package com.ibm.ISecurityLocalObjectCSIv2UtilityImpl;

import com.ibm.CORBA.iiop.IOR;
import com.ibm.CORBA.iiop.ORB;
import com.ibm.CSIv2Security.CSIv2RequirementsNotSatisfied;
import com.ibm.CSIv2Security.CSIv2RequirementsNotSatisfiedReason;
import com.ibm.CSIv2Security.LTPAMechOID;
import com.ibm.CSIv2Security.RSAPropMechOID;
import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ISecurityL13SupportImpl.SecurityMessages;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityUtilityImpl.AuthenticationTarget;
import com.ibm.ISecurityUtilityImpl.MechanismAmbiguityException;
import com.ibm.ISecurityUtilityImpl.MechanismFactory;
import com.ibm.ISecurityUtilityImpl.SecurityMinorCodes;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.ras.RasMessage;
import com.ibm.ws.security.auth.rsatoken.RSATokenThreadManager;
import com.ibm.ws.security.config.AdminData;
import com.ibm.ws.security.config.AuthMechanismConfig;
import com.ibm.ws.security.config.CSIv2Config;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityConfigObject;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.config.TrustedAuthenticationRealm;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.util.PlatformHelperFactory;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.StringTokenizer;
import java.util.Vector;
import org.eclipse.core.runtime.Platform;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.CompletionStatus;
import org.omg.CSI.KRB5MechOID;
import org.omg.CSIIOP.AS_ContextSec;
import org.omg.CSIIOP.AS_ContextSecHolder;
import org.omg.CSIIOP.SAS_ContextSec;
import org.omg.CSIIOP.SAS_ContextSecHolder;
import org.omg.CSIIOP.ServiceConfiguration;
import org.omg.CSIIOP.TLS_SEC_TRANSHolder;
import org.omg.GSSUP.GSSUPMechOID;

/* loaded from: input_file:wasJars/sas.jar:com/ibm/ISecurityLocalObjectCSIv2UtilityImpl/CSIv2EffectivePerformPolicy.class */
public final class CSIv2EffectivePerformPolicy {
    private static final String DAEMON_EXPORTED_NAME = "DAEMON";
    protected String _method = null;
    protected Object _proxy = null;
    protected String _protocol = "csiv2";
    protected boolean _stateful = true;
    protected long _stateful_context_id = 0;
    protected ClientSessionKey _client_session_key = null;
    protected String _connectionKey = "";
    protected String _mechTypeIdentity = "";
    protected boolean _performTLClientAuth = false;
    protected boolean _performTLServerAuth = false;
    protected boolean _performMsgDetectReplay = false;
    protected boolean _performMsgDetectMisordering = false;
    protected boolean _performMsgIntegrity = false;
    protected boolean _performMsgConfidentiality = false;
    protected boolean _performSSLTLS = false;
    protected boolean _performSECIOP = false;
    protected String _performSECIOPMechOID = "";
    protected String _targetHostName = "";
    protected int _targetTCPPort = 0;
    protected int _targetSSLPort = 0;
    protected boolean _performClientAuth = false;
    protected boolean _claimClientAuthRequired = false;
    protected String _performClientAuthMech = "";
    protected String _performClientAuthMechOID = "";
    protected ArrayList _performClientAuthMechOIDList = null;
    protected ArrayList _performClientAuthMechList = null;
    protected ArrayList _targetSecurityNameList = null;
    protected ArrayList _performClientAuthTargetList = null;
    protected String _performSupportedAuthMechList = "";
    protected String _performClientAuthMechType = "";
    protected String _targetSecurityName = "";
    protected String _targetAuthMechOID = "";
    protected boolean _performIDAssertion = false;
    protected String[] _performIDANamingMechList = null;
    protected int _performIdentityTokenType = 0;
    protected String _performServiceCfgList = null;
    protected boolean _performAuthorizationToken = false;
    protected boolean _performDelegationByClient = false;
    protected boolean _isInternalRequestPolicy = false;
    protected boolean _isAdmin = false;
    protected boolean _isNamingReadUnprotected = true;
    protected CSIv2TaggedComponentHolder savedCSIv2Tag = null;
    protected boolean _disableCache = false;
    private static final TraceComponent tc = Tr.register((Class<?>) CSIv2EffectivePerformPolicy.class, "SASRas", "com.ibm.ISecurityL13SupportImpl.sec");
    protected static ORB _orb = null;
    protected static Hashtable csiv2EffectivePolicyCache = new Hashtable();

    public boolean isAdmin() {
        return this._isAdmin;
    }

    public boolean isNamingReadUnprotected() {
        return this._isNamingReadUnprotected;
    }

    public String[] getPerformIDANamingMechList() {
        return this._performIDANamingMechList;
    }

    public int getPerformIdentityTokenType() {
        return this._performIdentityTokenType;
    }

    public boolean performIdentityAssertion() {
        return this._performIDAssertion;
    }

    public boolean performDelegationByClient() {
        return this._performDelegationByClient;
    }

    public boolean performAuthorizationToken() {
        return this._performAuthorizationToken;
    }

    public String getServiceCfgList() {
        return this._performServiceCfgList;
    }

    public String getPerformClientAuthMechOID() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPerformClientAuthMechOID " + this._performClientAuthMechOID, Integer.valueOf(hashCode()));
        }
        return this._performClientAuthMechOID;
    }

    public String getTargetAuthMechOID() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTargetAuthMechOID " + this._targetAuthMechOID, Integer.valueOf(hashCode()));
        }
        return this._targetAuthMechOID;
    }

    public ArrayList getPerformClientAuthMechOIDList() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPerformClientAuthMechOIDList " + this._performClientAuthMechOIDList, Integer.valueOf(hashCode()));
        }
        return this._performClientAuthMechOIDList;
    }

    public ArrayList getPerformClientAuthMechList() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPerformClientAuthMechList " + this._performClientAuthMechList, Integer.valueOf(hashCode()));
        }
        return this._performClientAuthMechList;
    }

    public ArrayList getTargetSecurityNameList() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTargetSecurityNameList " + this._targetSecurityNameList, Integer.valueOf(hashCode()));
        }
        return this._targetSecurityNameList;
    }

    public String getPerformClientAuthMech() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPerformClientAuthMech " + this._performClientAuthMech, Integer.valueOf(hashCode()));
        }
        return this._performClientAuthMech;
    }

    public void setPerformClientAuthMech(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setPerformClientAuthMech " + this._performClientAuthMech);
        }
        this._performClientAuthMech = str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setPerformClientAuthMech " + this._performClientAuthMech, Integer.valueOf(hashCode()));
        }
    }

    public void setPerformClientAuthMechOID(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setPerformClientAuthMechOID " + this._performClientAuthMechOID);
        }
        this._performClientAuthMechOID = str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setPerformClientAuthMechOID " + this._performClientAuthMechOID, Integer.valueOf(hashCode()));
        }
    }

    public void setTargetSecurityName(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setTargetSecurityName " + this._targetSecurityName);
        }
        this._targetSecurityName = str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setTargetSecurityName " + this._targetSecurityName, Integer.valueOf(hashCode()));
        }
    }

    public void setTargetAuthMechOID(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setTargetAuthMechOID " + this._targetAuthMechOID);
        }
        this._targetAuthMechOID = str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setTargetAuthMechOID " + this._targetAuthMechOID, Integer.valueOf(hashCode()));
        }
    }

    public boolean performClientAuthentication() {
        return this._performClientAuth;
    }

    public boolean claimClientAuthenticationRequired() {
        return this._claimClientAuthRequired;
    }

    public String getTargetSecurityName() {
        return this._targetSecurityName;
    }

    public String getTargetHostName() {
        return this._targetHostName;
    }

    public int getTargetTCPPort() {
        return this._targetTCPPort;
    }

    public int getTargetSSLPort() {
        return this._targetSSLPort;
    }

    public String getMechanismTypeIdentity() {
        if (this._performClientAuth) {
            if (this._performSSLTLS) {
                if (OID.compareOIDs(this._performClientAuthMechOID, GSSUPMechOID.value)) {
                    return "1.5";
                }
                if (OID.compareOIDs(this._performClientAuthMechOID, KRB5MechOID.value)) {
                }
            } else {
                if (OID.compareOIDs(this._performClientAuthMechOID, GSSUPMechOID.value)) {
                    return MechanismFactory.GSSUPOverTCP;
                }
                if (OID.compareOIDs(this._performClientAuthMechOID, KRB5MechOID.value)) {
                }
            }
        }
        return this._mechTypeIdentity;
    }

    public String getPerformSECIOPMechOID() {
        return this._performSECIOPMechOID;
    }

    public boolean performSSLTLS() {
        return this._performSSLTLS;
    }

    public boolean performSECIOP() {
        return this._performSECIOP;
    }

    public boolean performMsgConfidentiality() {
        return this._performMsgConfidentiality;
    }

    public boolean performMsgIntegrity() {
        return this._performMsgIntegrity;
    }

    public boolean performMsgDetectMisordering() {
        return this._performMsgDetectMisordering;
    }

    public boolean performMsgDetectReplay() {
        return this._performMsgDetectReplay;
    }

    public boolean performTLClientAuth() {
        return this._performTLClientAuth;
    }

    public boolean performTLServerAuth() {
        return this._performTLServerAuth;
    }

    private void evaluateStatefulness(boolean z, Vector vector, boolean z2) throws CSIv2RequirementsNotSatisfied {
        this._stateful = z && SecurityObjectLocator.getCSIv2Config().getBoolean("com.ibm.CSI.performStateful");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Stateful request? " + this._stateful);
        }
    }

    public ArrayList getPerformClientAuthTargetList() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPerformClientAuthTargetList");
        }
        ArrayList arrayList = new ArrayList();
        AuthenticationTarget authenticationTarget = new AuthenticationTarget();
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        if (SecurityObjectLocator.getAdminData().getBoolean(AdminData.IS_SERVER_PROCESS)) {
            this._performSupportedAuthMechList = cSIv2Config.getString(CSIv2Config.PERFORM_MESSAGE_SUPPORTED_AUTH_MECH_LIST);
        } else {
            this._performSupportedAuthMechList = authenticationTarget.authTargetToMechType(cSIv2Config.getInteger("com.ibm.CORBA.authenticationTarget"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "_performSupportedAuthMechList " + this._performSupportedAuthMechList);
        }
        if (this._performSupportedAuthMechList != null && this._performSupportedAuthMechList.length() > 0) {
            this._performSupportedAuthMechList = this._performSupportedAuthMechList.toUpperCase();
            String[] split = this._performSupportedAuthMechList.split("\\|");
            for (int i = 0; i < split.length; i++) {
                if (split[i] != null) {
                    try {
                        arrayList.add(Integer.valueOf(authenticationTarget.mechtypeToAuthTarget(split[i])));
                    } catch (MechanismAmbiguityException e) {
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPerformClientAuthTargetList " + arrayList);
        }
        return arrayList;
    }

    private void evaluateTransportLayer(CSIv2TaggedComponent cSIv2TaggedComponent, Vector vector, boolean z, boolean z2) throws CSIv2RequirementsNotSatisfied {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "evaluateTransportLayer.");
        }
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        boolean z3 = false;
        if (cSIv2TaggedComponent == null) {
            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0600E", "JSAS0600E: CSIv2 Tagged Component is NULL."));
            z3 = true;
        }
        int i = cSIv2TaggedComponent.get_Transport_tagID();
        short s = 0;
        short s2 = 0;
        if (i == 36) {
            TLS_SEC_TRANSHolder tls_sec_trans = cSIv2TaggedComponent.getTLS_SEC_TRANS();
            s = tls_sec_trans.value.target_supports;
            s2 = tls_sec_trans.value.target_requires;
            this._targetHostName = tls_sec_trans.value.addresses[0].host_name;
            this._targetSSLPort = tls_sec_trans.value.addresses[0].port;
            if (cSIv2TaggedComponent.getIORProfile() != null) {
                this._targetTCPPort = cSIv2TaggedComponent.getIORProfile().getPort();
            }
            if (cSIv2Config.getBoolean("com.ibm.CSI.performTransportAssocSSLTLSSupported") || cSIv2Config.getBoolean("com.ibm.CSI.performTransportAssocSSLTLSRequired")) {
                this._performSSLTLS = true;
            } else {
                this._performSSLTLS = false;
            }
        } else {
            if (i == 34) {
                if (cSIv2TaggedComponent.getIORProfile() != null) {
                    this._targetHostName = cSIv2TaggedComponent.getIORProfile().getHost();
                }
                if (cSIv2TaggedComponent.getIORProfile() != null) {
                    this._targetTCPPort = cSIv2TaggedComponent.getIORProfile().getPort();
                }
                this._performSSLTLS = false;
                this._performTLClientAuth = false;
                this._performMsgIntegrity = false;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Perform SSL/TLS: " + this._performSSLTLS + ", Perform client auth at transport layer: " + this._performTLClientAuth + ", Perform integrity at transport layer: " + this._performMsgIntegrity + ", Perform confidentiality at transport layer: " + this._performMsgConfidentiality + ", Target Host: " + this._targetHostName + ", Target TCP Port: " + this._targetTCPPort + ", Target SSL Port: " + this._targetSSLPort);
                }
                if (cSIv2Config.getBoolean("com.ibm.CSI.performTransportAssocSSLTLSRequired")) {
                    vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0603E", "JSAS0603E: The server does not support SSL/TLS, but the client is configured to require it."));
                    throw new CSIv2RequirementsNotSatisfied(CSIv2RequirementsNotSatisfiedReason.NotSatisfiedByClient, SecurityMessages.getMsgOrUseDefault("JSAS0550I", "JSAS0550I: Evaluation of the transport layer failed."));
                }
                return;
            }
            if (i == 35) {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0601E", "JSAS0601E: The CSIv2 client configuration does not support SECIOP."));
                z3 = true;
            } else {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0602E", "JSAS0602E: No valid transport tagged components exist in the IOR."));
                z3 = true;
            }
        }
        if (s2 == 0 && s == 0 && cSIv2Config.getBoolean("com.ibm.CSI.performTransportAssocSSLTLSRequired")) {
            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0603E", "JSAS0603E: The server does not support SSL/TLS, but the client is configured to require it."));
            z3 = true;
        }
        if (!cSIv2Config.getBoolean("com.ibm.CSI.performTransportAssocSSLTLSSupported") && !cSIv2Config.getBoolean("com.ibm.CSI.performTransportAssocSSLTLSRequired") && this._targetTCPPort == 0) {
            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0608E", "JSAS0608E: The server requires SSL Confidentiality but the client does not support it."));
            z3 = true;
        }
        if (cSIv2Config.getBoolean("com.ibm.CSI.performTLClientAuthenticationRequired") && this._performSSLTLS) {
            if ((s2 & 64) != 0 || (s & 64) != 0) {
                this._performTLClientAuth = true;
            } else if (z) {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0604E", "JSAS0604E: The client is configured to require SSL client authentication but the server does not support it."));
                z3 = true;
            } else {
                this._performTLClientAuth = false;
            }
        } else if (!cSIv2Config.getBoolean("com.ibm.CSI.performTLClientAuthenticationSupported") || !this._performSSLTLS) {
            if ((s2 & 64) != 0) {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0606E", "JSAS0606E: The server is configured to require SSL client certificate authentication but the client does not support it."));
                z3 = true;
            }
            this._performTLClientAuth = false;
        } else if ((s2 & 64) != 0 || (s & 64) != 0) {
            this._performTLClientAuth = true;
        } else if (z) {
            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0605E", "JSAS0605E: The client is configured to support SSL client certificate authentication, however the server does not accept them."));
            z3 = true;
        } else {
            this._performTLClientAuth = false;
        }
        this._performTLServerAuth = true;
        if (cSIv2Config.getBoolean("com.ibm.CSI.performMessageConfidentialityRequired") && this._performSSLTLS) {
            if ((s2 & 4) == 0 && (s & 4) == 0) {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0607E", "JSAS0607E: The client is configured to require SSL Confidentiality but the server does not support it."));
                z3 = true;
            } else {
                this._performMsgConfidentiality = true;
            }
        } else if (!cSIv2Config.getBoolean("com.ibm.CSI.performMessageConfidentialitySupported") || !this._performSSLTLS) {
            if ((s2 & 4) != 0) {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0608E", "JSAS0608E: The server is configured to require Confidentiality but the client does not support it."));
                z3 = true;
            }
            this._performMsgConfidentiality = false;
        } else if ((s2 & 4) == 0 && (s & 4) == 0) {
            this._performMsgConfidentiality = false;
        } else {
            this._performMsgConfidentiality = true;
        }
        if (cSIv2Config.getBoolean("com.ibm.CSI.performMessageIntegrityRequired") && this._performSSLTLS) {
            if ((s2 & 2) == 0 && (s & 2) == 0) {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0609E", "JSAS0609E: The client is configured to require SSL Integrity but the server does not support it."));
                z3 = true;
            } else {
                this._performMsgIntegrity = true;
            }
        } else if (!cSIv2Config.getBoolean("com.ibm.CSI.performMessageIntegritySupported") || !this._performSSLTLS) {
            if ((s2 & 2) != 0 && this._performSSLTLS) {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0610E", "JSAS0610E: The server is configured to require SSL Integrity but the client does not support it."));
                z3 = true;
            }
            this._performMsgIntegrity = false;
        } else if ((s2 & 2) == 0 && (s & 2) == 0) {
            this._performMsgIntegrity = false;
        } else {
            this._performMsgIntegrity = true;
        }
        this._performMsgDetectReplay = true;
        this._performMsgDetectMisordering = true;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Perform SSL/TLS: " + this._performSSLTLS + ", Perform client auth at transport layer: " + this._performTLClientAuth + ", Perform integrity at transport layer: " + this._performMsgIntegrity + ", Perform confidentiality at transport layer: " + this._performMsgConfidentiality + ", Target Host: " + this._targetHostName + ", Target TCP Port: " + this._targetTCPPort + ", Target SSL Port: " + this._targetSSLPort);
        }
        if (z3) {
            throw new CSIv2RequirementsNotSatisfied(CSIv2RequirementsNotSatisfiedReason.NotSatisfiedByClient, SecurityMessages.getMsgOrUseDefault("JSAS0550I", "JSAS0550I: Evaluation of the transport layer failed."));
        }
    }

    private void evaluateClientAuthLayer(AS_ContextSecHolder aS_ContextSecHolder, Vector vector, boolean z) throws CSIv2RequirementsNotSatisfied {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "evaluateClientAuthLayer.");
        }
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        boolean z2 = false;
        if (aS_ContextSecHolder == null || aS_ContextSecHolder.value == null) {
            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0611E", "JSAS0611E: No authentication mechanism is defined at client authentication layer."));
            z2 = true;
        }
        AS_ContextSec aS_ContextSec = aS_ContextSecHolder.value;
        if (aS_ContextSec != null) {
            short s = aS_ContextSec.target_supports;
            short s2 = aS_ContextSec.target_requires;
            byte[] bArr = aS_ContextSec.client_authentication_mech;
            byte[] bArr2 = aS_ContextSec.target_name;
            if (bArr != null) {
                this._targetAuthMechOID = bArr.toString();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "target_supports: " + ((int) s));
                Tr.debug(tc, "target_requires: " + ((int) s2));
                Tr.debug(tc, "targetAuthMechOID: " + this._targetAuthMechOID);
                Tr.debug(tc, "targetName: " + bArr2);
            }
            if ((s & 64) == 0 && (s2 & 64) == 0 && this.savedCSIv2Tag != null && this.savedCSIv2Tag.value != null) {
                this._targetSecurityName = this.savedCSIv2Tag.value.get_targetCompleteName();
                if (this._targetSecurityName != null && this._targetSecurityName.startsWith(DAEMON_EXPORTED_NAME)) {
                    return;
                }
            }
            if ((s2 & 64) != 0) {
                this._claimClientAuthRequired = true;
            }
            if (cSIv2Config.getBoolean("com.ibm.CSI.performClientAuthenticationRequired")) {
                if ((s & 64) == 0 && (s2 & 64) == 0) {
                    vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0612E", "JSAS0612E: The client requires client authentication (e.g., userid/password), but the server does not support it."));
                    z2 = true;
                }
                this._performClientAuth = true;
            } else if (cSIv2Config.getBoolean("com.ibm.CSI.performClientAuthenticationSupported")) {
                if ((s & 64) == 0 && (s2 & 64) == 0) {
                    this._performClientAuth = false;
                    if (s == 0) {
                        return;
                    }
                } else {
                    this._performClientAuth = true;
                }
            } else if ((s2 & 64) != 0) {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0613E", "JSAS0613E: The server requires client authentication (e.g., userid/password), but the client does not support it."));
                z2 = true;
            } else if (methodRequiresAuthenticationRegardlessOfPolicy(this._method, this._proxy)) {
                this._performClientAuth = true;
                this._disableCache = true;
            } else {
                this._performClientAuth = false;
            }
            if (this._performClientAuth) {
                if (bArr2 == null) {
                    this._performClientAuth = false;
                    vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0618E", "JSAS0618E: The target security name is NULL in CSIv2 tagged component."));
                    z2 = true;
                } else {
                    if (this.savedCSIv2Tag != null && this.savedCSIv2Tag.value != null) {
                        this._targetSecurityName = this.savedCSIv2Tag.value.get_targetCompleteName();
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "_targetSecurityName: " + this._targetSecurityName);
                    }
                }
                boolean z3 = true;
                if (SecurityObjectLocator.getAdminData().getBoolean(AdminData.IS_SERVER_PROCESS)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "about to retrieve outbound trusted realms.");
                    }
                    TrustedAuthenticationRealm outboundTrustedAuthenticationRealm = SecurityObjectLocator.getSecurityConfig().getOutboundTrustedAuthenticationRealm();
                    String str = null;
                    boolean z4 = false;
                    if (outboundTrustedAuthenticationRealm != null) {
                        str = outboundTrustedAuthenticationRealm.getRealmList();
                        z4 = outboundTrustedAuthenticationRealm.getTrustAllRealms();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "found outbound realms element: trustAllRealms = " + z4 + " : realmList = " + str);
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "did not find outbound realms element");
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "supportedTargetRealms: " + str);
                    }
                    if (z4) {
                        z3 = false;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "trustAllRealms is true ");
                        }
                    }
                    if (z3) {
                        if (str != null && !str.equals("")) {
                            StringTokenizer stringTokenizer = new StringTokenizer(str, "|");
                            while (true) {
                                if (!stringTokenizer.hasMoreTokens()) {
                                    break;
                                }
                                String nextToken = stringTokenizer.nextToken();
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "realm: " + nextToken);
                                }
                                if (this._targetSecurityName.startsWith(nextToken)) {
                                    z3 = false;
                                    break;
                                }
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "realmList String is null or empty");
                        }
                    }
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "case of a pure client: getting supportedTargetRealms from the csiv2 configuration.");
                    }
                    cSIv2Config.getString("com.ibm.CSI.supportedTargetRealms");
                }
                this._performClientAuthMechOID = new GSSFactory(bArr).getOIDName();
                this._performClientAuthMech = GSSFactory.mapOidToMechType(this._performClientAuthMechOID);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "TargetAuthMech: " + this._performClientAuthMech + " " + this._performClientAuthMechOID);
                }
                if (z3) {
                    if (bArr == null) {
                        this._performClientAuth = false;
                        vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0611E", "JSAS0611E: No authentication mechanism is defined at client authentication layer."));
                        z2 = true;
                    } else if (z && SecurityObjectLocator.getAdminData().getBoolean(AdminData.IS_SERVER_PROCESS)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Looking for the preferred ADMIN authentication mechanism.");
                        }
                        SecurityConfigObject object = SecurityObjectLocator.getSecurityConfigManager().getObject("security").getObject(SecurityConfig.ADMIN_PREFERRED_AUTH_MECH);
                        if (object != null && object.instanceOf("RSAToken") && RSATokenThreadManager.getInstance().isCertificateRetrievalInProcess().booleanValue()) {
                            this._performClientAuthMechOID = RSAPropMechOID.value;
                            this._performClientAuth = true;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Forcing _performClientAuthMechOID during RSA bootstrap call to the RSA OID: " + RSAPropMechOID.value);
                            }
                        } else if (object == null || !object.instanceOf("RSAToken")) {
                            if (object == null || !object.instanceOf("LTPA")) {
                                if (object == null || !object.instanceOf(AuthMechanismConfig.TYPE_KERBEROS)) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "The preferred admin authentication mechanism is not understood.");
                                    }
                                    this._performClientAuth = false;
                                    this._performClientAuthMechOID = null;
                                    vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0808E", "JSAS0808E: The preferred admin authentication mechanism is not a known ADMIN mechanism."));
                                    z2 = true;
                                } else if (!OID.compareOIDs(this._performClientAuthMechOID, KRB5MechOID.value)) {
                                    this._performClientAuth = false;
                                    this._performClientAuthMechOID = null;
                                    vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0807W", "JSAS0807W: The current OID is not the preferred admin authentication mechanism of \"KRB5\"."));
                                    z2 = true;
                                } else if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Found the preferred ADMIN authentication mechanism:  KRB5");
                                }
                            } else if (!OID.compareOIDs(this._performClientAuthMechOID, LTPAMechOID.value)) {
                                this._performClientAuth = false;
                                this._performClientAuthMechOID = null;
                                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0806W", "JSAS0806W: The current OID is not the preferred admin authentication mechanism of \"LTPA\"."));
                                z2 = true;
                            } else if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Found the preferred ADMIN authentication mechanism:  LTPA");
                            }
                        } else if (!OID.compareOIDs(this._performClientAuthMechOID, RSAPropMechOID.value)) {
                            this._performClientAuth = false;
                            this._performClientAuthMechOID = null;
                            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0805W", "JSAS0805W:  The current OID is not the preferred admin authentication mechanism of RSAToken."));
                            z2 = true;
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found the preferred ADMIN authentication mechanism:  RSAToken");
                        }
                    } else if (z || !OID.compareOIDs(this._performClientAuthMechOID, RSAPropMechOID.value)) {
                        if (!OID.compareOIDs(this._performClientAuthMechOID, GSSUPMechOID.value) && !OID.compareOIDs(this._performClientAuthMechOID, KRB5MechOID.value) && !OID.compareOIDs(this._performClientAuthMechOID, LTPAMechOID.value) && !OID.compareOIDs(this._performClientAuthMechOID, cSIv2Config.getString(CSIv2Config.CUSTOM_AUTH_MECH_OID))) {
                            this._performClientAuth = false;
                            this._performClientAuthMechOID = null;
                            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0614E", "JSAS0614E: The OID supplied by the server is an unsupported OID for this WebSphere release."));
                            z2 = true;
                        }
                        if (this._performClientAuthMechOID != null && !performIdentityAssertion()) {
                            boolean z5 = false;
                            int i = 0;
                            while (true) {
                                if (i >= this._performClientAuthTargetList.size()) {
                                    break;
                                }
                                int intValue = ((Integer) this._performClientAuthTargetList.get(i)).intValue();
                                if (OID.compareOIDs(this._performClientAuthMechOID, KRB5MechOID.value) && intValue == 6) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Found client and server supported Kerberos authentication mechanism");
                                    }
                                    z5 = true;
                                } else if (OID.compareOIDs(this._performClientAuthMechOID, LTPAMechOID.value) && intValue == 1) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Found client and server supported LTPA authentication mechanism");
                                    }
                                    z5 = true;
                                } else if (OID.compareOIDs(this._performClientAuthMechOID, GSSUPMechOID.value) && intValue == 4) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Found client and server supported GSSUP authentication mechanism");
                                    }
                                    z5 = true;
                                } else if (OID.compareOIDs(this._performClientAuthMechOID, cSIv2Config.getString(CSIv2Config.CUSTOM_AUTH_MECH_OID)) && intValue == 9) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Found client and server supported Custom authentication mechanism");
                                    }
                                    z5 = true;
                                } else {
                                    i++;
                                }
                            }
                            if (!z5) {
                                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS1504E", this._performSupportedAuthMechList, "JSAS1504E: The server does not support the client authentication mechanism: "));
                                z2 = true;
                                this._performClientAuth = false;
                                this._performClientAuthMechOID = null;
                            }
                        }
                    } else {
                        this._performClientAuth = false;
                        this._performClientAuthMechOID = null;
                        vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0809E", "JSAS0809E: The current OID is RSA but this is not an Admin request."));
                        z2 = true;
                    }
                }
            }
        } else if (cSIv2Config.getBoolean("com.ibm.CSI.performClientAuthenticationRequired")) {
            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0611E", "JSAS0611E: No authentication mechanism is defined at client authentication layer."));
            z2 = true;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Perform client authentication at message layer: " + this._performClientAuth + ", Perform client auth mechanism: " + this._performClientAuthMechOID + ", Target Name at message layer: " + this._targetSecurityName);
        }
        if (z2) {
            throw new CSIv2RequirementsNotSatisfied(CSIv2RequirementsNotSatisfiedReason.NotSatisfiedByClient, SecurityMessages.getMsgOrUseDefault("JSAS0551I", "JSAS0551I: Evaluation of the message layer failed."));
        }
    }

    private void addAuthMechOID(CSIv2TaggedComponentHolder cSIv2TaggedComponentHolder) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addAuthMechOID");
        }
        if (cSIv2TaggedComponentHolder == null || cSIv2TaggedComponentHolder.value == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "addAuthMechOID no CSIv2 tag holder supplied");
                return;
            }
            return;
        }
        CSIv2TaggedComponent cSIv2TaggedComponent = cSIv2TaggedComponentHolder.value;
        AS_ContextSecHolder aS_context_mech_holder = cSIv2TaggedComponent.getAS_context_mech_holder();
        if (aS_context_mech_holder == null || aS_context_mech_holder.value == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "addAuthMechOID no sec context holder supplied");
                return;
            }
            return;
        }
        AS_ContextSec aS_ContextSec = aS_context_mech_holder.value;
        String oIDName = new GSSFactory(aS_ContextSec.client_authentication_mech).getOIDName();
        String mapOidToMechType = GSSFactory.mapOidToMechType(oIDName);
        String str = aS_ContextSec.target_name == null ? new String("") : cSIv2TaggedComponent.get_targetCompleteName();
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        if (OID.compareOIDs(oIDName, GSSUPMechOID.value) || OID.compareOIDs(oIDName, KRB5MechOID.value) || OID.compareOIDs(oIDName, LTPAMechOID.value) || OID.compareOIDs(oIDName, cSIv2Config.getString(CSIv2Config.CUSTOM_AUTH_MECH_OID))) {
            boolean z = false;
            int i = 0;
            while (true) {
                if (i >= this._performClientAuthTargetList.size()) {
                    break;
                }
                int intValue = ((Integer) this._performClientAuthTargetList.get(i)).intValue();
                if (OID.compareOIDs(oIDName, KRB5MechOID.value) && intValue == 6) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "addAuthMechOID adding KRB5 auth mech OID");
                    }
                    z = true;
                } else if (OID.compareOIDs(oIDName, LTPAMechOID.value) && intValue == 1) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "addAuthMechOID adding LTPA auth mech OID");
                    }
                    z = true;
                } else if (OID.compareOIDs(oIDName, GSSUPMechOID.value) && intValue == 4) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "addAuthMechOID adding GSSUP auth mech OID");
                    }
                    z = true;
                } else if (OID.compareOIDs(oIDName, cSIv2Config.getString(CSIv2Config.CUSTOM_AUTH_MECH_OID)) && intValue == 9) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "addAuthMechOID adding Custom auth mech OID");
                    }
                    z = true;
                } else {
                    i++;
                }
            }
            if (z) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "addAuthMechOID match == true");
                }
                if (this._performClientAuthMechOIDList == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "addAuthMechOID oid list null, creating new list");
                    }
                    this._performClientAuthMechOIDList = new ArrayList();
                    this._performClientAuthMechList = new ArrayList();
                    this._targetSecurityNameList = new ArrayList();
                    this._performClientAuthMechOIDList.add(this._performClientAuthMechOID);
                    this._performClientAuthMechList.add(this._performClientAuthMech);
                    this._targetSecurityNameList.add(this._targetSecurityName);
                }
                if (this._performClientAuthMechOIDList.indexOf(oIDName) == -1) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "addAuthMechOID adding mech to list");
                    }
                    this._performClientAuthMechOIDList.add(oIDName);
                    this._performClientAuthMechList.add(mapOidToMechType);
                    this._targetSecurityNameList.add(str);
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "addAuthMechOID oid already in list for mech " + mapOidToMechType);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addAuthMechOID", new Object[]{this._performClientAuthMechOIDList, Integer.valueOf(hashCode())});
        }
    }

    private void evaluateAttributeLayer(SAS_ContextSecHolder sAS_ContextSecHolder, Vector vector, boolean z) throws CSIv2RequirementsNotSatisfied {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "evaluateAttributeLayer.");
        }
        String str = null;
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        boolean z2 = false;
        SAS_ContextSec sAS_ContextSec = sAS_ContextSecHolder.value;
        if (sAS_ContextSec != null) {
            short s = sAS_ContextSec.target_supports;
            short s2 = sAS_ContextSec.target_requires;
            byte[][] bArr = sAS_ContextSec.supported_naming_mechanisms;
            int i = sAS_ContextSec.supported_identity_types;
            ServiceConfiguration[] serviceConfigurationArr = sAS_ContextSec.privilege_authorities;
            if (cSIv2Config.getBoolean(CSIv2Config.PERFORM_IDENTITY_ASSERTION_REQUIRED)) {
                if (bArr == null || bArr.length == 0) {
                    str = SecurityMessages.getMsgOrUseDefault("JSAS0620E", "JSAS0620E: No supported naming mechanisms are defined in attribute layer for Identity Assertion.");
                    vector.addElement(str);
                    z2 = true;
                }
                if (i == 0) {
                    str = SecurityMessages.getMsgOrUseDefault("JSAS0621E", "JSAS0621E: The target server does not support any identity token types.");
                    vector.addElement(str);
                    z2 = true;
                }
                if ((s & 1024) == 0 && (s2 & 1024) == 0) {
                    str = SecurityMessages.getMsgOrUseDefault("JSAS0619E", "JSAS0619E: The sending server requires Identity Assertion but the receiving server does not support it.");
                    vector.addElement(str);
                    z2 = true;
                }
                if (!z2) {
                    this._performIDAssertion = true;
                }
            } else if (cSIv2Config.getBoolean(CSIv2Config.PERFORM_IDENTITY_ASSERTION_SUPPORTED) && ((s & 1024) != 0 || (s2 & 1024) != 0)) {
                if (i != 0 && bArr != null && bArr.length > 0) {
                    this._performIDAssertion = true;
                } else if (i == 0) {
                    str = SecurityMessages.getMsgOrUseDefault("JSAS0621E", "JSAS0621E: The target server does not support any identity token types.");
                    vector.addElement(str);
                    z2 = true;
                } else if (bArr == null || bArr.length == 0) {
                    str = SecurityMessages.getMsgOrUseDefault("JSAS0620E", "JSAS0620E: No supported naming mechanisms are defined in attribute layer for Identity Assertion.");
                    vector.addElement(str);
                    z2 = true;
                }
            }
            if (this._performIDAssertion) {
                Vector vector2 = new Vector();
                for (byte[] bArr2 : bArr) {
                    String oIDName = new GSSFactory(bArr2).getOIDName();
                    int integer = cSIv2Config.getInteger(CSIv2Config.PERFORM_IDENTITY_ASSERTION_MECHANISM);
                    if (OID.compareOIDs(oIDName, KRB5MechOID.value)) {
                        if (integer == 6) {
                            vector2.addElement(oIDName);
                        }
                    } else if (OID.compareOIDs(oIDName, GSSUPMechOID.value)) {
                        if (integer == 4 || integer == 6 || integer == 2 || integer == 1) {
                            vector2.addElement(oIDName);
                        }
                    } else if (OID.compareOIDs(oIDName, LTPAMechOID.value)) {
                        if (integer == 1) {
                            vector2.addElement(oIDName);
                        }
                    } else if (!OID.compareOIDs(oIDName, cSIv2Config.getString(CSIv2Config.CUSTOM_AUTH_MECH_OID))) {
                        str = SecurityMessages.getMsgOrUseDefault("JSAS0620E", "JSAS0620E: No supported naming mechanisms are defined in attribute layer for Identity Assertion.");
                        vector.addElement(str);
                        z2 = true;
                    } else if (integer == 9) {
                        vector2.addElement(oIDName);
                    }
                }
                if (vector2.size() != 0) {
                    this._performIDANamingMechList = new String[vector2.size()];
                    for (int i2 = 0; i2 < vector2.size(); i2++) {
                        this._performIDANamingMechList[i2] = (String) vector2.elementAt(i2);
                    }
                }
                this._performIdentityTokenType = cSIv2Config.getInteger(CSIv2Config.PERFORM_IDENTITY_ASSERTION_TYPE) & i;
                this._performIDAssertion = true;
            }
            if (cSIv2Config.getBoolean("com.ibm.CSI.rmiOutboundPropagationEnabled") && serviceConfigurationArr != null) {
                for (int i3 = 0; i3 < serviceConfigurationArr.length; i3++) {
                    ServiceConfiguration serviceConfiguration = serviceConfigurationArr[i3];
                    if (serviceConfiguration.name != null && serviceConfiguration.name.length > 0) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Logging current service config syntax: " + serviceConfiguration.syntax);
                            Tr.debug(tc, "Logging current service config bytes (size=" + serviceConfiguration.name.length + "): ");
                            Tr.debug(tc, "Logging current service config name: " + serviceConfiguration.name);
                        }
                        String str2 = "";
                        if (serviceConfiguration.syntax == 324817) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "CSIv2EffectivePerformPolicy.evaluateAttributeLayer", "Service config syntax is SCS_GSSExportedName.");
                            }
                            try {
                                str2 = VaultImpl.getInstance().getGSSFactory(GSSUPMechOID.value).decodeExportedTargetName(serviceConfiguration.name);
                            } catch (GSSEncodeDecodeException e) {
                                Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy.evaluateAttributeLayer", "1572", this);
                                throw new BAD_PARAM(str + "  Original exception = " + e, SecurityMinorCodes.GSS_FORMAT_ERROR, CompletionStatus.COMPLETED_NO);
                            }
                        } else if (serviceConfiguration.syntax == 1229066446) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Service config syntax is CSIV2_PRIV_ATTR_SYNTAX.");
                            }
                            str2 = ORB.createCDRInputStream(_orb, serviceConfiguration.name, serviceConfiguration.name.length).read_string();
                        }
                        if (SecurityObjectLocator.getAdminData().getBoolean(AdminData.IS_SERVER_PROCESS) && str2 != null && str2.equals(ContextManagerFactory.getInstance().getDefaultRealm())) {
                            this._performAuthorizationToken = true;
                        } else if (SecurityObjectLocator.getAdminData().getBoolean(AdminData.IS_SERVER_PROCESS)) {
                            TrustedAuthenticationRealm outboundTrustedAuthenticationRealm = SecurityObjectLocator.getSecurityConfig().getOutboundTrustedAuthenticationRealm();
                            boolean trustAllRealms = outboundTrustedAuthenticationRealm.getTrustAllRealms();
                            String realmList = outboundTrustedAuthenticationRealm.getRealmList();
                            if (trustAllRealms) {
                                this._performAuthorizationToken = true;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "trustAllRealms is true. Setting _performAuthorizationToken to true");
                                }
                            } else if (realmList != null && !realmList.equals("")) {
                                StringTokenizer stringTokenizer = new StringTokenizer(realmList, "|");
                                while (stringTokenizer.hasMoreTokens()) {
                                    String nextToken = stringTokenizer.nextToken();
                                    if (nextToken.equals("*") || nextToken.equalsIgnoreCase(str2)) {
                                        this._performAuthorizationToken = true;
                                        break;
                                    }
                                }
                            }
                            if (!this._performAuthorizationToken && str2 != "") {
                                if (!(PlatformHelperFactory.getPlatformHelper().isZOS() && PlatformHelperFactory.getPlatformHelper().isServantJvm() && !ContextManagerFactory.getInstance().isSecurityServiceStarted())) {
                                    Tr.warning(tc, "security.JSAS1479W", new Object[]{str2, ContextManagerFactory.getInstance().getDefaultRealm()});
                                } else if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Suppressed JSAS1479 for zOS servant during startup");
                                }
                            }
                        } else {
                            this._performAuthorizationToken = true;
                        }
                        if (i3 == 0) {
                            this._performServiceCfgList = str2;
                        } else {
                            this._performServiceCfgList += "|" + str2;
                        }
                    }
                }
            }
        } else if (cSIv2Config.getBoolean(CSIv2Config.PERFORM_IDENTITY_ASSERTION_REQUIRED)) {
            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0619E", "JSAS0619E: The sending server requires Identity Assertion but the receiving server does not support it."));
            z2 = true;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Perform client authentication at message layer: " + this._performClientAuth + ", Perform client auth mechanism: " + this._performClientAuthMechOID + ", Target Name at message layer: " + this._targetSecurityName);
        }
        if (z2) {
            throw new CSIv2RequirementsNotSatisfied(CSIv2RequirementsNotSatisfiedReason.NotSatisfiedByClient, SecurityMessages.getMsgOrUseDefault("JSAS0552I", "JSAS0552I: Evaluation of the attribute layer failed."));
        }
    }

    public final synchronized CSIv2EffectivePerformPolicy getEffectivePolicy(CSIv2TaggedComponent[] cSIv2TaggedComponentArr, String str, Object obj, short s, short s2) throws CSIv2RequirementsNotSatisfied {
        boolean z;
        this._method = str;
        this._proxy = obj;
        this._performClientAuthTargetList = getPerformClientAuthTargetList();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "_performClientAuthTargetList[] " + this._performClientAuthTargetList);
        }
        Tr.debug(tc, "Enter getEffectivePolicy.");
        if (s2 == 1 || s2 == -1) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Naming read is NOT protected by everyone role");
            }
            this._isNamingReadUnprotected = false;
        }
        if (cSIv2TaggedComponentArr.length <= 0) {
            throw new CSIv2RequirementsNotSatisfied(CSIv2RequirementsNotSatisfiedReason.NotSatisfiedByTarget, "There are no CSIv2 Tagged Components in the List.");
        }
        Vector vector = null;
        int i = 0;
        while (i < 2) {
            boolean z2 = i == 0;
            for (int i2 = 0; i2 < cSIv2TaggedComponentArr.length; i2++) {
                CSIv2TaggedComponentHolder cSIv2TaggedComponentHolder = new CSIv2TaggedComponentHolder(cSIv2TaggedComponentArr[i2]);
                vector = new Vector();
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "*** Evaluating CSIv2 tag " + (i2 + 1) + " of " + cSIv2TaggedComponentArr.length + " validate CertAuth:" + z2 + " ***");
                    }
                    z = evaluate(cSIv2TaggedComponentHolder, this, vector, z2, s);
                    if ((s == 1 || s == -1) && !z) {
                        vector = new Vector();
                        z = evaluate(cSIv2TaggedComponentHolder, this, vector, z2, (short) 0);
                    }
                } catch (CSIv2RequirementsNotSatisfied e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "CSIv2 tag " + i2 + " failed evaluation.");
                    }
                    Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy.getEffectivePolicy", "1772");
                    z = false;
                }
                if (z) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "CSIv2 tag " + (i2 + 1) + " evaluation succeeded.");
                    }
                    if (csiv2EffectivePolicyCache.size() > 50 && !this._disableCache) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Clearing effective policy cache, size > 50");
                        }
                        csiv2EffectivePolicyCache.clear();
                    }
                    if (this._performClientAuth) {
                        for (int i3 = i2 + 1; i3 < cSIv2TaggedComponentArr.length; i3++) {
                            addAuthMechOID(new CSIv2TaggedComponentHolder(cSIv2TaggedComponentArr[i3]));
                        }
                    }
                    if (!this._disableCache) {
                        if (this._performClientAuth || (!this._performClientAuth && this._method != null && !this._method.equals(""))) {
                            csiv2EffectivePolicyCache.put(cSIv2TaggedComponentArr, this);
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Size of effective policy cache = " + csiv2EffectivePolicyCache.size());
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Skip inserting this into effective policy cache.");
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "getEffectivePolicy", this);
                    }
                    return this;
                }
            }
            i++;
        }
        if (vector == null) {
            throw new CSIv2RequirementsNotSatisfied(CSIv2RequirementsNotSatisfiedReason.NotSatisfiedByTarget, "SECURITY CLIENT/SERVER CONFIG MISMATCH:  The server does not support the client configuration.");
        }
        if (vector.isEmpty()) {
            throw new CSIv2RequirementsNotSatisfied(CSIv2RequirementsNotSatisfiedReason.NotSatisfiedByTarget, "SECURITY CLIENT/SERVER CONFIG MISMATCH:  The server does not support the client configuration.");
        }
        StringBuffer stringBuffer = new StringBuffer(500);
        stringBuffer.append(System.getProperty(Platform.PREF_LINE_SEPARATOR));
        stringBuffer.append(System.getProperty(Platform.PREF_LINE_SEPARATOR));
        stringBuffer.append(SecurityMessages.getMsgOrUseDefault("JSAS1477W", "JSAS1477W: SECURITY CLIENT/SERVER CONFIG MISMATCH:  The client security configuration (sas.client.props or outbound settings in GUI) does not support the server security configuration for the following reasons: "));
        int i4 = 0;
        Enumeration elements = vector.elements();
        while (elements.hasMoreElements()) {
            String str2 = (String) elements.nextElement();
            stringBuffer.append(System.getProperty(Platform.PREF_LINE_SEPARATOR));
            stringBuffer.append("     ");
            stringBuffer.append(SecurityMessages.getMsgOrUseDefault(RasMessage.ERROR, "ERROR "));
            i4++;
            stringBuffer.append(i4);
            stringBuffer.append(": ");
            stringBuffer.append(str2);
        }
        stringBuffer.append(System.getProperty(Platform.PREF_LINE_SEPARATOR));
        stringBuffer.append(System.getProperty(Platform.PREF_LINE_SEPARATOR));
        Tr.warning(tc, stringBuffer.toString());
        throw new CSIv2RequirementsNotSatisfied(CSIv2RequirementsNotSatisfiedReason.NotSatisfiedByTarget, stringBuffer.toString());
    }

    private final boolean evaluate(CSIv2TaggedComponentHolder cSIv2TaggedComponentHolder, CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy, Vector vector, boolean z, short s) throws CSIv2RequirementsNotSatisfied {
        boolean z2 = false;
        if (s == 1 || s == -1) {
            z2 = true;
        }
        this._isAdmin = z2;
        if (cSIv2TaggedComponentHolder != null) {
            try {
                if (cSIv2TaggedComponentHolder.value != null) {
                    CSIv2TaggedComponent cSIv2TaggedComponent = cSIv2TaggedComponentHolder.value;
                    this.savedCSIv2Tag = cSIv2TaggedComponentHolder;
                    if (cSIv2EffectivePerformPolicy == null) {
                        Tr.debug(tc, "Effective policy object is null.");
                        vector.addElement("Effective policy object is null.");
                        return false;
                    }
                    boolean z3 = false;
                    try {
                        cSIv2EffectivePerformPolicy.evaluateStatefulness(cSIv2TaggedComponent.isStateFul(), vector, z2);
                    } catch (CSIv2RequirementsNotSatisfied e) {
                        z3 = true;
                    }
                    try {
                        cSIv2EffectivePerformPolicy.evaluateAttributeLayer(cSIv2TaggedComponent.getSAS_context_mech_holder(), vector, z2);
                    } catch (CSIv2RequirementsNotSatisfied e2) {
                        Manager.Ffdc.log(e2, this, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy.evaluate", "1902");
                        z3 = true;
                    }
                    try {
                        cSIv2EffectivePerformPolicy.evaluateClientAuthLayer(cSIv2TaggedComponent.getAS_context_mech_holder(), vector, z2);
                    } catch (CSIv2RequirementsNotSatisfied e3) {
                        z3 = true;
                    }
                    try {
                        cSIv2EffectivePerformPolicy.evaluateTransportLayer(cSIv2TaggedComponent, vector, z, z2);
                    } catch (CSIv2RequirementsNotSatisfied e4) {
                        z3 = true;
                    }
                    return !z3;
                }
            } catch (Exception e5) {
                Manager.Ffdc.log(e5, this, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy.evaluate", "1944");
                Tr.debug(tc, "Exception in getEffectivePolicy, probably CSIv2RequirementsNotSatisfied.", e5);
                return false;
            }
        }
        Tr.debug(tc, "CSIv2TagHolder is null or the value inside is null.");
        vector.addElement("CSIv2TagHolder is null or the value inside is null.");
        return false;
    }

    public boolean isStateful() {
        return this._stateful;
    }

    public void setStateful(boolean z) {
        this._stateful = z;
    }

    public long getStatefulContextID() {
        return this._stateful_context_id;
    }

    public void setStatefulContextID(long j) {
        this._stateful_context_id = j;
    }

    public ClientSessionKey getClientSessionKey() {
        return this._client_session_key;
    }

    public void setClientSessionKey(ClientSessionKey clientSessionKey) {
        this._client_session_key = clientSessionKey;
    }

    public String getConnectionKey() {
        return this._connectionKey;
    }

    public void setConnectionKey(String str) {
        this._connectionKey = str;
    }

    public boolean getIsInternalRequestPolicy() {
        return this._isInternalRequestPolicy;
    }

    private CSIv2EffectivePerformPolicy() {
    }

    public static CSIv2EffectivePerformPolicy getInstance(CSIv2TaggedComponent[] cSIv2TaggedComponentArr, short s, short s2) throws CSIv2RequirementsNotSatisfied {
        return getInstance(cSIv2TaggedComponentArr, null, null, s, s2);
    }

    public static CSIv2EffectivePerformPolicy getInstance(CSIv2TaggedComponent[] cSIv2TaggedComponentArr, String str, Object obj, short s, short s2) throws CSIv2RequirementsNotSatisfied {
        try {
            CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = null;
            if (!methodRequiresAuthenticationRegardlessOfPolicy(str, obj)) {
                cSIv2EffectivePerformPolicy = (CSIv2EffectivePerformPolicy) csiv2EffectivePolicyCache.get(cSIv2TaggedComponentArr);
            }
            if (cSIv2EffectivePerformPolicy == null) {
                CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy2 = getInstance();
                cSIv2EffectivePerformPolicy2.getEffectivePolicy(cSIv2TaggedComponentArr, str, obj, s, s2);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getInstance returning new instance", cSIv2EffectivePerformPolicy2);
                }
                return cSIv2EffectivePerformPolicy2;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning policy from cache for CSIv2TagList: " + cSIv2TaggedComponentArr);
            }
            CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy3 = (CSIv2EffectivePerformPolicy) cSIv2EffectivePerformPolicy.clone();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getInstance returning clone of cached policy", cSIv2EffectivePerformPolicy3);
            }
            return cSIv2EffectivePerformPolicy3;
        } catch (Exception e) {
            Manager.Ffdc.log(e, CSIv2EffectivePerformPolicy.class, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy.getInstance", "2106");
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Exception creating effective policy.", e);
            return null;
        }
    }

    public static CSIv2EffectivePerformPolicy getInstance(CSIv2TaggedComponent[] cSIv2TaggedComponentArr, String str, ORB orb, IOR ior, short s, short s2) throws CSIv2RequirementsNotSatisfied {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getInstance", new Object[]{cSIv2TaggedComponentArr, str, orb, ior, Short.valueOf(s), Short.valueOf(s2)});
        }
        try {
            CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = (CSIv2EffectivePerformPolicy) csiv2EffectivePolicyCache.get(cSIv2TaggedComponentArr);
            if (cSIv2EffectivePerformPolicy == null) {
                CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy2 = getInstance();
                cSIv2EffectivePerformPolicy2.getEffectivePolicy(cSIv2TaggedComponentArr, str, (orb == null || ior == null) ? null : orb.IORToObject(ior), s, s2);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getInstance returning new instance", cSIv2EffectivePerformPolicy2);
                }
                return cSIv2EffectivePerformPolicy2;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getInstance returning policy from cache");
            }
            CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy3 = (CSIv2EffectivePerformPolicy) cSIv2EffectivePerformPolicy.clone();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getInstance returning clone of cached policy", cSIv2EffectivePerformPolicy3);
            }
            return cSIv2EffectivePerformPolicy3;
        } catch (Exception e) {
            Manager.Ffdc.log(e, CSIv2EffectivePerformPolicy.class, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy.getInstance", "2106");
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "getInstance exception creating effective policy, returning null policy", e);
            return null;
        }
    }

    public static CSIv2EffectivePerformPolicy getInternalRequestPolicyInstance() {
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = new CSIv2EffectivePerformPolicy();
        cSIv2EffectivePerformPolicy._stateful = false;
        cSIv2EffectivePerformPolicy._stateful_context_id = 0L;
        cSIv2EffectivePerformPolicy._client_session_key = null;
        cSIv2EffectivePerformPolicy._connectionKey = "";
        cSIv2EffectivePerformPolicy._mechTypeIdentity = "";
        cSIv2EffectivePerformPolicy._performTLClientAuth = true;
        cSIv2EffectivePerformPolicy._performTLServerAuth = false;
        cSIv2EffectivePerformPolicy._performMsgDetectReplay = false;
        cSIv2EffectivePerformPolicy._performMsgDetectMisordering = false;
        cSIv2EffectivePerformPolicy._performMsgIntegrity = false;
        cSIv2EffectivePerformPolicy._performMsgConfidentiality = false;
        cSIv2EffectivePerformPolicy._performSSLTLS = false;
        cSIv2EffectivePerformPolicy._performSECIOP = false;
        cSIv2EffectivePerformPolicy._performSECIOPMechOID = "";
        cSIv2EffectivePerformPolicy._targetHostName = "INTERNAL_SERVER_REQUEST";
        cSIv2EffectivePerformPolicy._targetTCPPort = 0;
        cSIv2EffectivePerformPolicy._targetSSLPort = 0;
        cSIv2EffectivePerformPolicy._performClientAuth = false;
        cSIv2EffectivePerformPolicy._claimClientAuthRequired = false;
        cSIv2EffectivePerformPolicy._performClientAuthMechOID = GSSUPMechOID.value;
        cSIv2EffectivePerformPolicy._targetSecurityName = "";
        cSIv2EffectivePerformPolicy._performIDAssertion = true;
        cSIv2EffectivePerformPolicy._performServiceCfgList = "";
        cSIv2EffectivePerformPolicy._performAuthorizationToken = false;
        cSIv2EffectivePerformPolicy._performIDANamingMechList = new String[]{GSSUPMechOID.value};
        cSIv2EffectivePerformPolicy._performIdentityTokenType = 15;
        cSIv2EffectivePerformPolicy._performDelegationByClient = false;
        cSIv2EffectivePerformPolicy._isInternalRequestPolicy = true;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Returning local policy created for internal: " + cSIv2EffectivePerformPolicy);
        }
        return cSIv2EffectivePerformPolicy;
    }

    public static CSIv2EffectivePerformPolicy getInstance() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getInstance");
        }
        return new CSIv2EffectivePerformPolicy();
    }

    public CSIv2TaggedComponentHolder getCSIv2TaggedComponent() {
        return this.savedCSIv2Tag;
    }

    protected Object clone() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clone");
        }
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = new CSIv2EffectivePerformPolicy();
        cSIv2EffectivePerformPolicy._client_session_key = null;
        cSIv2EffectivePerformPolicy._stateful_context_id = 0L;
        cSIv2EffectivePerformPolicy._connectionKey = this._connectionKey;
        cSIv2EffectivePerformPolicy._claimClientAuthRequired = this._claimClientAuthRequired;
        cSIv2EffectivePerformPolicy._mechTypeIdentity = this._mechTypeIdentity;
        _orb = _orb;
        cSIv2EffectivePerformPolicy._performAuthorizationToken = this._performAuthorizationToken;
        cSIv2EffectivePerformPolicy._performClientAuth = this._performClientAuth;
        cSIv2EffectivePerformPolicy._performClientAuthMech = this._performClientAuthMech;
        cSIv2EffectivePerformPolicy._performClientAuthMechOID = this._performClientAuthMechOID;
        cSIv2EffectivePerformPolicy._performClientAuthMechList = this._performClientAuthMechList;
        cSIv2EffectivePerformPolicy._performClientAuthMechOIDList = this._performClientAuthMechOIDList;
        cSIv2EffectivePerformPolicy._targetSecurityNameList = this._targetSecurityNameList;
        cSIv2EffectivePerformPolicy._performDelegationByClient = this._performDelegationByClient;
        cSIv2EffectivePerformPolicy._performIDANamingMechList = this._performIDANamingMechList;
        cSIv2EffectivePerformPolicy._performIDAssertion = this._performIDAssertion;
        cSIv2EffectivePerformPolicy._performIdentityTokenType = this._performIdentityTokenType;
        cSIv2EffectivePerformPolicy._performMsgConfidentiality = this._performMsgConfidentiality;
        cSIv2EffectivePerformPolicy._performMsgDetectMisordering = this._performMsgDetectMisordering;
        cSIv2EffectivePerformPolicy._performMsgDetectReplay = this._performMsgDetectReplay;
        cSIv2EffectivePerformPolicy._performMsgIntegrity = this._performMsgIntegrity;
        cSIv2EffectivePerformPolicy._performSECIOP = this._performSECIOP;
        cSIv2EffectivePerformPolicy._performSECIOPMechOID = this._performSECIOPMechOID;
        cSIv2EffectivePerformPolicy._performServiceCfgList = this._performServiceCfgList;
        cSIv2EffectivePerformPolicy._performSSLTLS = this._performSSLTLS;
        cSIv2EffectivePerformPolicy._performTLClientAuth = this._performTLClientAuth;
        cSIv2EffectivePerformPolicy._performTLServerAuth = this._performTLServerAuth;
        cSIv2EffectivePerformPolicy._protocol = this._protocol;
        cSIv2EffectivePerformPolicy._stateful = this._stateful;
        cSIv2EffectivePerformPolicy._targetHostName = this._targetHostName;
        cSIv2EffectivePerformPolicy._targetSecurityName = this._targetSecurityName;
        cSIv2EffectivePerformPolicy._targetAuthMechOID = this._targetAuthMechOID;
        cSIv2EffectivePerformPolicy._targetSSLPort = this._targetSSLPort;
        cSIv2EffectivePerformPolicy._targetTCPPort = this._targetTCPPort;
        csiv2EffectivePolicyCache = csiv2EffectivePolicyCache;
        cSIv2EffectivePerformPolicy.savedCSIv2Tag = this.savedCSIv2Tag;
        cSIv2EffectivePerformPolicy._isInternalRequestPolicy = this._isInternalRequestPolicy;
        cSIv2EffectivePerformPolicy._isAdmin = this._isAdmin;
        cSIv2EffectivePerformPolicy._isNamingReadUnprotected = this._isNamingReadUnprotected;
        return cSIv2EffectivePerformPolicy;
    }

    public CSIv2EffectivePerformPolicy(byte[] bArr) throws Exception {
        deserializeVariables(bArr);
    }

    public byte[] getBytes() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getBytes", this);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Session contents prior to serialization: " + toString());
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(300);
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        try {
            try {
                dataOutputStream.writeBoolean(this._stateful);
                dataOutputStream.writeBoolean(this._performTLClientAuth);
                dataOutputStream.writeBoolean(this._performTLServerAuth);
                dataOutputStream.writeBoolean(this._performMsgDetectReplay);
                dataOutputStream.writeBoolean(this._performMsgDetectMisordering);
                dataOutputStream.writeBoolean(this._performMsgIntegrity);
                dataOutputStream.writeBoolean(this._performMsgConfidentiality);
                dataOutputStream.writeBoolean(this._performSSLTLS);
                dataOutputStream.writeBoolean(this._performSECIOP);
                dataOutputStream.writeBoolean(this._performClientAuth);
                dataOutputStream.writeBoolean(this._claimClientAuthRequired);
                dataOutputStream.writeBoolean(this._performIDAssertion);
                dataOutputStream.writeBoolean(this._performAuthorizationToken);
                dataOutputStream.writeBoolean(this._performDelegationByClient);
                dataOutputStream.writeLong(this._stateful_context_id);
                dataOutputStream.writeInt(this._targetTCPPort);
                dataOutputStream.writeInt(this._targetSSLPort);
                dataOutputStream.writeInt(this._performIdentityTokenType);
                if (this._connectionKey == null || this._connectionKey.length() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    dataOutputStream.writeInt(this._connectionKey.length());
                    dataOutputStream.write(this._connectionKey.getBytes(), 0, this._connectionKey.length());
                }
                if (this._mechTypeIdentity == null || this._mechTypeIdentity.length() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    dataOutputStream.writeInt(this._mechTypeIdentity.length());
                    dataOutputStream.write(this._mechTypeIdentity.getBytes(), 0, this._mechTypeIdentity.length());
                }
                if (this._performSECIOPMechOID == null || this._performSECIOPMechOID.length() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    dataOutputStream.writeInt(this._performSECIOPMechOID.length());
                    dataOutputStream.write(this._performSECIOPMechOID.getBytes(), 0, this._performSECIOPMechOID.length());
                }
                if (this._targetHostName == null || this._targetHostName.length() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    dataOutputStream.writeInt(this._targetHostName.length());
                    dataOutputStream.write(this._targetHostName.getBytes(), 0, this._targetHostName.length());
                }
                if (this._performClientAuthMech == null || this._performClientAuthMech.length() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    dataOutputStream.writeInt(this._performClientAuthMech.length());
                    dataOutputStream.write(this._performClientAuthMech.getBytes(), 0, this._performClientAuthMech.length());
                }
                if (this._performClientAuthMechOID == null || this._performClientAuthMechOID.length() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    dataOutputStream.writeInt(this._performClientAuthMechOID.length());
                    dataOutputStream.write(this._performClientAuthMechOID.getBytes(), 0, this._performClientAuthMechOID.length());
                }
                if (this._performClientAuthMechList == null || this._performClientAuthMechList.size() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    int size = this._performClientAuthMechList.size();
                    dataOutputStream.writeInt(size);
                    for (int i = 0; i < size; i++) {
                        String str = (String) this._performClientAuthMechList.get(i);
                        if (str == null || str.length() <= 0) {
                            dataOutputStream.writeInt(0);
                        } else {
                            dataOutputStream.writeInt(str.length());
                            dataOutputStream.write(str.getBytes(), 0, str.length());
                        }
                    }
                }
                if (this._performClientAuthMechOIDList == null || this._performClientAuthMechOIDList.size() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    int size2 = this._performClientAuthMechOIDList.size();
                    dataOutputStream.writeInt(size2);
                    for (int i2 = 0; i2 < size2; i2++) {
                        String str2 = (String) this._performClientAuthMechOIDList.get(i2);
                        if (str2 == null || str2.length() <= 0) {
                            dataOutputStream.writeInt(0);
                        } else {
                            dataOutputStream.writeInt(str2.length());
                            dataOutputStream.write(str2.getBytes(), 0, str2.length());
                        }
                    }
                }
                if (this._targetSecurityNameList == null || this._targetSecurityNameList.size() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    int size3 = this._targetSecurityNameList.size();
                    dataOutputStream.writeInt(size3);
                    for (int i3 = 0; i3 < size3; i3++) {
                        String str3 = (String) this._targetSecurityNameList.get(i3);
                        if (str3 == null || str3.length() <= 0) {
                            dataOutputStream.writeInt(0);
                        } else {
                            dataOutputStream.writeInt(str3.length());
                            dataOutputStream.write(str3.getBytes(), 0, str3.length());
                        }
                    }
                }
                if (this._targetSecurityName == null || this._targetSecurityName.length() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    dataOutputStream.writeInt(this._targetSecurityName.length());
                    dataOutputStream.write(this._targetSecurityName.getBytes(), 0, this._targetSecurityName.length());
                }
                if (this._targetAuthMechOID == null || this._targetAuthMechOID.length() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    dataOutputStream.writeInt(this._targetAuthMechOID.length());
                    dataOutputStream.write(this._targetAuthMechOID.getBytes(), 0, this._targetAuthMechOID.length());
                }
                if (this._performServiceCfgList == null || this._performServiceCfgList.length() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    dataOutputStream.writeInt(this._performServiceCfgList.length());
                    dataOutputStream.write(this._performServiceCfgList.getBytes(), 0, this._performServiceCfgList.length());
                }
                if (this._performIDANamingMechList != null) {
                    dataOutputStream.writeInt(this._performIDANamingMechList.length);
                    for (int i4 = 0; i4 < this._performIDANamingMechList.length; i4++) {
                        if (this._performIDANamingMechList[i4] == null || this._performIDANamingMechList[i4].length() <= 0) {
                            dataOutputStream.writeInt(0);
                        } else {
                            dataOutputStream.writeInt(this._performIDANamingMechList[i4].length());
                            dataOutputStream.write(this._performIDANamingMechList[i4].getBytes(), 0, this._performIDANamingMechList[i4].length());
                        }
                    }
                } else {
                    dataOutputStream.writeInt(0);
                }
                dataOutputStream.writeBoolean(this._isInternalRequestPolicy);
                dataOutputStream.writeBoolean(this._isAdmin);
                dataOutputStream.writeBoolean(this._isNamingReadUnprotected);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                if (byteArrayOutputStream != null) {
                    byteArrayOutputStream.close();
                }
                if (dataOutputStream != null) {
                    dataOutputStream.close();
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getBytes", byteArray);
                }
                return byteArray;
            } catch (Exception e) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy.getBytes", "2426", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception serializing native variables.", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (byteArrayOutputStream != null) {
                byteArrayOutputStream.close();
            }
            if (dataOutputStream != null) {
                dataOutputStream.close();
            }
            throw th;
        }
    }

    private void deserializeVariables(byte[] bArr) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "deserializeVariables", new Object[]{bArr, this});
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        DataInputStream dataInputStream = new DataInputStream(byteArrayInputStream);
        try {
            try {
                this._stateful = dataInputStream.readBoolean();
                this._performTLClientAuth = dataInputStream.readBoolean();
                this._performTLServerAuth = dataInputStream.readBoolean();
                this._performMsgDetectReplay = dataInputStream.readBoolean();
                this._performMsgDetectMisordering = dataInputStream.readBoolean();
                this._performMsgIntegrity = dataInputStream.readBoolean();
                this._performMsgConfidentiality = dataInputStream.readBoolean();
                this._performSSLTLS = dataInputStream.readBoolean();
                this._performSECIOP = dataInputStream.readBoolean();
                this._performClientAuth = dataInputStream.readBoolean();
                this._claimClientAuthRequired = dataInputStream.readBoolean();
                this._performIDAssertion = dataInputStream.readBoolean();
                this._performAuthorizationToken = dataInputStream.readBoolean();
                this._performDelegationByClient = dataInputStream.readBoolean();
                this._stateful_context_id = dataInputStream.readLong();
                this._targetTCPPort = dataInputStream.readInt();
                this._targetSSLPort = dataInputStream.readInt();
                this._performIdentityTokenType = dataInputStream.readInt();
                int readInt = dataInputStream.readInt();
                if (readInt > 0) {
                    byte[] bArr2 = new byte[readInt];
                    dataInputStream.read(bArr2, 0, readInt);
                    this._connectionKey = new String(bArr2);
                }
                int readInt2 = dataInputStream.readInt();
                if (readInt2 > 0) {
                    byte[] bArr3 = new byte[readInt2];
                    dataInputStream.read(bArr3, 0, readInt2);
                    this._mechTypeIdentity = new String(bArr3);
                }
                int readInt3 = dataInputStream.readInt();
                if (readInt3 > 0) {
                    byte[] bArr4 = new byte[readInt3];
                    dataInputStream.read(bArr4, 0, readInt3);
                    this._performSECIOPMechOID = new String(bArr4);
                }
                int readInt4 = dataInputStream.readInt();
                if (readInt4 > 0) {
                    byte[] bArr5 = new byte[readInt4];
                    dataInputStream.read(bArr5, 0, readInt4);
                    this._targetHostName = new String(bArr5);
                }
                int readInt5 = dataInputStream.readInt();
                if (readInt5 > 0) {
                    byte[] bArr6 = new byte[readInt5];
                    dataInputStream.read(bArr6, 0, readInt5);
                    this._performClientAuthMech = new String(bArr6);
                }
                int readInt6 = dataInputStream.readInt();
                if (readInt6 > 0) {
                    byte[] bArr7 = new byte[readInt6];
                    dataInputStream.read(bArr7, 0, readInt6);
                    this._performClientAuthMechOID = new String(bArr7);
                }
                int readInt7 = dataInputStream.readInt();
                if (readInt7 > 0) {
                    this._performClientAuthMechList = new ArrayList();
                    for (int i = 0; i < readInt7; i++) {
                        int readInt8 = dataInputStream.readInt();
                        if (readInt8 > 0) {
                            byte[] bArr8 = new byte[readInt8];
                            dataInputStream.read(bArr8, 0, readInt8);
                            this._performClientAuthMechList.add(new String(bArr8));
                        } else {
                            this._performClientAuthMechList.add(new String(""));
                        }
                    }
                }
                int readInt9 = dataInputStream.readInt();
                if (readInt9 > 0) {
                    this._performClientAuthMechOIDList = new ArrayList();
                    for (int i2 = 0; i2 < readInt9; i2++) {
                        int readInt10 = dataInputStream.readInt();
                        if (readInt10 > 0) {
                            byte[] bArr9 = new byte[readInt10];
                            dataInputStream.read(bArr9, 0, readInt10);
                            this._performClientAuthMechOIDList.add(new String(bArr9));
                        } else {
                            this._performClientAuthMechOIDList.add(new String(""));
                        }
                    }
                }
                int readInt11 = dataInputStream.readInt();
                if (readInt11 > 0) {
                    this._targetSecurityNameList = new ArrayList();
                    for (int i3 = 0; i3 < readInt11; i3++) {
                        int readInt12 = dataInputStream.readInt();
                        if (readInt12 > 0) {
                            byte[] bArr10 = new byte[readInt12];
                            dataInputStream.read(bArr10, 0, readInt12);
                            this._targetSecurityNameList.add(new String(bArr10));
                        } else {
                            this._targetSecurityNameList.add(new String(""));
                        }
                    }
                }
                int readInt13 = dataInputStream.readInt();
                if (readInt13 > 0) {
                    byte[] bArr11 = new byte[readInt13];
                    dataInputStream.read(bArr11, 0, readInt13);
                    this._targetSecurityName = new String(bArr11);
                }
                int readInt14 = dataInputStream.readInt();
                if (readInt14 > 0) {
                    byte[] bArr12 = new byte[readInt14];
                    dataInputStream.read(bArr12, 0, readInt14);
                    this._targetAuthMechOID = new String(bArr12);
                }
                int readInt15 = dataInputStream.readInt();
                if (readInt15 > 0) {
                    byte[] bArr13 = new byte[readInt15];
                    dataInputStream.read(bArr13, 0, readInt15);
                    this._performServiceCfgList = new String(bArr13);
                }
                int readInt16 = dataInputStream.readInt();
                ArrayList arrayList = new ArrayList();
                for (int i4 = 0; i4 < readInt16; i4++) {
                    int readInt17 = dataInputStream.readInt();
                    if (readInt17 > 0) {
                        byte[] bArr14 = new byte[readInt17];
                        dataInputStream.read(bArr14, 0, readInt17);
                        arrayList.add(new String(bArr14));
                    }
                }
                if (arrayList.size() > 0) {
                    this._performIDANamingMechList = (String[]) arrayList.toArray(new String[0]);
                }
                this._isInternalRequestPolicy = dataInputStream.readBoolean();
                this._isAdmin = dataInputStream.readBoolean();
                this._isNamingReadUnprotected = dataInputStream.readBoolean();
                if (byteArrayInputStream != null) {
                    byteArrayInputStream.close();
                }
                if (dataInputStream != null) {
                    dataInputStream.close();
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Session after deserialization: " + toString());
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "deserializeVariables");
                }
            } catch (Exception e) {
                Manager.Ffdc.log(e, this, "com.ibm.ws.security.orbssl.ExtendedSSLConnectionData.deserializeVariables", "2616", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception de-serializing native variables.", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (byteArrayInputStream != null) {
                byteArrayInputStream.close();
            }
            if (dataInputStream != null) {
                dataInputStream.close();
            }
            throw th;
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("\n_stateful: " + this._stateful);
        stringBuffer.append("\n_performTLClientAuth: " + this._performTLClientAuth);
        stringBuffer.append("\n_performTLServerAuth: " + this._performTLServerAuth);
        stringBuffer.append("\n_performMsgDetectReplay: " + this._performMsgDetectReplay);
        stringBuffer.append("\n_performMsgDetectMisordering: " + this._performMsgDetectMisordering);
        stringBuffer.append("\n_performMsgIntegrity: " + this._performMsgIntegrity);
        stringBuffer.append("\n_performMsgConfidentiality: " + this._performMsgConfidentiality);
        stringBuffer.append("\n_performSSLTLS: " + this._performSSLTLS);
        stringBuffer.append("\n_performSECIOP: " + this._performSECIOP);
        stringBuffer.append("\n_performClientAuth: " + this._performClientAuth);
        stringBuffer.append("\n_claimClientAuthRequired: " + this._claimClientAuthRequired);
        stringBuffer.append("\n_performIDAssertion: " + this._performIDAssertion);
        stringBuffer.append("\n_performAuthorizationToken: " + this._performAuthorizationToken);
        stringBuffer.append("\n_performDelegationByClient: " + this._performDelegationByClient);
        stringBuffer.append("\n_stateful_context_id: " + this._stateful_context_id);
        stringBuffer.append("\n_targetTCPPort: " + this._targetTCPPort);
        stringBuffer.append("\n_targetSSLPort: " + this._targetSSLPort);
        stringBuffer.append("\n_performIdentityTokenType: " + this._performIdentityTokenType);
        stringBuffer.append("\n_mechTypeIdentity: " + this._mechTypeIdentity);
        stringBuffer.append("\n_performSECIOPMechOID: " + this._performSECIOPMechOID);
        stringBuffer.append("\n_targetHostName: " + this._targetHostName);
        stringBuffer.append("\n_performClientAuthMech: " + this._performClientAuthMech);
        stringBuffer.append("\n_performClientAuthMechOID: " + this._performClientAuthMechOID);
        stringBuffer.append("\n_performClientAuthMechOIDList: " + this._performClientAuthMechOIDList);
        stringBuffer.append("\n_performClientAuthMechList: " + this._performClientAuthMechList);
        stringBuffer.append("\n_targetSecurityNameList: " + this._targetSecurityNameList);
        stringBuffer.append("\n_targetSecurityName: " + this._targetSecurityName);
        stringBuffer.append("\n_targetAuthMechOID: " + this._targetAuthMechOID);
        stringBuffer.append("\n_performServiceCfgList: " + this._performServiceCfgList);
        stringBuffer.append("\n_performIDANamingMechList length: " + (this._performIDANamingMechList == null ? "0" : Integer.toString(this._performIDANamingMechList.length)));
        stringBuffer.append("\n_internalRequestPolicy: " + this._isInternalRequestPolicy);
        stringBuffer.append("\n_connectionKey: " + this._connectionKey);
        stringBuffer.append("\n_isAdmin: " + this._isAdmin);
        stringBuffer.append("\n_isNamingReadUnprotected: " + this._isNamingReadUnprotected);
        stringBuffer.append("\n_hashCode: " + hashCode());
        return stringBuffer.toString();
    }

    private static boolean methodRequiresAuthenticationRegardlessOfPolicy(String str, Object obj) {
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.methodRequiresAuthenticationRegardlessOfPolicy", "Method: " + str + ", interfaceName: " + (obj == null ? "null" : obj.getClass().getName()));
        }
        if (obj == null || str == null) {
            return false;
        }
        boolean z = false;
        String name = obj.getClass().getName();
        if ((name.equals("com.ibm.ws.orb.services.lsd._LocationServiceStub") || name.equals("com.ibm.ws.orbimpl.services.lsd.LocationServiceImpl") || name.equals("com.ibm.org.omg.CORBA._ObjectStub")) && (str.equals("register_server") || str.equals("unregister_server") || str.equals("register_object_adapters") || str.equals("usregister_object_adapters"))) {
            z = true;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.methodRequiresAuthenticationRegardlessOfPolicy", "methodRequiresAuthenticationRegardlessOfPolicy: returned " + z + ".");
        }
        return z;
    }
}
