package com.ibm.ISecurityLocalObjectGSSUPImpl;

import com.ibm.CORBA.iiop.ORB;
import com.ibm.IExtendedSecurityReplaceablePriv.SessionEntryHolder;
import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ISecurityL13SupportImpl.SecurityMessages;
import com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthFailReason;
import com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2TaggedComponent;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2TaggedComponentHolder;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.ClientSessionKey;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSEncodeDecodeException;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSFactory;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionManager;
import com.ibm.ISecurityUtilityImpl.CSIUtil;
import com.ibm.ISecurityUtilityImpl.MechanismAmbiguityException;
import com.ibm.ISecurityUtilityImpl.MechanismFactory;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ISecurityUtilityImpl.SecurityConfiguration;
import com.ibm.ISecurityUtilityImpl.SecurityMinorCodes;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.ISecurityUtilityImpl.VaultConstants;
import com.ibm.ISecurityUtilityImpl.WSSecurityContextFactory;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.websphere.security.auth.WSSecurityContextException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.util.AccessController;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
import org.omg.CORBA.Any;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.INTERNAL;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.StringHolder;
import org.omg.CORBA.TypeCodePackage.BadKind;
import org.omg.CSI.AuthorizationElement;
import org.omg.CSI.CompleteEstablishContext;
import org.omg.CSI.ContextError;
import org.omg.CSI.EstablishContext;
import org.omg.CSI.IdentityToken;
import org.omg.GSSUP.GSSUPMechOID;
import org.omg.GSSUP.InitialContextToken;
import org.omg.GSSUP.InitialContextTokenHelper;
import org.omg.IOP.Codec;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ClientRequestInfo;
import org.omg.PortableInterceptor.ServerRequestInfo;
import org.omg.Security.AuthenticationStatus;
import org.omg.Security.OpaqueHolder;
import org.omg.SecurityLevel2.CredentialsHolder;
import org.omg.SecurityReplaceable.SecurityContextHolder;

/* loaded from: input_file:lib/sas.jar:com/ibm/ISecurityLocalObjectGSSUPImpl/SecurityContextImpl.class */
public class SecurityContextImpl extends com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl {
    ORB orb;
    Codec codec;
    SecurityConfiguration secConfig;
    VaultImpl vault;
    String mechType;
    GSSFactory _gFactory;

    private SecurityContextImpl() {
        this.orb = null;
        this.codec = null;
        this.secConfig = null;
        this.vault = null;
        this.mechType = null;
        this._gFactory = null;
    }

    public SecurityContextImpl(VaultImpl vaultImpl, String str) {
        super(vaultImpl, str);
        this.orb = null;
        this.codec = null;
        this.secConfig = null;
        this.vault = null;
        this.mechType = null;
        this._gFactory = null;
        if (vaultImpl != null) {
            this.vault = vaultImpl;
            this.orb = vaultImpl.getORB();
            MechanismFactory mechanismFactory = vaultImpl.getMechanismFactory();
            this.secConfig = VaultImpl.getSecurityConfiguration();
            this.vault.getGSSFactory(GSSUPMechOID.value);
            if (mechanismFactory != null) {
                try {
                    this._mechanismType = mechanismFactory.getMechanismTypeIdentity(2);
                } catch (MechanismAmbiguityException e) {
                    FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.SecurityContextImpl", "151", this);
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("SecurityContextImpl.SecurityContextImpl", "MechanismAmbiguityException occurred in getMechanismTypeIdentity.");
                        SecurityLogger.traceException("SecurityContextImpl.SecurityContextImpl", (Exception) e, 0, 0);
                    }
                }
            }
        }
    }

    public SecurityContextImpl(VaultImpl vaultImpl, String str, String str2) {
        super(vaultImpl, str);
        this.orb = null;
        this.codec = null;
        this.secConfig = null;
        this.vault = null;
        this.mechType = null;
        this._gFactory = null;
        if (vaultImpl != null) {
            this.vault = vaultImpl;
            MechanismFactory mechanismFactory = vaultImpl.getMechanismFactory();
            this.secConfig = VaultImpl.getSecurityConfiguration();
            if (mechanismFactory != null) {
                try {
                    this._mechanismType = mechanismFactory.getMechanismTypeIdentity(2);
                } catch (MechanismAmbiguityException e) {
                    FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.SecurityContextImpl", "188", this);
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("SecurityContextImpl.SecurityContextImpl", "MechanismAmbiguityException occurred in getMechanismTypeIdentity.");
                        SecurityLogger.traceException("SecurityContextImpl.SecurityContextImpl", (Exception) e, 0, 0);
                    }
                }
            }
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:2:0x001b. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:5:0x008c  */
    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized org.omg.Security.AssociationStatus csi_continue_security_context(org.omg.PortableInterceptor.ClientRequestInfo r6, org.omg.SecurityReplaceable.SecurityContextHolder r7) {
        /*
            Method dump skipped, instructions count: 517
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.csi_continue_security_context(org.omg.PortableInterceptor.ClientRequestInfo, org.omg.SecurityReplaceable.SecurityContextHolder):org.omg.Security.AssociationStatus");
    }

    /* JADX WARN: Removed duplicated region for block: B:31:0x0491 A[Catch: WSLoginFailedException -> 0x04d1, Exception -> 0x0501, TryCatch #8 {WSLoginFailedException -> 0x04d1, Exception -> 0x0501, blocks: (B:3:0x004e, B:5:0x0054, B:6:0x0074, B:10:0x0083, B:12:0x0098, B:13:0x00a5, B:15:0x00bf, B:17:0x00c7, B:19:0x00d6, B:20:0x00df, B:22:0x0103, B:24:0x0149, B:26:0x0160, B:28:0x0168, B:31:0x0491, B:33:0x04b5, B:37:0x04c4, B:38:0x04cd, B:41:0x0177, B:42:0x0112, B:44:0x0118, B:45:0x0124, B:59:0x01b8, B:60:0x01f6, B:62:0x01f9, B:63:0x0233, B:48:0x0238, B:50:0x024f, B:52:0x0257, B:54:0x02a7, B:57:0x0266, B:64:0x02a8, B:66:0x02b4, B:68:0x02bf, B:70:0x02e8, B:72:0x02ee, B:73:0x030c, B:75:0x0332, B:78:0x035f, B:80:0x0365, B:81:0x0396, B:82:0x03a8, B:83:0x02c8, B:85:0x03a9, B:87:0x03b5, B:89:0x03c0, B:91:0x03e9, B:93:0x03ef, B:94:0x040d, B:96:0x0433, B:99:0x0442, B:101:0x0448, B:102:0x0479, B:103:0x048b, B:104:0x03c9), top: B:2:0x004e, inners: #0, #1, #2, #5, #6 }] */
    /* JADX WARN: Removed duplicated region for block: B:37:0x04c4 A[Catch: WSLoginFailedException -> 0x04d1, Exception -> 0x0501, TryCatch #8 {WSLoginFailedException -> 0x04d1, Exception -> 0x0501, blocks: (B:3:0x004e, B:5:0x0054, B:6:0x0074, B:10:0x0083, B:12:0x0098, B:13:0x00a5, B:15:0x00bf, B:17:0x00c7, B:19:0x00d6, B:20:0x00df, B:22:0x0103, B:24:0x0149, B:26:0x0160, B:28:0x0168, B:31:0x0491, B:33:0x04b5, B:37:0x04c4, B:38:0x04cd, B:41:0x0177, B:42:0x0112, B:44:0x0118, B:45:0x0124, B:59:0x01b8, B:60:0x01f6, B:62:0x01f9, B:63:0x0233, B:48:0x0238, B:50:0x024f, B:52:0x0257, B:54:0x02a7, B:57:0x0266, B:64:0x02a8, B:66:0x02b4, B:68:0x02bf, B:70:0x02e8, B:72:0x02ee, B:73:0x030c, B:75:0x0332, B:78:0x035f, B:80:0x0365, B:81:0x0396, B:82:0x03a8, B:83:0x02c8, B:85:0x03a9, B:87:0x03b5, B:89:0x03c0, B:91:0x03e9, B:93:0x03ef, B:94:0x040d, B:96:0x0433, B:99:0x0442, B:101:0x0448, B:102:0x0479, B:103:0x048b, B:104:0x03c9), top: B:2:0x004e, inners: #0, #1, #2, #5, #6 }] */
    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized void csi_initialize(byte[] r9, byte[] r10, org.omg.Security.OpaqueHolder r11) throws com.ibm.websphere.security.auth.WSLoginFailedException {
        /*
            Method dump skipped, instructions count: 1342
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.csi_initialize(byte[], byte[], org.omg.Security.OpaqueHolder):void");
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl
    public synchronized boolean csi_client_preprotect(ClientRequestInfo clientRequestInfo, SecurityContextHolder securityContextHolder) {
        String str;
        String str2 = null;
        ServiceContext serviceContext = null;
        StringHolder stringHolder = new StringHolder();
        new OpaqueHolder();
        CSIUtil cSIUtil = new CSIUtil();
        Subject subject = null;
        new SessionEntryHolder();
        AuthorizationElement[] authorizationElementArr = {new AuthorizationElement(0, new byte[0])};
        IdentityToken identityToken = ((com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl) securityContextHolder.value).getIdentityToken();
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = this.vault.get_effective_policy(clientRequestInfo.request_id());
        ClientSessionKey clientSessionKey = cSIv2EffectivePerformPolicy.getClientSessionKey();
        str = "";
        byte[] bArr = null;
        long j = 0;
        SessionManager sessionManager = this.vault.getSessionManager();
        if (cSIv2EffectivePerformPolicy.isStateful()) {
            j = cSIv2EffectivePerformPolicy.getStatefulContextID();
            if (SecurityLogger.traceEnabled) {
                str2 = new StringBuffer().append("Effective policy indicates stateful request, client_context_id: ").append(j).toString();
                SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
            }
        } else if (SecurityLogger.traceEnabled) {
            str2 = "Effective policy indicates stateless request.";
            SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
        }
        if (((com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl) securityContextHolder.value).getTokenType().equals(VaultConstants.CLIENTAUTH_ONLY)) {
            str = cSIv2EffectivePerformPolicy != null ? cSIv2EffectivePerformPolicy.getTargetSecurityName() : "";
            if (str == null || str.equals("")) {
                str = RealmSecurityName.getRealm(stringHolder.value);
            }
            subject = getClientSubject();
        } else if (((com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl) securityContextHolder.value).getTokenType().equals(VaultConstants.CLIENTAUTH_AND_IDENTITY)) {
            try {
                new CredentialsHolder();
                new OpaqueHolder();
                new OpaqueHolder();
                cSIUtil.getVault();
                SecurityConfiguration securityConfiguration = VaultImpl.getSecurityConfiguration();
                String str3 = securityConfiguration.getloginUserid();
                str = RealmSecurityName.getRealm(securityConfiguration.getprincipalName());
                subject = SubjectHelper.createBasicAuthSubject(str, str3, (String) AccessController.doPrivileged(new PrivilegedAction(this, securityConfiguration) { // from class: com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.3
                    private final SecurityConfiguration val$secConfig_doPriv;
                    private final SecurityContextImpl this$0;

                    {
                        this.this$0 = this;
                        this.val$secConfig_doPriv = securityConfiguration;
                    }

                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        return this.val$secConfig_doPriv.getloginPassword();
                    }
                }));
                if (SecurityLogger.traceEnabled) {
                    str2 = new StringBuffer().append("Forming Client Authentication Token with Server's credentials: username = ").append(str3).append(" realm = ").append(str).toString();
                    SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.csi_client_preprotect", "688", this);
                if (SecurityLogger.traceEnabled) {
                    str2 = "Cannot get server's credentials (userid/password/realm) from security configuration";
                    SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
                    SecurityLogger.traceException("SecurityContextImpl.csi_client_preprotect", e, 0, 0);
                }
                if (cSIv2EffectivePerformPolicy.isStateful() && j != 0) {
                    sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                }
                throw new NO_PERMISSION(str2, SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
            }
        } else if (SecurityLogger.traceEnabled) {
            str2 = "No Client Authentication Token will be put in the request";
            SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
        }
        if (subject != null) {
            try {
                WSSecurityContext createContext = WSSecurityContextFactory.getInstance().createContext(GSSUPMechOID.value);
                cSIUtil.getCurrent().setWSSecurityContext(createContext);
                byte[] initSecContext = createContext.initSecContext(subject, cSIv2EffectivePerformPolicy.getTargetHostName(), str);
                if (initSecContext == null) {
                    SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", "The token returned by initSecContext was null.");
                    if (cSIv2EffectivePerformPolicy.isStateful() && j != 0) {
                        sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                    }
                    throw new BAD_PARAM(new StringBuffer().append("SecurityContextImpl.csi_client_preprotect").append(": ").append("The token returned by initSecContext was null.").toString(), SecurityMinorCodes.GSS_FORMAT_ERROR, CompletionStatus.COMPLETED_NO);
                }
                if (this._gFactory == null) {
                    this._gFactory = this.vault.getGSSFactory(GSSUPMechOID.value);
                }
                bArr = this._gFactory.encodeGSSToken(initSecContext);
            } catch (WSSecurityContextException e2) {
                FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.csi_client_preprotect", "757", this);
                SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", new StringBuffer().append("Caught WSSecurityContextException in WSSecurityContext.initSecContext(), reason: ").append(e2.toString()).toString());
                SecurityLogger.traceException("SecurityContextImpl.csi_client_preprotect", (Exception) e2, 0, 0);
                if (cSIv2EffectivePerformPolicy.isStateful() && j != 0) {
                    sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                }
                PrincipalAuthFailReason.map_auth_fail_to_minor_code(e2.getMajor(), StringBytesConversion.getConvertedBytes(e2.toString()));
            } catch (Exception e3) {
                FFDCFilter.processException(e3, "com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.csi_client_preprotect", "769", this);
                String stringBuffer = new StringBuffer().append("Caught Java exception in WSSecurityContext.initSecContext(), reason:, ").append(e3.toString()).toString();
                SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", stringBuffer);
                SecurityLogger.traceException("SecurityContextImpl.csi_client_preprotect", e3, 0, 0);
                if (cSIv2EffectivePerformPolicy.isStateful() && j != 0) {
                    sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                }
                throw new INTERNAL(stringBuffer, SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
            }
        } else if ((((com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl) securityContextHolder.value).getTokenType().equals(VaultConstants.CLIENTAUTH_ONLY) || ((com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl) securityContextHolder.value).getTokenType().equals(VaultConstants.CLIENTAUTH_AND_IDENTITY)) && subject == null) {
            if (SecurityLogger.traceEnabled) {
                str2 = SecurityMessages.getMsgOrUseDefault("JSAS0020W", "JSAS0020W: Unable to get credentials.");
                SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", str2);
            }
            if (cSIv2EffectivePerformPolicy.isStateful() && j != 0) {
                sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
            }
            throw new NO_PERMISSION(str2, SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
        }
        if (bArr == null) {
            bArr = new byte[0];
            if (SecurityLogger.traceEnabled) {
                SecurityLogger.traceMessage("SecurityContextImpl.csi_client_preprotect", "Client Authentication Token is null.");
            }
        }
        EstablishContext establishContext = new EstablishContext(j, authorizationElementArr, identityToken, bArr);
        cSIUtil.print_ec_message(establishContext, "SecurityContextImpl.csi_client_preprotect");
        if (establishContext != null) {
            serviceContext = cSIUtil.create_sc_from_ec_message(establishContext);
            if (cSIv2EffectivePerformPolicy.isStateful() && j != 0) {
                sessionManager.csi_client_session_ecmessage_update(j, clientSessionKey, establishContext);
            }
        }
        if (serviceContext == null) {
            return true;
        }
        clientRequestInfo.add_request_service_context(serviceContext, true);
        if (!SecurityLogger.debugTraceEnabled) {
            return true;
        }
        SecurityLogger.debugMessage("SecurityContextImpl.csi_client_preprotect", new StringBuffer().append("Security context data is ").append(serviceContext.context_data.length).append(" bytes in length").toString());
        return true;
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl
    public synchronized boolean csi_server_preprotect(ServerRequestInfo serverRequestInfo, SecurityContextHolder securityContextHolder) {
        ContextError contextError;
        new StringHolder();
        new OpaqueHolder();
        CSIUtil cSIUtil = new CSIUtil();
        new SessionEntryHolder();
        long j = 0;
        SessionManager sessionManager = this.vault.getSessionManager();
        boolean z = false;
        if (this.secConfig.getCSIv2ClaimStateful()) {
            z = sessionManager.csi_message_stateful_after_postinvoke(serverRequestInfo, securityContextHolder);
            j = sessionManager.csi_get_context_id_from_service_context(securityContextHolder);
        }
        switch (serverRequestInfo.reply_status()) {
            case 0:
                if (cSIUtil.get_message_type(serverRequestInfo) == 5) {
                    if (!SecurityLogger.debugTraceEnabled) {
                        return true;
                    }
                    SecurityLogger.debugMessage("SecurityContextImpl.csi_client_preprotect", "SUCCESSFUL reply for MessageInContext.  No service context created for reply per CSIv2 spec.");
                    return true;
                }
                byte[] bArr = new byte[0];
                if (getFinalToken() != null) {
                    bArr = getFinalToken();
                }
                CompleteEstablishContext completeEstablishContext = new CompleteEstablishContext(j, z, bArr);
                cSIUtil.print_cec_message(completeEstablishContext, "SecurityContextImpl.csi_client_preprotect");
                ServiceContext create_sc_from_cec_message = cSIUtil.create_sc_from_cec_message(completeEstablishContext);
                if (create_sc_from_cec_message == null) {
                    return true;
                }
                serverRequestInfo.add_reply_service_context(create_sc_from_cec_message, true);
                if (!SecurityLogger.debugTraceEnabled) {
                    return true;
                }
                SecurityLogger.debugMessage("SecurityContextImpl.csi_client_preprotect", new StringBuffer().append("Security context data is ").append(create_sc_from_cec_message.context_data.length).append(" bytes in length").toString());
                return true;
            case 1:
                try {
                    Any sending_exception = serverRequestInfo.sending_exception();
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("SecurityContextImpl.csi_client_preprotect", new StringBuffer().append("A SYSTEM_EXCEPTION occurred: ").append(sending_exception.type().id()).append(".  Sending ContextError.").toString());
                    }
                } catch (BadKind e) {
                    FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.csi_server_preprotect", "939", (Object) this);
                }
                byte[] serializeRootException = cSIUtil.serializeRootException();
                if (securityContextHolder != null) {
                    contextError = new ContextError(j, 0, ((com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl) securityContextHolder.value).get_minor_code(), serializeRootException);
                    cSIUtil.print_ce_message(contextError, "SecurityContextImpl.csi_client_preprotect");
                } else {
                    contextError = new ContextError(j, 0, 0, serializeRootException);
                    cSIUtil.print_ce_message(contextError, "SecurityContextImpl.csi_client_preprotect");
                }
                ServiceContext create_sc_from_ce_message = cSIUtil.create_sc_from_ce_message(contextError);
                if (create_sc_from_ce_message == null) {
                    return true;
                }
                serverRequestInfo.add_reply_service_context(create_sc_from_ce_message, true);
                if (!SecurityLogger.debugTraceEnabled) {
                    return true;
                }
                SecurityLogger.debugMessage("SecurityContextImpl.csi_client_preprotect", new StringBuffer().append("Security context data is ").append(create_sc_from_ce_message.context_data.length).append(" bytes in length").toString());
                return true;
            case 2:
                if (cSIUtil.get_message_type(serverRequestInfo) == 5) {
                    if (!SecurityLogger.debugTraceEnabled) {
                        return true;
                    }
                    SecurityLogger.debugMessage("SecurityContextImpl.csi_client_preprotect", "USER_EXCEPTION reply for MessageInContext.  No service context created for reply per CSIv2 spec.");
                    return true;
                }
                try {
                    Any sending_exception2 = serverRequestInfo.sending_exception();
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("SecurityContextImpl.csi_client_preprotect", new StringBuffer().append("A USER_EXCEPTION occurred: ").append(sending_exception2.type().id()).append(".  Sending CompleteEstablishContext.").toString());
                    }
                } catch (BadKind e2) {
                    FFDCFilter.processException((Throwable) e2, "com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.csi_server_preprotect", "1003", (Object) this);
                }
                byte[] bArr2 = new byte[0];
                if (getFinalToken() != null) {
                    bArr2 = getFinalToken();
                }
                CompleteEstablishContext completeEstablishContext2 = new CompleteEstablishContext(j, z, bArr2);
                cSIUtil.print_cec_message(completeEstablishContext2, "SecurityContextImpl.csi_client_preprotect");
                ServiceContext create_sc_from_cec_message2 = cSIUtil.create_sc_from_cec_message(completeEstablishContext2);
                if (create_sc_from_cec_message2 == null) {
                    return true;
                }
                serverRequestInfo.add_reply_service_context(create_sc_from_cec_message2, true);
                if (!SecurityLogger.debugTraceEnabled) {
                    return true;
                }
                SecurityLogger.debugMessage("SecurityContextImpl.csi_client_preprotect", new StringBuffer().append("Security context data is ").append(create_sc_from_cec_message2.context_data.length).append(" bytes in length").toString());
                return true;
            case 3:
                if (cSIUtil.get_message_type(serverRequestInfo) == 5) {
                    if (!SecurityLogger.debugTraceEnabled) {
                        return true;
                    }
                    SecurityLogger.debugMessage("SecurityContextImpl.csi_client_preprotect", "LOCATION_FORWARD reply for MessageInContext.  No service context created for reply per CSIv2 spec.");
                    return true;
                }
                byte[] bArr3 = new byte[0];
                if (getFinalToken() != null) {
                    bArr3 = getFinalToken();
                }
                CompleteEstablishContext completeEstablishContext3 = new CompleteEstablishContext(j, z, bArr3);
                cSIUtil.print_cec_message(completeEstablishContext3, "SecurityContextImpl.csi_client_preprotect");
                ServiceContext create_sc_from_cec_message3 = cSIUtil.create_sc_from_cec_message(completeEstablishContext3);
                if (create_sc_from_cec_message3 == null) {
                    return true;
                }
                serverRequestInfo.add_reply_service_context(create_sc_from_cec_message3, true);
                if (!SecurityLogger.debugTraceEnabled) {
                    return true;
                }
                SecurityLogger.debugMessage("SecurityContextImpl.csi_client_preprotect", new StringBuffer().append("Security context data is ").append(create_sc_from_cec_message3.context_data.length).append(" bytes in length").toString());
                return true;
            case 4:
                if (cSIUtil.get_message_type(serverRequestInfo) == 5) {
                    if (!SecurityLogger.debugTraceEnabled) {
                        return true;
                    }
                    SecurityLogger.debugMessage("SecurityContextImpl.csi_client_preprotect", "TRANSPORT_RETRY reply for MessageInContext.  No service context created for reply per CSIv2 spec.");
                    return true;
                }
                byte[] bArr4 = new byte[0];
                if (getFinalToken() != null) {
                    bArr4 = getFinalToken();
                }
                CompleteEstablishContext completeEstablishContext4 = new CompleteEstablishContext(j, z, bArr4);
                cSIUtil.print_cec_message(completeEstablishContext4, "SecurityContextImpl.csi_client_preprotect");
                ServiceContext create_sc_from_cec_message4 = cSIUtil.create_sc_from_cec_message(completeEstablishContext4);
                if (create_sc_from_cec_message4 == null) {
                    return true;
                }
                serverRequestInfo.add_reply_service_context(create_sc_from_cec_message4, true);
                if (!SecurityLogger.debugTraceEnabled) {
                    return true;
                }
                SecurityLogger.debugMessage("SecurityContextImpl.csi_client_preprotect", new StringBuffer().append("Security context data is ").append(create_sc_from_cec_message4.context_data.length).append(" bytes in length").toString());
                return true;
            default:
                return true;
        }
    }

    protected Codec getCodec() {
        return this.vault.getCodec();
    }

    public byte[] create_gssup_initial_context_token(String str, String str2, String str3, ClientRequestInfo clientRequestInfo) {
        CSIv2TaggedComponentHolder cSIv2TaggedComponent;
        CSIv2TaggedComponent cSIv2TaggedComponent2;
        String str4 = "";
        try {
            CSIUtil cSIUtil = new CSIUtil();
            GSSFactory gSSFactory = this.vault.getGSSFactory(GSSUPMechOID.value);
            InitialContextToken initialContextToken = new InitialContextToken();
            String str5 = null;
            CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = null;
            if (cSIUtil.getVault() != null) {
                cSIv2EffectivePerformPolicy = cSIUtil.getVault().get_effective_policy(clientRequestInfo.request_id());
            } else if (this.vault != null) {
                cSIv2EffectivePerformPolicy = this.vault.get_effective_policy(clientRequestInfo.request_id());
            }
            if (cSIv2EffectivePerformPolicy != null && (cSIv2TaggedComponent = cSIv2EffectivePerformPolicy.getCSIv2TaggedComponent()) != null && (cSIv2TaggedComponent2 = cSIv2TaggedComponent.value) != null && cSIv2TaggedComponent2.getAS_context_mech_holder() != null && cSIv2TaggedComponent2.getAS_context_mech_holder().value != null) {
                try {
                    initialContextToken.target_name = cSIv2TaggedComponent2.getAS_context_mech_holder().value.target_name;
                    if (initialContextToken.target_name != null) {
                        try {
                            str5 = gSSFactory.decodeExportedTargetName(initialContextToken.target_name);
                        } catch (GSSEncodeDecodeException e) {
                            FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.create_gssup_initial_context_token", "1218", this);
                            throw new BAD_PARAM(new StringBuffer().append(str4).append("  Original exception = ").append(e).toString(), SecurityMinorCodes.GSS_FORMAT_ERROR, CompletionStatus.COMPLETED_NO);
                        }
                    }
                } catch (Exception e2) {
                    FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.create_gssup_initial_context_token", "1202", this);
                    throw new BAD_PARAM(new StringBuffer().append("Unable to get target_name from AS_Context.  Original exception = ").append(e2).toString(), SecurityMinorCodes.TAG_COMPONENT_FORMAT_ERROR, CompletionStatus.COMPLETED_NO);
                }
            }
            if (initialContextToken.target_name == null) {
                initialContextToken.target_name = new byte[0];
                if (SecurityLogger.debugTraceEnabled) {
                    str4 = "Sending NULL target_name in GSSUP token.";
                    SecurityLogger.debugMessage("SecurityContextImpl.create_gssup_initial_context_token", str4);
                }
            }
            if (str3 == null || str3.equals("")) {
                str3 = str5;
            }
            String stringBuffer = ((str3 != null && !str3.equals("")) || str == null || str.equals("")) ? ((str != null && !str.equals("")) || str3 == null || str3.equals("")) ? (str == null || str.equals("") || str3 == null || str3.equals("")) ? "" : new StringBuffer().append(str).append("@").append(str3).toString() : new StringBuffer().append("@").append(str3).toString() : str;
            if (SecurityLogger.debugTraceEnabled) {
                str4 = new StringBuffer().append("Scoped username in GSSUP token: ").append(stringBuffer).toString();
                SecurityLogger.debugMessage("SecurityContextImpl.create_gssup_initial_context_token", str4);
            }
            initialContextToken.username = stringBuffer.getBytes("UTF8");
            if (str2 == null) {
                str2 = "";
            }
            initialContextToken.password = str2.getBytes("UTF8");
            if (this.orb == null && cSIUtil.getVault() != null) {
                this.orb = cSIUtil.getVault().getORB();
                if (this.orb == null) {
                    throw new INTERNAL("Orb is NULL.", SecurityMinorCodes.NULL_POINTER_EXCEPTION, CompletionStatus.COMPLETED_NO);
                }
            }
            Any create_any = this.orb.create_any();
            if (create_any == null) {
                throw new INTERNAL("Any is NULL.", SecurityMinorCodes.NULL_POINTER_EXCEPTION, CompletionStatus.COMPLETED_NO);
            }
            InitialContextTokenHelper.insert(create_any, initialContextToken);
            try {
                return gSSFactory.encodeGSSToken(getCodec().encode_value(create_any));
            } catch (Exception e3) {
                FFDCFilter.processException(e3, "com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.create_gssup_initial_context_token", "1298", this);
                throw new INTERNAL(new StringBuffer().append("Exception getting codec factory and encoding Any.  Original exception: ").append(e3).toString(), SecurityMinorCodes.JAVA_EXCEPTION, CompletionStatus.COMPLETED_NO);
            }
        } catch (Exception e4) {
            FFDCFilter.processException(e4, "com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.create_gssup_initial_context_token", "1310", this);
            throw new BAD_PARAM(new StringBuffer().append(str4).append("  Original exception = ").append(e4).toString(), SecurityMinorCodes.GSS_FORMAT_ERROR, CompletionStatus.COMPLETED_NO);
        }
    }

    public PrincipalAuthenticatorImpl getPrincipalAuthenticator() {
        if (this.secConfig.getCSIv2ClaimTransportAssocSSLTLSRequired() || this.secConfig.getCSIv2ClaimTransportAssocSSLTLSSupported()) {
            switch (this.secConfig.getauthenticationTarget()) {
                case 1:
                    this.mechType = MechanismFactory.GSSUPOverSSLtoLTPA;
                    return new com.ibm.ISecurityLocalObjectTokenBaseImpl.PrincipalAuthenticatorImpl(this._vault, 1);
                case 2:
                    this.mechType = MechanismFactory.GSSUPOverSSLtoLocalOS;
                    return new com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl(this._vault);
                case 3:
                case 5:
                case 7:
                default:
                    SecurityLogger.debugMessage("SecurityContextImpl.getPrincipalAuthenticator", "Invalid security mechanism.");
                    this._contextState = 4;
                    this._principalAuthFailReason = (byte) 12;
                    this._principalAuthFailDetail = StringBytesConversion.getConvertedBytes("Invalid security mechanism.");
                    throw new BAD_PARAM("Invalid security mechanism.", SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
                case 4:
                    this.mechType = "1.5";
                    return new com.ibm.ISecurityLocalObjectBasicAuthImpl.PrincipalAuthenticatorImpl(this._vault);
                case 6:
                    this.mechType = MechanismFactory.GSSUPOverSSLtoKRB5;
                    return new com.ibm.ISecurityLocalObjectTokenBaseImpl.PrincipalAuthenticatorImpl(this._vault, 6);
                case 8:
                    this.mechType = MechanismFactory.GSSUPOverSSLtoCustom;
                    return new com.ibm.ISecurityLocalObjectTokenBaseImpl.PrincipalAuthenticatorImpl(this._vault, 8);
            }
        }
        switch (this.secConfig.getauthenticationTarget()) {
            case 1:
                this.mechType = MechanismFactory.GSSUPOverTCPtoLTPA;
                return new com.ibm.ISecurityLocalObjectTokenBaseImpl.PrincipalAuthenticatorImpl(this._vault, 1);
            case 2:
                this.mechType = MechanismFactory.GSSUPOverTCPtoLocalOS;
                return new com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl(this._vault);
            case 3:
            case 5:
            case 7:
            default:
                SecurityLogger.debugMessage("SecurityContextImpl.getPrincipalAuthenticator", "Invalid security mechanism.");
                this._contextState = 4;
                this._principalAuthFailReason = (byte) 12;
                this._principalAuthFailDetail = StringBytesConversion.getConvertedBytes("Invalid security mechanism.");
                throw new BAD_PARAM("Invalid security mechanism.", SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
            case 4:
                this.mechType = MechanismFactory.GSSUPOverTCP;
                return new com.ibm.ISecurityLocalObjectBasicAuthImpl.PrincipalAuthenticatorImpl(this._vault);
            case 6:
                this.mechType = MechanismFactory.GSSUPOverTCPtoKRB5;
                return new com.ibm.ISecurityLocalObjectTokenBaseImpl.PrincipalAuthenticatorImpl(this._vault, 6);
            case 8:
                this.mechType = MechanismFactory.GSSUPOverTCPtoCustom;
                return new com.ibm.ISecurityLocalObjectTokenBaseImpl.PrincipalAuthenticatorImpl(this._vault, 8);
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl
    public boolean csi_simple_authenticate(String str, String str2) {
        try {
            AuthenticationStatus authenticationStatus = null;
            try {
                authenticationStatus = getPrincipalAuthenticator().simple_authenticate(str, str2);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.csi_simple_authenticate", "1446", this);
            }
            if (authenticationStatus == AuthenticationStatus.SecAuthSuccess) {
                if (!SecurityLogger.debugTraceEnabled) {
                    return true;
                }
                SecurityLogger.debugMessage("SecurityContextImpl.simple.authenticate", "Simple Authentication success");
                return true;
            }
            if (!SecurityLogger.debugTraceEnabled) {
                return false;
            }
            SecurityLogger.debugMessage("SecurityContextImpl.simple.authenticate", "Authentication failed");
            return false;
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl.csi_simple_authenticate", "1475", this);
            SecurityLogger.debugMessage("SecurityContextImpl.simple.authenticate", SecurityMessages.getMsgOrUseDefault("JSAS0208E", "JSAS0208E: Internal error: system exception.  Take down all the error information and contact support for more assistance."));
            if (SecurityLogger.traceEnabled) {
                SecurityLogger.traceException("SecurityContextImpl.simple.authenticate", th, 0, 0);
            }
            throw new INTERNAL(new StringBuffer().append("Unexpected Java Exception: ").append(th.toString()).toString());
        }
    }
}
