package jeus.ejb.interop.csi;

import com.sun.corba.ee.impl.encoding.EncapsInputStream;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Set;
import jeus.ejb.interop.ORBReceiver;
import jeus.ejb.interop.csi.login.AnonymousCredential;
import jeus.ejb.interop.csi.login.X509CertificateCredential;
import jeus.security.base.AnonymousSubject;
import jeus.security.base.Subject;
import jeus.security.spi.LoginService;
import jeus.security.spi.SubjectNotExistsException;
import jeus.security.util.LoginUtil;
import jeus.util.SecurityUtil;
import jeus.util.logging.JeusLogger;
import jeus.util.message.JeusMessage_EJB11;
import jeus.util.properties.JeusEJBProperties;
import org.omg.CORBA.Any;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.LocalObject;
import org.omg.CORBA.ORB;
import org.omg.CSI.AuthorizationElement;
import org.omg.CSI.EstablishContext;
import org.omg.CSI.GSS_NT_ExportedNameHelper;
import org.omg.CSI.IdentityToken;
import org.omg.CSI.SASContextBody;
import org.omg.CSI.SASContextBodyHelper;
import org.omg.CSI.X501DistinguishedNameHelper;
import org.omg.CSI.X509CertificateChainHelper;
import org.omg.CSIIOP.AS_ContextSec;
import org.omg.CSIIOP.CompoundSecMech;
import org.omg.CSIIOP.CompoundSecMechListHelper;
import org.omg.CSIIOP.SAS_ContextSec;
import org.omg.IOP.Codec;
import org.omg.IOP.ServiceContext;
import org.omg.IOP.TaggedComponent;
import org.omg.PortableInterceptor.ClientRequestInfo;
import org.omg.PortableInterceptor.ClientRequestInterceptor;
import org.omg.PortableInterceptor.ForwardRequest;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.x509.X500Name;

/* loaded from: input_file:jeus/ejb/interop/csi/ClientSideRequestInterceptorFor5.class */
public class ClientSideRequestInterceptorFor5 extends LocalObject implements ClientRequestInterceptor, ORBReceiver {
    private String name = "csi.ClientSideRequestInterceptor";
    private Codec codec;
    private ORB orb;
    protected static final int SECURITY_ATTRIBUTE_SERVICE_ID = 15;
    private static final JeusLogger logger = (JeusLogger) JeusLogger.getLogger("jeus.ejb.interop.csi");
    private static String defaultUser = JeusEJBProperties.CSI_DEFAULT_USER;
    private static final AuthorizationElement[] AUTHORIZATION_TOKEN = new AuthorizationElement[0];
    private static final byte[] DUMMY_BYTE = new byte[0];

    public ClientSideRequestInterceptorFor5(Codec codec) {
        this.codec = codec;
    }

    @Override // jeus.ejb.interop.ORBReceiver
    public void setORB(ORB orb) {
        this.orb = orb;
    }

    public String name() {
        return this.name;
    }

    private CompoundSecMech[] getCompoundSecMechList(TaggedComponent taggedComponent) {
        byte[] bArr = taggedComponent.component_data;
        EncapsInputStream encapsInputStream = new EncapsInputStream(this.orb, bArr, bArr.length);
        encapsInputStream.consumeEndian();
        return CompoundSecMechListHelper.read(encapsInputStream).mechanism_list;
    }

    private byte[] createClientTokenFromExecutionContext(Subject subject, byte[] bArr, boolean z) throws Exception {
        if (AnonymousSubject.isAnonymous(subject) || subject.getPrincipal() == null) {
            return DUMMY_BYTE;
        }
        String name = subject.getPrincipal().getName();
        if (z && name.equals(defaultUser)) {
            return DUMMY_BYTE;
        }
        try {
            return new GSSUPInitialToken(this.orb, this.codec, name, "default", SecurityUtil.getPlainPassword(subject), bArr).getToken();
        } catch (SubjectNotExistsException e) {
            return DUMMY_BYTE;
        }
    }

    private IdentityToken createIdentityTokenFromExecutionContext(byte[] bArr, boolean z) throws Exception {
        IdentityToken identityToken = new IdentityToken();
        Principal currentPrincipal = LoginService.getCurrentPrincipal();
        if (currentPrincipal != null) {
            String name = currentPrincipal.getName();
            Any create_any = this.orb.create_any();
            GSS_NT_ExportedNameHelper.insert(create_any, new GSSUPExportName(name, "default").getExportedName());
            identityToken.principal_name(this.codec.encode_value(create_any));
        } else {
            identityToken.anonymous(true);
        }
        return identityToken;
    }

    private IdentityToken createIdentityToken(Set set) throws Exception {
        Object obj;
        Class<?> cls;
        if (set == null || set.isEmpty()) {
            obj = null;
            cls = AnonymousCredential.class;
        } else {
            obj = set.iterator().next();
            cls = obj.getClass();
        }
        IdentityToken identityToken = new IdentityToken();
        Any create_any = this.orb.create_any();
        if (X500Name.class.isAssignableFrom(cls)) {
            DerOutputStream derOutputStream = new DerOutputStream();
            ((X500Name) obj).encode(derOutputStream);
            X501DistinguishedNameHelper.insert(create_any, derOutputStream.toByteArray());
            identityToken.dn(this.codec.encode_value(create_any));
        } else if (X509CertificateCredential.class.isAssignableFrom(cls)) {
            DerOutputStream derOutputStream2 = new DerOutputStream();
            X509Certificate[] x509CertificateChain = ((X509CertificateCredential) obj).getX509CertificateChain();
            DerValue[] derValueArr = new DerValue[x509CertificateChain.length];
            for (int i = 0; i < x509CertificateChain.length; i++) {
                derValueArr[i] = new DerValue(x509CertificateChain[i].getEncoded());
            }
            derOutputStream2.putSequence(derValueArr);
            X509CertificateChainHelper.insert(create_any, derOutputStream2.toByteArray());
            identityToken.certificate_chain(this.codec.encode_value(create_any));
        } else if (GSSUPExportName.class.isAssignableFrom(cls)) {
            GSS_NT_ExportedNameHelper.insert(create_any, ((GSSUPExportName) obj).getExportedName());
            identityToken.principal_name(this.codec.encode_value(create_any));
        } else {
            identityToken.anonymous(true);
        }
        return identityToken;
    }

    public void send_request(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        IdentityToken identityToken;
        try {
            try {
                CompoundSecMech[] compoundSecMechList = getCompoundSecMechList(clientRequestInfo.get_effective_component(33));
                if (compoundSecMechList == null || compoundSecMechList.length < 1) {
                    return;
                }
                AS_ContextSec aS_ContextSec = compoundSecMechList[0].as_context_mech;
                SAS_ContextSec sAS_ContextSec = compoundSecMechList[0].sas_context_mech;
                if (aS_ContextSec.target_supports == 0 && sAS_ContextSec.target_supports == 0) {
                    return;
                }
                Subject latestUserSubjectWithRuntimeException = LoginUtil.getLatestUserSubjectWithRuntimeException();
                Set publicCredentials = latestUserSubjectWithRuntimeException != null ? latestUserSubjectWithRuntimeException.getPublicCredentials() : null;
                byte[] bArr = new byte[0];
                if ((aS_ContextSec.target_supports & 64) > 0 && (aS_ContextSec.target_requires & 64) > 0) {
                    bArr = createClientTokenFromExecutionContext(latestUserSubjectWithRuntimeException, aS_ContextSec.target_name, false);
                }
                if ((sAS_ContextSec.target_supports & 1024) > 0) {
                    identityToken = createIdentityToken(publicCredentials);
                    if (identityToken.discriminator() == 1) {
                        if (bArr.length != 0) {
                            identityToken = new IdentityToken();
                            identityToken.absent(true);
                        } else if ((aS_ContextSec.target_supports & 64) > 0) {
                            bArr = createClientTokenFromExecutionContext(latestUserSubjectWithRuntimeException, aS_ContextSec.target_name, true);
                            identityToken = new IdentityToken();
                            identityToken.absent(true);
                        } else {
                            identityToken = createIdentityTokenFromExecutionContext(aS_ContextSec.target_name, true);
                        }
                    }
                } else {
                    identityToken = new IdentityToken();
                    identityToken.absent(true);
                }
                EstablishContext establishContext = new EstablishContext(0L, AUTHORIZATION_TOKEN, identityToken, bArr);
                SASContextBody sASContextBody = new SASContextBody();
                sASContextBody.establish_msg(establishContext);
                Any create_any = this.orb.create_any();
                SASContextBodyHelper.insert(create_any, sASContextBody);
                byte[] encode_value = this.codec.encode_value(create_any);
                ServiceContext serviceContext = new ServiceContext();
                serviceContext.context_id = 15;
                serviceContext.context_data = encode_value;
                clientRequestInfo.add_request_service_context(serviceContext, true);
            } catch (BAD_PARAM e) {
            }
        } catch (Throwable th) {
            if (logger.isLoggable(JeusMessage_EJB11._7088_LEVEL)) {
                logger.log(JeusMessage_EJB11._7088_LEVEL, JeusMessage_EJB11._7088, th);
            }
            throw new SecurityException(th.getMessage(), th);
        }
    }

    public void send_poll(ClientRequestInfo clientRequestInfo) {
    }

    public void receive_reply(ClientRequestInfo clientRequestInfo) {
        try {
            try {
                short discriminator = SASContextBodyHelper.extract(this.codec.decode_value(clientRequestInfo.get_reply_service_context(15).context_data, SASContextBodyHelper.type())).discriminator();
                if (discriminator == 1 || discriminator == 4) {
                } else {
                    throw new CSIException(JeusMessage_EJB11._7090, Short.toString(discriminator));
                }
            } catch (Throwable th) {
                if (logger.isLoggable(JeusMessage_EJB11._7089_LEVEL)) {
                    logger.log(JeusMessage_EJB11._7089_LEVEL, JeusMessage_EJB11._7089, th);
                }
                throw new SecurityException(th.getMessage());
            }
        } catch (BAD_PARAM e) {
        }
    }

    public void receive_exception(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
    }

    public void receive_other(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
    }

    public void destroy() {
    }
}
