUtil = new CSIUtil();
        SASContextBody sASContextBody = null;
        switch (clientRequestInfo.reply_status()) {
            case 0:
            case 2:
            case 3:
            case 4:
                ServiceContext serviceContext = cSIUtil.get_sc_from_reply((RequestInfo) clientRequestInfo);
                if (serviceContext != null) {
                    sASContextBody = cSIUtil.get_message_from_sc(serviceContext);
                }
                if (sASContextBody != null && sASContextBody.discriminator() == 1) {
                    CompleteEstablishContext complete_msg = sASContextBody.complete_msg();
                    cSIUtil.print_cec_message(complete_msg, "SecurityContextImpl.csi_continue_security_context");
                    WSSecurityContext wSSecurityContext = cSIUtil.getCurrent().getWSSecurityContext();
                    if (wSSecurityContext != null) {
                        try {
                            wSSecurityContext.completeSecContext(complete_msg.final_context_token);
                            wSSecurityContext.dispose();
                            break;
                        } catch (WSSecurityContextException e) {
                            FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_continue_security_context", "271", this);
                            String stringBuffer = new StringBuffer().append("Caught WSSecurityContextException in WSSecurityContext.completeSecContext(), reason: ").append(e.toString()).toString();
                            SecurityLogger.traceMessage("SecurityContextImpl.csi_continue_security_context", stringBuffer);
                            SecurityLogger.traceException("SecurityContextImpl.csi_continue_security_context", (Exception) e, 0, 0);
                            PrincipalAuthFailReason.map_auth_fail_to_minor_code(e.getMajor(), StringBytesConversion.getConvertedBytes(stringBuffer));
                            break;
                        }
                    }
                } else if (sASContextBody != null && sASContextBody.discriminator() == 4) {
                    cSIUtil.print_ce_message(sASContextBody.error_msg(), "SecurityContextImpl.csi_continue_security_context");
                    break;
                }
                break;
            case 1:
                try {
                    Any received_exception = clientRequestInfo.received_exception();
                    SystemException systemException = ((ExtendedClientRequestInfo) clientRequestInfo).getSystemException();
                    cSIUtil.read_detailed_message(clientRequestInfo);
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("SecurityContextImpl.csi_continue_security_context", new StringBuffer().append("A SYSTEM_EXCEPTION has been received: ").append(received_exception.type().id()).append(", Minor code: ").append(Long.toHexString(systemException.minor)).toString());
                    }
                } catch (BadKind e2) {
                    FFDCFilter.processException((Throwable) e2, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_continue_security_context", "307", (Object) this);
                }
                ServiceContext serviceContext2 = cSIUtil.get_sc_from_reply((RequestInfo) clientRequestInfo);
                if (serviceContext2 != null) {
                    SASContextBody sASContextBody2 = cSIUtil.get_message_from_sc(serviceContext2);
                    if (sASContextBody2 != null && sASContextBody2.discriminator() == 4) {
                        cSIUtil.print_ce_message(sASContextBody2.error_msg(), "SecurityContextImpl.csi_continue_security_context");
                        break;
                    }
                } else {
                    return AssociationStatus.SecAssocFailure;
                }
                break;
        }
        return AssociationStatus.SecAssocSuccess;
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl
    public synchronized void csi_initialize(byte[] bArr, byte[] bArr2, X509Certificate[] x509CertificateArr, OpaqueHolder opaqueHolder) throws WSLoginFailedException {
        csi_initialize(bArr, bArr2, x509CertificateArr, opaqueHolder, null);
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:47:0x01ee
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl
    public synchronized void csi_initialize(byte[] r10, byte[] r11, java.security.cert.X509Certificate[] r12, org.omg.Security.OpaqueHolder r13, java.util.Map r14) throws com.ibm.websphere.security.auth.WSLoginFailedException {
        /*
            Method dump skipped, instructions count: 1178
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_initialize(byte[], byte[], java.security.cert.X509Certificate[], org.omg.Security.OpaqueHolder, java.util.Map):void");
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl
    public synchronized boolean csi_client_preprotect(ClientRequestInfo clientRequestInfo, com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl securityContextImpl) {
        String str;
        String targetHostName;
        String str2 = null;
        ServiceContext serviceContext = null;
        StringHolder stringHolder = new StringHolder();
        new OpaqueHolder();
        CSIUtil cSIUtil = new CSIUtil();
        Subject subject = null;
        Subject clientSubject = getClientSubject();
        new SessionEntryHolder();
        AuthorizationElement[] authorizationElementArr = {new AuthorizationElement(0, new byte[0])};
        IdentityToken identityToken = securityContextImpl.getIdentityToken();
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = this.vault.get_effective_policy(clientRequestInfo.request_id());
        ClientSessionKey clientSessionKey = cSIv2EffectivePerformPolicy.getClientSessionKey();
        str = "";
        byte[] bArr = null;
        boolean z = false;
        long j = 0;
        SessionManager sessionManager = this.vault.getSessionManager();
        if (cSIv2EffectivePerformPolicy.isStateful()) {
            j = cSIv2EffectivePerformPolicy.getStatefulContextID();
            if (SecurityLogger.traceEnabled) {
                str2 = new StringBuffer().append("Effective policy indicates stateful request, client_context_id: ").append(j).toString();
                SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
            }
        } else if (SecurityLogger.traceEnabled) {
            str2 = "Effective policy indicates stateless request.";
            SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
        }
        if (securityContextImpl.getTokenType().equals(VaultConstants.CLIENTAUTH_ONLY)) {
            str = cSIv2EffectivePerformPolicy != null ? cSIv2EffectivePerformPolicy.getTargetSecurityName() : "";
            if (str == null || str.equals("")) {
                str = RealmSecurityName.getRealm(stringHolder.value);
            }
            subject = getClientSubject();
        } else if (securityContextImpl.getTokenType().equals(VaultConstants.CLIENTAUTH_AND_IDENTITY)) {
            try {
                if (SecurityLogger.traceEnabled) {
                    str2 = "Forming Client Authentication Token";
                    SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
                }
                String cSIv2AlternateIdentityAssertionPerformTrustedId = this.secConfig.getCSIv2AlternateIdentityAssertionPerformTrustedId();
                String cSIv2AlternateIdentityAssertionPerformTrustedPassword = this.secConfig.getCSIv2AlternateIdentityAssertionPerformTrustedPassword();
                if (cSIv2AlternateIdentityAssertionPerformTrustedId != null && !cSIv2AlternateIdentityAssertionPerformTrustedId.equals("") && cSIv2AlternateIdentityAssertionPerformTrustedPassword != null && !cSIv2AlternateIdentityAssertionPerformTrustedPassword.equals("")) {
                    if (SecurityLogger.traceEnabled) {
                        str2 = "Alternate ID/Password has been specified.  Sending alternate Userid/Password for trusted identity.";
                        SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
                    }
                    str = ContextManagerFactory.getInstance().getDefaultRealm();
                    subject = SubjectHelper.createBasicAuthSubject(str, cSIv2AlternateIdentityAssertionPerformTrustedId, cSIv2AlternateIdentityAssertionPerformTrustedPassword);
                } else if (this.secConfig.getIsUseRegistryServerId()) {
                    cSIUtil.getVault();
                    SecurityConfiguration securityConfiguration = VaultImpl.getSecurityConfiguration();
                    String str3 = securityConfiguration.getloginUserid();
                    str = RealmSecurityName.getRealm(securityConfiguration.getprincipalName());
                    String str4 = (String) AccessController.doPrivileged(new PrivilegedAction(this, securityConfiguration) { // from class: com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.3
                        private final SecurityConfiguration val$secConfig_doPriv;
                        private final SecurityContextImpl this$0;

                        {
                            this.this$0 = this;
                            this.val$secConfig_doPriv = securityConfiguration;
                        }

                        @Override // java.security.PrivilegedAction
                        public Object run() {
                            return this.val$secConfig_doPriv.getloginPassword();
                        }
                    });
                    if (str4 == null || str4.equals("")) {
                        if (SecurityLogger.traceEnabled) {
                            str2 = "Alternate ID/Password is not specified.  Sending server's token for trusted identity.";
                            SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
                        }
                        subject = ContextManagerFactory.getInstance().getServerSubject();
                        z = true;
                    } else {
                        if (SecurityLogger.traceEnabled) {
                            str2 = "Alternate ID/Password is not specified.  Sending server's token for trusted identity.";
                            SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
                        }
                        subject = SubjectHelper.createBasicAuthSubject(str, str3, str4);
                    }
                } else {
                    if (SecurityLogger.traceEnabled) {
                        str2 = "UserRegistry server ID is not set and alternate ID/Password is not specified.  Sending server's LTPA token for trusted identity.";
                        SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
                    }
                    subject = ContextManagerFactory.getInstance().getServerSubject();
                    z = true;
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_client_preprotect", "832", this);
                if (SecurityLogger.traceEnabled) {
                    str2 = "Cannot get server's credentials (userid/password/realm) from security configuration";
                    SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
                    SecurityLogger.logException("SecurityContextImpl.csi_client_preprotect", e, 0, 0);
                }
                if (cSIv2EffectivePerformPolicy.isStateful() && j != 0) {
                    sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                }
                throw new NO_PERMISSION(str2, SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
            }
        } else if (SecurityLogger.traceEnabled) {
            str2 = "No Client Authentication Token will be put in the request";
            SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
        }
        if (subject != null) {
            try {
                WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
                if (wSCredentialFromSubject != null && wSCredentialFromSubject.isForwardable()) {
                    WSSecurityContextFactory wSSecurityContextFactory = WSSecurityContextFactory.getInstance();
                    WSSecurityContext createContext = wSCredentialFromSubject.isBasicAuth() ? wSSecurityContextFactory.createContext(GSSUPMechOID.value) : z ? wSSecurityContextFactory.createContext(wSCredentialFromSubject.getOID()) : wSSecurityContextFactory.createContext(cSIv2EffectivePerformPolicy.getPerformClientAuthMechOID());
                    cSIUtil.getCurrent().setWSSecurityContext(createContext);
                    if (KRB5MechOID.value.endsWith(cSIv2EffectivePerformPolicy.getPerformClientAuthMechOID())) {
                        String targetHostName2 = cSIv2EffectivePerformPolicy.getTargetHostName();
                        String realm = RealmSecurityName.getRealm(RealmSecurityName.getSecurityName(cSIv2EffectivePerformPolicy.getTargetSecurityName()));
                        if (realm == null) {
                            throw new NO_PERMISSION(str2, SecurityMinorCodes.INVALID_SECURITY_NAME, CompletionStatus.COMPLETED_NO);
                        }
                        targetHostName = new StringBuffer().append(realm).append(EndPointMgr.DEFAULT).append(targetHostName2).toString();
                    } else {
                        targetHostName = cSIv2EffectivePerformPolicy.getTargetHostName();
                    }
                    if (SecurityLogger.traceEnabled) {
                        SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", new StringBuffer().append("Target server passed into initSecContext: ").append(targetHostName).toString());
                    }
                    bArr = (wSCredentialFromSubject.isBasicAuth() ? new GSSFactory(GSSUPMechOID.value) : z ? new GSSFactory(wSCredentialFromSubject.getOID()) : new GSSFactory(cSIv2EffectivePerformPolicy.getPerformClientAuthMechOID())).encodeGSSToken(createContext.initSecContext(subject, targetHostName, str));
                    if (WSSecurityPropagationHelper.getInstance().isRMIOutboundPropagationEnabled()) {
                        if (SecurityLogger.traceEnabled) {
                            SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", "Adding authorization token to the request.");
                        }
                        TokenHolder tokenHolder = null;
                        if (clientSubject != null) {
                            try {
                                tokenHolder = (TokenHolder) AccessController.doPrivileged(new PrivilegedExceptionAction(this, clientSubject) { // from class: com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.4
                                    private final Subject val$client_subject;
                                    private final SecurityContextImpl this$0;

                                    {
                                        this.this$0 = this;
                                        this.val$client_subject = clientSubject;
                                    }

                                    @Override // java.security.PrivilegedExceptionAction
                                    public Object run() throws Exception {
                                        Class cls;
                                        if (SecurityLogger.traceEnabled) {
                                            SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", new StringBuffer().append("Client subject: ").append(this.val$client_subject).toString());
                                        }
                                        Subject subject2 = this.val$client_subject;
                                        if (SecurityContextImpl.class$com$ibm$wsspi$security$token$TokenHolder == null) {
                                            cls = SecurityContextImpl.class$("com.ibm.wsspi.security.token.TokenHolder");
                                            SecurityContextImpl.class$com$ibm$wsspi$security$token$TokenHolder = cls;
                                        } else {
                                            cls = SecurityContextImpl.class$com$ibm$wsspi$security$token$TokenHolder;
                                        }
                                        Iterator it = subject2.getPrivateCredentials(cls).iterator();
                                        while (it != null && it.hasNext()) {
                                            Object next = it.next();
                                            if ((next instanceof TokenHolder) && ((TokenHolder) next).getName().equals(WSOpaqueTokenHelper.getInstance().getOpaqueTokenName()) && ((TokenHolder) next).getVersion() == WSOpaqueTokenHelper.getInstance().getOpaqueTokenVersion()) {
                                                if (SecurityLogger.traceEnabled) {
                                                    SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", "Returning token holder containing opaque authz token.");
                                                }
                                                return (TokenHolder) next;
                                            }
                                        }
                                        return null;
                                    }
                                });
                            } catch (PrivilegedActionException e2) {
                                FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_client_preprotect", "987", this);
                                if (SecurityLogger.traceEnabled) {
                                    SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", "Exception getting private/public tokens from Subject.");
                                    SecurityLogger.traceException("SecurityContextImpl.csi_client_preprotect", e2.getException(), 0, 0);
                                }
                            }
                        }
                        if (tokenHolder != null) {
                            authorizationElementArr[0] = new AuthorizationElement(SecurityMinorCodes.CSIV2_AUTHZ_TOKEN, tokenHolder.getBytes());
                        } else if (SecurityLogger.traceEnabled) {
                            SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", "Didn't find an authz token to propagate.");
                        }
                    }
                } else if (SecurityLogger.traceEnabled) {
                    SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", "WSCredential isn't forwardable, identity token insertion is skipped.");
                }
            } catch (WSSecurityContextException e3) {
                FFDCFilter.processException(e3, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_client_preprotect", "1022", this);
                SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", new StringBuffer().append("Caught WSSecurityContextException in WSSecurityContext.initSecContext(), reason: ").append(e3.toString()).toString());
                SecurityLogger.traceException("SecurityContextImpl.csi_client_preprotect", (Exception) e3, 0, 0);
                if (cSIv2EffectivePerformPolicy.isStateful() && j != 0) {
                    sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                }
                PrincipalAuthFailReason.map_auth_fail_to_minor_code(e3.getMajor(), StringBytesConversion.getConvertedBytes(e3.toString()));
            } catch (Exception e4) {
                FFDCFilter.processException(e4, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_client_preprotect", "1034", this);
                String stringBuffer = new StringBuffer().append("Caught Java exception in WSSecurityContext.initSecContext(), reason:, ").append(e4.toString()).toString();
                SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", stringBuffer);
                SecurityLogger.traceException("SecurityContextImpl.csi_client_preprotect", e4, 0, 0);
                if (cSIv2EffectivePerformPolicy.isStateful() && j != 0) {
                    sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                }
                throw new INTERNAL(stringBuffer, SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
            }
        } else if ((securityContextImpl.getTokenType().equals(VaultConstants.CLIENTAUTH_ONLY) || securityContextImpl.getTokenType().equals(VaultConstants.CLIENTAUTH_AND_IDENTITY)) && subject == null) {
            if (SecurityLogger.traceEnabled) {
                str2 = SecurityMessages.getMsgOrUseDefault("JSAS0020W", "JSAS0020W: Unable to get credentials.");
                SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
            }
            if (cSIv2EffectivePerformPolicy.isStateful() && j != 0) {
                sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
            }
            throw new NO_PERMISSION(str2, SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
        }
        if (bArr == null) {
            bArr = new byte[0];
            if (SecurityLogger.traceEnabled) {
                SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", "Client Authentication Token is null.");
            }
        }
        EstablishContext establishContext = new EstablishContext(j, authorizationElementArr, identityToken, bArr);
        cSIUtil.print_ec_message(establishContext, "SecurityContextImpl.csi_client_preprotect");
        if (establishContext != null) {
            serviceContext = cSIUtil.create_sc_from_ec_message(establishContext);
            if (cSIv2EffectivePerformPolicy.isStateful() && j != 0) {
                sessionManager.csi_client_session_ecmessage_update(j, clientSessionKey, establishContext);
            }
        }
        if (serviceContext == null) {
            return true;
        }
        clientRequestInfo.add_request_service_context(serviceContext, true);
        return true;
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl
    public synchronized boolean csi_server_preprotect(ServerRequestInfo serverRequestInfo, com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl securityContextImpl) {
        ContextError contextError;
        new StringHolder();
        new OpaqueHolder();
        CSIUtil cSIUtil = new CSIUtil();
        long j = get_stateful_context_id();
        this.vault.getSessionManager();
        boolean z = false;
        if (this.secConfig.getCSIv2ClaimStateful() && j > 0) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("SecurityContextImpl.csi_server_preprotect", new StringBuffer().append("Stateful set to true for CompleteEstablishContext.  ContextID: ").append(j).toString());
            }
            z = true;
        }
        switch (serverRequestInfo.reply_status()) {
            case 0:
                byte[] bArr = new byte[0];
                if (getFinalToken() != null) {
                    bArr = getFinalToken();
                }
                CompleteEstablishContext completeEstablishContext = new CompleteEstablishContext(j, z, bArr);
                cSIUtil.print_cec_message(completeEstablishContext, "SecurityContextImpl.csi_server_preprotect");
                ServiceContext create_sc_from_cec_message = cSIUtil.create_sc_from_cec_message(completeEstablishContext);
                if (create_sc_from_cec_message == null) {
                    return true;
                }
                serverRequestInfo.add_reply_service_context(create_sc_from_cec_message, true);
                return true;
            case 1:
                try {
                    Any sending_exception = serverRequestInfo.sending_exception();
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("SecurityContextImpl.csi_server_preprotect", new StringBuffer().append("A SYSTEM_EXCEPTION occurred: ").append(sending_exception.type().id()).append(".  Sending ContextError.").toString());
                    }
                } catch (BadKind e) {
                    FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_server_preprotect", "1172", (Object) this);
                }
                byte[] serializeRootException = cSIUtil.serializeRootException();
                if (securityContextImpl != null) {
                    contextError = securityContextImpl.get_minor_code() == 1229079304 ? new ContextError(j, 4, 1, serializeRootException) : new ContextError(j, 0, securityContextImpl.get_minor_code(), serializeRootException);
                    cSIUtil.print_ce_message(contextError, "SecurityContextImpl.csi_server_preprotect");
                } else {
                    contextError = new ContextError(j, 0, 0, serializeRootException);
                    cSIUtil.print_ce_message(contextError, "SecurityContextImpl.csi_server_preprotect");
                }
                ServiceContext create_sc_from_ce_message = cSIUtil.create_sc_from_ce_message(contextError);
                if (create_sc_from_ce_message == null) {
                    return true;
                }
                serverRequestInfo.add_reply_service_context(create_sc_from_ce_message, true);
                return true;
            case 2:
                try {
                    Any sending_exception2 = serverRequestInfo.sending_exception();
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("SecurityContextImpl.csi_server_preprotect", new StringBuffer().append("A USER_EXCEPTION occurred: ").append(sending_exception2.type().id()).append(".  Sending CompleteEstablishContext.").toString());
                    }
                } catch (BadKind e2) {
                    FFDCFilter.processException((Throwable) e2, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_server_preprotect", "1224", (Object) this);
                }
                byte[] bArr2 = new byte[0];
                if (getFinalToken() != null) {
                    bArr2 = getFinalToken();
                }
                CompleteEstablishContext completeEstablishContext2 = new CompleteEstablishContext(j, z, bArr2);
                cSIUtil.print_cec_message(completeEstablishContext2, "SecurityContextImpl.csi_server_preprotect");
                ServiceContext create_sc_from_cec_message2 = cSIUtil.create_sc_from_cec_message(completeEstablishContext2);
                if (create_sc_from_cec_message2 == null) {
                    return true;
                }
                serverRequestInfo.add_reply_service_context(create_sc_from_cec_message2, true);
                return true;
            case 3:
                byte[] bArr3 = new byte[0];
                if (getFinalToken() != null) {
                    bArr3 = getFinalToken();
                }
                CompleteEstablishContext completeEstablishContext3 = new CompleteEstablishContext(j, z, bArr3);
                cSIUtil.print_cec_message(completeEstablishContext3, "SecurityContextImpl.csi_server_preprotect");
                ServiceContext create_sc_from_cec_message3 = cSIUtil.create_sc_from_cec_message(completeEstablishContext3);
                if (create_sc_from_cec_message3 == null) {
                    return true;
                }
                serverRequestInfo.add_reply_service_context(create_sc_from_cec_message3, true);
                return true;
            case 4:
                byte[] bArr4 = new byte[0];
                if (getFinalToken() != null) {
                    bArr4 = getFinalToken();
                }
                CompleteEstablishContext completeEstablishContext4 = new CompleteEstablishContext(j, z, bArr4);
                cSIUtil.print_cec_message(completeEstablishContext4, "SecurityContextImpl.csi_server_preprotect");
                ServiceContext create_sc_from_cec_message4 = cSIUtil.create_sc_from_cec_message(completeEstablishContext4);
                if (create_sc_from_cec_message4 == null) {
                    return true;
                }
                serverRequestInfo.add_reply_service_context(create_sc_from_cec_message4, true);
                return true;
            default:
                return true;
        }
    }

    protected Codec getCodec() {
        return this.vault.getCodec();
    }

    private byte[] create_server_gssup_context_token(String str, String str2, String str3, ClientRequestInfo clientRequestInfo) {
        CSIv2TaggedComponentHolder cSIv2TaggedComponent;
        CSIv2TaggedComponent cSIv2TaggedComponent2;
        String str4 = "";
        try {
            CSIUtil cSIUtil = new CSIUtil();
            GSSFactory gSSFactory = this.secConfig.getauthenticationTarget() == 6 ? new GSSFactory(KRB5MechOID.value) : this.secConfig.getauthenticationTarget() == 8 ? new GSSFactory(this.secConfig.getWSSecurityContextCustomOID()) : this.secConfig.getauthenticationTarget() == 1 ? new GSSFactory("oid:1.3.18.0.2.30.2") : new GSSFactory(GSSUPMechOID.value);
            InitialContextToken initialContextToken = new InitialContextToken();
            String str5 = null;
            CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = null;
            if (cSIUtil.getVault() != null) {
                cSIv2EffectivePerformPolicy = cSIUtil.getVault().get_effective_policy(clientRequestInfo.request_id());
            } else if (this.vault != null) {
                cSIv2EffectivePerformPolicy = this.vault.get_effective_policy(clientRequestInfo.request_id());
            }
            if (cSIv2EffectivePerformPolicy != null && (cSIv2TaggedComponent = cSIv2EffectivePerformPolicy.getCSIv2TaggedComponent()) != null && (cSIv2TaggedComponent2 = cSIv2TaggedComponent.value) != null && cSIv2TaggedComponent2.getAS_context_mech_holder() != null && cSIv2TaggedComponent2.getAS_context_mech_holder().value != null) {
                try {
                    initialContextToken.target_name = cSIv2TaggedComponent2.getAS_context_mech_holder().value.target_name;
                    if (initialContextToken.target_name != null) {
                        try {
                            str5 = gSSFactory.decodeExportedTargetName(initialContextToken.target_name);
                        } catch (GSSEncodeDecodeException e) {
                            FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.create_server_gssup_context_token", "1371", this);
                            throw new BAD_PARAM(new StringBuffer().append(str4).append("  Original exception = ").append(e).toString(), SecurityMinorCodes.GSS_FORMAT_ERROR, CompletionStatus.COMPLETED_NO);
                        }
                    }
                } catch (Exception e2) {
                    FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.create_server_gssup_context_token", "1354", this);
                    SecurityLogger.logException("SecurityContextImpl.create_server_gssup_context_token", e2, 0, 0);
                    throw new INTERNAL(new StringBuffer().append("Unable to get target_name from AS_Context.  Original exception = ").append(e2).toString(), SecurityMinorCodes.VALUE_IS_NULL, CompletionStatus.COMPLETED_NO);
                }
            }
            if (initialContextToken.target_name == null) {
                initialContextToken.target_name = new byte[0];
                if (SecurityLogger.debugTraceEnabled) {
                    str4 = "Sending NULL target_name in GSSUP token.";
                    SecurityLogger.debugMessage("SecurityContextImpl.create_server_gssup_context_token", str4);
                }
            }
            if (str3 == null || str3.equals("")) {
                str3 = str5;
            }
            String stringBuffer = ((str3 != null && !str3.equals("")) || str == null || str.equals("")) ? ((str != null && !str.equals("")) || str3 == null || str3.equals("")) ? (str == null || str.equals("") || str3 == null || str3.equals("")) ? "" : new StringBuffer().append(str).append(EndPointMgr.DEFAULT).append(str3).toString() : new StringBuffer().append(EndPointMgr.DEFAULT).append(str3).toString() : str;
            if (SecurityLogger.debugTraceEnabled) {
                str4 = new StringBuffer().append("Scoped username in GSSUP token: ").append(stringBuffer).toString();
                SecurityLogger.debugMessage("SecurityContextImpl.create_server_gssup_context_token", str4);
            }
            initialContextToken.username = stringBuffer.getBytes("UTF8");
            if (str2 == null) {
                str2 = "";
            }
            initialContextToken.password = str2.getBytes("UTF8");
            if (this.orb == null && cSIUtil.getVault() != null) {
                this.orb = cSIUtil.getVault().getORB();
                if (this.orb == null) {
                    throw new INTERNAL("Orb is NULL.", SecurityMinorCodes.VALUE_IS_NULL, CompletionStatus.COMPLETED_NO);
                }
            }
            Any create_any = this.orb.create_any();
            if (create_any == null) {
                throw new INTERNAL("Any is NULL.", SecurityMinorCodes.VALUE_IS_NULL, CompletionStatus.COMPLETED_NO);
            }
            InitialContextTokenHelper.insert(create_any, initialContextToken);
            try {
                return gSSFactory.encodeGSSToken(getCodec().encode_value(create_any));
            } catch (Exception e3) {
                FFDCFilter.processException(e3, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.create_server_gssup_context_token", "1451", this);
                SecurityLogger.logException("SecurityContextImpl.create_server_gssup_context_token", e3, 0, 0);
                throw new INTERNAL(new StringBuffer().append("Exception getting codec factory and encoding Any.  Original exception: ").append(e3).toString(), SecurityMinorCodes.JAVA_EXCEPTION, CompletionStatus.COMPLETED_NO);
            }
        } catch (Exception e4) {
            FFDCFilter.processException(e4, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.create_server_gssup_context_token", "1464", this);
            SecurityLogger.logException("SecurityContextImpl.create_server_gssup_context_token", e4, 0, 0);
            throw new BAD_PARAM(new StringBuffer().append(str4).append("  Original exception = ").append(e4).toString(), SecurityMinorCodes.GSS_FORMAT_ERROR, CompletionStatus.COMPLETED_NO);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
