package com.ibm.ISecurityLocalObjectBaseL13Impl;

import com.ibm.CORBA.iiop.ExtendedORBInitInfo;
import com.ibm.CORBA.iiop.ExtendedServerRequestInfo;
import com.ibm.CORBA.iiop.ORB;
import com.ibm.CORBA.iiop.ObjectKey;
import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.ServerConnectionKey;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionEntry;
import com.ibm.ISecurityUtilityImpl.AuditData;
import com.ibm.ISecurityUtilityImpl.ConfigURLProperties;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.orb.transport.ConnectionData;
import com.ibm.ws.orb.transport.ServerConnectionData;
import com.ibm.ws.orbimpl.transport.ConnectionInformationImpl;
import com.ibm.ws.security.orbssl.SSLServerConnectionDataImpl;
import com.ibm.wsspi.security.audit.AuditOutcome;
import java.security.cert.X509Certificate;
import java.util.Map;
import org.omg.CSI.EstablishContext;
import org.omg.CSI.IdentityToken;
import org.omg.CSI.SASContextBody;
import org.omg.PortableInterceptor.ForwardRequest;
import org.omg.PortableInterceptor.ORBInitInfo;
import org.omg.PortableInterceptor.ServerRequestInfo;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ISecurityLocalObjectBaseL13Impl/CSIServerRI.class */
public class CSIServerRI extends CSIServerRIBase {
    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase, com.ibm.ISecurityLocalObjectBaseL13Impl.CSIORBInit
    public void pre_init(ORBInitInfo oRBInitInfo) {
        super.pre_init(oRBInitInfo);
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIServerRI.pre_init");
        }
        if (ConfigURLProperties.isSecurityEnabled()) {
            SecurityLogger.logAudit("CSIServerRI.pre_init", "security.ServerCSI");
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIServerRI.pre_init", "Register server request interceptor.");
            }
            try {
                this.slotid = oRBInitInfo.allocate_slot_id();
                ((ExtendedORBInitInfo) oRBInitInfo).add_server_request_interceptor(this, false);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRI.pre_init", "249", this);
                SecurityLogger.logError("security.JSAS0488E", new Object[]{"CSIServerRI.pre_init", e});
            }
        }
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIServerRI.pre_init");
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase, com.ibm.ISecurityLocalObjectBaseL13Impl.CSIORBInit
    public void post_init(ORBInitInfo oRBInitInfo) {
        super.post_init(oRBInitInfo);
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase
    public void receive_request_service_contexts(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase
    public void receive_request(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
        ConnectionData sSLServerConnectionDataImpl;
        SessionEntry sessionEntry;
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIServerRI.receive_request");
            SecurityLogger.debugMessage("CSIServerRI.receive_request", "*** RECEIVING REQUEST ***");
            entry(serverRequestInfo, "CSIServerRI.receive_request");
        }
        if (qualifyServerRequest(serverRequestInfo)) {
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIServerRI.receive_request");
                return;
            }
            return;
        }
        String str = null;
        ConnectionInformationImpl connectionInformationImpl = (ConnectionInformationImpl) ((ExtendedServerRequestInfo) serverRequestInfo).getConnectionData();
        if (connectionInformationImpl != null) {
            sSLServerConnectionDataImpl = (ConnectionData) connectionInformationImpl.getConnectionData();
            if (!(sSLServerConnectionDataImpl instanceof ServerConnectionData)) {
                SecurityLogger.debugMessage("CSIServerRI.receive_request", "Callback method. Return from interceptor.");
                if (SecurityLogger.debugEntryEnabled) {
                    SecurityLogger.debugExit("CSIServerRI.receive_request");
                    return;
                }
                return;
            }
        } else {
            sSLServerConnectionDataImpl = new SSLServerConnectionDataImpl();
            sSLServerConnectionDataImpl.setConnectionKey("LOCAL_CONNECTION");
            sSLServerConnectionDataImpl.setConnectionType(3L);
            connectionInformationImpl = new ConnectionInformationImpl(sSLServerConnectionDataImpl, null, System.currentTimeMillis(), "LOCAL_CONNECTION", 0);
        }
        CurrentImpl current = this.myVault.getCurrent();
        String name = ((ExtendedServerRequestInfo) serverRequestInfo).getTarget() != null ? ((ExtendedServerRequestInfo) serverRequestInfo).getTarget().getClass().getName() : "<unknown>";
        SASContextBody cSIv2MessageFromServiceContext = getCSIv2MessageFromServiceContext(serverRequestInfo);
        X509Certificate[] clientX509Certificate = connectionInformationImpl.getClientX509Certificate();
        boolean z = this.secConfig.getneverUseClientCertificateForCallerLogin();
        if (z) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIServerRI.receive_request", "Client certificate not considered for login.");
            }
        } else if (ConfigURLProperties.isServerSecurityEnabled()) {
            if (clientX509Certificate != null && clientX509Certificate[0] != null) {
                str = clientX509Certificate[0].getSubjectDN().getName();
            }
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIServerRI.receive_request", new StringBuffer().append("Server security enabled, getting transport principal (if present): ").append(name).toString());
            }
        } else if (SecurityComponentFactory.list != null && SecurityComponentFactory.list.find(name)) {
            if (clientX509Certificate != null && clientX509Certificate[0] != null) {
                str = clientX509Certificate[0].getSubjectDN().getName();
            }
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIServerRI.receive_request", new StringBuffer().append("Server security disabled, getting transport principal (if present) for class_name ").append(name).append(": ").append(str).toString());
            }
        }
        AuditData initializeAuditService = initializeAuditService(serverRequestInfo.operation(), connectionInformationImpl.getRemoteHost(), connectionInformationImpl.getRemotePort(), str);
        if (!verifySecurityInfoIsSufficientToContinue(clientX509Certificate, cSIv2MessageFromServiceContext, null, connectionInformationImpl.getRemoteHost(), connectionInformationImpl.getRemotePort(), name, serverRequestInfo.operation(), initializeAuditService)) {
            current.clear_requestor_context();
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIServerRI.receive_request");
                return;
            }
            return;
        }
        byte[] bArr = null;
        boolean z2 = false;
        long j = 0;
        ServerConnectionKey serverConnectionKey = null;
        SecurityContextImpl securityContextImpl = this.csiUtil.get_security_context_impl("", "");
        SecurityLogger.debugMessage("CSIServerRI.receive_request", "*** GET J2EE APPLICATION NAME ***");
        ObjectKey objectKey = new ObjectKey(serverRequestInfo.object_id());
        byte[] bArr2 = null;
        if (objectKey != null) {
            bArr2 = objectKey.getUserKey();
        } else if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIServerRI.receive_request", new StringBuffer().append("objectKey is null;  object_id was ").append(new String(serverRequestInfo.object_id())).toString());
        }
        Map j2EEName = getJ2EEName(bArr2);
        SecurityLogger.debugMessage("CSIServerRI.receive_request", "*** BEGIN STATEFUL CODE ***");
        if (this.secConfig.getCSIv2ClaimStateful()) {
            serverConnectionKey = new ServerConnectionKey(connectionInformationImpl.getConnectionCreationTime(), connectionInformationImpl.getRemoteHost(), connectionInformationImpl.getRemotePort());
            sessionEntry = handleStatefulContext(cSIv2MessageFromServiceContext, clientX509Certificate, initializeAuditService, connectionInformationImpl.getRemoteHost(), connectionInformationImpl.getRemotePort(), serverConnectionKey, securityContextImpl, j2EEName);
            if (sessionEntry == null) {
                if (SecurityLogger.debugEntryEnabled) {
                    SecurityLogger.debugExit("CSIServerRI.receive_request");
                    return;
                }
                return;
            } else {
                j = sessionEntry.get_client_context_id();
                if (sessionEntry.get_renegotiate_to_stateless()) {
                    j = 0;
                    sessionEntry.reset_renegotiate_to_stateless();
                }
            }
        } else {
            sessionEntry = new SessionEntry(0L);
        }
        SecurityLogger.debugMessage("CSIServerRI.receive_request", "*** BEGIN AUTHENTICATION CODE ***");
        SecurityLogger.debugMessage("CSIServerRI.receive_request", cSIv2MessageFromServiceContext != null ? cSIv2MessageFromServiceContext.discriminator() == 0 ? "*** MTEstablishContext ***" : cSIv2MessageFromServiceContext.discriminator() == 5 ? "*** MTMessageInContext ***" : "*** other message type ***" : "*** msg == null ***");
        if (cSIv2MessageFromServiceContext != null && cSIv2MessageFromServiceContext.discriminator() == 0) {
            EstablishContext establish_msg = cSIv2MessageFromServiceContext.establish_msg();
            this.csiUtil.print_ec_message(establish_msg, "CSIServerRI.receive_request");
            IdentityToken identityToken = establish_msg.identity_token;
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIServerRI.receive_request", new StringBuffer().append("identity token present: ").append(identityToken.discriminator() != 0).append(", client_authentication_token present: ").append(establish_msg.client_authentication_token != null && establish_msg.client_authentication_token.length > 0).append(", certificate chain present: ").append(clientX509Certificate != null).toString());
            }
            handlePropagationToken(establish_msg, sessionEntry, initializeAuditService);
            securityContextImpl = getSecurityContext(establish_msg, initializeAuditService, sSLServerConnectionDataImpl, sessionEntry, j, serverConnectionKey);
            if (identityToken.discriminator() != 0 && identityToken.discriminator() != 1) {
                bArr = processIdentityToken(establish_msg, identityToken, initializeAuditService, sessionEntry, j, serverConnectionKey, securityContextImpl, clientX509Certificate, str);
                sessionEntry.set_in_token(bArr);
                sessionEntry.set_identity_assertion_type(securityContextImpl.getIdentityName());
                sessionEntry.set_identity_assertion_data(securityContextImpl.getIdentityValue());
            } else {
                if (establish_msg.client_authentication_token == null || establish_msg.client_authentication_token.length <= 0 || identityToken.discriminator() == 1) {
                    processUnauthenticated(initializeAuditService, securityContextImpl, sessionEntry, j, serverConnectionKey);
                    if (SecurityLogger.debugEntryEnabled) {
                        SecurityLogger.debugExit("CSIServerRI.receive_request");
                        return;
                    }
                    return;
                }
                bArr = processClientAuthToken(establish_msg, initializeAuditService, securityContextImpl);
                sessionEntry.set_in_token(bArr);
                sessionEntry.set_identity_assertion_type(securityContextImpl.getIdentityName());
                sessionEntry.set_identity_assertion_data(securityContextImpl.getIdentityValue());
            }
        } else if (z) {
            SecurityLogger.debugMessage("CSIServerRI.receive_request", " there is no identity to process, returning from receive_request.");
            return;
        } else if (clientX509Certificate == null || clientX509Certificate.length <= 0) {
            processInvalidMessage(initializeAuditService, sessionEntry, j, serverConnectionKey);
        } else {
            processCertificateChain(clientX509Certificate, str, initializeAuditService, securityContextImpl, sessionEntry, j, serverConnectionKey);
            z2 = true;
        }
        SecurityLogger.debugMessage("CSIServerRI.receive_request", "*** Authentication ***");
        finishSessionProcessing(securityContextImpl, authenticateSecurityTokens(bArr, clientX509Certificate, initializeAuditService, securityContextImpl, sessionEntry, j, serverConnectionKey, connectionInformationImpl.getRemoteHost(), connectionInformationImpl.getRemotePort(), j2EEName), sessionEntry, j, serverConnectionKey, z2, j2EEName);
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIServerRI.receive_request", "*** BEGIN PREINVOKE ***");
        }
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIServerRI.receive_request");
        }
        if (auditFactory == null || !auditFactory.isActive(0, 0)) {
            return;
        }
        auditFactory.sendAuthnAuditEvent(auditHandler, AuditOutcome.SUCCESS, "SUCCESS", new Long(initializeAuditService.getStatefulContextId()).toString(), null, initializeAuditService.getOperation(), "ORB", initializeAuditService.getOperation(), null, initializeAuditService.getMechType(), null, initializeAuditService.getTransportPrincipal(), initializeAuditService.getProviderName(), initializeAuditService.getProviderSuccessful(), initializeAuditService.getReceivedSubject(), "", initializeAuditService.getRemoteHost(), initializeAuditService.getRemotePort(), "security.audit.csi.authn.success.audit", null);
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase
    public void send_reply(ServerRequestInfo serverRequestInfo) {
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIServerRI.send_reply");
        }
        if (SecurityLogger.debugTraceEnabled) {
            entry(serverRequestInfo, "CSIServerRI.send_reply");
        }
        if (is_local_server_request(serverRequestInfo)) {
            send_reply_local(serverRequestInfo);
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIServerRI.send_reply");
                return;
            }
            return;
        }
        String name = ((ExtendedServerRequestInfo) serverRequestInfo).getTarget() != null ? ((ExtendedServerRequestInfo) serverRequestInfo).getTarget().getClass().getName() : "<unknown>";
        if (SecurityConnectionInterceptor.isSpecialNamingMethod(serverRequestInfo.operation(), name) || SecurityConnectionInterceptor.isSpecialSSLRequiredNamingMethod(serverRequestInfo.operation(), name) || (ORB.isSpecialMethod(serverRequestInfo.operation()) && !this.csiUtil.isCORBAAuthRequired())) {
            this.csiUtil.getCurrent().clear_requestor_context();
            SecurityLogger.debugMessage("CSIServerRI.send_reply", "Special naming method or other corba special method. Return from interceptor.");
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIServerRI.send_reply");
                return;
            }
            return;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIServerRI.send_reply", "*** END POSTINVOKE ***");
        }
        SecurityContextImpl securityContext = this.csiUtil.getCurrent().getSecurityContext();
        this.csiUtil.getCurrent().setSecurityContext((SecurityContextImpl) null);
        if (securityContext != null) {
            securityContext.csi_server_preprotect(serverRequestInfo, securityContext);
            if (securityContext.get_discard_context()) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIServerRI.send_reply", "Discarding context per request.  SESSION_REJECTED for future requests.");
                }
                long csi_get_context_id_from_service_context = this.sessionMgr.csi_get_context_id_from_service_context(securityContext);
                ServerConnectionKey serverConnectionKey = securityContext.get_server_conn_key();
                if (this.secConfig.getCSIv2ClaimStateful() && csi_get_context_id_from_service_context != 0 && serverConnectionKey != null) {
                    this.sessionMgr.csi_server_session_status_update(csi_get_context_id_from_service_context, serverConnectionKey, 7);
                }
            }
        } else if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIServerRI.send_reply", "Could not get security context in send_reply.  May be unprotected request.");
        }
        this.csiUtil.getCurrent().clear_requestor_context();
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIServerRI.send_reply", "*** SENDING REPLY ***");
        }
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIServerRI.send_reply");
        }
    }

    public void send_reply_local(ServerRequestInfo serverRequestInfo) {
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase
    public void send_exception(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIServerRI.send_exception");
        }
        if (SecurityLogger.debugTraceEnabled) {
            entry(serverRequestInfo, "CSIServerRI.send_exception");
        }
        if (is_local_server_request(serverRequestInfo)) {
            send_exception_local(serverRequestInfo);
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIServerRI.send_exception");
                return;
            }
            return;
        }
        String name = ((ExtendedServerRequestInfo) serverRequestInfo).getTarget() != null ? ((ExtendedServerRequestInfo) serverRequestInfo).getTarget().getClass().getName() : "<unknown>";
        if (SecurityConnectionInterceptor.isSpecialNamingMethod(serverRequestInfo.operation(), name) || SecurityConnectionInterceptor.isSpecialSSLRequiredNamingMethod(serverRequestInfo.operation(), name) || (ORB.isSpecialMethod(serverRequestInfo.operation()) && !this.csiUtil.isCORBAAuthRequired())) {
            this.csiUtil.getCurrent().clear_requestor_context();
            SecurityLogger.debugMessage("CSIServerRI.send_exception", "Special naming method or other corba special method. Return from interceptor.");
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIServerRI.send_exception");
                return;
            }
            return;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIServerRI.send_exception", "*** END POSTINVOKE ***");
        }
        SecurityContextImpl securityContext = this.csiUtil.getCurrent().getSecurityContext();
        this.csiUtil.getCurrent().setSecurityContext((SecurityContextImpl) null);
        String read_detailed_message = this.csiUtil.read_detailed_message(serverRequestInfo);
        if (!read_detailed_message.equals("")) {
            SecurityLogger.debugMessage("CSIServerRI.send_exception", new StringBuffer().append("The following exception occurred on the server, sending context error back to client: ").append(read_detailed_message).toString());
        }
        if (securityContext != null) {
            securityContext.csi_server_preprotect(serverRequestInfo, securityContext);
        } else if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIServerRI.send_exception", "Could not get security context in send_exception.  May be unprotected request.");
        }
        this.csiUtil.getCurrent().clear_requestor_context();
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIServerRI.send_exception", "*** SENDING EXCEPTION ***");
        }
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIServerRI.send_exception");
        }
    }

    public void send_exception_local(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase
    public void send_other(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIServerRI.send_other");
        }
        if (SecurityLogger.debugTraceEnabled) {
            entry(serverRequestInfo, "CSIServerRI.send_other");
        }
        if (is_local_server_request(serverRequestInfo)) {
            send_other_local(serverRequestInfo);
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIServerRI.send_other");
                return;
            }
            return;
        }
        String name = ((ExtendedServerRequestInfo) serverRequestInfo).getTarget() != null ? ((ExtendedServerRequestInfo) serverRequestInfo).getTarget().getClass().getName() : "<unknown>";
        if (SecurityConnectionInterceptor.isSpecialNamingMethod(serverRequestInfo.operation(), name) || SecurityConnectionInterceptor.isSpecialSSLRequiredNamingMethod(serverRequestInfo.operation(), name) || (ORB.isSpecialMethod(serverRequestInfo.operation()) && !this.csiUtil.isCORBAAuthRequired())) {
            SecurityLogger.debugMessage("CSIServerRI.send_other", "Special naming method.");
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIServerRI.send_other");
                return;
            }
            return;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIServerRI.send_other", "*** END POSTINVOKE ***");
        }
        SecurityContextImpl securityContext = this.csiUtil.getCurrent().getSecurityContext();
        this.csiUtil.getCurrent().setSecurityContext((SecurityContextImpl) null);
        if (securityContext != null) {
            securityContext.csi_server_preprotect(serverRequestInfo, securityContext);
        } else if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIServerRI.send_other", "Could not get security context in send_other.  May be unprotected request.");
        }
        this.csiUtil.getCurrent().clear_requestor_context();
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIServerRI.send_other", "*** SENDING OTHER ***");
        }
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIServerRI.send_other");
        }
    }

    public void send_other_local(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    public void entry(ServerRequestInfo serverRequestInfo, String str) {
        StringBuffer stringBuffer = new StringBuffer(100);
        String name = ((ExtendedServerRequestInfo) serverRequestInfo).getTarget() != null ? ((ExtendedServerRequestInfo) serverRequestInfo).getTarget().getClass().getName() : "<unknown>";
        if (name != null) {
            stringBuffer.append("Request_id: ").append(serverRequestInfo.request_id()).append(", class: ").append(name).append(", operation: ").append(serverRequestInfo.operation());
        } else {
            stringBuffer.append("Enter... request_id: ").append(serverRequestInfo.request_id()).append(", operation: ").append(serverRequestInfo.operation());
        }
        SecurityLogger.debugMessage(str, stringBuffer.toString());
    }
}
