package com.ibm.ISecurityLocalObjectBaseL13Impl;

import com.ibm.CORBA.channel.giop.GIOPConnectionContext;
import com.ibm.CORBA.channel.giop.GIOPMessageContext;
import com.ibm.CORBA.iiop.ExtendedIORInfo;
import com.ibm.CORBA.iiop.ExtendedServerRequestInfo;
import com.ibm.CORBA.iiop.ORB;
import com.ibm.CORBA.iiop.ServiceContextList;
import com.ibm.ISecurityL13SupportImpl.SecurityMessages;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSEncodeDecodeException;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSFactory;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.OID;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SecurityExecutionEnvironment;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.ServerConnectionKey;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionEntry;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionManager;
import com.ibm.ISecurityUtilityImpl.AuditData;
import com.ibm.ISecurityUtilityImpl.CSIUtil;
import com.ibm.ISecurityUtilityImpl.MechanismFactory;
import com.ibm.ISecurityUtilityImpl.SecurityMinorCodes;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.ISecurityUtilityImpl.Translate;
import com.ibm.ISecurityUtilityImpl.VaultConstants;
import com.ibm.ISecurityUtilityImpl.WSSecurityContextFactory;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.queryengine.eval.Constantdef;
import com.ibm.websphere.security.ProviderFailureException;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.websphere.security.auth.WSSecurityContextResult;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.orb.transport.ConnectionData;
import com.ibm.ws.orbimpl.transport.ConnectionInformationImpl;
import com.ibm.ws.security.audit.utils.DataHelper;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.auth.WSSubjectWrapperImpl;
import com.ibm.ws.security.config.AuthMechanismConfig;
import com.ibm.ws.security.config.CSIv2Config;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.AppContextManager;
import com.ibm.ws.security.core.AppContextManagerFactory;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.token.WSKRBAuthnTokenFactoryFactory;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.util.PlatformHelperFactory;
import com.ibm.ws390.outofband.OutOfBandData;
import com.ibm.ws390.outofband.OutOfBandDataHolder;
import com.ibm.wsspi.iiop.channel.ConnectionStateElement;
import com.ibm.wsspi.security.audit.AuditOutcome;
import com.ibm.wsspi.security.audit.AuditService;
import com.ibm.wsspi.security.audit.ContextHandler;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.security.token.PropagationToken;
import com.ibm.wsspi.security.token.TokenHolder;
import com.ibm.wsspi.security.token.WSOpaqueTokenHelper;
import com.ibm.wsspi.tcp.channel.SSLConnectionContext;
import com.ibm.wsspi.wssecurity.platform.token.KRBAuthnToken;
import java.lang.reflect.Method;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.management.remote.rmi.RMIConnectionImpl;
import javax.management.remote.rmi.RMIServerImpl;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.rmi.CORBA.Tie;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.INTERNAL;
import org.omg.CORBA.IntHolder;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CSI.AuthorizationElement;
import org.omg.CSI.ContextError;
import org.omg.CSI.EstablishContext;
import org.omg.CSI.KRB5MechOID;
import org.omg.CSI.MessageInContext;
import org.omg.CSI.SASContextBody;
import org.omg.IOP.Codec;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ForwardRequest;
import org.omg.PortableInterceptor.IORInfo;
import org.omg.PortableInterceptor.ORBInitInfo;
import org.omg.PortableInterceptor.RequestInfo;
import org.omg.PortableInterceptor.ServerRequestInfo;
import org.omg.PortableInterceptor.ServerRequestInterceptor;
import org.omg.Security.AssociationStatus;
import org.omg.Security.OpaqueHolder;
import org.omg.SecurityLevel2.InvalidCredential;

/* loaded from: input_file:com/ibm/ISecurityLocalObjectBaseL13Impl/CSIServerRIBase.class */
public class CSIServerRIBase extends CSIORBInit implements ServerRequestInterceptor {
    public static ObjectName interceptorObjName;
    private static Class rmiConnectorClz;
    private static Method getAttributeMethod;
    private static Class adminContextClz;
    private static Method pushMethod;
    private static Method popMethod;
    protected static final String providerName = "WebSphere";
    protected static final String componentName = "WAS.security.sas";
    protected static AuditService auditService;
    protected static String className;
    public int slotid;
    protected static String cert_chain_private_token_name;
    protected static String attribute_layer_private_token_name;
    protected static String client_auth_layer_private_token_name;
    protected static String session_info_private_token_name;
    private static final TraceComponent tc = Tr.register(CSIServerRIBase.class, "SASRas", "com.ibm.ISecurityL13SupportImpl.sec");
    private static final Class thisClass = CSIServerRIBase.class;
    private String princ = null;
    protected Date startTime = null;
    protected Date endTime = null;
    protected String activeUserRegistry = null;
    protected ConcurrentHashMap auditOutcome = new ConcurrentHashMap();
    protected ORB orb = null;
    protected Codec codec = null;
    protected VaultImpl myVault = null;
    protected SecurityConnectionInterceptor _securityConnectionInterceptor = null;
    protected MechanismFactory _mechanismFactory = null;
    protected int csiClientCertPort = 0;
    protected IntHolder expiry_time_now = new IntHolder(0);
    protected CSIUtil csiUtil = new CSIUtil();
    protected SessionManager sessionMgr = null;
    protected CSICredentialsManager credsMgr = new CSICredentialsManager();
    protected AppContextManager appContextMgr = null;
    protected Hashtable sessionRequestTable = new Hashtable();

    public void init(ORB orb) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init", new Object[]{orb, this});
        }
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        if (cSIv2Config.getBoolean("com.ibm.CORBA.securityEnabled")) {
            className = getClass().getName();
            this.appContextMgr = AppContextManagerFactory.getInstance();
            if (this.myVault == null) {
                this.myVault = VaultImpl.getInstance();
            }
            if (this.myVault != null) {
                this.orb = this.myVault.getORB();
                this.activeUserRegistry = cSIv2Config.getString(CSIv2Config.ACTIVE_USER_REGISTRY);
                this._mechanismFactory = this.myVault.getMechanismFactory();
                this._securityConnectionInterceptor = this.myVault.getSecurityConnectionInterceptor();
                this.sessionMgr = this.myVault.getSessionManager();
            } else {
                Tr.error(tc, "security.JSAS0010E");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "myVault: " + this.myVault);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init");
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIORBInit
    public void pre_init(ORBInitInfo oRBInitInfo) {
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIORBInit
    public void post_init(ORBInitInfo oRBInitInfo) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "post_init", new Object[]{oRBInitInfo, this});
        }
        if (SecurityObjectLocator.getCSIv2Config().getBoolean("com.ibm.CORBA.securityEnabled")) {
            this.appContextMgr = AppContextManagerFactory.getInstance();
            if (this.myVault == null) {
                this.myVault = VaultImpl.getInstance();
            }
            if (this.myVault != null) {
                this.orb = this.myVault.getORB();
                this._mechanismFactory = this.myVault.getMechanismFactory();
                this._securityConnectionInterceptor = this.myVault.getSecurityConnectionInterceptor();
                this.sessionMgr = this.myVault.getSessionManager();
            } else {
                Tr.error(tc, "security.JSAS0010E");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "post_init");
        }
    }

    public void destroy() {
    }

    public void receive_request_service_contexts(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    public void receive_request(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    public void send_reply(ServerRequestInfo serverRequestInfo) {
    }

    public void send_exception(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    public void send_other(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean qualifyServerRequest(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "qualifyServerRequest", new Object[]{serverRequestInfo, this});
        }
        String name = ((ExtendedServerRequestInfo) serverRequestInfo).getTarget() != null ? ((ExtendedServerRequestInfo) serverRequestInfo).getTarget().getClass().getName() : "<unknown>";
        if (is_local_server_request(serverRequestInfo)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Local request, exempt from authentication.");
            }
            receive_request_local(serverRequestInfo);
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "qualifyServerRequest", Boolean.TRUE);
            return true;
        }
        String operation = serverRequestInfo.operation();
        if (SecurityConnectionInterceptor.isUserRegistryMethodProtected(operation, name)) {
            boolean z = PlatformHelperFactory.getPlatformHelper().isZOS() && getSeedServiceContext(serverRequestInfo) != null;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "zOSInternalCall is " + z);
            }
            if (!z) {
                throw new NO_PERMISSION("UserRegistry method " + operation + " is protected for all remote clients.  To unprotect this method, include its name in custom property com.ibm.ws.security.unprotectedUserRegistryMethods.", SecurityMinorCodes.USER_REGISTRY_METHOD_PROTECTED, CompletionStatus.COMPLETED_NO);
            }
        }
        if (!SecurityConnectionInterceptor.isSpecialNamingMethod(operation, name) && !SecurityConnectionInterceptor.isSpecialSSLRequiredNamingMethod(operation, name) && (!ORB.isSpecialMethod(operation) || this.csiUtil.isCORBAAuthRequired())) {
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "qualifyServerRequest", Boolean.FALSE);
            return false;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Special request, exempt from authentication.");
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "qualifyServerRequest", Boolean.TRUE);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuditData initializeAuditService(String str, String str2, int i, String str3) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeAuditService", new Object[]{str, str2, new Integer(i), str3, this});
        }
        if (auditService == null) {
            try {
                auditService = ContextManagerFactory.getInstance().getAuditService();
            } catch (Exception e) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.initializeAuditService", "445", this);
                Tr.error(tc, "security.JSAS1500E", new Object[]{e});
                if (auditService != null) {
                    auditService.processAuditFailure("security.audit.eventfactory.init.error", e);
                }
            }
        }
        AuditData auditData = new AuditData();
        auditData.setOperation(str);
        if (str2 != null) {
            auditData.setRemoteHost(str2);
        }
        auditData.setRemotePort(i);
        if (str3 != null) {
            auditData.setTransportPrincipal(str3);
        }
        return auditData;
    }

    protected AuditData initializeAuditService(String str) {
        return initializeAuditService(str, null, 0, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SASContextBody getCSIv2MessageFromServiceContext(ServerRequestInfo serverRequestInfo) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCSIv2MessageFromServiceContext", new Object[]{serverRequestInfo, this});
        }
        SASContextBody sASContextBody = null;
        ServiceContext serviceContext = this.csiUtil.get_sc_from_request((RequestInfo) serverRequestInfo);
        if (serviceContext != null) {
            sASContextBody = this.csiUtil.get_message_from_sc(serviceContext);
        }
        if (sASContextBody != null && tc.isDebugEnabled()) {
            Tr.debug(tc, "CSIv2 message has been found in service context.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCSIv2MessageFromServiceContext", sASContextBody);
        }
        return sASContextBody;
    }

    protected SASContextBody getCSIv2MessageFromServiceContext(com.ibm.CORBA.iiop.ServiceContext serviceContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCSIv2MessageFromServiceContext", new Object[]{serviceContext, this});
        }
        SASContextBody sASContextBody = null;
        if (serviceContext != null) {
            sASContextBody = this.csiUtil.get_message_from_sc(new ServiceContext(serviceContext.getId(), serviceContext.getContextData()));
        }
        if (sASContextBody != null && tc.isDebugEnabled()) {
            Tr.debug(tc, "CSIv2 message has been found in service context.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCSIv2MessageFromServiceContext", sASContextBody);
        }
        return sASContextBody;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean verifySecurityInfoIsSufficientToContinue(X509Certificate[] x509CertificateArr, SASContextBody sASContextBody, byte[] bArr, String str, int i, String str2, String str3, AuditData auditData) {
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        ContextHandler contextHandler = null;
        if (tc.isDebugEnabled()) {
            if (tc.isEntryEnabled()) {
                Tr.entry(tc, "verifySecurityInfoIsSufficientToContinue", new Object[]{x509CertificateArr, sASContextBody, bArr, str, new Integer(i), str2, str3, auditData, this});
            }
            if (bArr == null) {
                Tr.debug(tc, "transport layer data is null");
            } else {
                Tr.debug(tc, "transport layer data: ", new Object[]{bArr});
            }
        }
        if (sASContextBody == null && cSIv2Config.getBoolean(CSIv2Config.CLAIM_CLIENT_AUTHENTICATION_REQUIRED)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Client authentication required at the server but no principal information is present in the " + str2 + "." + str3 + " method request from client " + str + ":" + i + ".");
            }
            Tr.warning(tc, "security.JSAS0638E", new Object[]{"verifySecurityInfoIsSufficientToContinue", str2 + "." + str3, str + ":" + i});
            throw new NO_PERMISSION("security.JSAS0638E", SecurityMinorCodes.INVALID_EVIDENCE, CompletionStatus.COMPLETED_NO);
        }
        if (x509CertificateArr == null && bArr == null && cSIv2Config.getBoolean(CSIv2Config.CLAIM_TRANSPORT_LAYER_CLIENT_AUTHENTICATION_REQUIRED)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Transport layer client authentication required at the server but no principal information is present in the " + str2 + "." + str3 + " method request from client " + str + ":" + i + ".");
            }
            Tr.warning(tc, "security.JSAS0638E", new Object[]{str2 + "." + str3, str + ":" + i});
            throw new NO_PERMISSION("Transport layer client authentication required at the server but no principal information is present in the " + str2 + "." + str3 + " method request from client " + str + ":" + i + ".", SecurityMinorCodes.INVALID_EVIDENCE, CompletionStatus.COMPLETED_NO);
        }
        if (sASContextBody != null || x509CertificateArr != null || bArr != null) {
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "verifySecurityInfoIsSufficientToContinue", Boolean.TRUE);
            return true;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Service context and certificates do not exist: returing from receive_request ");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "verifySecurityInfoIsSufficientToContinue", Boolean.FALSE);
        }
        if (auditService != null) {
            contextHandler = auditService.getContextHandler();
            if (contextHandler == null) {
                Tr.error(tc, "security.audit.service.context.error");
                auditService.processAuditFailure("security.audit.service.context.error", null);
            }
        }
        if (auditService == null || !auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
            return false;
        }
        if (auditData == null || auditData.getReceivedSubject() == null) {
            this.princ = null;
        } else {
            this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
        }
        contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
        contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
        contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(auditService.getLastTrailId(), auditService.getEventTrailIds(), new Date(), new Long(0L).longValue()));
        contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
        contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
        contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
        contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
        contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
        this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 1L);
        try {
            auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
            return false;
        } catch (ProviderFailureException e) {
            Tr.error(tc, "security.JSAS1503E", new Object[]{e});
            auditService.processAuditFailure("security.audit.service.sendevent.error", e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List handlePropagationToken(EstablishContext establishContext, SessionEntry sessionEntry, AuditData auditData) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handlePropagationToken", new Object[]{establishContext, sessionEntry, auditData, this});
        }
        ArrayList arrayList = null;
        ContextHandler contextHandler = null;
        if (SecurityObjectLocator.getCSIv2Config().getBoolean("com.ibm.CSI.rmiInboundPropagationEnabled")) {
            byte[] bArr = null;
            if (sessionEntry != null) {
                bArr = sessionEntry.get_opaque_authz_token();
            }
            AuthorizationElement[] authorizationElementArr = establishContext.authorization_token;
            if (bArr == null) {
                if (authorizationElementArr != null && authorizationElementArr.length > 0 && authorizationElementArr[0].the_type == 1229066447) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Authorization token present in EstablishContext message.");
                    }
                    bArr = authorizationElementArr[0].the_element;
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No authorization token in the EstablishContext message.");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Authorization token found in SessionEntry.");
            }
            String str = null;
            String[] strArr = null;
            if (auditService != null) {
                str = auditService.getLastTrailId();
                strArr = auditService.getEventTrailIds();
            }
            if (bArr != null) {
                try {
                    arrayList = WSOpaqueTokenHelper.getInstance().createTokenHolderListFromOpaqueToken(bArr);
                    if (arrayList == null) {
                        Tr.debug(tc, "Null TokenHolder list returned from authorization token.");
                        if (auditService != null) {
                            contextHandler = auditService.getContextHandler();
                            if (contextHandler == null) {
                                Tr.error(tc, "security.audit.service.context.error");
                                auditService.processAuditFailure("security.audit.service.context.error", null);
                            }
                        }
                        if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                            if (auditData == null || auditData.getReceivedSubject() == null) {
                                this.princ = null;
                            } else {
                                this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                            }
                            contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                            contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str, strArr, new Date(), new Long(0L).longValue()));
                            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                            contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                            contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 10L);
                            try {
                                auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                            } catch (ProviderFailureException e) {
                                Tr.error(tc, "security.JSAS1503E", new Object[]{e});
                                auditService.processAuditFailure("security.audit.service.sendevent.error", e);
                            }
                        }
                        throw new NO_PERMISSION("Null TokenHolder list returned from authorization token.", SecurityMinorCodes.INVALID_EVIDENCE, CompletionStatus.COMPLETED_NO);
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Saving TokenHolder list in thread local.");
                    }
                    ContextManagerFactory.getInstance().put(WSOpaqueTokenHelper.getInstance().getOpaqueTokenLookup(), arrayList);
                } catch (WSSecurityException e2) {
                    Manager.Ffdc.log(e2, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.handlePropagationToken", "751", this);
                    Tr.debug(tc, e2.getMessage(), new Object[]{e2});
                    if (auditService != null) {
                        contextHandler = auditService.getContextHandler();
                        if (contextHandler == null) {
                            Tr.error(tc, "security.audit.service.context.error");
                            auditService.processAuditFailure("security.audit.service.context.error", null);
                        }
                    }
                    if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                        if (auditData == null || auditData.getReceivedSubject() == null) {
                            this.princ = null;
                        } else {
                            this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                        }
                        contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                        contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                        contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str, strArr, new Date(), new Long(0L).longValue()));
                        contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                        contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                        contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                        contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                        contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                        this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 10L);
                        try {
                            auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                        } catch (ProviderFailureException e3) {
                            Tr.error(tc, "security.JSAS1503E", new Object[]{e3});
                            auditService.processAuditFailure("security.audit.service.sendevent.error", e3);
                        }
                    }
                    throw new NO_PERMISSION(e2.getMessage(), SecurityMinorCodes.INVALID_EVIDENCE, CompletionStatus.COMPLETED_NO);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handlePropagationToken");
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityContextImpl getSecurityContext(EstablishContext establishContext, AuditData auditData, ConnectionData connectionData, SessionEntry sessionEntry, long j, ServerConnectionKey serverConnectionKey) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityContext", new Object[]{establishContext, auditData, connectionData, sessionEntry, new Long(j), serverConnectionKey, this});
        }
        String str = "";
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        ContextHandler contextHandler = null;
        String str2 = null;
        String[] strArr = null;
        if (auditService != null) {
            str2 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        if (establishContext.client_authentication_token == null || establishContext.client_authentication_token.length <= 0) {
            auditData.setMechType(VaultConstants.GSSUP_MECH_TYPE);
        } else {
            try {
                String mechOIDFromGSSToken = GSSFactory.getMechOIDFromGSSToken(establishContext.client_authentication_token);
                auditData.setMechType(GSSFactory.mapOidToMechType(mechOIDFromGSSToken));
                if (auditData.getMechType() == null) {
                    if (tc.isDebugEnabled()) {
                        str = "Failed to map for mechanism type from receiving GSS token in receive_request.";
                        Tr.debug(tc, str);
                    }
                    throw new NO_PERMISSION(str, SecurityMinorCodes.GSS_FORMAT_ERROR, CompletionStatus.COMPLETED_NO);
                }
                auditData.setClientAuthOID(mechOIDFromGSSToken);
                if (auditData.getMechType() != null && auditData.getMechType().equals(VaultConstants.GSSUP_MECH_TYPE) && sessionEntry != null && j != 0) {
                    sessionEntry.set_basic_auth_type();
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Mapped mechanism from receiving GSS token in receive_request: " + auditData.getMechType());
                }
            } catch (GSSEncodeDecodeException e) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.getSecurityContext", "1000", this);
                if (tc.isDebugEnabled()) {
                    str = "Failed to get OID from receiving GSS token in receive_request.";
                    Tr.debug(tc, str);
                }
                if (auditService != null) {
                    contextHandler = auditService.getContextHandler();
                    if (contextHandler == null) {
                        Tr.error(tc, "security.audit.service.context.error");
                        auditService.processAuditFailure("security.audit.service.context.error", null);
                    }
                }
                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                    if (auditData == null || auditData.getReceivedSubject() == null) {
                        this.princ = null;
                    } else {
                        this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                    }
                    contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                    contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 11L);
                    try {
                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                    } catch (ProviderFailureException e2) {
                        Tr.error(tc, "security.JSAS1503E", new Object[]{e2});
                        auditService.processAuditFailure("security.audit.service.sendevent.error", e2);
                    }
                }
                throw new NO_PERMISSION(str, SecurityMinorCodes.GSS_FORMAT_ERROR, CompletionStatus.COMPLETED_NO);
            }
        }
        String str3 = null;
        if (connectionData != null) {
            str3 = connectionData.getConnectionKey();
        } else if (serverConnectionKey != null) {
            str3 = serverConnectionKey.get_server_connection_hash();
        }
        SecurityContextImpl securityContextImpl = this.csiUtil.get_security_context_impl(auditData.getMechType(), str3);
        if (securityContextImpl != null) {
            if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_STATEFUL) && sessionEntry != null && j != 0 && securityContextImpl != null) {
                securityContextImpl.set_stateful_context_id(j);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getSecurityContext", securityContextImpl);
            }
            return securityContextImpl;
        }
        if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_STATEFUL) && sessionEntry != null && j != 0) {
            this.sessionMgr.csi_server_session_status_update(j, serverConnectionKey, 7);
            sessionEntry.set_session_state(7);
        }
        if (auditService != null) {
            contextHandler = auditService.getContextHandler();
            if (contextHandler == null) {
                Tr.error(tc, "security.audit.service.context.error");
                auditService.processAuditFailure("security.audit.service.context.error", null);
            }
        }
        if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
            if (auditData == null || auditData.getReceivedSubject() == null) {
                this.princ = null;
            } else {
                this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
            }
            contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
            contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
            contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
            contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 3L);
            try {
                auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
            } catch (ProviderFailureException e3) {
                Tr.error(tc, "security.JSAS1503E", new Object[]{e3});
                auditService.processAuditFailure("security.audit.service.sendevent.error", e3);
            }
        }
        throw new INTERNAL("Security context holder is null in receive_request", SecurityMinorCodes.NULL_POINTER_EXCEPTION, CompletionStatus.COMPLETED_NO);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Removed duplicated region for block: B:310:0x0324 A[Catch: Exception -> 0x046f, TryCatch #2 {Exception -> 0x046f, blocks: (B:304:0x00af, B:373:0x00d4, B:308:0x031b, B:310:0x0324, B:313:0x034a, B:315:0x0357, B:317:0x0360, B:318:0x0381, B:321:0x03a2, B:323:0x03ab, B:324:0x03cc, B:326:0x03d4, B:328:0x03ec, B:330:0x03f5, B:332:0x0413, B:334:0x0428, B:336:0x0438, B:337:0x044d, B:338:0x0390, B:306:0x017c, B:340:0x0189, B:342:0x01ce, B:344:0x01df, B:346:0x01e5, B:348:0x01f7, B:363:0x0208, B:369:0x0257, B:370:0x026b, B:371:0x028f, B:353:0x0292, B:359:0x02e1, B:360:0x02f5, B:361:0x031a, B:376:0x00f4, B:382:0x0143, B:383:0x0157, B:384:0x017b), top: B:303:0x00af, inners: #15, #18, #20 }] */
    /* JADX WARN: Removed duplicated region for block: B:321:0x03a2 A[Catch: Exception -> 0x046f, TryCatch #2 {Exception -> 0x046f, blocks: (B:304:0x00af, B:373:0x00d4, B:308:0x031b, B:310:0x0324, B:313:0x034a, B:315:0x0357, B:317:0x0360, B:318:0x0381, B:321:0x03a2, B:323:0x03ab, B:324:0x03cc, B:326:0x03d4, B:328:0x03ec, B:330:0x03f5, B:332:0x0413, B:334:0x0428, B:336:0x0438, B:337:0x044d, B:338:0x0390, B:306:0x017c, B:340:0x0189, B:342:0x01ce, B:344:0x01df, B:346:0x01e5, B:348:0x01f7, B:363:0x0208, B:369:0x0257, B:370:0x026b, B:371:0x028f, B:353:0x0292, B:359:0x02e1, B:360:0x02f5, B:361:0x031a, B:376:0x00f4, B:382:0x0143, B:383:0x0157, B:384:0x017b), top: B:303:0x00af, inners: #15, #18, #20 }] */
    /* JADX WARN: Removed duplicated region for block: B:332:0x0413 A[Catch: Exception -> 0x046f, TryCatch #2 {Exception -> 0x046f, blocks: (B:304:0x00af, B:373:0x00d4, B:308:0x031b, B:310:0x0324, B:313:0x034a, B:315:0x0357, B:317:0x0360, B:318:0x0381, B:321:0x03a2, B:323:0x03ab, B:324:0x03cc, B:326:0x03d4, B:328:0x03ec, B:330:0x03f5, B:332:0x0413, B:334:0x0428, B:336:0x0438, B:337:0x044d, B:338:0x0390, B:306:0x017c, B:340:0x0189, B:342:0x01ce, B:344:0x01df, B:346:0x01e5, B:348:0x01f7, B:363:0x0208, B:369:0x0257, B:370:0x026b, B:371:0x028f, B:353:0x0292, B:359:0x02e1, B:360:0x02f5, B:361:0x031a, B:376:0x00f4, B:382:0x0143, B:383:0x0157, B:384:0x017b), top: B:303:0x00af, inners: #15, #18, #20 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public byte[] processIdentityToken(org.omg.CSI.EstablishContext r14, org.omg.CSI.IdentityToken r15, com.ibm.ISecurityUtilityImpl.AuditData r16, com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionEntry r17, long r18, com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.ServerConnectionKey r20, com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl r21, java.security.cert.X509Certificate[] r22, java.lang.String r23) {
        /*
            Method dump skipped, instructions count: 5464
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.processIdentityToken(org.omg.CSI.EstablishContext, org.omg.CSI.IdentityToken, com.ibm.ISecurityUtilityImpl.AuditData, com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionEntry, long, com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.ServerConnectionKey, com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl, java.security.cert.X509Certificate[], java.lang.String):byte[]");
    }

    protected String stripRealm(String str) {
        int indexOf = str.indexOf("@");
        return indexOf == -1 ? str : str.substring(0, indexOf);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SessionEntry handleStatefulContext(SASContextBody sASContextBody, X509Certificate[] x509CertificateArr, AuditData auditData, String str, int i, ServerConnectionKey serverConnectionKey, SecurityContextImpl securityContextImpl, Map map) {
        long j;
        Map csi_lookup_connection_propagation_token_map;
        Map csi_lookup_connection_propagation_token_map2;
        WSCredential wSCredentialFromSubject;
        Map map2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleStatefulContext", new Object[]{sASContextBody, x509CertificateArr, auditData, str, new Integer(i), serverConnectionKey, securityContextImpl, this});
        }
        String str2 = "";
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        SessionEntry sessionEntry = new SessionEntry(0L);
        boolean z = false;
        ContextHandler contextHandler = null;
        String str3 = null;
        String[] strArr = null;
        if (auditService != null) {
            str3 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        if (sASContextBody != null && sASContextBody.discriminator() == 0) {
            j = sASContextBody.establish_msg().client_context_id;
            auditData.setStatefulContextId(j);
        } else if (sASContextBody != null && sASContextBody.discriminator() == 5) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "handleStatefulContexti > MessageInContext");
            }
            j = sASContextBody.in_context_msg().client_context_id;
            auditData.setStatefulContextId(j);
            if (j == 0) {
                if (securityContextImpl != null) {
                    securityContextImpl.update_context_fail_reason(1229079296);
                    this.csiUtil.getCurrent().setSecurityContext(securityContextImpl);
                }
                if (auditService != null) {
                    contextHandler = auditService.getContextHandler();
                    if (contextHandler == null) {
                        Tr.error(tc, "security.audit.service.context.error");
                        auditService.processAuditFailure("security.audit.service.context.error", null);
                    }
                }
                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                    if (auditData == null || auditData.getReceivedSubject() == null) {
                        this.princ = null;
                    } else {
                        this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                    }
                    contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(null, null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                    contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 1L);
                    try {
                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                    } catch (ProviderFailureException e) {
                        Tr.error(tc, "security.JSAS1503E", new Object[]{e});
                        auditService.processAuditFailure("security.audit.service.sendevent.error", e);
                    }
                }
                throw new NO_PERMISSION("SessionDoesNotExist on the server.", SecurityMinorCodes.SESSION_DOES_NOT_EXIST, CompletionStatus.COMPLETED_NO);
            }
        } else if (x509CertificateArr != null) {
            Subject csi_lookup_connection_cred = this.sessionMgr.csi_lookup_connection_cred(serverConnectionKey);
            if (csi_lookup_connection_cred != null) {
                try {
                    if (!SubjectHelper.isWSCredentialValid(csi_lookup_connection_cred, true)) {
                        throw new InvalidCredential();
                    }
                    this.csiUtil.getCurrent().initialize_requestor_context(csi_lookup_connection_cred);
                    auditData.setReceivedSubject(csi_lookup_connection_cred);
                    if (cSIv2Config.getBoolean("com.ibm.CSI.rmiInboundPropagationEnabled") && (csi_lookup_connection_propagation_token_map = this.sessionMgr.csi_lookup_connection_propagation_token_map(serverConnectionKey)) != null) {
                        try {
                            Iterator it = csi_lookup_connection_propagation_token_map.keySet().iterator();
                            while (it.hasNext()) {
                                PropagationToken propagationToken = (PropagationToken) csi_lookup_connection_propagation_token_map.get((String) it.next());
                                if (propagationToken != null) {
                                    final PropagationToken propagationToken2 = (PropagationToken) propagationToken.clone();
                                    AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.1
                                        @Override // java.security.PrivilegedExceptionAction
                                        public Object run() throws WSSecurityException {
                                            if (CSIServerRIBase.tc.isDebugEnabled()) {
                                                Tr.debug(CSIServerRIBase.tc, "Setting propagation token from connection: " + propagationToken2.getName() + ":" + ((int) propagationToken2.getVersion()));
                                            }
                                            ContextManagerFactory.getInstance().setPropagationToken(propagationToken2.getName() + ":" + ((int) propagationToken2.getVersion()), propagationToken2);
                                            return null;
                                        }
                                    });
                                }
                            }
                        } catch (PrivilegedActionException e2) {
                            Manager.Ffdc.log(e2.getException(), this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.handleStatefulContext", "2288", this);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Error setting propagation token.", new Object[]{e2.getException()});
                            }
                        }
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "*** BEGIN PREINVOKE ***");
                    }
                    if (!tc.isEntryEnabled()) {
                        return null;
                    }
                    Tr.exit(tc, "handleStatefulContext", null);
                    return null;
                } catch (InvalidCredential e3) {
                    Manager.Ffdc.log(e3, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.handleStatefulContext", "2312", this);
                    if (tc.isDebugEnabled()) {
                        str2 = "Credential is expired, reauthenticating with certificate principal instead of using cached Subject.";
                        Tr.debug(tc, str2, new Object[]{e3});
                    }
                }
            } else if (cSIv2Config.getBoolean("com.ibm.CSI.rmiInboundPropagationEnabled") && (csi_lookup_connection_propagation_token_map2 = this.sessionMgr.csi_lookup_connection_propagation_token_map(serverConnectionKey)) != null) {
                sessionEntry.set_propagation_token_map(csi_lookup_connection_propagation_token_map2);
            }
            j = 0;
            auditData.setStatefulContextId(0L);
        } else {
            j = 0;
            auditData.setStatefulContextId(0L);
        }
        if (j != 0) {
            sessionEntry = this.sessionMgr.csi_server_session_lookup(j, serverConnectionKey, sASContextBody, false);
            if (sessionEntry == null) {
                if (tc.isDebugEnabled()) {
                    str2 = "Session state:  SESSION_DOES_NOT_EXIST.  Throwing NO_PERMISSION exception.";
                    Tr.debug(tc, str2);
                }
                if (securityContextImpl != null) {
                    securityContextImpl.update_context_fail_reason(SecurityMinorCodes.SESSION_DOES_NOT_EXIST);
                    securityContextImpl.set_stateful_context_id(j);
                    this.csiUtil.getCurrent().setSecurityContext(securityContextImpl);
                }
                if (auditService != null) {
                    contextHandler = auditService.getContextHandler();
                    if (contextHandler == null) {
                        Tr.error(tc, "security.audit.service.context.error");
                        auditService.processAuditFailure("security.audit.service.context.error", null);
                    }
                }
                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                    if (auditData == null || auditData.getReceivedSubject() == null) {
                        this.princ = null;
                    } else {
                        this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                    }
                    contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                    contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 1L);
                    try {
                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                    } catch (ProviderFailureException e4) {
                        Tr.error(tc, "security.JSAS1503E", new Object[]{e4});
                        auditService.processAuditFailure("security.audit.service.sendevent.error", e4);
                    }
                }
                throw new NO_PERMISSION(str2, SecurityMinorCodes.SESSION_DOES_NOT_EXIST, CompletionStatus.COMPLETED_NO);
            }
            switch (sessionEntry.get_session_state()) {
                case 1:
                    if (tc.isDebugEnabled()) {
                        str2 = "Session state:  SESSION_IN_COMPLETE_STATE.  Proceeding to use session credentials to validate.";
                        Tr.debug(tc, str2);
                    }
                    if (sessionEntry != null && j != 0) {
                        if (sASContextBody != null && sASContextBody.discriminator() == 5) {
                            MessageInContext in_context_msg = sASContextBody.in_context_msg();
                            this.csiUtil.print_mic_message(in_context_msg, "handleStatefulContext");
                            z = in_context_msg.discard_context;
                        }
                        SecurityContextImpl securityContextImpl2 = sessionEntry.get_security_context_holder();
                        if (securityContextImpl2 == null) {
                            if (auditService != null) {
                                contextHandler = auditService.getContextHandler();
                                if (contextHandler == null) {
                                    Tr.error(tc, "security.audit.service.context.error");
                                    auditService.processAuditFailure("security.audit.service.context.error", null);
                                }
                            }
                            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                                if (auditData == null || auditData.getReceivedSubject() == null) {
                                    this.princ = null;
                                } else {
                                    this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                                }
                                contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 2L);
                                try {
                                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                                } catch (ProviderFailureException e5) {
                                    Tr.error(tc, "security.JSAS1503E", new Object[]{e5});
                                    auditService.processAuditFailure("security.audit.service.sendevent.error", e5);
                                }
                            }
                            throw new INTERNAL("Security context holder is null in receive_request", SecurityMinorCodes.NULL_POINTER_EXCEPTION, CompletionStatus.COMPLETED_NO);
                        }
                        Subject clientSubject = securityContextImpl2.getClientSubject();
                        auditData.setReceivedSubject(clientSubject);
                        securityContextImpl2.set_discard_context(z);
                        if (clientSubject != null) {
                            try {
                                if (sessionEntry.get_basic_auth_type()) {
                                    if (!SubjectHelper.isWSCredentialValid(clientSubject, true)) {
                                        throw new InvalidCredential();
                                    }
                                } else if (!SubjectHelper.isWSCredentialValid(clientSubject)) {
                                    throw new InvalidCredential();
                                }
                                String str4 = null;
                                if (tc.isDebugEnabled() && (wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(clientSubject)) != null) {
                                    str4 = wSCredentialFromSubject.getSecurityName();
                                    Tr.debug(tc, "Request from remote user: " + str4 + ", remote host/port: " + str + ":" + i);
                                }
                                if (map != null && cSIv2Config.getBoolean("com.ibm.CSI.rmiInboundMappingEnabled")) {
                                    clientSubject = mapAuthenticatedSubject(clientSubject, map);
                                    if (tc.isDebugEnabled()) {
                                        try {
                                            Tr.debug(tc, "Mapped authenticated remote user: " + str4 + " to: " + SubjectHelper.getWSCredentialFromSubject(clientSubject).getSecurityName());
                                        } catch (Exception e6) {
                                        }
                                    }
                                }
                            } catch (Exception e7) {
                                Manager.Ffdc.log(e7, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.handleStatefulContext", "2850", this);
                                if (tc.isDebugEnabled()) {
                                    str2 = SecurityMessages.getMsgOrUseDefault("JSAS0202E", "JSAS0202E: Credential token expired.");
                                    Tr.debug(tc, str2);
                                }
                                if (securityContextImpl2 != null) {
                                    securityContextImpl2.update_context_fail_reason(1229079296);
                                    this.csiUtil.getCurrent().setSecurityContext(securityContextImpl2);
                                }
                                if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_STATEFUL) && sessionEntry != null && j != 0) {
                                    this.sessionMgr.csi_server_session_status_update(j, serverConnectionKey, 7);
                                    sessionEntry.set_session_state(7);
                                }
                                if (auditService != null) {
                                    contextHandler = auditService.getContextHandler();
                                    if (contextHandler == null) {
                                        Tr.error(tc, "security.audit.service.context.error");
                                        auditService.processAuditFailure("security.audit.service.context.error", null);
                                    }
                                }
                                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                                    if (auditData == null || auditData.getReceivedSubject() == null) {
                                        this.princ = null;
                                    } else {
                                        this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                                    }
                                    contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                                    contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 4L);
                                    try {
                                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                                    } catch (ProviderFailureException e8) {
                                        Tr.error(tc, "security.JSAS1503E", new Object[]{e8});
                                        auditService.processAuditFailure("security.audit.service.sendevent.error", e8);
                                    }
                                }
                                throw new NO_PERMISSION(str2, SecurityMinorCodes.CREDENTIAL_TOKEN_EXPIRED, CompletionStatus.COMPLETED_NO);
                            }
                        }
                        if (clientSubject == null) {
                            if (securityContextImpl2 != null) {
                                securityContextImpl2.update_context_fail_reason(1229079296);
                                this.csiUtil.getCurrent().setSecurityContext(securityContextImpl2);
                            }
                            if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_STATEFUL) && sessionEntry != null && j != 0) {
                                this.sessionMgr.csi_server_session_status_update(j, serverConnectionKey, 7);
                                sessionEntry.set_session_state(7);
                            }
                            Tr.error(tc, "security.JSAS0439E");
                            if (auditService != null) {
                                contextHandler = auditService.getContextHandler();
                                if (contextHandler == null) {
                                    Tr.error(tc, "security.audit.service.context.error");
                                    auditService.processAuditFailure("security.audit.service.context.error", null);
                                }
                            }
                            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                                if (auditData == null || auditData.getReceivedSubject() == null) {
                                    this.princ = null;
                                } else {
                                    this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                                }
                                contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 3L);
                                try {
                                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                                } catch (ProviderFailureException e9) {
                                    Tr.error(tc, "security.JSAS1503E", new Object[]{e9});
                                    auditService.processAuditFailure("security.audit.service.sendevent.error", e9);
                                }
                            }
                            throw new INTERNAL("security.JSAS0439E", SecurityMinorCodes.NULL_POINTER_EXCEPTION, CompletionStatus.COMPLETED_NO);
                        }
                        if (cSIv2Config.getBoolean("com.ibm.CSI.rmiInboundPropagationEnabled") && (map2 = sessionEntry.get_propagation_token_map()) != null) {
                            try {
                                Iterator it2 = map2.keySet().iterator();
                                while (it2.hasNext()) {
                                    PropagationToken propagationToken3 = (PropagationToken) map2.get((String) it2.next());
                                    if (propagationToken3 != null) {
                                        final PropagationToken propagationToken4 = (PropagationToken) propagationToken3.clone();
                                        AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.2
                                            @Override // java.security.PrivilegedExceptionAction
                                            public Object run() throws WSSecurityException {
                                                if (CSIServerRIBase.tc.isDebugEnabled()) {
                                                    Tr.debug(CSIServerRIBase.tc, "Setting propagation token from session: " + propagationToken4.getName() + ":" + ((int) propagationToken4.getVersion()));
                                                }
                                                ContextManagerFactory.getInstance().setPropagationToken(propagationToken4.getName() + ":" + ((int) propagationToken4.getVersion()), propagationToken4);
                                                return null;
                                            }
                                        });
                                    }
                                }
                            } catch (PrivilegedActionException e10) {
                                Manager.Ffdc.log(e10.getException(), this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.handleStatefulContext", "3090", this);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Error setting propagation token.", new Object[]{e10.getException()});
                                }
                            }
                        }
                        this.csiUtil.getCurrent().initialize_requestor_context(clientSubject);
                        if (securityContextImpl2 != null) {
                            this.csiUtil.getCurrent().setSecurityContext(securityContextImpl2);
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "*** BEGIN PREINVOKE ***");
                        }
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "handleStatefulContext", null);
                        }
                        if (auditService != null) {
                            contextHandler = auditService.getContextHandler();
                            if (contextHandler == null) {
                                Tr.error(tc, "security.audit.service.context.error");
                                auditService.processAuditFailure("security.audit.service.context.error", null);
                            }
                        }
                        if (auditService == null || !auditService.isEventRequired("SECURITY_AUTHN", "SUCCESS")) {
                            return null;
                        }
                        if (auditData == null || auditData.getReceivedSubject() == null) {
                            this.princ = null;
                        } else {
                            this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                        }
                        contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                        contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "authnSuccess", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                        contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                        contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                        contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                        contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                        contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                        contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                        this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "SUCCESS", 5L);
                        try {
                            auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                            return null;
                        } catch (ProviderFailureException e11) {
                            Tr.error(tc, "security.JSAS1503E", new Object[]{e11});
                            auditService.processAuditFailure("security.audit.service.sendevent.error", e11);
                            return null;
                        }
                    }
                    break;
                case 2:
                    auditData.setStatefulContextId(0L);
                    sessionEntry.set_renegotiate_to_stateless();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Session state:  SESSION_IN_INCOMPLETE_STATE.  Renegotiating to stateless.");
                        break;
                    }
                    break;
                case 3:
                    if (tc.isDebugEnabled()) {
                        str2 = "Session state:  SESSION_CONFLICTING_EVIDENCE.  Throwing NO_PERMISSION exception.";
                        Tr.debug(tc, str2);
                    }
                    updateSecurityContextWithFailure(securityContextImpl, j, 3);
                    if (auditService != null) {
                        contextHandler = auditService.getContextHandler();
                        if (contextHandler == null) {
                            Tr.error(tc, "security.audit.service.context.error");
                            auditService.processAuditFailure("security.audit.service.context.error", null);
                        }
                    }
                    if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                        if (auditData == null || auditData.getReceivedSubject() == null) {
                            this.princ = null;
                        } else {
                            this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                        }
                        contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                        contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                        contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                        contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                        contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                        contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                        contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                        contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                        this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 2L);
                        try {
                            auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                        } catch (ProviderFailureException e12) {
                            Tr.error(tc, "security.JSAS1503E", new Object[]{e12});
                            auditService.processAuditFailure("security.audit.service.sendevent.error", e12);
                        }
                    }
                    throw new NO_PERMISSION(str2, SecurityMinorCodes.SESSION_CONFLICTING_EVIDENCE, CompletionStatus.COMPLETED_NO);
                case 4:
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Session state:  SESSION_DOES_NOT_EXIST.  Throwing NO_PERMISSION exception.");
                    }
                    sessionEntry.set_session_state(2);
                    sessionEntry.set_remote_host(serverConnectionKey.get_remote_host());
                    sessionEntry.set_remote_port(serverConnectionKey.get_remote_port());
                    sessionEntry.set_remote_connection_unique_id(serverConnectionKey.get_connection_creation_time());
                    break;
                case 7:
                    if (tc.isDebugEnabled()) {
                        str2 = "Session state:  SESSION_REJECTED.  Throwing NO_PERMISSION exception.";
                        Tr.debug(tc, str2);
                    }
                    if (securityContextImpl != null) {
                        securityContextImpl.update_context_fail_reason(1229079296);
                        this.csiUtil.getCurrent().setSecurityContext(securityContextImpl);
                    }
                    if (auditService != null) {
                        contextHandler = auditService.getContextHandler();
                        if (contextHandler == null) {
                            Tr.error(tc, "security.audit.service.context.error");
                            auditService.processAuditFailure("security.audit.service.context.error", null);
                        }
                    }
                    if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                        if (auditData == null || auditData.getReceivedSubject() == null) {
                            this.princ = null;
                        } else {
                            this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                        }
                        contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                        contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                        contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                        contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                        contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                        contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                        contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                        contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                        this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 3L);
                        try {
                            auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                        } catch (ProviderFailureException e13) {
                            Tr.error(tc, "security.JSAS1503E", new Object[]{e13});
                            auditService.processAuditFailure("security.audit.service.sendevent.error", e13);
                        }
                    }
                    throw new NO_PERMISSION(str2, SecurityMinorCodes.SESSION_REJECTED, CompletionStatus.COMPLETED_NO);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handleStatefulContext", sessionEntry);
        }
        return sessionEntry;
    }

    protected void updateSecurityContextWithFailure(SecurityContextImpl securityContextImpl, long j, int i) {
        if (securityContextImpl != null) {
            securityContextImpl.update_context_fail_reason(i);
            securityContextImpl.set_stateful_context_id(j);
            this.csiUtil.getCurrent().setSecurityContext(securityContextImpl);
        }
    }

    protected SessionEntry handleStatefulContextFromFilter(SASContextBody sASContextBody, X509Certificate[] x509CertificateArr, AuditData auditData, String str, int i, String str2, SecurityContextImpl securityContextImpl, GIOPMessageContext gIOPMessageContext) throws Exception {
        Map csi_lookup_connection_propagation_token_map;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleStatefulContextFromFilter", new Object[]{sASContextBody, x509CertificateArr, auditData, str, new Integer(i), str2, securityContextImpl, gIOPMessageContext, this});
        }
        String str3 = "";
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        long j = 0;
        SessionEntry sessionEntry = null;
        SessionEntry sessionEntry2 = new SessionEntry(0L);
        sessionEntry2.set_remote_host(str);
        sessionEntry2.set_remote_port(i);
        sessionEntry2.set_remote_connection_unique_id(str2);
        sessionEntry2.set_cert_chain(x509CertificateArr);
        ContextHandler contextHandler = null;
        String str4 = null;
        String[] strArr = null;
        if (auditService != null) {
            str4 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        if (sASContextBody != null) {
            if (sASContextBody.discriminator() == 0) {
                if (tc.isDebugEnabled()) {
                    str3 = "Message is MTEstablishContext, session will be created if non-zero context id.";
                    Tr.debug(tc, str3);
                }
                EstablishContext establish_msg = sASContextBody.establish_msg();
                j = establish_msg.client_context_id;
                auditData.setStatefulContextId(j);
                sessionEntry2.set_ec_message(establish_msg);
            } else if (sASContextBody.discriminator() == 5) {
                if (tc.isDebugEnabled()) {
                    str3 = "Message is MTMessageInContext, session should exist.";
                    Tr.debug(tc, str3);
                }
                j = sASContextBody.in_context_msg().client_context_id;
                auditData.setStatefulContextId(j);
                if (j == 0 || !cSIv2Config.getBoolean(CSIv2Config.CLAIM_STATEFUL)) {
                    if (securityContextImpl != null) {
                        securityContextImpl.update_context_fail_reason(SecurityMinorCodes.SESSION_DOES_NOT_EXIST);
                        this.csiUtil.getCurrent().setSecurityContext(securityContextImpl);
                    }
                    if (auditService != null) {
                        contextHandler = auditService.getContextHandler();
                        if (contextHandler == null) {
                            Tr.error(tc, "security.audit.service.context.error");
                            auditService.processAuditFailure("security.audit.service.context.error", null);
                        }
                    }
                    if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                        if (auditData == null || auditData.getReceivedSubject() == null) {
                            this.princ = null;
                        } else {
                            this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                        }
                        contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(null, null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                        contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                        contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str4, strArr, new Date(), new Long(0L).longValue()));
                        contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                        contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                        contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                        contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                        contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                        this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 1L);
                        try {
                            auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                        } catch (ProviderFailureException e) {
                            Tr.error(tc, "security.JSAS1503E", new Object[]{e});
                            auditService.processAuditFailure("security.audit.service.sendevent.error", e);
                        }
                    }
                    throw new NO_PERMISSION("SessionDoesNotExist on the server.", SecurityMinorCodes.SESSION_DOES_NOT_EXIST, CompletionStatus.COMPLETED_NO);
                }
            }
            if (j != 0) {
                sessionEntry = this.sessionMgr.csi_server_session_lookup(j, new ServerConnectionKey(str2, str, i), sASContextBody, false);
                if (sessionEntry != null) {
                    switch (sessionEntry.get_session_state()) {
                        case 1:
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Session state:  SESSION_IN_COMPLETE_STATE.  Proceeding to use session credentials to validate.");
                                break;
                            }
                            break;
                        case 2:
                            if (sASContextBody.discriminator() == 0) {
                                sessionEntry = null;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Session state:  SESSION_IN_INCOMPLETE_STATE for MTEstablishContext message.  Renegotiating to stateless.");
                                }
                            } else if (sASContextBody.discriminator() == 5) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Session state:  SESSION_IN_INCOMPLETE_STATE for MTMessageInContext message.  Renegotiating to stateless.");
                                }
                                sessionEntry2.set_session_state(sessionEntry.get_session_state());
                                sessionEntry2.set_cert_chain(sessionEntry.get_cert_chain());
                                sessionEntry2.set_ec_message(sessionEntry.get_ec_message());
                                sessionEntry = null;
                            }
                            getTransportLayerData(sessionEntry2, gIOPMessageContext);
                            break;
                        case 3:
                            if (sASContextBody.discriminator() == 0) {
                                sessionEntry = null;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Session state:  SESSION_CONFLICTING_EVIDENCE for MTEstablishContext message.  Renegotiating to stateless.");
                                }
                                getTransportLayerData(sessionEntry2, gIOPMessageContext);
                                break;
                            } else if (sASContextBody.discriminator() == 5) {
                                if (tc.isDebugEnabled()) {
                                    str3 = "Session state:  SESSION_CONFLICTING_EVIDENCE for MTMessageInContext message.  Throwing NO_PERMISSION exception.";
                                    Tr.debug(tc, str3);
                                }
                                updateSecurityContextWithFailure(securityContextImpl, j, 3);
                                if (auditService != null) {
                                    contextHandler = auditService.getContextHandler();
                                    if (contextHandler == null) {
                                        Tr.error(tc, "security.audit.service.context.error");
                                        auditService.processAuditFailure("security.audit.service.context.error", null);
                                    }
                                }
                                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                                    if (auditData == null || auditData.getReceivedSubject() == null) {
                                        this.princ = null;
                                    } else {
                                        this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                                    }
                                    contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                                    contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str4, strArr, new Date(), new Long(0L).longValue()));
                                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 2L);
                                    try {
                                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                                    } catch (ProviderFailureException e2) {
                                        Tr.error(tc, "security.JSAS1503E", new Object[]{e2});
                                        auditService.processAuditFailure("security.audit.service.sendevent.error", e2);
                                    }
                                }
                                throw new NO_PERMISSION(str3, SecurityMinorCodes.SESSION_CONFLICTING_EVIDENCE, CompletionStatus.COMPLETED_NO);
                            }
                            break;
                        case 4:
                            if (sASContextBody.discriminator() != 5) {
                                if (sASContextBody.discriminator() == 0) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Session state:  SESSION_NEW for MTEstablishContext message.  Proceeding to authenticate.");
                                    }
                                    sessionEntry.set_session_state(2);
                                    sessionEntry.set_remote_host(str);
                                    sessionEntry.set_remote_port(i);
                                    sessionEntry.set_remote_connection_unique_id(str2);
                                    sessionEntry.set_ec_message(sASContextBody.establish_msg());
                                    sessionEntry.set_cert_chain(x509CertificateArr);
                                    getTransportLayerData(sessionEntry, gIOPMessageContext);
                                    break;
                                }
                            } else {
                                if (tc.isDebugEnabled()) {
                                    str3 = "Session state:  SESSION_NEW for MTMessageInContext message.  Throwing NO_PERMISSION exception.";
                                    Tr.debug(tc, str3);
                                }
                                if (securityContextImpl != null) {
                                    securityContextImpl.update_context_fail_reason(SecurityMinorCodes.SESSION_DOES_NOT_EXIST);
                                    securityContextImpl.set_stateful_context_id(j);
                                    this.csiUtil.getCurrent().setSecurityContext(securityContextImpl);
                                    sessionEntry.set_security_context_holder(securityContextImpl);
                                }
                                if (auditService != null) {
                                    contextHandler = auditService.getContextHandler();
                                    if (contextHandler == null) {
                                        Tr.error(tc, "security.audit.service.context.error");
                                        auditService.processAuditFailure("security.audit.service.context.error", null);
                                    }
                                }
                                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                                    if (auditData == null || auditData.getReceivedSubject() == null) {
                                        this.princ = null;
                                    } else {
                                        this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                                    }
                                    contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                                    contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str4, strArr, new Date(), new Long(0L).longValue()));
                                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 1L);
                                    try {
                                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                                    } catch (ProviderFailureException e3) {
                                        Tr.error(tc, "security.JSAS1503E", new Object[]{e3});
                                        auditService.processAuditFailure("security.audit.service.sendevent.error", e3);
                                    }
                                }
                                throw new NO_PERMISSION(str3, SecurityMinorCodes.SESSION_DOES_NOT_EXIST, CompletionStatus.COMPLETED_NO);
                            }
                            break;
                        case 7:
                            if (sASContextBody.discriminator() == 0) {
                                sessionEntry = null;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Session state: SESSION_REJECTED for MTEstablishContext message.  Renegotiating to stateless.");
                                }
                                getTransportLayerData(sessionEntry2, gIOPMessageContext);
                                break;
                            } else if (sASContextBody.discriminator() == 5) {
                                if (tc.isDebugEnabled()) {
                                    str3 = "Session state:  SESSION_REJECTED.  Throwing NO_PERMISSION exception.";
                                    Tr.debug(tc, str3);
                                }
                                if (securityContextImpl != null) {
                                    securityContextImpl.update_context_fail_reason(SecurityMinorCodes.SESSION_REJECTED);
                                    this.csiUtil.getCurrent().setSecurityContext(securityContextImpl);
                                }
                                if (auditService != null) {
                                    contextHandler = auditService.getContextHandler();
                                    if (contextHandler == null) {
                                        Tr.error(tc, "security.audit.service.context.error");
                                        auditService.processAuditFailure("security.audit.service.context.error", null);
                                    }
                                }
                                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                                    if (auditData == null || auditData.getReceivedSubject() == null) {
                                        this.princ = null;
                                    } else {
                                        this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                                    }
                                    contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                                    contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str4, strArr, new Date(), new Long(0L).longValue()));
                                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 3L);
                                    try {
                                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                                    } catch (ProviderFailureException e4) {
                                        Tr.error(tc, "security.JSAS1503E", new Object[]{e4});
                                        auditService.processAuditFailure("security.audit.service.sendevent.error", e4);
                                    }
                                }
                                throw new NO_PERMISSION(str3, SecurityMinorCodes.SESSION_REJECTED, CompletionStatus.COMPLETED_NO);
                            }
                            break;
                    }
                } else {
                    if (tc.isDebugEnabled()) {
                        str3 = "Session state:  SESSION_DOES_NOT_EXIST.  Throwing NO_PERMISSION exception.";
                        Tr.debug(tc, str3);
                    }
                    if (securityContextImpl != null) {
                        securityContextImpl.update_context_fail_reason(SecurityMinorCodes.SESSION_DOES_NOT_EXIST);
                        securityContextImpl.set_stateful_context_id(j);
                        this.csiUtil.getCurrent().setSecurityContext(securityContextImpl);
                    }
                    if (auditService != null) {
                        contextHandler = auditService.getContextHandler();
                        if (contextHandler == null) {
                            Tr.error(tc, "security.audit.service.context.error");
                            auditService.processAuditFailure("security.audit.service.context.error", null);
                        }
                    }
                    if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                        if (auditData == null || auditData.getReceivedSubject() == null) {
                            this.princ = null;
                        } else {
                            this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                        }
                        contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                        contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                        contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str4, strArr, new Date(), new Long(0L).longValue()));
                        contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                        contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                        contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                        contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                        contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                        this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 1L);
                        try {
                            auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                        } catch (ProviderFailureException e5) {
                            Tr.error(tc, "security.JSAS1503E", new Object[]{e5});
                            auditService.processAuditFailure("security.audit.service.sendevent.error", e5);
                        }
                    }
                    throw new NO_PERMISSION(str3, SecurityMinorCodes.SESSION_DOES_NOT_EXIST, CompletionStatus.COMPLETED_NO);
                }
            } else {
                getTransportLayerData(sessionEntry2, gIOPMessageContext);
            }
        } else if (x509CertificateArr != null) {
            auditData.setStatefulContextId(0L);
            sessionEntry2.set_cert_chain(x509CertificateArr);
            if (cSIv2Config.getBoolean("com.ibm.CSI.rmiInboundPropagationEnabled") && (csi_lookup_connection_propagation_token_map = this.sessionMgr.csi_lookup_connection_propagation_token_map(new ServerConnectionKey(str2, str, i))) != null) {
                sessionEntry2.set_propagation_token_map(csi_lookup_connection_propagation_token_map);
            }
        } else {
            auditData.setStatefulContextId(0L);
            getTransportLayerData(sessionEntry2, gIOPMessageContext);
        }
        if (sessionEntry != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning session from session table.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleStatefulContextFromFilter", sessionEntry);
            }
            return sessionEntry;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Returning stateless session.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handleStatefulContextFromFilter", sessionEntry2);
        }
        return sessionEntry2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] processClientAuthToken(EstablishContext establishContext, AuditData auditData, SecurityContextImpl securityContextImpl) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "processClientAuthToken", new Object[]{establishContext, auditData, securityContextImpl, this});
        }
        String str = "";
        byte[] bArr = establishContext.client_authentication_token;
        ContextHandler contextHandler = null;
        String str2 = null;
        String[] strArr = null;
        if (auditService != null) {
            str2 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        try {
            String mechOIDFromGSSToken = GSSFactory.getMechOIDFromGSSToken(bArr);
            auditData.setMechType(GSSFactory.mapOidToMechType(mechOIDFromGSSToken));
            if (tc.isDebugEnabled()) {
                str = "Extracted OID and mechtype from receiving client GSS token in receive_request." + mechOIDFromGSSToken + Constantdef.FSLASH + auditData.getMechType();
                Tr.debug(tc, str);
            }
            securityContextImpl.setIdentityName(VaultConstants.ClientAuthToken);
            securityContextImpl.setIdentityValue(bArr);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Using Client Authentication Token for Authentication");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "processClientAuthToken", bArr);
            }
            return bArr;
        } catch (GSSEncodeDecodeException e) {
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.processClientAuthToken", "3993", this);
            if (tc.isDebugEnabled()) {
                str = "Failed to get OID from receiving client GSS token in receive_request.";
                Tr.debug(tc, str);
            }
            if (auditService != null) {
                contextHandler = auditService.getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                if (auditData == null || auditData.getReceivedSubject() == null) {
                    this.princ = null;
                } else {
                    this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                }
                contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 11L);
                try {
                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                } catch (ProviderFailureException e2) {
                    Tr.error(tc, "security.JSAS1503E", new Object[]{e2});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e2);
                }
            }
            throw new NO_PERMISSION(str, SecurityMinorCodes.GSS_FORMAT_ERROR, CompletionStatus.COMPLETED_NO);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processCertificateChain(X509Certificate[] x509CertificateArr, String str, AuditData auditData, SecurityContextImpl securityContextImpl, SessionEntry sessionEntry, long j, ServerConnectionKey serverConnectionKey) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "processCertificateChain", new Object[]{x509CertificateArr, str, auditData, securityContextImpl, sessionEntry, new Long(j), serverConnectionKey, this});
        }
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        ContextHandler contextHandler = null;
        String str2 = null;
        String[] strArr = null;
        if (auditService != null) {
            str2 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing client certificate chain.");
            }
            auditData.setMechType(VaultConstants.CLIENT_CERT_MECH_TYPE);
            byte[] convertCertChainToBytes = SessionEntry.convertCertChainToBytes(x509CertificateArr);
            securityContextImpl.setIdentityName(VaultConstants.ClientCertificate);
            securityContextImpl.setIdentityValue(convertCertChainToBytes);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Using Client Certificates for Authentication: Security Name in the certificate is: " + str);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "processCertificateChain");
            }
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.processCertificateChain", "4135", this);
            if (securityContextImpl != null) {
                securityContextImpl.update_context_fail_reason(1229079296);
                this.csiUtil.getCurrent().setSecurityContext(securityContextImpl);
            }
            if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_STATEFUL) && sessionEntry != null && j != 0) {
                this.sessionMgr.csi_server_session_status_update(j, serverConnectionKey, 7);
                sessionEntry.set_session_state(7);
            }
            if (auditService != null) {
                contextHandler = auditService.getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                if (auditData == null || auditData.getReceivedSubject() == null) {
                    this.princ = null;
                } else {
                    this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                }
                contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 3L);
                try {
                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                } catch (ProviderFailureException e2) {
                    Tr.error(tc, "security.JSAS1503E", new Object[]{e2});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e2);
                }
            }
            throw new INTERNAL("Problem Converting client certificate chain to ByteArray: " + e, SecurityMinorCodes.CORBA_SYSTEM_EXCEPTION, CompletionStatus.COMPLETED_NO);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processUnauthenticated(AuditData auditData, SecurityContextImpl securityContextImpl, SessionEntry sessionEntry, long j, ServerConnectionKey serverConnectionKey) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "processUnauthenticated", new Object[]{auditData, securityContextImpl, sessionEntry, new Long(j), serverConnectionKey, this});
        }
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        ContextHandler contextHandler = null;
        String str = null;
        String[] strArr = null;
        if (auditService != null) {
            str = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        Subject createUnauthenticatedSubject = SubjectHelper.createUnauthenticatedSubject();
        if (this.csiUtil.getCurrent() != null) {
            this.csiUtil.getCurrent().initialize_requestor_context(createUnauthenticatedSubject);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No valid Identity tokens. Setting the credential to Unauthenticated");
        }
        if (securityContextImpl != null) {
            if (createUnauthenticatedSubject != null) {
                securityContextImpl.setClientSubject(createUnauthenticatedSubject);
            }
            securityContextImpl.update_context_fail_reason(1229079296);
            this.csiUtil.getCurrent().setSecurityContext(securityContextImpl);
        }
        if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_STATEFUL) && sessionEntry != null && j != 0 && securityContextImpl != null) {
            securityContextImpl.set_server_conn_key(serverConnectionKey);
            sessionEntry.set_security_context_holder(securityContextImpl);
            this.sessionMgr.csi_server_session_status_update(j, serverConnectionKey, 1);
        }
        if (auditService != null) {
            contextHandler = auditService.getContextHandler();
            if (contextHandler == null) {
                Tr.error(tc, "security.audit.service.context.error");
                auditService.processAuditFailure("security.audit.service.context.error", null);
            }
        }
        if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
            if (createUnauthenticatedSubject == null || createUnauthenticatedSubject.getPrincipals() == null) {
                this.princ = null;
            } else {
                this.princ = ((Principal) createUnauthenticatedSubject.getPrincipals().toArray()[0]).getName();
            }
            contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
            contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str, strArr, new Date(), new Long(0L).longValue()));
            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
            contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
            contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "DENIED", 12L);
            try {
                auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
            } catch (ProviderFailureException e) {
                Tr.error(tc, "security.JSAS1503E", new Object[]{e});
                auditService.processAuditFailure("security.audit.service.sendevent.error", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "processUnauthenticated");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processInvalidMessage(AuditData auditData, SessionEntry sessionEntry, long j, ServerConnectionKey serverConnectionKey) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "processInvalidMessage", new Object[]{auditData, sessionEntry, new Long(j), serverConnectionKey, this});
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Either message type is not EstablishContext or message and cert_chain are both no longer present.");
        }
        if (SecurityObjectLocator.getCSIv2Config().getBoolean(CSIv2Config.CLAIM_STATEFUL) && sessionEntry != null && j != 0) {
            this.sessionMgr.csi_server_session_status_update(j, serverConnectionKey, 7);
            sessionEntry.set_session_state(7);
        }
        ContextHandler contextHandler = null;
        String str = null;
        String[] strArr = null;
        if (auditService != null) {
            str = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        if (auditService != null) {
            contextHandler = auditService.getContextHandler();
            if (contextHandler == null) {
                Tr.error(tc, "security.audit.service.context.error");
                auditService.processAuditFailure("security.audit.service.context.error", null);
            }
        }
        if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
            if (auditData == null || auditData.getReceivedSubject() == null) {
                this.princ = null;
            } else {
                this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
            }
            contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
            contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str, strArr, new Date(), new Long(0L).longValue()));
            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
            contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
            contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(0), new Integer(0), "DENIED", 3L);
            try {
                auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
            } catch (ProviderFailureException e) {
                Tr.error(tc, "security.JSAS1503E", new Object[]{e});
                auditService.processAuditFailure("security.audit.service.sendevent.error", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "processInvalidMessage", "NO_PERMISSION");
        }
        throw new NO_PERMISSION("Message type invalid.", SecurityMinorCodes.INVALID_MESSAGE, CompletionStatus.COMPLETED_NO);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject authenticateSecurityTokens(byte[] bArr, X509Certificate[] x509CertificateArr, AuditData auditData, SecurityContextImpl securityContextImpl, SessionEntry sessionEntry, long j, ServerConnectionKey serverConnectionKey, String str, int i, Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "authenticateSecurityTokens", new Object[]{bArr, x509CertificateArr, auditData, securityContextImpl, sessionEntry, new Long(j), serverConnectionKey, str, new Integer(i), this});
        }
        Subject subject = null;
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Processing security information.");
        }
        ContextHandler contextHandler = null;
        String str2 = null;
        String[] strArr = null;
        if (auditService != null) {
            str2 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        try {
            securityContextImpl.csi_initialize(null, bArr, x509CertificateArr, new OpaqueHolder(), map);
            if (AssociationStatus.SecAssocSuccess.value() != 0) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Authentication Failed.");
                }
                if (securityContextImpl != null) {
                    securityContextImpl.update_context_fail_reason(1229079296);
                    this.csiUtil.getCurrent().setSecurityContext(securityContextImpl);
                }
                if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_STATEFUL) && sessionEntry != null && j != 0) {
                    this.sessionMgr.csi_server_session_status_update(j, serverConnectionKey, 7);
                    sessionEntry.set_session_state(7);
                }
                PrincipalAuthFailReason.map_auth_fail_to_minor_code(securityContextImpl._principalAuthFailReason, securityContextImpl._principalAuthFailDetail);
            } else {
                if (securityContextImpl == null) {
                    if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_STATEFUL) && sessionEntry != null && j != 0) {
                        this.sessionMgr.csi_server_session_status_update(j, serverConnectionKey, 7);
                        sessionEntry.set_session_state(7);
                    }
                    if (auditService != null) {
                        contextHandler = auditService.getContextHandler();
                        if (contextHandler == null) {
                            Tr.error(tc, "security.audit.service.context.error");
                            auditService.processAuditFailure("security.audit.service.context.error", null);
                        }
                    }
                    if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                        if (auditData == null || auditData.getReceivedSubject() == null) {
                            this.princ = null;
                        } else {
                            this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                        }
                        contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                        contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                        contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                        contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                        contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                        contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                        contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                        contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                        this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(0), new Integer(0), "DENIED", 3L);
                        try {
                            auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                        } catch (ProviderFailureException e) {
                            Tr.error(tc, "security.JSAS1503E", new Object[]{e});
                            auditService.processAuditFailure("security.audit.service.sendevent.error", e);
                        }
                    }
                    throw new NO_PERMISSION("The security context is null after authentication.", 1229079296, CompletionStatus.COMPLETED_NO);
                }
                securityContextImpl.setContextState(3);
                subject = securityContextImpl.getClientSubject();
                if (tc.isDebugEnabled()) {
                    try {
                        Tr.debug(tc, "Request authenticated for remote user: " + SubjectHelper.getWSCredentialFromSubject(subject).getSecurityName() + ", remote host/port: " + str + ":" + i);
                    } catch (Exception e2) {
                    }
                }
                if (subject == null) {
                    if (securityContextImpl != null) {
                        securityContextImpl.update_context_fail_reason(1229079296);
                        this.csiUtil.getCurrent().setSecurityContext(securityContextImpl);
                    }
                    if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_STATEFUL) && sessionEntry != null && j != 0) {
                        this.sessionMgr.csi_server_session_status_update(j, serverConnectionKey, 7);
                        sessionEntry.set_session_state(7);
                    }
                    Tr.error(tc, "security.JSAS0439E");
                    if (auditService != null) {
                        contextHandler = auditService.getContextHandler();
                        if (contextHandler == null) {
                            Tr.error(tc, "security.audit.service.context.error");
                            auditService.processAuditFailure("security.audit.service.context.error", null);
                        }
                    }
                    if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                        if (auditData == null || auditData.getReceivedSubject() == null) {
                            this.princ = null;
                        } else {
                            this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                        }
                        contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                        contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                        contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                        contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                        contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                        contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                        contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                        contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                        this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(0), new Integer(0), "DENIED", 3L);
                        try {
                            auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                        } catch (ProviderFailureException e3) {
                            Tr.error(tc, "security.JSAS1503E", new Object[]{e3});
                            auditService.processAuditFailure("security.audit.service.sendevent.error", e3);
                        }
                    }
                    throw new NO_PERMISSION("The Subject returned from authentication is null.", 1229079296, CompletionStatus.COMPLETED_NO);
                }
                this.csiUtil.getCurrent().initialize_requestor_context(subject);
                if (cSIv2Config.getBoolean("com.ibm.CSI.rmiInboundPropagationEnabled") && sessionEntry != null) {
                    try {
                        Map propagationTokens = ContextManagerFactory.getInstance().getPropagationTokens();
                        if (propagationTokens != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Setting propagation token(s) into session.");
                            }
                            sessionEntry.set_propagation_token_map(propagationTokens);
                        }
                    } catch (Exception e4) {
                        Manager.Ffdc.log(e4, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.authenticateSecurityTokens", "4785", this);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Error setting propagation token into session.", new Object[]{e4});
                        }
                    }
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authenticateSecurityTokens", subject);
            }
            return subject;
        } catch (Exception e5) {
            if (!SecurityMessages.suppressFFDCforKrbSkewError(e5)) {
                Manager.Ffdc.log(e5, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.authenticateSecurityTokens", "4519", this);
            }
            Tr.debug(tc, "Exception in csi_accept_security_context.", new Object[]{e5});
            this.csiUtil.getCurrent().setRootException(e5);
            if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_STATEFUL) && sessionEntry != null && j != 0) {
                this.sessionMgr.csi_server_session_status_update(j, serverConnectionKey, 7);
                sessionEntry.set_session_state(7);
            }
            if (securityContextImpl != null) {
                securityContextImpl.update_context_fail_reason(1229079296);
                this.csiUtil.getCurrent().setSecurityContext(securityContextImpl);
                PrincipalAuthFailReason.map_auth_fail_to_minor_code(securityContextImpl._principalAuthFailReason, (e5.getMessage() == null || e5.getMessage().length() == 0) ? securityContextImpl._principalAuthFailDetail : e5.getMessage().getBytes());
            }
            if (auditService != null) {
                contextHandler = auditService.getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                if (auditData == null || auditData.getReceivedSubject() == null) {
                    this.princ = null;
                } else {
                    this.princ = ((Principal) auditData.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                }
                contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(auditData.getStatefulContextId()).toString(), null, auditData.getRemoteHost(), new Integer(auditData.getRemotePort()).toString()));
                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(providerName, auditData.getOperation(), this.princ, auditData.getTransportPrincipal(), "denied", auditData.getOperation(), "ORB", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(auditData.getProviderName(), new Boolean(auditData.getProviderSuccessful()).toString()));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(0), new Integer(0), "DENIED", 13L);
                try {
                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                } catch (ProviderFailureException e6) {
                    Tr.error(tc, "security.JSAS1503E", new Object[]{e6});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e6);
                }
            }
            throw new NO_PERMISSION(e5.getMessage(), 1229079296, CompletionStatus.COMPLETED_NO);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void finishSessionProcessing(SecurityContextImpl securityContextImpl, Subject subject, SessionEntry sessionEntry, long j, ServerConnectionKey serverConnectionKey, boolean z, Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "finishSessionProcessing", new Object[]{securityContextImpl, subject, sessionEntry, new Long(j), serverConnectionKey, new Boolean(z), this});
        }
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        if (!cSIv2Config.getBoolean(CSIv2Config.CLAIM_STATEFUL) || sessionEntry == null || j == 0) {
            if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_STATEFUL) && z && subject != null && j != 0) {
                this.sessionMgr.csi_set_connection_cred(serverConnectionKey, subject);
                if (cSIv2Config.getBoolean("com.ibm.CSI.rmiInboundPropagationEnabled")) {
                    try {
                        Map propagationTokens = ContextManagerFactory.getInstance().getPropagationTokens();
                        if (propagationTokens != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Setting propagation token(s) for connection.");
                            }
                            this.sessionMgr.csi_set_connection_propagation_token_map(serverConnectionKey, propagationTokens);
                        }
                    } catch (Exception e) {
                        Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.finishSessionProcessing", "4935", this);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Error setting propagation token for connection.", new Object[]{e});
                        }
                    }
                }
            }
        } else if (securityContextImpl != null) {
            securityContextImpl.set_server_conn_key(serverConnectionKey);
            sessionEntry.set_security_context_holder(securityContextImpl);
            this.sessionMgr.csi_server_session_status_update(j, serverConnectionKey, 1);
        }
        if (z) {
            Tr.debug(tc, "Security transport only request. No security context set for reply.");
        } else if (securityContextImpl != null) {
            this.csiUtil.getCurrent().setSecurityContext(securityContextImpl);
        }
        String str = null;
        if (map != null && cSIv2Config.getBoolean("com.ibm.CSI.rmiInboundMappingEnabled")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "*** Credential Mapping ***");
            }
            if (tc.isDebugEnabled()) {
                try {
                    str = SubjectHelper.getWSCredentialFromSubject(subject).getSecurityName();
                } catch (Exception e2) {
                }
            }
            Subject mapAuthenticatedSubject = mapAuthenticatedSubject(subject, map);
            if (tc.isDebugEnabled()) {
                try {
                    Tr.debug(tc, "Mapped authenticated remote user: " + str + " to: " + SubjectHelper.getWSCredentialFromSubject(mapAuthenticatedSubject).getSecurityName());
                } catch (Exception e3) {
                }
            }
            this.csiUtil.getCurrent().initialize_requestor_context(mapAuthenticatedSubject);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "finishSessionProcessing");
        }
    }

    public boolean is_local_server_request(ServerRequestInfo serverRequestInfo) {
        if (((ExtendedServerRequestInfo) serverRequestInfo).isLocal()) {
            if (!tc.isDebugEnabled()) {
                return true;
            }
            Tr.debug(tc, "Local ORB request.");
            return true;
        }
        if (!tc.isDebugEnabled()) {
            return false;
        }
        Tr.debug(tc, "Remote ORB request.");
        return false;
    }

    public void receive_request_local(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServiceContext getPrivateReceiveRequestServiceContextFromFilter(ServerRequestInfo serverRequestInfo) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPrivateServiceContextFromFilter", new Object[]{serverRequestInfo, this});
        }
        ServiceContext serviceContext = null;
        try {
            serviceContext = serverRequestInfo.get_request_service_context(SecurityMinorCodes.CSIV2_ZOS_PRIVATE_CTX_ID);
        } catch (BAD_PARAM e) {
        }
        if (tc.isDebugEnabled() && serviceContext == null) {
            Tr.debug(tc, "Private service context not found.");
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Found private service context.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPrivateReceiveRequestServiceContextFromFilter", serviceContext);
        }
        return serviceContext;
    }

    public void removePrivateContext(GIOPMessageContext gIOPMessageContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removePrivateContext", new Object[]{gIOPMessageContext, this});
        }
        try {
            ServiceContextList serviceContexts = gIOPMessageContext.getServiceContexts();
            if (serviceContexts != null && serviceContexts.remove(SecurityMinorCodes.CSIV2_ZOS_PRIVATE_CTX_ID) && tc.isDebugEnabled()) {
                Tr.debug(tc, "Removed private service context from message context.");
            }
        } catch (UnsupportedOperationException e) {
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removePrivateContext");
        }
    }

    public void removeSeedContext(GIOPMessageContext gIOPMessageContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeSeedContext", new Object[]{gIOPMessageContext, this});
        }
        try {
            ServiceContextList serviceContexts = gIOPMessageContext.getServiceContexts();
            if (serviceContexts != null && serviceContexts.remove(SecurityMinorCodes.CSIV2_SEED_CTX_ID) && tc.isDebugEnabled()) {
                Tr.debug(tc, "Removed seed service context from message context.");
            }
        } catch (UnsupportedOperationException e) {
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeSeedContext");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServiceContext getSeedServiceContext(ServerRequestInfo serverRequestInfo) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSeedServiceContext", new Object[]{serverRequestInfo, this});
        }
        ServiceContext serviceContext = null;
        try {
            serviceContext = serverRequestInfo.get_request_service_context(SecurityMinorCodes.CSIV2_SEED_CTX_ID);
        } catch (BAD_PARAM e) {
        }
        if (tc.isDebugEnabled() && serviceContext == null) {
            Tr.debug(tc, "Seed service context not found.");
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Found seed service context.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSeedServiceContext", serviceContext);
        }
        return serviceContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void finishSessionProcessingForFilter(ServerRequestInfo serverRequestInfo, SecurityContextImpl securityContextImpl, Subject subject, SessionEntry sessionEntry, long j, ServerConnectionKey serverConnectionKey, boolean z, List list) throws Exception {
        byte[] createOpaqueTokenFromSubject;
        WSCredential wSCredentialFromSubject;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "finishSessionProcessingForFilter", new Object[]{serverRequestInfo, securityContextImpl, subject, sessionEntry, new Long(j), serverConnectionKey, new Boolean(z), this});
        }
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_STATEFUL) && securityContextImpl != null && sessionEntry != null && j != 0) {
            if (subject != null && cSIv2Config.getBoolean("com.ibm.CSI.rmiInboundPropagationEnabled") && (createOpaqueTokenFromSubject = WSOpaqueTokenHelper.getInstance().createOpaqueTokenFromSubject(subject)) != null) {
                sessionEntry.set_opaque_authz_token(createOpaqueTokenFromSubject);
                EstablishContext establishContext = sessionEntry.get_ec_message();
                boolean z2 = false;
                if (establishContext != null) {
                    z2 = establishContext.identity_token.discriminator() != 0;
                }
                if (!z2 && (wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject)) != null) {
                    WSSecurityContextFactory wSSecurityContextFactory = WSSecurityContextFactory.getInstance();
                    byte[] initSecContext = (wSCredentialFromSubject.isBasicAuth() ? wSSecurityContextFactory.createContext("oid:2.23.130.1.1.1") : wSSecurityContextFactory.createContext(wSCredentialFromSubject.getOID())).initSecContext(subject, wSCredentialFromSubject.getHostName(), OID.compareOIDs(wSCredentialFromSubject.getOID(), KRB5MechOID.value) ? SecurityObjectLocator.getSecurityConfig().getActiveAuthMechanism().getString("krb5Realm") : contextManagerFactory.getDefaultRealm());
                    if (initSecContext != null) {
                        byte[] encodeGSSToken = (wSCredentialFromSubject.isBasicAuth() ? new GSSFactory("oid:2.23.130.1.1.1") : new GSSFactory(wSCredentialFromSubject.getOID())).encodeGSSToken(initSecContext);
                        if (encodeGSSToken != null && establishContext != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Setting encoded bytes for in_token.");
                            }
                            sessionEntry.set_in_token(encodeGSSToken);
                            establishContext.client_authentication_token = encodeGSSToken;
                            sessionEntry.set_ec_message(establishContext);
                        }
                    }
                }
            }
            securityContextImpl.set_server_conn_key(serverConnectionKey);
            sessionEntry.set_security_context_holder(securityContextImpl);
            sessionEntry.set_session_state(1);
            if (cSIv2Config.getBoolean("com.ibm.CSI.rmiInboundPropagationEnabled")) {
                try {
                    Map propagationTokens = contextManagerFactory.getPropagationTokens();
                    if (propagationTokens != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Setting propagation token(s) for connection.");
                        }
                        sessionEntry.set_propagation_token_map(propagationTokens);
                        String tokenHolderCacheKey = getTokenHolderCacheKey(list);
                        if (tokenHolderCacheKey != null) {
                            contextManagerFactory.addPropagationTokensToCacheObject(tokenHolderCacheKey, propagationTokens);
                        }
                    }
                } catch (Exception e) {
                    Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.finishSessionProcessingForFilter", "5296", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Error setting propagation token for connection.", new Object[]{e});
                    }
                }
            }
        } else if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_STATEFUL) && z && subject != null && j != 0) {
            this.sessionMgr.csi_set_connection_cred(serverConnectionKey, subject);
            if (cSIv2Config.getBoolean("com.ibm.CSI.rmiInboundPropagationEnabled")) {
                try {
                    Map propagationTokens2 = contextManagerFactory.getPropagationTokens();
                    if (propagationTokens2 != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Setting propagation token(s) for connection.");
                        }
                        sessionEntry.set_propagation_token_map(propagationTokens2);
                    }
                } catch (Exception e2) {
                    Manager.Ffdc.log(e2, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.finishSessionProcessingForFilter", "5322", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Error setting propagation token for connection.", new Object[]{e2});
                    }
                }
            }
        }
        if (z) {
            Tr.debug(tc, "Security transport only request. No security context set for reply.");
        } else if (securityContextImpl != null) {
            this.csiUtil.getCurrent().setSecurityContext(securityContextImpl);
        }
        byte[] bytes = sessionEntry.getBytes();
        if (bytes != null) {
            serverRequestInfo.add_reply_service_context(new ServiceContext(SecurityMinorCodes.CSIV2_ZOS_PRIVATE_CTX_ID, bytes), true);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "finishSessionProcessingForFilter");
        }
    }

    public void doFilterReceiveRequest(GIOPConnectionContext gIOPConnectionContext, GIOPMessageContext gIOPMessageContext, ConnectionStateElement connectionStateElement) throws Exception {
        String str;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doFilterReceiveRequest", new Object[]{gIOPConnectionContext, gIOPMessageContext, connectionStateElement, this});
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Request ID: " + Integer.toString(gIOPMessageContext.getRequestId()));
        }
        SecurityObjectLocator.getCSIv2Config();
        AuditData initializeAuditService = initializeAuditService("<unknown operation>");
        ConnectionInformationImpl connectionInformationImpl = (ConnectionInformationImpl) this.myVault.getSecurityConnectionInterceptor().getServerConnectionData(gIOPConnectionContext);
        if (connectionInformationImpl == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ConnectionInfo object is null from the ORB.");
            }
            throw new INTERNAL("ConnectionInfo object is null from the ORB.", SecurityMinorCodes.NULL_POINTER_EXCEPTION, CompletionStatus.COMPLETED_NO);
        }
        String remoteHost = connectionInformationImpl.getRemoteHost();
        int remotePort = connectionInformationImpl.getRemotePort();
        String l = Long.toString(connectionInformationImpl.getConnectionCreationTime());
        SSLSession sSLSession = null;
        SSLConnectionContext sSLContext = gIOPConnectionContext.getSSLContext();
        if (sSLContext != null) {
            sSLSession = sSLContext.getSession();
        }
        X509Certificate[] x509CertificateArr = null;
        if (sSLSession != null) {
            try {
                x509CertificateArr = (X509Certificate[]) sSLSession.getPeerCertificates();
            } catch (SSLPeerUnverifiedException e) {
            }
        }
        com.ibm.CORBA.iiop.ServiceContext serviceContext = null;
        try {
            serviceContext = gIOPMessageContext.getServiceContexts().get(15);
        } catch (UnsupportedOperationException e2) {
        }
        SASContextBody cSIv2MessageFromServiceContext = getCSIv2MessageFromServiceContext(serviceContext);
        if (remoteHost != null) {
            initializeAuditService.setRemoteHost(remoteHost);
        }
        initializeAuditService.setRemotePort(remotePort);
        if (x509CertificateArr != null && x509CertificateArr.length > 0) {
            initializeAuditService.setTransportPrincipal(x509CertificateArr[0].getSubjectDN().getName());
        }
        byte[] bArr = null;
        SecurityContextImpl securityContextImpl = this.csiUtil.get_security_context_impl("", "");
        SessionEntry handleStatefulContextFromFilter = handleStatefulContextFromFilter(cSIv2MessageFromServiceContext, x509CertificateArr, initializeAuditService, remoteHost, remotePort, l, securityContextImpl, gIOPMessageContext);
        if (handleStatefulContextFromFilter != null) {
            String property = SecurityObjectLocator.getSecurityConfig().getProperty(SecurityConfig.KRB_AUTHENTICATE_CR_SR);
            if (property != null && property.equalsIgnoreCase("true")) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The authenticateInCRandSR property is set to true. Will proceed to authenticate with the ticket.");
                }
                EstablishContext establishContext = handleStatefulContextFromFilter.get_ec_message();
                String str2 = null;
                if (establishContext != null) {
                    this.csiUtil.print_ec_message(establishContext, "doFilterReceiveRequest");
                    str2 = GSSFactory.getMechOIDFromGSSToken(establishContext.client_authentication_token);
                }
                if (OID.compareOIDs(str2, KRB5MechOID.value)) {
                    WSSecurityContext createContext = WSSecurityContextFactory.getInstance().createContext(str2);
                    handleStatefulContextFromFilter.set_security_context_holder(securityContextImpl);
                    Subject clientSubject = securityContextImpl.getClientSubject();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "receivedSubject: " + clientSubject);
                    }
                    if (clientSubject == null) {
                        byte[] decodeGSSToken = new GSSFactory(str2).decodeGSSToken(establishContext.client_authentication_token);
                        boolean z = false;
                        WSSecurityContextResult wSSecurityContextResult = null;
                        try {
                            if (SecurityObjectLocator.getSecurityConfigManager().isAdminAgent() && (str = handleStatefulContextFromFilter.get_managed_node_uuid()) != null && str.length() > 0) {
                                z = pushAdminContext(str);
                            }
                            wSSecurityContextResult = createContext.acceptSecContext(decodeGSSToken, null, str2);
                            if (z) {
                                popAdminContext();
                            }
                        } catch (Exception e3) {
                            if (z) {
                                popAdminContext();
                            }
                        } catch (Throwable th) {
                            if (z) {
                                popAdminContext();
                            }
                            throw th;
                        }
                        if (wSSecurityContextResult != null && wSSecurityContextResult.getSubject() != null) {
                            clientSubject = wSSecurityContextResult.getSubject();
                        }
                    }
                    securityContextImpl.setClientSubject(clientSubject);
                    WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(clientSubject);
                    if (OID.compareOIDs(wSCredentialFromSubject.getOID(), KRB5MechOID.value)) {
                        if (!SubjectHelper.isWSCredentialValid(clientSubject, true)) {
                            throw new NO_PERMISSION("The credential for the subject " + clientSubject + " is no longer valid. The request will be retried.", SecurityMinorCodes.CREDENTIAL_TOKEN_EXPIRED, CompletionStatus.COMPLETED_NO);
                        }
                        if (wSCredentialFromSubject != null && cSIv2MessageFromServiceContext.discriminator() == 5) {
                            WSSecurityContextFactory wSSecurityContextFactory = WSSecurityContextFactory.getInstance();
                            byte[] initSecContext = (wSCredentialFromSubject.isBasicAuth() ? wSSecurityContextFactory.createContext("oid:2.23.130.1.1.1") : wSSecurityContextFactory.createContext(wSCredentialFromSubject.getOID())).initSecContext(clientSubject, wSCredentialFromSubject.getHostName(), SecurityObjectLocator.getSecurityConfig().getActiveAuthMechanism().getString("krb5Realm"));
                            if (initSecContext != null) {
                                byte[] encodeGSSToken = (wSCredentialFromSubject.isBasicAuth() ? new GSSFactory("oid:2.23.130.1.1.1") : new GSSFactory(wSCredentialFromSubject.getOID())).encodeGSSToken(initSecContext);
                                if (encodeGSSToken != null && establishContext != null) {
                                    handleStatefulContextFromFilter.set_in_token(encodeGSSToken);
                                    establishContext.client_authentication_token = encodeGSSToken;
                                    handleStatefulContextFromFilter.set_ec_message(establishContext);
                                }
                            }
                        }
                    }
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The authenticateInCRandSR property is set to false. The ticket was not authenticated in the control region.");
            }
            bArr = handleStatefulContextFromFilter.getBytes();
        }
        if (bArr != null) {
            com.ibm.rmi.ServiceContext serviceContext2 = new com.ibm.rmi.ServiceContext(SecurityMinorCodes.CSIV2_ZOS_PRIVATE_CTX_ID, bArr);
            try {
                ServiceContextList serviceContexts = gIOPMessageContext.getServiceContexts();
                if (serviceContexts != null) {
                    serviceContexts.add(serviceContext2, true);
                    gIOPMessageContext.setServiceContexts(serviceContexts);
                }
            } catch (UnsupportedOperationException e4) {
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "doFilterReceiveRequest");
        }
    }

    public Subject loginWithSeed(SecurityExecutionEnvironment securityExecutionEnvironment, Map map) throws WSLoginFailedException, WSSecurityException {
        Subject login;
        byte[] krbAuthnToken;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loginWithSeed", new Object[]{securityExecutionEnvironment});
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        if (securityExecutionEnvironment.isUnauthenticatedCredential()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting unauthenticated Subject from seed.");
            }
            login = contextManagerFactory.createUnauthenticatedSubject();
        } else if (securityExecutionEnvironment.isServerCredential()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting server Subject from seed.");
            }
            login = contextManagerFactory.getServerSubject();
        } else {
            Hashtable loginHashtable = securityExecutionEnvironment.getLoginHashtable();
            Subject subject = new Subject();
            subject.getPublicCredentials().add(loginHashtable);
            if (AuthMechanismConfig.TYPE_KERBEROS.equals(SecurityObjectLocator.getSecurityConfig().getActiveAuthMechanism().getType()) && (krbAuthnToken = securityExecutionEnvironment.getKrbAuthnToken()) != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "loginWithSeed adding kerberos token");
                }
                KRBAuthnToken createToken = WSKRBAuthnTokenFactoryFactory.getFactory().createToken(krbAuthnToken);
                subject.getPrivateCredentials().add(createToken);
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "loginWithSeed adding kerberos Principal");
                    }
                    subject.getPrincipals().add(new KerberosPrincipal(createToken.getTokenPrincipal()));
                } catch (Exception e) {
                    Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.loginWithSeed", "5597");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception adding Kerberos principal to Subject.", new Object[]{e});
                    }
                }
            }
            String securityName = securityExecutionEnvironment.getSecurityName();
            String realm = securityExecutionEnvironment.getRealm();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Building subject from seed hashtable login.");
            }
            login = contextManagerFactory.login(realm, securityName, (String) null, (HttpServletRequest) null, (HttpServletResponse) null, map, subject);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "loginWithSeed authenticated " + securityName, new Object[]{login});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loginWithSeed", login);
        }
        return login;
    }

    public void doFilterSendReply(GIOPConnectionContext gIOPConnectionContext, GIOPMessageContext gIOPMessageContext, ConnectionStateElement connectionStateElement) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doFilterSendReply", new Object[]{gIOPConnectionContext, gIOPMessageContext, connectionStateElement, this});
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Request ID: " + Integer.toString(gIOPMessageContext.getRequestId()));
        }
        com.ibm.CORBA.iiop.ServiceContext serviceContext = null;
        try {
            try {
                serviceContext = gIOPMessageContext.getServiceContexts().get(SecurityMinorCodes.CSIV2_ZOS_PRIVATE_CTX_ID);
            } catch (BAD_PARAM e) {
            }
        } catch (UnsupportedOperationException e2) {
        }
        if (serviceContext != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found private reply service context in filter.  Updating session entry.");
            }
            SessionEntry sessionEntry = new SessionEntry(serviceContext.getContextData());
            if (sessionEntry != null) {
                long j = sessionEntry.get_client_context_id();
                if (sessionEntry.get_renegotiate_to_stateless() || j == 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Returning without session update, session is stateless.");
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "doFilterSendReply");
                        return;
                    }
                    return;
                }
                ConnectionInformationImpl connectionInformationImpl = (ConnectionInformationImpl) this.myVault.getSecurityConnectionInterceptor().getServerConnectionData(gIOPConnectionContext);
                ServerConnectionKey serverConnectionKey = new ServerConnectionKey(Long.toString(connectionInformationImpl.getConnectionCreationTime()), connectionInformationImpl.getRemoteHost(), connectionInformationImpl.getRemotePort());
                EstablishContext establishContext = sessionEntry.get_ec_message();
                String mechOIDFromGSSToken = GSSFactory.getMechOIDFromGSSToken(establishContext.client_authentication_token);
                String property = SecurityObjectLocator.getSecurityConfig().getProperty(SecurityConfig.KRB_AUTHENTICATE_CR_SR);
                if (property != null && property.equalsIgnoreCase("true")) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "The authenticateInCRandSR property is set to true. Will proceed to authenticate with the ticket.");
                    }
                    if (OID.compareOIDs(mechOIDFromGSSToken, KRB5MechOID.value)) {
                        SASContextBody sASContextBody = new SASContextBody();
                        sASContextBody.establish_msg(establishContext);
                        SessionEntry csi_server_session_lookup = this.sessionMgr.csi_server_session_lookup(establishContext.client_context_id, serverConnectionKey, sASContextBody, true);
                        if (csi_server_session_lookup != null) {
                            SecurityContextImpl securityContextImpl = csi_server_session_lookup.get_security_context_holder();
                            Subject subject = null;
                            if (securityContextImpl != null) {
                                subject = securityContextImpl.getClientSubject();
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Subject from cr: " + subject);
                                }
                            }
                            if (sessionEntry.get_security_context_holder() == null) {
                                SecurityContextImpl securityContextImpl2 = this.csiUtil.get_security_context_impl("", "");
                                sessionEntry.set_security_context_holder(securityContextImpl2);
                                securityContextImpl2.setClientSubject(subject);
                            }
                        }
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The authenticateInCRandSR property is set to false. The ticket was not authenticated in the control region.");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Updating session from SR with: " + sessionEntry);
                }
                this.sessionMgr.csi_server_session_update(j, serverConnectionKey, sessionEntry);
            }
        } else {
            SecurityContextImpl securityContext = this.csiUtil.getCurrent().getSecurityContext();
            if (securityContext != null && securityContext.get_minor_code() != 0) {
                doFilterSendException(gIOPConnectionContext, gIOPMessageContext, connectionStateElement, securityContext);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "doFilterSendReply");
        }
    }

    void getTransportLayerData(SessionEntry sessionEntry, GIOPMessageContext gIOPMessageContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTransportLayerData", new Object[]{sessionEntry, gIOPMessageContext, this});
        }
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        OutOfBandDataHolder outOfBandDataHolder = (OutOfBandDataHolder) gIOPMessageContext;
        byte[] bArr = null;
        byte[] bArr2 = null;
        if (gIOPMessageContext == null || outOfBandDataHolder == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No transport layer data (zmc or gmc is null).");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getTransportLayerData");
                return;
            }
            return;
        }
        OutOfBandData outOfBandData = outOfBandDataHolder.getOutOfBandData();
        if (outOfBandData != null) {
            bArr2 = outOfBandData.getChunk(3);
            if (bArr2 != null && bArr2.length > 0) {
                if (bArr2[0] == 1) {
                    String string = cSIv2Config.getString(CSIv2Config.ACTIVE_USER_REGISTRY);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Active user registry: " + string);
                    }
                    if ((string != null && string.equals("LOCALOS")) || cSIv2Config.getBoolean("com.ibm.CSI.localCommDataForNonLocalOSEnabled")) {
                        sessionEntry.set_transport_layer_data_type(bArr2[0]);
                        bArr = outOfBandData.getChunk(2);
                        if (bArr != null && bArr.length > 0) {
                            for (int i = 0; i < bArr.length; i++) {
                                bArr[i] = Translate.toAscii(bArr[i]);
                            }
                            sessionEntry.set_transport_layer_data(new String(bArr).trim().getBytes());
                        }
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unknown transport layer data type");
                }
            }
        }
        if (tc.isDebugEnabled()) {
            if (bArr2 == null || bArr2.length <= 0) {
                Tr.debug(tc, "No transport layer data");
            } else {
                Tr.debug(tc, "type: " + bArr2 + "\ndata: " + (bArr == null ? "null" : new String(bArr)));
            }
            Tr.exit(tc, "getTransportLayerData");
        }
    }

    public byte[] getTransportLayerDataType(GIOPMessageContext gIOPMessageContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTransportLayerDataType", new Object[]{gIOPMessageContext, this});
        }
        byte[] bArr = null;
        OutOfBandDataHolder outOfBandDataHolder = (OutOfBandDataHolder) gIOPMessageContext;
        if (gIOPMessageContext != null && outOfBandDataHolder != null) {
            OutOfBandData outOfBandData = outOfBandDataHolder.getOutOfBandData();
            if (outOfBandData != null) {
                bArr = outOfBandData.getChunk(3);
                if (bArr != null && bArr.length == 0) {
                    bArr = null;
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "OutOfBandData is null");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "GIOPMessageContext is null");
        }
        if (tc.isDebugEnabled()) {
            if (bArr == null) {
                Tr.debug(tc, "transport layer data type is null");
            } else {
                Tr.debug(tc, "transport layer data type non-null", new Object[]{bArr});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTransportLayerDataType", bArr);
        }
        return bArr;
    }

    private String getTokenHolderCacheKey(List list) throws Exception {
        byte[] bytes;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTokenHolderCacheKey", new Object[]{list});
        }
        String str = null;
        if (list != null) {
            for (int i = 0; i < list.size(); i++) {
                TokenHolder tokenHolder = (TokenHolder) list.get(i);
                if (tokenHolder.getName().equals(AttributeNameConstants.WSCREDENTIAL_CACHE_KEY) && (bytes = tokenHolder.getBytes()) != null) {
                    str = StringBytesConversion.getConvertedString(bytes);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found cache key from token holder list: " + str);
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTokenHolderCacheKey", str);
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map getJ2EEName(byte[] bArr) {
        Map map = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getJ2EEName", bArr);
        }
        if (this.appContextMgr != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "to get J2EE Name");
            }
            try {
                map = this.appContextMgr.getJ2EEName(bArr);
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "getJ2EEName caught exception =  " + e.getMessage());
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "appContextManager is null");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getJ2EEName");
        }
        return map;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject mapAuthenticatedSubject(Subject subject, Map map) throws NO_PERMISSION {
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapAuthenticatedSubject", map);
        }
        if (cSIv2Config.getString("com.ibm.CSI.rmiInboundMappingConfig") == null || cSIv2Config.getString("com.ibm.CSI.rmiInboundMappingConfig").length() == 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "rmiInboundMappingConfig is not defined: do nothing");
            }
            return subject;
        }
        if (!cSIv2Config.getBoolean("com.ibm.CSI.rmiInboundMappingEnabled")) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "mapAuthenticatedSubject");
            return null;
        }
        try {
            Subject subject2 = new Subject();
            subject2.getPrivateCredentials().add(new WSSubjectWrapperImpl(subject));
            ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
            return contextManagerFactory.login(contextManagerFactory.getDefaultRealm(), (String) null, (String) null, cSIv2Config.getString("com.ibm.CSI.rmiInboundMappingConfig"), (HttpServletRequest) null, (HttpServletResponse) null, map, subject2);
        } catch (WSLoginFailedException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WSLoginFailedException occurred in authenticateSecurityTokens> mappping: " + e.getMessage());
                Tr.debug(tc, GSSEncodeDecodeException.exceptionCaughtStr + e.getMessage());
            }
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.receive_request", "6056", this);
            throw new NO_PERMISSION(e.getMessage(), SecurityMinorCodes.MAPPING_FAILED, CompletionStatus.COMPLETED_NO);
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred in authenticateSecurityTokens> mappping: " + e2.getMessage());
                Tr.debug(tc, GSSEncodeDecodeException.exceptionCaughtStr + e2.getMessage());
            }
            Manager.Ffdc.log(e2, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.receive_request", "6070", this);
            throw new NO_PERMISSION(e2.getMessage(), SecurityMinorCodes.MAPPING_FAILED, CompletionStatus.COMPLETED_NO);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getManagedNodeUUID(ServerRequestInfo serverRequestInfo) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getManagedNodeUUID ServerRequestInfo");
        }
        String managedNodeUUID = getManagedNodeUUID(((ExtendedServerRequestInfo) serverRequestInfo).getTarget());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getManagedNodeUUID ServerRequestInfo: " + managedNodeUUID);
        }
        return managedNodeUUID;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getManagedNodeUUID(IORInfo iORInfo) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getManagedNodeUUID IORInfo");
        }
        String managedNodeUUID = getManagedNodeUUID(((ExtendedIORInfo) iORInfo).getTarget());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getManagedNodeUUID IORInfo: " + managedNodeUUID);
        }
        return managedNodeUUID;
    }

    public static String getManagedNodeUUID(Object obj) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getManagedNodeUUID Object");
        }
        String str = null;
        if (obj != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "target is " + obj.getClass().getName());
            }
            if (obj instanceof Tie) {
                RMIServerImpl target = ((Tie) obj).getTarget();
                if (target != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "tie's target is " + target.getClass().getName());
                    }
                    if (target instanceof RMIServerImpl) {
                        MBeanServer mBeanServer = target.getMBeanServer();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "MBean server is: " + mBeanServer);
                        }
                        if (mBeanServer != null) {
                            try {
                                str = (String) mBeanServer.getAttribute(interceptorObjName, "uuid");
                            } catch (Throwable th) {
                                Manager.Ffdc.log(th, thisClass, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRI.getManagedNodeUUID", "%C");
                            }
                        }
                    } else if (target instanceof RMIConnectionImpl) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "invoking getAttribute on javax.management.remote.rmi.RMIConnectionImpl");
                        }
                        try {
                            str = (String) ((RMIConnectionImpl) target).getAttribute(interceptorObjName, "uuid", (Subject) null);
                        } catch (Throwable th2) {
                            Manager.Ffdc.log(th2, thisClass, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRI.getManagedNodeUUID", "%C");
                        }
                    } else if (rmiConnectorClz.isAssignableFrom(target.getClass())) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "invoking getAttribute on com.ibm.ws.management.connector.rmi.RMIConnector");
                        }
                        try {
                            str = (String) getAttributeMethod.invoke(target, interceptorObjName, "uuid");
                        } catch (Throwable th3) {
                            Manager.Ffdc.log(th3, thisClass, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRI.getManagedNodeUUID", "%C");
                        }
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "tie's target is null");
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "target is null");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getManagedNodeUUID Object", str);
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean pushAdminContext(String str) {
        try {
            return ((Boolean) pushMethod.invoke(null, str)).booleanValue();
        } catch (Throwable th) {
            Manager.Ffdc.log(th, thisClass, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRI.pushAdminContext", "%C");
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void popAdminContext() {
        try {
            popMethod.invoke(null, new Object[0]);
        } catch (Throwable th) {
            Manager.Ffdc.log(th, thisClass, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRI.popAdminContext", "%C");
        }
    }

    public void doFilterSendException(GIOPConnectionContext gIOPConnectionContext, GIOPMessageContext gIOPMessageContext, ConnectionStateElement connectionStateElement, SecurityContextImpl securityContextImpl) {
        ContextError contextError;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doFilterSendException");
        }
        long j = securityContextImpl.get_stateful_context_id();
        byte[] serializeRootException = this.csiUtil.serializeRootException();
        if (securityContextImpl != null) {
            contextError = securityContextImpl.get_minor_code() == 1229079304 ? new ContextError(j, 4, 1, serializeRootException) : new ContextError(j, 0, securityContextImpl.get_minor_code(), serializeRootException);
            this.csiUtil.print_ce_message(contextError, "doFilterSendException");
        } else {
            contextError = new ContextError(j, 0, 0, serializeRootException);
            this.csiUtil.print_ce_message(contextError, "doFilterSendException");
        }
        ServiceContext create_sc_from_ce_message = this.csiUtil.create_sc_from_ce_message(contextError);
        if (create_sc_from_ce_message != null) {
            com.ibm.rmi.ServiceContext serviceContext = new com.ibm.rmi.ServiceContext(create_sc_from_ce_message.context_id, create_sc_from_ce_message.context_data);
            try {
                ServiceContextList serviceContexts = gIOPMessageContext.getServiceContexts();
                if (serviceContexts != null) {
                    serviceContexts.add(serviceContext, true);
                    gIOPMessageContext.setServiceContexts(serviceContexts);
                }
            } catch (UnsupportedOperationException e) {
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "doFilterSendException");
        }
    }

    static {
        interceptorObjName = null;
        rmiConnectorClz = null;
        getAttributeMethod = null;
        adminContextClz = null;
        pushMethod = null;
        popMethod = null;
        try {
            interceptorObjName = new ObjectName("WebSphere:type=AdminAgentInterceptor");
            rmiConnectorClz = Class.forName("com.ibm.ws.management.connector.rmi.RMIConnector");
            getAttributeMethod = rmiConnectorClz.getMethod("getAttribute", ObjectName.class, String.class);
            adminContextClz = Class.forName("com.ibm.websphere.management.AdminContext");
            pushMethod = adminContextClz.getMethod("push", String.class);
            popMethod = adminContextClz.getMethod("pop", new Class[0]);
        } catch (Throwable th) {
        }
        auditService = null;
        cert_chain_private_token_name = "CERT_CHAIN_PRIVATE_TOKEN";
        attribute_layer_private_token_name = "ATTRIBUTE_LAYER_PRIVATE_TOKEN";
        client_auth_layer_private_token_name = "CLIENT_AUTH_LAYER_PRIVATE_TOKEN";
        session_info_private_token_name = "SESSION_INFO_PRIVATE_TOKEN";
    }
}
