package weblogic.corba.client.security;

import java.io.UnsupportedEncodingException;
import java.security.AccessControlException;
import java.security.AccessController;
import javax.security.auth.Subject;
import org.omg.CORBA.Any;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.LocalObject;
import org.omg.CORBA.MARSHAL;
import org.omg.CORBA.ORB;
import org.omg.CORBA.UserException;
import org.omg.CSI.CompleteEstablishContext;
import org.omg.CSI.ContextError;
import org.omg.CSI.MessageInContext;
import org.omg.CSI.SASContextBody;
import org.omg.CSI.SASContextBodyHelper;
import org.omg.CSIIOP.CompoundSecMechListHelper;
import org.omg.IOP.Codec;
import org.omg.IOP.CodecPackage.FormatMismatch;
import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
import org.omg.IOP.CodecPackage.TypeMismatch;
import org.omg.IOP.ServiceContext;
import org.omg.IOP.TaggedComponent;
import org.omg.PortableInterceptor.ClientRequestInfo;
import org.omg.PortableInterceptor.ClientRequestInterceptor;
import org.omg.PortableInterceptor.Current;
import org.omg.PortableInterceptor.ForwardRequest;
import org.omg.PortableInterceptor.InvalidSlot;
import weblogic.corba.client.GetORBUtil;
import weblogic.corba.client.MinorCodes;
import weblogic.iiop.VendorInfoConstants;
import weblogic.security.subject.AbstractSubject;
import weblogic.security.subject.SubjectManager;
import weblogic.security.subject.SubjectProxy;

/* loaded from: input_file:weblogic/corba/client/security/SecurityInterceptor.class */
public final class SecurityInterceptor extends LocalObject implements ClientRequestInterceptor {
    private static final int INITIAL_CONTEXT_IDS_LENGTH = 16;
    public static final String NAME = "SecurityInterceptor";
    public static final int SecurityAttributeService = 15;
    private AbstractSubject kernelId;
    private Current piCurrent;
    private Codec codec;
    private int slot;
    private long[] removedContextIds = new long[16];
    private int removedContextIdNextIndex = -1;
    private static final boolean DEBUG = getDebug();
    public static int CEMinor = 1;
    public static int CEMajorInvalidEvidence = 1;
    public static int CEMajorInvalidMechanism = 2;
    public static int CEMajorConflictingEvidence = 3;
    public static int CEMajorNoContext = 4;

    private static boolean getDebug() {
        try {
            return Boolean.getBoolean("weblogic.debug.client.security");
        } catch (Exception e) {
            return false;
        }
    }

    public SecurityInterceptor(Current current, Codec codec, int i) {
        this.kernelId = null;
        this.piCurrent = current;
        this.codec = codec;
        this.slot = i;
        try {
            this.kernelId = (AbstractSubject) AccessController.doPrivileged(SubjectManager.getKernelIdentityAction());
        } catch (AccessControlException e) {
        }
    }

    @Override // org.omg.PortableInterceptor.InterceptorOperations
    public String name() {
        return NAME;
    }

    public void setSubject(Subject subject, ORB orb) {
        try {
            Any create_any = orb.create_any();
            if (subject != null) {
                create_any.insert_Value(subject);
            }
            this.piCurrent.set_slot(this.slot, create_any);
        } catch (InvalidSlot e) {
            throw new SecurityException(e.getMessage());
        }
    }

    @Override // org.omg.PortableInterceptor.InterceptorOperations
    public void destroy() {
    }

    @Override // org.omg.PortableInterceptor.ClientRequestInterceptorOperations
    public void send_request(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        if (DEBUG) {
            p("send_request(<" + Integer.toHexString(clientRequestInfo.effective_target()._hash(Integer.MAX_VALUE)) + ">." + clientRequestInfo.operation() + ")");
        }
        try {
            try {
                AbstractSubject currentSubject = SubjectManager.getSubjectManager().getCurrentSubject(this.kernelId);
                if (currentSubject == SubjectProxy.ANON) {
                    return;
                }
                if (currentSubject instanceof SubjectProxy) {
                    Subject subject = currentSubject.getSubject();
                    if (subject != null) {
                        ClientSecurityContext clientContext = ClientSecurityContext.getClientContext(subject);
                        if (clientContext == null || clientContext.getServiceContext() == null) {
                            clientRequestInfo.add_request_service_context(createEstablishContext(clientRequestInfo.get_effective_component(33), subject, clientRequestInfo), true);
                        } else {
                            clientRequestInfo.add_request_service_context(clientContext.getServiceContext(), true);
                        }
                    } else if (DEBUG) {
                        p("null security context for " + Thread.currentThread());
                    }
                } else if (DEBUG) {
                    p("no security context for " + Thread.currentThread());
                }
                long popRemovedContextId = popRemovedContextId();
                if (popRemovedContextId > 0) {
                    clientRequestInfo.add_request_service_context(createDiscardSecurityContext(popRemovedContextId, clientRequestInfo), true);
                }
            } catch (BAD_PARAM e) {
                if (!MinorCodes.hasInvalidComponentId(e)) {
                    throw e;
                }
            }
        } catch (UnsupportedEncodingException | UserException e2) {
            if (DEBUG) {
                p("couldn't marshal security context: " + e2);
            }
        }
    }

    @Override // org.omg.PortableInterceptor.ClientRequestInterceptorOperations
    public void send_poll(ClientRequestInfo clientRequestInfo) {
        if (DEBUG) {
            p("send_poll(" + clientRequestInfo.operation() + ")");
        }
    }

    @Override // org.omg.PortableInterceptor.ClientRequestInterceptorOperations
    public void receive_reply(ClientRequestInfo clientRequestInfo) {
        if (DEBUG) {
            p("receive_reply(" + clientRequestInfo.operation() + ")");
        }
        try {
            CompleteEstablishContext completeEstablishContext = getCompleteEstablishContext(clientRequestInfo);
            if (completeEstablishContext != null && completeEstablishContext.context_stateful) {
                ClientSecurityContext.getClientContext(completeEstablishContext.client_context_id).setServiceContext(createMessageInContext(completeEstablishContext.client_context_id, GetORBUtil.getOrb(clientRequestInfo)));
            }
        } catch (UserException e) {
            if (DEBUG) {
                e.printStackTrace();
            }
        }
    }

    @Override // org.omg.PortableInterceptor.ClientRequestInterceptorOperations
    public void receive_exception(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        ContextError contextError = getContextError(clientRequestInfo);
        if (contextError == null) {
            removeClientSecurityContext();
        } else if (isUnknownContext(contextError)) {
            removeMatchingClientContext(contextError.client_context_id);
            throw new ForwardRequest(clientRequestInfo.effective_target());
        }
    }

    private boolean isUnknownContext(ContextError contextError) {
        return contextError.major_status == CEMajorNoContext && contextError.minor_status == CEMinor;
    }

    private void removeMatchingClientContext(long j) {
        if (ClientSecurityContext.getClientContext(j) != null) {
            ClientSecurityContext.removeClientContext(j);
            pushRemovedContextId(j);
        }
    }

    @Override // org.omg.PortableInterceptor.ClientRequestInterceptorOperations
    public void receive_other(ClientRequestInfo clientRequestInfo) {
        if (DEBUG) {
            p("receive_other(" + clientRequestInfo.operation() + ")");
        }
    }

    private ServiceContext createEstablishContext(TaggedComponent taggedComponent, Subject subject, ClientRequestInfo clientRequestInfo) throws InvalidTypeForEncoding, UnsupportedEncodingException, FormatMismatch, TypeMismatch {
        Any decode_value = this.codec.decode_value(taggedComponent.component_data, CompoundSecMechListHelper.type());
        CompoundSecMechListImpl compoundSecMechListImpl = new CompoundSecMechListImpl(CompoundSecMechListHelper.extract(decode_value), this.codec);
        SASContextBody sASContextBody = new SASContextBody();
        sASContextBody.establish_msg(new EstablishContextImpl(compoundSecMechListImpl, subject, this.codec, GetORBUtil.getOrb(clientRequestInfo)).getContext());
        SASContextBodyHelper.insert(decode_value, sASContextBody);
        return new ServiceContext(15, this.codec.encode_value(decode_value));
    }

    private ServiceContext createMessageInContext(long j, ORB orb) throws InvalidTypeForEncoding, FormatMismatch {
        SASContextBody sASContextBody = new SASContextBody();
        sASContextBody.in_context_msg(new MessageInContext(j, false));
        Any create_any = orb.create_any();
        SASContextBodyHelper.insert(create_any, sASContextBody);
        return new ServiceContext(15, this.codec.encode_value(create_any));
    }

    private ServiceContext createDiscardSecurityContext(long j, ClientRequestInfo clientRequestInfo) throws InvalidTypeForEncoding, FormatMismatch {
        Any create_any = GetORBUtil.getOrb(clientRequestInfo).create_any();
        DiscardSecurityContextHelper.insert(create_any, new DiscardSecurityContext(j));
        return new ServiceContext(VendorInfoConstants.VendorInfoDiscardSecurityContext, this.codec.encode_value(create_any));
    }

    private CompleteEstablishContext getCompleteEstablishContext(ClientRequestInfo clientRequestInfo) throws TypeMismatch, FormatMismatch {
        try {
            ServiceContext serviceContext = clientRequestInfo.get_reply_service_context(15);
            if (DEBUG) {
                p("found SAS context for " + clientRequestInfo.operation() + "()");
            }
            SASContextBody extract = SASContextBodyHelper.extract(this.codec.decode_value(serviceContext.context_data, SASContextBodyHelper.type()));
            switch (extract.discriminator()) {
                case 1:
                    return extract.complete_msg();
                case 4:
                    throw new MARSHAL("CSI authentication error");
                default:
                    throw new MARSHAL("Unsupported CSI reply");
            }
        } catch (BAD_PARAM e) {
            if (MinorCodes.hasInvalidServiceContextId(e)) {
                return null;
            }
            throw e;
        }
    }

    private ContextError getContextError(ClientRequestInfo clientRequestInfo) {
        if (clientRequestInfo.reply_status() != 1) {
            return null;
        }
        try {
            ServiceContext serviceContext = clientRequestInfo.get_reply_service_context(15);
            if (DEBUG) {
                p("found SAS ContextError for " + clientRequestInfo.operation() + "()");
            }
            SASContextBody extract = SASContextBodyHelper.extract(this.codec.decode_value(serviceContext.context_data, SASContextBodyHelper.type()));
            if (extract.discriminator() == 4) {
                return extract.error_msg();
            }
            return null;
        } catch (NullPointerException e) {
            return null;
        } catch (BAD_PARAM e2) {
            if (MinorCodes.hasInvalidServiceContextId(e2)) {
                return null;
            }
            throw e2;
        } catch (FormatMismatch | TypeMismatch e3) {
            return null;
        }
    }

    protected static void p(String str) {
        System.err.println("<SecurityInterceptor> " + str);
    }

    public void removeClientSecurityContext() {
        ClientSecurityContext clientContext;
        AbstractSubject currentSubject = SubjectManager.getSubjectManager().getCurrentSubject(this.kernelId);
        if (currentSubject == SubjectProxy.ANON || !(currentSubject instanceof SubjectProxy) || (clientContext = ClientSecurityContext.getClientContext(currentSubject.getSubject())) == null) {
            return;
        }
        ClientSecurityContext.removeClientContext(clientContext.getContextId());
        pushRemovedContextId(clientContext.getContextId());
    }

    synchronized long popRemovedContextId() {
        if (this.removedContextIdNextIndex < 0) {
            return -1L;
        }
        if (DEBUG) {
            p("ClientContextId:" + this.removedContextIds[this.removedContextIdNextIndex] + " is returned from cache.");
        }
        long[] jArr = this.removedContextIds;
        int i = this.removedContextIdNextIndex;
        this.removedContextIdNextIndex = i - 1;
        return jArr[i];
    }

    synchronized void pushRemovedContextId(long j) {
        if (this.removedContextIdNextIndex + 1 >= this.removedContextIds.length) {
            long[] jArr = new long[this.removedContextIds.length * 2];
            System.arraycopy(this.removedContextIds, 0, jArr, 0, this.removedContextIds.length);
            if (DEBUG) {
                p("removedContextIds table is expanded from " + this.removedContextIds.length + " to " + jArr.length);
            }
            this.removedContextIds = jArr;
        }
        long[] jArr2 = this.removedContextIds;
        int i = this.removedContextIdNextIndex + 1;
        this.removedContextIdNextIndex = i;
        jArr2[i] = j;
        if (DEBUG) {
            p("ClientContextId:" + j + " is returned to cache at " + this.removedContextIdNextIndex);
        }
    }
}
