package com.ibm.ws.transport.iiop.security;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.csiv2.TraceConstants;
import com.ibm.ws.transport.iiop.security.config.ssl.SSLSessionManager;
import com.ibm.ws.transport.iiop.security.config.tss.TSSConfig;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Subject;
import org.omg.CORBA.Any;
import org.omg.CORBA.INTERNAL;
import org.omg.CORBA.LocalObject;
import org.omg.CORBA.ORB;
import org.omg.CSI.CompleteEstablishContext;
import org.omg.CSI.ContextError;
import org.omg.CSI.SASContextBody;
import org.omg.CSI.SASContextBodyHelper;
import org.omg.IOP.Codec;
import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ServerRequestInfo;
import org.omg.PortableInterceptor.ServerRequestInterceptor;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.csiv2.common_1.0.14.jar:com/ibm/ws/transport/iiop/security/ServerSecurityInterceptor.class */
final class ServerSecurityInterceptor extends LocalObject implements ServerRequestInterceptor {
    private static final TraceComponent tc = Tr.register(ServerSecurityInterceptor.class);
    private static final long serialVersionUID = 1;
    private final Codec codec;
    private final transient com.ibm.ws.security.context.SubjectManager subjectManager = new com.ibm.ws.security.context.SubjectManager();
    private final Map<Integer, Subject> subjectMap = new ConcurrentHashMap();

    public ServerSecurityInterceptor(Codec codec) {
        this.codec = codec;
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.debug(tc, "<init>", new Object[0]);
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:35:0x0165. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:53:0x046c  */
    /* JADX WARN: Removed duplicated region for block: B:55:? A[RETURN, SYNTHETIC] */
    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    @com.ibm.ws.ffdc.annotation.FFDCIgnore({com.ibm.ws.transport.iiop.security.SASException.class, org.omg.CORBA.BAD_PARAM.class})
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void receive_request(org.omg.PortableInterceptor.ServerRequestInfo r10) {
        /*
            Method dump skipped, instructions count: 1172
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.transport.iiop.security.ServerSecurityInterceptor.receive_request(org.omg.PortableInterceptor.ServerRequestInfo):void");
    }

    private Subject acceptTransportContext(ServerRequestInfo serverRequestInfo, TSSConfig tSSConfig) throws SASException {
        Subject check = tSSConfig.check(SSLSessionManager.getSSLSession(serverRequestInfo.request_id()), null, this.codec);
        if (check != null) {
            this.subjectManager.setCallerSubject(check);
        }
        return check;
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void receive_request_service_contexts(ServerRequestInfo serverRequestInfo) {
        Subject subject = getSubject();
        if (subject != null) {
            this.subjectMap.put(Integer.valueOf(serverRequestInfo.request_id()), subject);
        }
    }

    private Subject getSubject() {
        Subject invocationSubject = this.subjectManager.getInvocationSubject();
        if (invocationSubject == null) {
            invocationSubject = this.subjectManager.getCallerSubject();
        }
        return invocationSubject;
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void send_exception(ServerRequestInfo serverRequestInfo) {
        this.subjectManager.clearSubjects();
        insertServiceContext(serverRequestInfo);
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void send_other(ServerRequestInfo serverRequestInfo) {
        this.subjectManager.clearSubjects();
        insertServiceContext(serverRequestInfo);
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void send_reply(ServerRequestInfo serverRequestInfo) {
        this.subjectManager.clearSubjects();
        insertServiceContext(serverRequestInfo);
    }

    @Override // org.omg.PortableInterceptor.InterceptorOperations
    public void destroy() {
    }

    @Override // org.omg.PortableInterceptor.InterceptorOperations
    public String name() {
        return getClass().getName();
    }

    protected SASContextBody generateContextError(SASException sASException, long j) {
        SASContextBody sASContextBody = new SASContextBody();
        sASContextBody.error_msg(new ContextError(j, sASException.getMajor(), sASException.getMinor(), sASException.getErrorToken()));
        return sASContextBody;
    }

    protected SASContextBody generateContextEstablished(Subject subject, long j, boolean z) {
        byte[] bArr = null;
        if (subject != null) {
            Set privateCredentials = subject.getPrivateCredentials(FinalContextToken.class);
            if (!privateCredentials.isEmpty()) {
                try {
                    FinalContextToken finalContextToken = (FinalContextToken) privateCredentials.iterator().next();
                    bArr = finalContextToken.getToken();
                    finalContextToken.destroy();
                } catch (DestroyFailedException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.transport.iiop.security.ServerSecurityInterceptor", "322", this, new Object[]{subject, Long.valueOf(j), Boolean.valueOf(z)});
                }
            }
        }
        if (bArr == null) {
            bArr = new byte[0];
        }
        SASContextBody sASContextBody = new SASContextBody();
        sASContextBody.complete_msg(new CompleteEstablishContext(j, z, bArr));
        return sASContextBody;
    }

    protected void insertServiceContext(ServerRequestInfo serverRequestInfo) {
        try {
            SASContextBody clearSASReply = SASReplyManager.clearSASReply(serverRequestInfo.request_id());
            if (clearSASReply != null) {
                Any create_any = ORB.init().create_any();
                SASContextBodyHelper.insert(create_any, clearSASReply);
                serverRequestInfo.add_reply_service_context(new ServiceContext(15, this.codec.encode_value(create_any)), true);
            }
        } catch (InvalidTypeForEncoding e) {
            FFDCFilter.processException(e, "com.ibm.ws.transport.iiop.security.ServerSecurityInterceptor", "344", this, new Object[]{serverRequestInfo});
            if (TraceComponent.isAnyTracingEnabled() && tc.isErrorEnabled()) {
                Tr.error(tc, "InvalidTypeForEncoding thrown", e);
            }
            throw ((INTERNAL) new INTERNAL("InvalidTypeForEncoding thrown: " + e).initCause(e));
        }
    }

    private void buildPolicyErrorMessage(String str, String str2, Object... objArr) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isWarningEnabled()) {
            Tr.error(tc, TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, str, new Object[]{objArr}, str2), new Object[0]);
        }
    }
}
