package weblogic.iiop;

import java.security.AccessController;
import weblogic.diagnostics.debug.DebugLogger;
import weblogic.kernel.Kernel;
import weblogic.management.configuration.SSLMBean;
import weblogic.management.provider.ManagementService;
import weblogic.protocol.ServerChannel;
import weblogic.protocol.ServerChannelManager;
import weblogic.protocol.ServerIdentity;
import weblogic.rmi.internal.RuntimeDescriptor;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrivilegedActions;
import weblogic.xml.crypto.utils.DOMUtils;

/* loaded from: input_file:weblogic/iiop/TLSSecTransComponent.class */
public final class TLSSecTransComponent extends TaggedComponent {
    private static final DebugLogger debugIIOPDetail = DebugLogger.getDebugLogger("DebugIIOPDetail");
    private ConnectionKey[] addrs;
    private short supports;
    private short requires;
    private ServerIdentity target;
    public static final int TAG_SSL_SEC_TRANS = 36;
    public static final short IOPSEC_NOPROTECTION = 1;
    public static final short IOPSEC_INTEGRITY = 2;
    public static final short IOPSEC_CONFIDENTIALITY = 4;
    public static final short IOPSEC_DETECTREPLAY = 8;
    public static final short IOPSEC_DETECTMISORDERING = 16;
    public static final short IOPSEC_ESTABLISHTRUSTINTARGET = 32;
    public static final short IOPSEC_ESTABLISHTRUSTINCLIENT = 64;
    public static final short IOPSEC_NODELEGATION = 128;
    public static final short IOPSEC_SIMPLEDELEGATION = 256;
    public static final short IOPSEC_COMPOSITEDELEGATION = 512;
    public static final short IOPSEC_IDENTITYASSERTION = 1024;
    public static final short IOPSEC_DELEGATIONBYCLIENT = 2048;
    public static final short IOP_SIGNED_FLAGS = 2;
    public static final short IOP_SEALED_FLAGS = 6;

    public TLSSecTransComponent(String str, ServerIdentity serverIdentity, RuntimeDescriptor runtimeDescriptor) {
        super(36);
        SSLMBean ssl = ManagementService.getRuntimeAccess((AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction())).getServer().getSSL();
        ServerChannel findLocalServerChannel = ServerChannelManager.findLocalServerChannel(ProtocolHandlerIIOPS.PROTOCOL_IIOPS);
        if (str == null) {
            this.addrs = new ConnectionKey[]{new ConnectionKey(findLocalServerChannel.getPublicAddress(), findLocalServerChannel.getPublicPort())};
        } else {
            this.addrs = new ConnectionKey[]{new ConnectionKey(str, ssl.getListenPort())};
        }
        this.target = serverIdentity;
        boolean z = true;
        boolean z2 = false;
        String[] ciphersuites = ssl.getCiphersuites();
        if (ciphersuites != null && ciphersuites.length > 0) {
            z = false;
            for (int i = 0; i < ciphersuites.length; i++) {
                if (ciphersuites[i] != null) {
                    if (Kernel.DEBUG && debugIIOPDetail.isDebugEnabled()) {
                        p("cipher suite " + ciphersuites[i]);
                    }
                    if (ciphersuites[i].indexOf("WITH_NULL") != -1) {
                        z2 = true;
                    } else {
                        z = true;
                    }
                }
            }
        }
        this.supports = (short) 38;
        this.requires = (short) 2;
        if (!z && ciphersuites != null) {
            this.supports = (short) 2;
        }
        if (!z2 && z) {
            this.requires = (short) 6;
        }
        if (ssl.isClientCertificateEnforced()) {
            this.supports = (short) (this.supports | 64);
            this.requires = (short) (this.requires | 64);
        }
        if (runtimeDescriptor != null) {
            String clientCertAuthentication = runtimeDescriptor.getClientCertAuthentication();
            if (clientCertAuthentication != null) {
                if (clientCertAuthentication.equals("supported")) {
                    this.supports = (short) (this.supports | 64);
                } else if (clientCertAuthentication.equals("required")) {
                    this.supports = (short) (this.supports | 64);
                    this.requires = (short) (this.requires | 64);
                }
            }
            String confidentiality = runtimeDescriptor.getConfidentiality();
            if (confidentiality != null && confidentiality.equals("required") && z2) {
                this.requires = (short) (this.requires | 6);
            }
        }
        if (Kernel.DEBUG && debugIIOPDetail.isDebugEnabled()) {
            p("TLS sec supports = " + ((int) this.supports) + " requires = " + ((int) this.requires));
        }
    }

    public TLSSecTransComponent(IIOPInputStream iIOPInputStream, ServerIdentity serverIdentity) {
        super(36);
        this.target = serverIdentity;
        read(iIOPInputStream);
    }

    public final ConnectionKey[] getAddresses() {
        return this.addrs;
    }

    public final short getSupports() {
        return this.supports;
    }

    public final short getRequires() {
        return this.requires;
    }

    @Override // weblogic.iiop.TaggedComponent
    public final void read(IIOPInputStream iIOPInputStream) {
        long startEncapsulation = iIOPInputStream.startEncapsulation();
        this.supports = iIOPInputStream.read_short();
        this.requires = iIOPInputStream.read_short();
        int read_long = iIOPInputStream.read_long();
        this.addrs = new ConnectionKey[read_long];
        for (int i = 0; i < read_long; i++) {
            this.addrs[i] = new ConnectionKey(iIOPInputStream);
        }
        iIOPInputStream.endEncapsulation(startEncapsulation);
    }

    @Override // weblogic.iiop.TaggedComponent
    public final void write(IIOPOutputStream iIOPOutputStream) {
        if (Kernel.DEBUG && debugIIOPDetail.isDebugEnabled()) {
            p("write(" + toString() + ")");
        }
        iIOPOutputStream.write_long(this.tag);
        long startEncapsulation = iIOPOutputStream.startEncapsulation();
        iIOPOutputStream.write_short(this.supports);
        iIOPOutputStream.write_short(this.requires);
        int length = this.addrs != null ? this.addrs.length : 0;
        iIOPOutputStream.write_long(length);
        for (int i = 0; i < length; i++) {
            if (!iIOPOutputStream.isSecure() || this.target == null) {
                this.addrs[i].write(iIOPOutputStream);
            } else {
                this.addrs[i].writeForChannel(iIOPOutputStream, this.target);
            }
        }
        iIOPOutputStream.endEncapsulation(startEncapsulation);
    }

    @Override // weblogic.iiop.TaggedComponent
    public String toString() {
        String str = "TLSSecTrans (supports = " + ((int) this.supports) + ",requires = " + ((int) this.requires);
        if (this.addrs != null) {
            String str2 = str + " addresses{ ";
            for (int i = 0; i < this.addrs.length; i++) {
                str2 = str2 + " " + this.addrs[i].getAddress() + DOMUtils.QNAME_SEPARATOR + this.addrs[i].getPort();
            }
            str = str2 + "} ";
        }
        return str;
    }
}
