package com.ibm.ISecurityLocalObjectTokenBaseImpl;

import com.ibm.CORBA.iiop.ExtendedClientRequestInfo;
import com.ibm.CORBA.iiop.ORB;
import com.ibm.IExtendedSecurityReplaceablePriv.SessionEntryHolder;
import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ISecurityL13SupportImpl.SecurityMessages;
import com.ibm.ISecurityLocalObjectBaseL13Impl.CurrentImpl;
import com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthFailReason;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2TaggedComponent;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2TaggedComponentHolder;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.ClientSessionKey;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSEncodeDecodeException;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSFactory;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionManager;
import com.ibm.ISecurityUtilityImpl.CSIUtil;
import com.ibm.ISecurityUtilityImpl.MechanismAmbiguityException;
import com.ibm.ISecurityUtilityImpl.MechanismFactory;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ISecurityUtilityImpl.SecurityConfiguration;
import com.ibm.ISecurityUtilityImpl.SecurityMinorCodes;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.ISecurityUtilityImpl.VaultConstants;
import com.ibm.ISecurityUtilityImpl.WSSecurityContextFactory;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.websphere.security.auth.WSSecurityContextException;
import com.ibm.websphere.security.auth.WSSecurityContextResult;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.util.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialExpiredException;
import org.omg.CORBA.Any;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.INTERNAL;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.StringHolder;
import org.omg.CORBA.SystemException;
import org.omg.CORBA.TypeCodePackage.BadKind;
import org.omg.CSI.AuthorizationElement;
import org.omg.CSI.CompleteEstablishContext;
import org.omg.CSI.ContextError;
import org.omg.CSI.EstablishContext;
import org.omg.CSI.IdentityToken;
import org.omg.CSI.KRB5MechOID;
import org.omg.CSI.SASContextBody;
import org.omg.GSSUP.GSSUPMechOID;
import org.omg.GSSUP.InitialContextToken;
import org.omg.GSSUP.InitialContextTokenHelper;
import org.omg.IOP.Codec;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ClientRequestInfo;
import org.omg.PortableInterceptor.ServerRequestInfo;
import org.omg.Security.AssociationStatus;
import org.omg.Security.AuthenticationStatus;
import org.omg.Security.OpaqueHolder;
import org.omg.SecurityReplaceable.SecurityContextHolder;

/* loaded from: input_file:efixes/PQ95485/components/prereq.wsadie.plugins/update.jar:/eclipse/plugins/com.ibm.websphere.v51_5.1.0.4/lib/sas.jar:com/ibm/ISecurityLocalObjectTokenBaseImpl/SecurityContextImpl.class */
public class SecurityContextImpl extends com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl {
    private ORB orb;
    private Codec codec;
    private SecurityConfiguration secConfig;
    private VaultImpl vault;
    private String mechType;

    public SecurityContextImpl() {
        this.orb = null;
        this.codec = null;
        this.secConfig = null;
        this.vault = null;
        this.mechType = null;
    }

    public SecurityContextImpl(VaultImpl vaultImpl, String str) {
        super(vaultImpl, str);
        this.orb = null;
        this.codec = null;
        this.secConfig = null;
        this.vault = null;
        this.mechType = null;
        if (vaultImpl != null) {
            this.vault = vaultImpl;
            this.orb = vaultImpl.getORB();
            MechanismFactory mechanismFactory = vaultImpl.getMechanismFactory();
            this.secConfig = VaultImpl.getSecurityConfiguration();
            if (mechanismFactory != null) {
                try {
                    this._mechanismType = mechanismFactory.getMechanismTypeIdentity(2);
                } catch (MechanismAmbiguityException e) {
                    FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.SecurityContextImpl", "122", this);
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("SecurityContextImpl.SecurityContextImpl", "MechanismAmbiguityException occurred in getMechanismTypeIdentity.");
                        SecurityLogger.traceException("SecurityContextImpl.SecurityContextImpl", (Exception) e, 0, 0);
                    }
                }
            }
        }
    }

    public SecurityContextImpl(VaultImpl vaultImpl, String str, String str2) {
        super(vaultImpl, str);
        this.orb = null;
        this.codec = null;
        this.secConfig = null;
        this.vault = null;
        this.mechType = null;
        if (vaultImpl != null) {
            this.vault = vaultImpl;
            this.secConfig = VaultImpl.getSecurityConfiguration();
            this._mechanismType = str2;
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl
    public synchronized AssociationStatus csi_continue_security_context(ClientRequestInfo clientRequestInfo, SecurityContextHolder securityContextHolder) {
        CSIUtil cSIUtil = new CSIUtil();
        SASContextBody sASContextBody = null;
        switch (clientRequestInfo.reply_status()) {
            case 0:
            case 2:
            case 3:
            case 4:
                ServiceContext serviceContext = cSIUtil.get_sc_from_reply(clientRequestInfo);
                if (serviceContext != null) {
                    sASContextBody = cSIUtil.get_message_from_sc(serviceContext);
                }
                if (sASContextBody != null && sASContextBody.discriminator() == 1) {
                    CompleteEstablishContext complete_msg = sASContextBody.complete_msg();
                    cSIUtil.print_cec_message(complete_msg, "SecurityContextImpl.csi_continue_security_context");
                    WSSecurityContext wSSecurityContext = cSIUtil.getCurrent().getWSSecurityContext();
                    if (wSSecurityContext != null) {
                        try {
                            wSSecurityContext.completeSecContext(complete_msg.final_context_token);
                            wSSecurityContext.dispose();
                            break;
                        } catch (WSSecurityContextException e) {
                            FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_continue_security_context", "209", this);
                            String stringBuffer = new StringBuffer().append("Caught WSSecurityContextException in WSSecurityContext.completeSecContext(), reason: ").append(e.toString()).toString();
                            SecurityLogger.traceMessage("SecurityContextImpl.csi_continue_security_context", stringBuffer);
                            SecurityLogger.traceException("SecurityContextImpl.csi_continue_security_context", (Exception) e, 0, 0);
                            PrincipalAuthFailReason.map_auth_fail_to_minor_code(e.getMajor(), StringBytesConversion.getConvertedBytes(stringBuffer));
                            break;
                        }
                    }
                } else if (sASContextBody != null && sASContextBody.discriminator() == 4) {
                    cSIUtil.print_ce_message(sASContextBody.error_msg(), "SecurityContextImpl.csi_continue_security_context");
                    break;
                }
                break;
            case 1:
                try {
                    Any received_exception = clientRequestInfo.received_exception();
                    SystemException systemException = ((ExtendedClientRequestInfo) clientRequestInfo).getSystemException();
                    cSIUtil.read_detailed_message(clientRequestInfo);
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("SecurityContextImpl.csi_continue_security_context", new StringBuffer().append("A SYSTEM_EXCEPTION has been received: ").append(received_exception.type().id()).append(", Minor code: ").append(Long.toHexString(systemException.minor)).toString());
                    }
                } catch (BadKind e2) {
                    FFDCFilter.processException((Throwable) e2, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_continue_security_context", "245", (Object) this);
                }
                ServiceContext serviceContext2 = cSIUtil.get_sc_from_reply(clientRequestInfo);
                if (serviceContext2 != null) {
                    SASContextBody sASContextBody2 = cSIUtil.get_message_from_sc(serviceContext2);
                    if (sASContextBody2 != null && sASContextBody2.discriminator() == 4) {
                        cSIUtil.print_ce_message(sASContextBody2.error_msg(), "SecurityContextImpl.csi_continue_security_context");
                        break;
                    }
                } else {
                    return AssociationStatus.SecAssocFailure;
                }
                break;
        }
        return AssociationStatus.SecAssocSuccess;
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl
    public synchronized void csi_initialize(byte[] bArr, byte[] bArr2, OpaqueHolder opaqueHolder) throws WSLoginFailedException {
        String str = null;
        OpaqueHolder opaqueHolder2 = new OpaqueHolder();
        byte[] bArr3 = {100};
        Subject subject = null;
        String defaultRealm = ContextManagerFactory.getInstance().getDefaultRealm();
        if (SecurityLogger.debugTraceEnabled) {
            str = new StringBuffer().append("Setting identityName: ").append(getIdentityName()).toString();
            SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", str);
        }
        try {
            if (getIdentityName().equals(VaultConstants.ClientAuthToken)) {
                WSSecurityContext wSSecurityContext = null;
                try {
                    try {
                        WSSecurityContext createContext = WSSecurityContextFactory.getInstance().createContext(GSSFactory.getMechOIDFromGSSToken(bArr2));
                        WSSecurityContextResult acceptSecContext = createContext.acceptSecContext(new GSSFactory(GSSFactory.getMechOIDFromGSSToken(bArr2)).decodeGSSToken(bArr2));
                        if (acceptSecContext == null || acceptSecContext.getSubject() == null) {
                            if (SecurityLogger.debugTraceEnabled) {
                                str = "Subject returned from acceptSecContext is NULL.";
                                SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", str);
                            }
                            this._principalAuthFailReason = (byte) 7;
                            this._principalAuthFailDetail = StringBytesConversion.getConvertedBytes(str);
                            this._contextState = 4;
                            if (null == AuthenticationStatus.SecAuthFailure) {
                                SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", str);
                                AuthenticationStatus authenticationStatus = AuthenticationStatus.SecAuthFailure;
                                opaqueHolder2.value = StringBytesConversion.getConvertedBytes(str);
                            }
                            try {
                                createContext.dispose();
                                return;
                            } catch (WSSecurityContextException e) {
                                FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_initialize", "439", this);
                                AuthenticationStatus authenticationStatus2 = AuthenticationStatus.SecAuthFailure;
                                bArr3[0] = (byte) e.getMajor();
                                new StringBuffer().append("Caught WSSecurityContextException in WSSecurityContext.acceptSecContext(), reason: ").append(e.toString()).toString();
                                SecurityLogger.traceException("SecurityContextImpl.csi_initialize", (Exception) e, 0, 0);
                                return;
                            }
                        }
                        subject = acceptSecContext.getSubject();
                        if (acceptSecContext.getFinalToken() != null) {
                            setFinalToken(acceptSecContext.getFinalToken());
                        }
                        this._contextState = 3;
                        this._principalAuthFailReason = (byte) 100;
                        this._clientSubject = subject;
                        this._targetSubject = null;
                        this._mechanismType = this.mechType;
                        if (SecurityLogger.debugTraceEnabled) {
                            str = "Authentication success";
                            SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", str);
                        }
                        if (AuthenticationStatus.SecAuthSuccess == AuthenticationStatus.SecAuthFailure) {
                            SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", str);
                            AuthenticationStatus authenticationStatus3 = AuthenticationStatus.SecAuthFailure;
                            opaqueHolder2.value = StringBytesConversion.getConvertedBytes(str);
                        }
                        try {
                            createContext.dispose();
                        } catch (WSSecurityContextException e2) {
                            FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_initialize", "439", this);
                            AuthenticationStatus authenticationStatus4 = AuthenticationStatus.SecAuthFailure;
                            bArr3[0] = (byte) e2.getMajor();
                            new StringBuffer().append("Caught WSSecurityContextException in WSSecurityContext.acceptSecContext(), reason: ").append(e2.toString()).toString();
                            SecurityLogger.traceException("SecurityContextImpl.csi_initialize", (Exception) e2, 0, 0);
                        }
                    } catch (Throwable th) {
                        if (null == AuthenticationStatus.SecAuthFailure) {
                            SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", str);
                            AuthenticationStatus authenticationStatus5 = AuthenticationStatus.SecAuthFailure;
                            opaqueHolder2.value = StringBytesConversion.getConvertedBytes(str);
                        }
                        try {
                            wSSecurityContext.dispose();
                        } catch (WSSecurityContextException e3) {
                            FFDCFilter.processException(e3, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_initialize", "439", this);
                            AuthenticationStatus authenticationStatus6 = AuthenticationStatus.SecAuthFailure;
                            bArr3[0] = (byte) e3.getMajor();
                            new StringBuffer().append("Caught WSSecurityContextException in WSSecurityContext.acceptSecContext(), reason: ").append(e3.toString()).toString();
                            SecurityLogger.traceException("SecurityContextImpl.csi_initialize", (Exception) e3, 0, 0);
                        }
                        throw th;
                    }
                } catch (WSSecurityContextException e4) {
                    FFDCFilter.processException(e4, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_initialize", "380", this);
                    AuthenticationStatus authenticationStatus7 = AuthenticationStatus.SecAuthFailure;
                    bArr3[0] = (byte) e4.getMajor();
                    String stringBuffer = new StringBuffer().append("Caught WSSecurityContextException in WSSecurityContext.acceptSecContext(), reason: ").append(e4.toString()).toString();
                    SecurityLogger.traceException("SecurityContextImpl.csi_initialize", (Exception) e4, 0, 0);
                    if (authenticationStatus7 == AuthenticationStatus.SecAuthFailure) {
                        SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", stringBuffer);
                        AuthenticationStatus authenticationStatus8 = AuthenticationStatus.SecAuthFailure;
                        opaqueHolder2.value = StringBytesConversion.getConvertedBytes(stringBuffer);
                    }
                    try {
                        wSSecurityContext.dispose();
                    } catch (WSSecurityContextException e5) {
                        FFDCFilter.processException(e5, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_initialize", "439", this);
                        AuthenticationStatus authenticationStatus9 = AuthenticationStatus.SecAuthFailure;
                        bArr3[0] = (byte) e5.getMajor();
                        new StringBuffer().append("Caught WSSecurityContextException in WSSecurityContext.acceptSecContext(), reason: ").append(e5.toString()).toString();
                        SecurityLogger.traceException("SecurityContextImpl.csi_initialize", (Exception) e5, 0, 0);
                    }
                } catch (Exception e6) {
                    FFDCFilter.processException(e6, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_initialize", "416", this);
                    AuthenticationStatus authenticationStatus10 = AuthenticationStatus.SecAuthFailure;
                    bArr3[0] = 13;
                    String stringBuffer2 = new StringBuffer().append("Caught Java exception in WSSecurityContext.acceptSecContext(), reason: ").append(e6.toString()).toString();
                    SecurityLogger.traceException("SecurityContextImpl.csi_initialize", e6, 0, 0);
                    if (authenticationStatus10 == AuthenticationStatus.SecAuthFailure) {
                        SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", stringBuffer2);
                        AuthenticationStatus authenticationStatus11 = AuthenticationStatus.SecAuthFailure;
                        opaqueHolder2.value = StringBytesConversion.getConvertedBytes(stringBuffer2);
                    }
                    try {
                        wSSecurityContext.dispose();
                    } catch (WSSecurityContextException e7) {
                        FFDCFilter.processException(e7, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_initialize", "439", this);
                        AuthenticationStatus authenticationStatus12 = AuthenticationStatus.SecAuthFailure;
                        bArr3[0] = (byte) e7.getMajor();
                        new StringBuffer().append("Caught WSSecurityContextException in WSSecurityContext.acceptSecContext(), reason: ").append(e7.toString()).toString();
                        SecurityLogger.traceException("SecurityContextImpl.csi_initialize", (Exception) e7, 0, 0);
                    }
                }
            } else if (getIdentityName().equals(VaultConstants.ClientCertificate)) {
                String convertedString = StringBytesConversion.getConvertedString(bArr2);
                if (convertedString == null || convertedString.length() < 1) {
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", "ClientCertificate Security name == NULL.");
                    }
                    this._contextState = 4;
                    this._principalAuthFailReason = (byte) 1;
                    return;
                }
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", new StringBuffer().append("ClientCertificate Security name == ").append(convertedString).toString());
                }
                try {
                    subject = (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction(this, defaultRealm, convertedString, getIdentityName(), getIdentityValue()) { // from class: com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.1
                        private final String val$_realm;
                        private final String val$_userid;
                        private final String val$identityName;
                        private final byte[] val$identityValue;
                        private final SecurityContextImpl this$0;

                        {
                            this.this$0 = this;
                            this.val$_realm = defaultRealm;
                            this.val$_userid = convertedString;
                            this.val$identityName = r7;
                            this.val$identityValue = r8;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws WSLoginFailedException, CredentialDestroyedException, CredentialExpiredException {
                            Subject login = ContextManagerFactory.getInstance().login(this.val$_realm, this.val$_userid);
                            if (login == null) {
                                return null;
                            }
                            WSCredential wSCredential = (WSCredential) login.getPublicCredentials().iterator().next();
                            if (this.val$identityName != null) {
                                wSCredential.set("wssecurity.identity_name", this.val$identityName);
                                wSCredential.set("wssecurity.identity_value", this.val$identityValue);
                            }
                            return login;
                        }
                    });
                    this._contextState = 3;
                    this._principalAuthFailReason = (byte) 100;
                    this._clientSubject = subject;
                    this._targetSubject = null;
                    this._mechanismType = this.mechType;
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", "Authentication success");
                    }
                } catch (PrivilegedActionException e8) {
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", new StringBuffer().append("Exception occurred: ").append(e8.getException().getMessage()).toString());
                        SecurityLogger.traceException("SecurityContextImpl.csi_initialize", e8.getException(), 0, 0);
                    }
                    FFDCFilter.processException(e8.getException(), "com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.csi_initialize", "522", this);
                    throw e8.getException();
                }
            } else if (getIdentityName().startsWith("ITT")) {
                String convertedString2 = StringBytesConversion.getConvertedString(bArr2);
                if (convertedString2 == null || convertedString2.length() < 1) {
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", "IdentityAssertion Security name == NULL.");
                    }
                    this._contextState = 4;
                    this._principalAuthFailReason = (byte) 1;
                    return;
                }
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", new StringBuffer().append("IdentityAssertion Security name == ").append(convertedString2).toString());
                }
                try {
                    subject = (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction(this, defaultRealm, convertedString2, getIdentityName(), getIdentityValue()) { // from class: com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.2
                        private final String val$_realm;
                        private final String val$_userid;
                        private final String val$identityName;
                        private final byte[] val$identityValue;
                        private final SecurityContextImpl this$0;

                        {
                            this.this$0 = this;
                            this.val$_realm = defaultRealm;
                            this.val$_userid = convertedString2;
                            this.val$identityName = r7;
                            this.val$identityValue = r8;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws WSLoginFailedException, CredentialDestroyedException, CredentialExpiredException {
                            Subject login = ContextManagerFactory.getInstance().login(this.val$_realm, this.val$_userid);
                            if (login == null) {
                                return null;
                            }
                            WSCredential wSCredential = (WSCredential) login.getPublicCredentials().iterator().next();
                            if (this.val$identityName != null) {
                                wSCredential.set("wssecurity.identity_name", this.val$identityName);
                                wSCredential.set("wssecurity.identity_value", this.val$identityValue);
                            }
                            return login;
                        }
                    });
                } catch (PrivilegedActionException e9) {
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", new StringBuffer().append("Exception occurred: ").append(e9.getException().getMessage()).toString());
                        SecurityLogger.traceException("SecurityContextImpl.csi_initialize", e9.getException(), 0, 0);
                    }
                    FFDCFilter.processException(e9.getException(), "com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.csi_initialize", "589", this);
                    throw e9.getException();
                }
            }
            if (subject == null) {
                throw new WSLoginFailedException("Subject is null.  Authentication Failed.");
            }
            this._contextState = 3;
            this._principalAuthFailReason = (byte) 100;
            this._clientSubject = subject;
            this._targetSubject = null;
            this._mechanismType = this.mechType;
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", "Authentication success");
            }
        } catch (WSLoginFailedException e10) {
            this._contextState = 4;
            this._principalAuthFailReason = (byte) 0;
            this._principalAuthFailDetail = opaqueHolder2.value;
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", "Authentication failed");
            }
            throw e10;
        } catch (Exception e11) {
            this._contextState = 4;
            this._principalAuthFailReason = (byte) 0;
            this._principalAuthFailDetail = opaqueHolder2.value;
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("SecurityContextImpl.csi_initialize", "Authentication failed");
            }
            throw new WSLoginFailedException(e11.getMessage(), e11);
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl
    public synchronized boolean csi_client_preprotect(ClientRequestInfo clientRequestInfo, SecurityContextHolder securityContextHolder) {
        String str;
        String str2 = null;
        ServiceContext serviceContext = null;
        StringHolder stringHolder = new StringHolder();
        new OpaqueHolder();
        CSIUtil cSIUtil = new CSIUtil();
        Subject subject = null;
        new SessionEntryHolder();
        AuthorizationElement[] authorizationElementArr = {new AuthorizationElement(0, new byte[0])};
        IdentityToken identityToken = ((com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl) securityContextHolder.value).getIdentityToken();
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = this.vault.get_effective_policy(clientRequestInfo.request_id());
        ClientSessionKey clientSessionKey = cSIv2EffectivePerformPolicy.getClientSessionKey();
        str = "";
        byte[] bArr = null;
        long j = 0;
        SessionManager sessionManager = this.vault.getSessionManager();
        if (cSIv2EffectivePerformPolicy.isStateful()) {
            j = cSIv2EffectivePerformPolicy.getStatefulContextID();
            if (SecurityLogger.traceEnabled) {
                str2 = new StringBuffer().append("Effective policy indicates stateful request, client_context_id: ").append(j).toString();
                SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
            }
        } else if (SecurityLogger.traceEnabled) {
            str2 = "Effective policy indicates stateless request.";
            SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
        }
        if (((com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl) securityContextHolder.value).getTokenType().equals(VaultConstants.CLIENTAUTH_ONLY)) {
            str = cSIv2EffectivePerformPolicy != null ? cSIv2EffectivePerformPolicy.getTargetSecurityName() : "";
            if (str == null || str.equals("")) {
                str = RealmSecurityName.getRealm(stringHolder.value);
            }
            subject = getClientSubject();
        } else if (((com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl) securityContextHolder.value).getTokenType().equals(VaultConstants.CLIENTAUTH_AND_IDENTITY)) {
            try {
                if (SecurityLogger.traceEnabled) {
                    str2 = "Forming Client Authentication Token with Server's credentials";
                    SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
                }
                cSIUtil.getVault();
                SecurityConfiguration securityConfiguration = VaultImpl.getSecurityConfiguration();
                String str3 = securityConfiguration.getloginUserid();
                str = RealmSecurityName.getRealm(securityConfiguration.getprincipalName());
                subject = SubjectHelper.createBasicAuthSubject(str, str3, (String) AccessController.doPrivileged(new PrivilegedAction(this, securityConfiguration) { // from class: com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.3
                    private final SecurityConfiguration val$secConfig_doPriv;
                    private final SecurityContextImpl this$0;

                    {
                        this.this$0 = this;
                        this.val$secConfig_doPriv = securityConfiguration;
                    }

                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        return this.val$secConfig_doPriv.getloginPassword();
                    }
                }));
                if (SecurityLogger.traceEnabled) {
                    str2 = new StringBuffer().append("Forming Client Authentication Token with Server's credentials: username = ").append(str3).append(" realm = ").append(str).toString();
                    SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_client_preprotect", "650", this);
                if (SecurityLogger.traceEnabled) {
                    str2 = "Cannot get server's credentials (userid/password/realm) from security configuration";
                    SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
                    SecurityLogger.logException("SecurityContextImpl.csi_client_preprotect", e, 0, 0);
                }
                if (cSIv2EffectivePerformPolicy.isStateful() && j != 0) {
                    sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                }
                throw new NO_PERMISSION(str2, SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
            }
        } else if (SecurityLogger.traceEnabled) {
            str2 = "No Client Authentication Token will be put in the request";
            SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
        }
        if (subject != null) {
            try {
                WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
                WSSecurityContext createContext = WSSecurityContextFactory.getInstance().createContext(wSCredentialFromSubject.getOID());
                cSIUtil.getCurrent().setWSSecurityContext(createContext);
                bArr = new GSSFactory(wSCredentialFromSubject.getOID()).encodeGSSToken(createContext.initSecContext(subject, cSIv2EffectivePerformPolicy.getTargetHostName(), str));
            } catch (WSSecurityContextException e2) {
                FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_client_preprotect", "701", this);
                SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", new StringBuffer().append("Caught WSSecurityContextException in WSSecurityContext.initSecContext(), reason: ").append(e2.toString()).toString());
                SecurityLogger.traceException("SecurityContextImpl.csi_client_preprotect", (Exception) e2, 0, 0);
                if (cSIv2EffectivePerformPolicy.isStateful() && j != 0) {
                    sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                }
                PrincipalAuthFailReason.map_auth_fail_to_minor_code(e2.getMajor(), StringBytesConversion.getConvertedBytes(e2.toString()));
            } catch (Exception e3) {
                FFDCFilter.processException(e3, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_client_preprotect", "713", this);
                String stringBuffer = new StringBuffer().append("Caught Java exception in WSSecurityContext.initSecContext(), reason:, ").append(e3.toString()).toString();
                SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", stringBuffer);
                SecurityLogger.traceException("SecurityContextImpl.csi_client_preprotect", e3, 0, 0);
                if (cSIv2EffectivePerformPolicy.isStateful() && j != 0) {
                    sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                }
                throw new INTERNAL(stringBuffer, SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
            }
        } else if ((((com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl) securityContextHolder.value).getTokenType().equals(VaultConstants.CLIENTAUTH_ONLY) || ((com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl) securityContextHolder.value).getTokenType().equals(VaultConstants.CLIENTAUTH_AND_IDENTITY)) && subject == null) {
            if (SecurityLogger.traceEnabled) {
                str2 = SecurityMessages.getMsgOrUseDefault("JSAS0020W", "JSAS0020W: Unable to get credentials.");
                SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
            }
            if (cSIv2EffectivePerformPolicy.isStateful() && j != 0) {
                sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
            }
            throw new NO_PERMISSION(str2, SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
        }
        if (bArr == null) {
            bArr = new byte[0];
            if (SecurityLogger.traceEnabled) {
                SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", "Client Authentication Token is null.");
            }
        }
        EstablishContext establishContext = new EstablishContext(j, authorizationElementArr, identityToken, bArr);
        cSIUtil.print_ec_message(establishContext, "SecurityContextImpl.csi_client_preprotect");
        if (establishContext != null) {
            serviceContext = cSIUtil.create_sc_from_ec_message(establishContext);
        }
        if (serviceContext == null) {
            return true;
        }
        clientRequestInfo.add_request_service_context(serviceContext, true);
        return true;
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl
    public synchronized boolean csi_server_preprotect(ServerRequestInfo serverRequestInfo, SecurityContextHolder securityContextHolder) {
        ContextError contextError;
        new StringHolder();
        new OpaqueHolder();
        CSIUtil cSIUtil = new CSIUtil();
        new SessionEntryHolder();
        long j = 0;
        SessionManager sessionManager = this.vault.getSessionManager();
        boolean z = false;
        if (this.secConfig.getCSIv2ClaimStateful()) {
            z = sessionManager.csi_message_stateful_after_postinvoke(serverRequestInfo, securityContextHolder);
            j = sessionManager.csi_get_context_id_from_service_context(securityContextHolder);
        }
        switch (serverRequestInfo.reply_status()) {
            case 0:
                byte[] bArr = new byte[0];
                if (getFinalToken() != null) {
                    bArr = getFinalToken();
                }
                CompleteEstablishContext completeEstablishContext = new CompleteEstablishContext(j, z, bArr);
                cSIUtil.print_cec_message(completeEstablishContext, "SecurityContextImpl.csi_server_preprotect");
                ServiceContext create_sc_from_cec_message = cSIUtil.create_sc_from_cec_message(completeEstablishContext);
                if (create_sc_from_cec_message == null) {
                    return true;
                }
                serverRequestInfo.add_reply_service_context(create_sc_from_cec_message, true);
                return true;
            case 1:
                try {
                    Any sending_exception = serverRequestInfo.sending_exception();
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("SecurityContextImpl.csi_server_preprotect", new StringBuffer().append("A SYSTEM_EXCEPTION occurred: ").append(sending_exception.type().id()).append(".  Sending ContextError.").toString());
                    }
                } catch (BadKind e) {
                    FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_server_preprotect", "845", (Object) this);
                }
                byte[] serializeRootException = cSIUtil.serializeRootException();
                if (securityContextHolder != null) {
                    contextError = new ContextError(j, 0, ((com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl) securityContextHolder.value).get_minor_code(), serializeRootException);
                    cSIUtil.print_ce_message(contextError, "SecurityContextImpl.csi_server_preprotect");
                } else {
                    contextError = new ContextError(j, 0, 0, serializeRootException);
                    cSIUtil.print_ce_message(contextError, "SecurityContextImpl.csi_server_preprotect");
                }
                ServiceContext create_sc_from_ce_message = cSIUtil.create_sc_from_ce_message(contextError);
                if (create_sc_from_ce_message == null) {
                    return true;
                }
                serverRequestInfo.add_reply_service_context(create_sc_from_ce_message, true);
                return true;
            case 2:
                try {
                    Any sending_exception2 = serverRequestInfo.sending_exception();
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("SecurityContextImpl.csi_server_preprotect", new StringBuffer().append("A USER_EXCEPTION occurred: ").append(sending_exception2.type().id()).append(".  Sending CompleteEstablishContext.").toString());
                    }
                } catch (BadKind e2) {
                    FFDCFilter.processException((Throwable) e2, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_server_preprotect", "887", (Object) this);
                }
                byte[] bArr2 = new byte[0];
                if (getFinalToken() != null) {
                    bArr2 = getFinalToken();
                }
                CompleteEstablishContext completeEstablishContext2 = new CompleteEstablishContext(j, z, bArr2);
                cSIUtil.print_cec_message(completeEstablishContext2, "SecurityContextImpl.csi_server_preprotect");
                ServiceContext create_sc_from_cec_message2 = cSIUtil.create_sc_from_cec_message(completeEstablishContext2);
                if (create_sc_from_cec_message2 == null) {
                    return true;
                }
                serverRequestInfo.add_reply_service_context(create_sc_from_cec_message2, true);
                return true;
            case 3:
                byte[] bArr3 = new byte[0];
                if (getFinalToken() != null) {
                    bArr3 = getFinalToken();
                }
                CompleteEstablishContext completeEstablishContext3 = new CompleteEstablishContext(j, z, bArr3);
                cSIUtil.print_cec_message(completeEstablishContext3, "SecurityContextImpl.csi_server_preprotect");
                ServiceContext create_sc_from_cec_message3 = cSIUtil.create_sc_from_cec_message(completeEstablishContext3);
                if (create_sc_from_cec_message3 == null) {
                    return true;
                }
                serverRequestInfo.add_reply_service_context(create_sc_from_cec_message3, true);
                return true;
            case 4:
                byte[] bArr4 = new byte[0];
                if (getFinalToken() != null) {
                    bArr4 = getFinalToken();
                }
                CompleteEstablishContext completeEstablishContext4 = new CompleteEstablishContext(j, z, bArr4);
                cSIUtil.print_cec_message(completeEstablishContext4, "SecurityContextImpl.csi_server_preprotect");
                ServiceContext create_sc_from_cec_message4 = cSIUtil.create_sc_from_cec_message(completeEstablishContext4);
                if (create_sc_from_cec_message4 == null) {
                    return true;
                }
                serverRequestInfo.add_reply_service_context(create_sc_from_cec_message4, true);
                return true;
            default:
                return true;
        }
    }

    protected Codec getCodec() {
        return this.vault.getCodec();
    }

    private byte[] create_server_gssup_context_token(String str, String str2, String str3, ClientRequestInfo clientRequestInfo) {
        CSIv2TaggedComponentHolder cSIv2TaggedComponent;
        CSIv2TaggedComponent cSIv2TaggedComponent2;
        String str4 = "";
        try {
            CSIUtil cSIUtil = new CSIUtil();
            GSSFactory gSSFactory = this.secConfig.getauthenticationTarget() == 6 ? new GSSFactory(KRB5MechOID.value) : this.secConfig.getauthenticationTarget() == 8 ? new GSSFactory(this.secConfig.getWSSecurityContextCustomOID()) : this.secConfig.getauthenticationTarget() == 1 ? new GSSFactory("oid:1.3.18.0.2.30.2") : new GSSFactory(GSSUPMechOID.value);
            InitialContextToken initialContextToken = new InitialContextToken();
            String str5 = null;
            CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = null;
            if (cSIUtil.getVault() != null) {
                cSIv2EffectivePerformPolicy = cSIUtil.getVault().get_effective_policy(clientRequestInfo.request_id());
            } else if (this.vault != null) {
                cSIv2EffectivePerformPolicy = this.vault.get_effective_policy(clientRequestInfo.request_id());
            }
            if (cSIv2EffectivePerformPolicy != null && (cSIv2TaggedComponent = cSIv2EffectivePerformPolicy.getCSIv2TaggedComponent()) != null && (cSIv2TaggedComponent2 = cSIv2TaggedComponent.value) != null && cSIv2TaggedComponent2.getAS_context_mech_holder() != null && cSIv2TaggedComponent2.getAS_context_mech_holder().value != null) {
                try {
                    initialContextToken.target_name = cSIv2TaggedComponent2.getAS_context_mech_holder().value.target_name;
                    if (initialContextToken.target_name != null) {
                        try {
                            str5 = gSSFactory.decodeExportedTargetName(initialContextToken.target_name);
                        } catch (GSSEncodeDecodeException e) {
                            FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.create_server_gssup_context_token", "1048", this);
                            throw new BAD_PARAM(new StringBuffer().append(str4).append("  Original exception = ").append(e).toString(), SecurityMinorCodes.GSS_FORMAT_ERROR, CompletionStatus.COMPLETED_NO);
                        }
                    }
                } catch (Exception e2) {
                    FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.create_server_gssup_context_token", "1032", this);
                    SecurityLogger.logException("SecurityContextImpl.create_server_gssup_context_token", e2, 0, 0);
                    throw new INTERNAL(new StringBuffer().append("Unable to get target_name from AS_Context.  Original exception = ").append(e2).toString(), SecurityMinorCodes.VALUE_IS_NULL, CompletionStatus.COMPLETED_NO);
                }
            }
            if (initialContextToken.target_name == null) {
                initialContextToken.target_name = new byte[0];
                if (SecurityLogger.debugTraceEnabled) {
                    str4 = "Sending NULL target_name in GSSUP token.";
                    SecurityLogger.debugMessage("SecurityContextImpl.create_server_gssup_context_token", str4);
                }
            }
            if (str3 == null || str3.equals("")) {
                str3 = str5;
            }
            String stringBuffer = ((str3 != null && !str3.equals("")) || str == null || str.equals("")) ? ((str != null && !str.equals("")) || str3 == null || str3.equals("")) ? (str == null || str.equals("") || str3 == null || str3.equals("")) ? "" : new StringBuffer().append(str).append("@").append(str3).toString() : new StringBuffer().append("@").append(str3).toString() : str;
            if (SecurityLogger.debugTraceEnabled) {
                str4 = new StringBuffer().append("Scoped username in GSSUP token: ").append(stringBuffer).toString();
                SecurityLogger.debugMessage("SecurityContextImpl.create_server_gssup_context_token", str4);
            }
            initialContextToken.username = stringBuffer.getBytes("UTF8");
            if (str2 == null) {
                str2 = "";
            }
            initialContextToken.password = str2.getBytes("UTF8");
            if (this.orb == null && cSIUtil.getVault() != null) {
                this.orb = cSIUtil.getVault().getORB();
                if (this.orb == null) {
                    throw new INTERNAL("Orb is NULL.", SecurityMinorCodes.VALUE_IS_NULL, CompletionStatus.COMPLETED_NO);
                }
            }
            Any create_any = this.orb.create_any();
            if (create_any == null) {
                throw new INTERNAL("Any is NULL.", SecurityMinorCodes.VALUE_IS_NULL, CompletionStatus.COMPLETED_NO);
            }
            InitialContextTokenHelper.insert(create_any, initialContextToken);
            try {
                return gSSFactory.encodeGSSToken(getCodec().encode_value(create_any));
            } catch (Exception e3) {
                FFDCFilter.processException(e3, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.create_server_gssup_context_token", "1128", this);
                SecurityLogger.logException("SecurityContextImpl.create_server_gssup_context_token", e3, 0, 0);
                throw new INTERNAL(new StringBuffer().append("Exception getting codec factory and encoding Any.  Original exception: ").append(e3).toString(), SecurityMinorCodes.JAVA_EXCEPTION, CompletionStatus.COMPLETED_NO);
            }
        } catch (Exception e4) {
            FFDCFilter.processException(e4, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.create_server_gssup_context_token", "1140", this);
            SecurityLogger.logException("SecurityContextImpl.create_server_gssup_context_token", e4, 0, 0);
            throw new BAD_PARAM(new StringBuffer().append(str4).append("  Original exception = ").append(e4).toString(), SecurityMinorCodes.GSS_FORMAT_ERROR, CompletionStatus.COMPLETED_NO);
        }
    }

    public com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl getPrincipalAuthenticator() {
        try {
            return (com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl) ((CurrentImpl) this.vault.current()).principal_authenticator(this.vault.getAuthenticationTarget().mechtypeToAuthTarget(this._mechanismType));
        } catch (MechanismAmbiguityException e) {
            FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.getPrincipalAuthenticator", "1177", this);
            SecurityLogger.logActivity("SecurityContextImpl.getPrincipalAuthenticator", 0, "Unrecognized Mechanism type from current SecurityContext.");
            throw new INTERNAL(new StringBuffer().append("Unrecognized Mechanism type from current SecurityContext.").append("  Original exception = ").append(e).toString(), SecurityMinorCodes.MAL_FORMED_PARAMETERS, CompletionStatus.COMPLETED_NO);
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl
    public boolean csi_simple_authenticate(String str, String str2) {
        try {
            AuthenticationStatus authenticationStatus = null;
            try {
                authenticationStatus = getPrincipalAuthenticator().simple_authenticate(str, str2);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_simple_authenticate", "1229", this);
            }
            if (authenticationStatus == AuthenticationStatus.SecAuthSuccess) {
                if (!SecurityLogger.debugTraceEnabled) {
                    return true;
                }
                SecurityLogger.debugMessage("SecurityContextImpl.simple.authenticate", "Simple Authentication success");
                return true;
            }
            if (!SecurityLogger.debugTraceEnabled) {
                return false;
            }
            SecurityLogger.debugMessage("SecurityContextImpl.simple.authenticate", "Authentication failed");
            return false;
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.csi_simple_authenticate", "1258", this);
            SecurityLogger.debugMessage("SecurityContextImpl.simple.authenticate", SecurityMessages.getMsgOrUseDefault("JSAS0208E", "JSAS0208E: Internal error: system exception.  Take down all the error information and contact support for more assistance."));
            if (SecurityLogger.traceEnabled) {
                SecurityLogger.traceException("SecurityContextImpl.simple.authenticate", th, 0, 0);
            }
            throw new INTERNAL(new StringBuffer().append("Unexpected Java Exception: ").append(th.toString()).toString());
        }
    }
}
