package weblogic.corba.client.security;

import java.io.UnsupportedEncodingException;
import java.security.AccessControlException;
import java.security.AccessController;
import javax.security.auth.Subject;
import org.omg.CORBA.Any;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.LocalObject;
import org.omg.CORBA.MARSHAL;
import org.omg.CORBA.ORB;
import org.omg.CORBA.UserException;
import org.omg.CSI.CompleteEstablishContext;
import org.omg.CSI.ContextError;
import org.omg.CSI.MessageInContext;
import org.omg.CSI.SASContextBody;
import org.omg.CSI.SASContextBodyHelper;
import org.omg.CSIIOP.CompoundSecMechListHelper;
import org.omg.IOP.Codec;
import org.omg.IOP.CodecPackage.FormatMismatch;
import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
import org.omg.IOP.CodecPackage.TypeMismatch;
import org.omg.IOP.ServiceContext;
import org.omg.IOP.TaggedComponent;
import org.omg.PortableInterceptor.ClientRequestInfo;
import org.omg.PortableInterceptor.ClientRequestInterceptor;
import org.omg.PortableInterceptor.Current;
import org.omg.PortableInterceptor.ForwardRequest;
import org.omg.PortableInterceptor.InvalidSlot;
import weblogic.security.subject.AbstractSubject;
import weblogic.security.subject.SubjectManager;
import weblogic.security.subject.SubjectProxy;

/* loaded from: input_file:weblogic/corba/client/security/SecurityInterceptor.class */
public final class SecurityInterceptor extends LocalObject implements ClientRequestInterceptor {
    private static final boolean DEBUG = getDebug();
    public static final String NAME = "SecurityInterceptor";
    public static final int SecurityAttributeService = 15;
    private AbstractSubject kernelId;
    public int CEMinor = 1;
    public int CEMajorInvalidEvidence = 1;
    public int CEMajorInvalidMechanism = 2;
    public int CEMajorConflictingEvidence = 3;
    public int CEMajorNoContext = 4;
    private Current piCurrent;
    private Codec codec;
    private int slot;

    private static final boolean getDebug() {
        try {
            return Boolean.getBoolean("weblogic.debug.client.security");
        } catch (Exception e) {
            return false;
        }
    }

    public SecurityInterceptor(Current current, Codec codec, int i) {
        this.kernelId = null;
        this.piCurrent = current;
        this.codec = codec;
        this.slot = i;
        try {
            this.kernelId = (AbstractSubject) AccessController.doPrivileged(SubjectManager.getKernelIdentityAction());
        } catch (AccessControlException e) {
        }
    }

    public String name() {
        return NAME;
    }

    public void setSubject(Subject subject) {
        try {
            Any create_any = ORB.init().create_any();
            if (subject != null) {
                create_any.insert_Value(subject);
            }
            this.piCurrent.set_slot(this.slot, create_any);
        } catch (InvalidSlot e) {
            throw new SecurityException(e.getMessage());
        }
    }

    public void destroy() {
    }

    public void send_request(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        if (DEBUG) {
            p(new StringBuffer().append("send_request(<").append(Integer.toHexString(clientRequestInfo.effective_target()._hash(Integer.MAX_VALUE))).append(">.").append(clientRequestInfo.operation()).append(")").toString());
        }
        try {
            AbstractSubject currentSubject = SubjectManager.getSubjectManager().getCurrentSubject(this.kernelId);
            if (currentSubject == SubjectProxy.ANON) {
                return;
            }
            if (currentSubject != null) {
                Subject subject = ((SubjectProxy) currentSubject).getSubject();
                if (subject != null) {
                    ClientSecurityContext clientContext = ClientSecurityContext.getClientContext(subject);
                    if (clientContext == null || clientContext.getMessageInContext() == null) {
                        TaggedComponent[] taggedComponentArr = clientRequestInfo.get_effective_components(33);
                        if (DEBUG) {
                            p(new StringBuffer().append("adding security context from ").append(taggedComponentArr.length).append(" components for ").append(subject).toString());
                        }
                        clientRequestInfo.add_request_service_context(createEstablishContext(taggedComponentArr[0], subject), true);
                    } else {
                        if (DEBUG) {
                            p("adding MessageInContext");
                        }
                        clientRequestInfo.add_request_service_context(clientContext.getMessageInContext(), true);
                    }
                } else if (DEBUG) {
                    p(new StringBuffer().append("null security context for ").append(Thread.currentThread()).toString());
                }
            } else if (DEBUG) {
                p(new StringBuffer().append("no security context for ").append(Thread.currentThread()).toString());
            }
        } catch (UserException e) {
            if (DEBUG) {
                p(new StringBuffer().append("couldn't marshal security context: ").append(e).toString());
            }
        } catch (UnsupportedEncodingException e2) {
            if (DEBUG) {
                p(new StringBuffer().append("couldn't marshal security context: ").append(e2).toString());
            }
        } catch (BAD_PARAM e3) {
            switch (e3.minor) {
                case 1330446364:
                    if (DEBUG) {
                        p(new StringBuffer().append("no mech list in request target for: ").append(clientRequestInfo.operation()).append("()").toString());
                        return;
                    }
                    return;
                default:
                    if (DEBUG) {
                        e3.printStackTrace();
                    }
                    if (DEBUG) {
                        p(new StringBuffer().append("couldn't marshal security context: ").append(e3).toString());
                    }
                    throw e3;
            }
        }
    }

    public void send_poll(ClientRequestInfo clientRequestInfo) {
        if (DEBUG) {
            p(new StringBuffer().append("send_poll(").append(clientRequestInfo.operation()).append(")").toString());
        }
    }

    public void receive_reply(ClientRequestInfo clientRequestInfo) {
        if (DEBUG) {
            p(new StringBuffer().append("receive_reply(").append(clientRequestInfo.operation()).append(")").toString());
        }
        try {
            CompleteEstablishContext completeEstablishContext = getCompleteEstablishContext(clientRequestInfo);
            if (completeEstablishContext != null && completeEstablishContext.context_stateful) {
                ClientSecurityContext.getClientContext(completeEstablishContext.client_context_id).setMessageInContext(createMessageInContext(completeEstablishContext.client_context_id));
            }
        } catch (UserException e) {
            if (DEBUG) {
                e.printStackTrace();
            }
        }
    }

    public void receive_exception(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        if (DEBUG) {
            p(new StringBuffer().append("receive_exception(").append(clientRequestInfo.operation()).append(")").toString());
        }
        try {
            ContextError contextError = getContextError(clientRequestInfo);
            if (contextError != null) {
                if (contextError.minor_status == this.CEMinor && contextError.major_status == this.CEMajorNoContext && ClientSecurityContext.getClientContext(contextError.client_context_id) != null) {
                    ClientSecurityContext.removeClientContext(contextError.client_context_id);
                    if (DEBUG) {
                        p("client context not valid, retrying");
                    }
                    throw new ForwardRequest(clientRequestInfo.effective_target());
                }
                if (DEBUG) {
                    p(new StringBuffer().append("SAS authentication failed: ").append(contextError).toString());
                }
            }
        } catch (FormatMismatch e) {
            if (DEBUG) {
                e.printStackTrace();
            }
        } catch (TypeMismatch e2) {
            if (DEBUG) {
                e2.printStackTrace();
            }
        }
    }

    public void receive_other(ClientRequestInfo clientRequestInfo) {
        if (DEBUG) {
            p(new StringBuffer().append("receive_other(").append(clientRequestInfo.operation()).append(")").toString());
        }
    }

    private ServiceContext createEstablishContext(TaggedComponent taggedComponent, Subject subject) throws InvalidTypeForEncoding, UnsupportedEncodingException, FormatMismatch, TypeMismatch {
        Any decode_value = this.codec.decode_value(taggedComponent.component_data, CompoundSecMechListHelper.type());
        CompoundSecMechListImpl compoundSecMechListImpl = new CompoundSecMechListImpl(CompoundSecMechListHelper.extract(decode_value), this.codec);
        SASContextBody sASContextBody = new SASContextBody();
        sASContextBody.establish_msg(new EstablishContextImpl(compoundSecMechListImpl, subject, this.codec).getContext());
        SASContextBodyHelper.insert(decode_value, sASContextBody);
        return new ServiceContext(15, this.codec.encode_value(decode_value));
    }

    private ServiceContext createMessageInContext(long j) throws InvalidTypeForEncoding, FormatMismatch {
        SASContextBody sASContextBody = new SASContextBody();
        sASContextBody.in_context_msg(new MessageInContext(j, false));
        Any create_any = ORB.init().create_any();
        SASContextBodyHelper.insert(create_any, sASContextBody);
        return new ServiceContext(15, this.codec.encode_value(create_any));
    }

    private CompleteEstablishContext getCompleteEstablishContext(ClientRequestInfo clientRequestInfo) throws TypeMismatch, FormatMismatch {
        try {
            ServiceContext serviceContext = clientRequestInfo.get_reply_service_context(15);
            if (DEBUG) {
                p(new StringBuffer().append("found SAS context for ").append(clientRequestInfo.operation()).append("()").toString());
            }
            SASContextBody extract = SASContextBodyHelper.extract(this.codec.decode_value(serviceContext.context_data, SASContextBodyHelper.type()));
            switch (extract.discriminator()) {
                case 1:
                    return extract.complete_msg();
                case 4:
                    throw new MARSHAL("CSI authentication error");
                default:
                    throw new MARSHAL("Unsupported CSI reply");
            }
        } catch (BAD_PARAM e) {
            if (e.minor != 1330446362) {
                throw e;
            }
            return null;
        }
    }

    private ContextError getContextError(ClientRequestInfo clientRequestInfo) throws TypeMismatch, FormatMismatch {
        if (clientRequestInfo.reply_status() != 1) {
            return null;
        }
        try {
            ServiceContext serviceContext = clientRequestInfo.get_reply_service_context(15);
            if (DEBUG) {
                p(new StringBuffer().append("found SAS ContextError for ").append(clientRequestInfo.operation()).append("()").toString());
            }
            SASContextBody extract = SASContextBodyHelper.extract(this.codec.decode_value(serviceContext.context_data, SASContextBodyHelper.type()));
            if (extract.discriminator() == 4) {
                return extract.error_msg();
            }
            return null;
        } catch (NullPointerException e) {
            return null;
        } catch (BAD_PARAM e2) {
            if (e2.minor != 1330446362) {
                throw e2;
            }
            return null;
        }
    }

    protected static void p(String str) {
        System.err.println(new StringBuffer().append("<SecurityInterceptor> ").append(str).toString());
    }
}
