package org.jboss.as.ejb3.iiop;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.rmi.RemoteException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Map;
import javax.ejb.EJBMetaData;
import javax.ejb.HomeHandle;
import javax.management.MBeanException;
import javax.transaction.Transaction;
import javax.transaction.TransactionManager;
import org.jboss.as.ee.component.Component;
import org.jboss.as.ee.component.ComponentView;
import org.jboss.as.ee.component.interceptors.InvocationType;
import org.jboss.as.ejb3.component.stateful.StatefulSessionComponent;
import org.jboss.as.ejb3.logging.EjbLogger;
import org.jboss.as.ejb3.subsystem.EJB3SubsystemModel;
import org.jboss.as.naming.context.NamespaceContextSelector;
import org.jboss.ejb.client.SessionID;
import org.jboss.ejb.iiop.HandleImplIIOP;
import org.jboss.iiop.csiv2.SASCurrent;
import org.jboss.iiop.tm.InboundTransactionCurrent;
import org.jboss.invocation.InterceptorContext;
import org.jboss.marshalling.InputStreamByteInput;
import org.jboss.marshalling.MarshallerFactory;
import org.jboss.marshalling.MarshallingConfiguration;
import org.jboss.marshalling.Unmarshaller;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.SecurityContextFactory;
import org.omg.CORBA.BAD_OPERATION;
import org.omg.CORBA.InterfaceDef;
import org.omg.CORBA.ORB;
import org.omg.CORBA.ORBPackage.InvalidName;
import org.omg.CORBA.Object;
import org.omg.CORBA.portable.InputStream;
import org.omg.CORBA.portable.InvokeHandler;
import org.omg.CORBA.portable.OutputStream;
import org.omg.CORBA.portable.ResponseHandler;
import org.omg.PortableServer.Current;
import org.omg.PortableServer.CurrentPackage.NoContext;
import org.omg.PortableServer.POA;
import org.omg.PortableServer.Servant;
import org.wildfly.iiop.openjdk.rmi.RmiIdlUtil;
import org.wildfly.iiop.openjdk.rmi.marshal.strategy.SkeletonStrategy;
import org.wildfly.security.auth.client.AuthenticationConfiguration;
import org.wildfly.security.auth.client.AuthenticationContext;
import org.wildfly.security.auth.client.MatchRule;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.auth.server.ServerAuthenticationContext;
import org.wildfly.security.evidence.PasswordGuessEvidence;
import org.wildfly.security.manager.WildFlySecurityManager;

/* loaded from: input_file:m2repo/org/wildfly/wildfly-ejb3/11.0.0.Final/wildfly-ejb3-11.0.0.Final.jar:org/jboss/as/ejb3/iiop/EjbCorbaServant.class */
public class EjbCorbaServant extends Servant implements InvokeHandler, LocalIIOPInvoker {
    private final ComponentView componentView;
    private final ORB orb;
    private final Current poaCurrent;
    private final Map<String, SkeletonStrategy> methodInvokerMap;
    private final String[] repositoryIds;
    private final InterfaceDef interfaceDef;
    private final String legacySecurityDomain;
    private final SecurityDomain securityDomain;
    private final boolean home;
    private volatile HomeHandle homeHandle = null;
    private volatile EJBMetaData ejbMetaData;
    private final SASCurrent sasCurrent;
    private final InboundTransactionCurrent inboundTxCurrent;
    private final TransactionManager transactionManager;
    private final MarshallerFactory factory;
    private final MarshallingConfiguration configuration;
    private final ClassLoader classLoader;

    public EjbCorbaServant(Current current, Map<String, SkeletonStrategy> map, String[] strArr, InterfaceDef interfaceDef, ORB orb, ComponentView componentView, MarshallerFactory marshallerFactory, MarshallingConfiguration marshallingConfiguration, TransactionManager transactionManager, ClassLoader classLoader, boolean z, String str, SecurityDomain securityDomain) {
        SASCurrent sASCurrent;
        InboundTransactionCurrent inboundTransactionCurrent;
        this.poaCurrent = current;
        this.methodInvokerMap = map;
        this.repositoryIds = strArr;
        this.interfaceDef = interfaceDef;
        this.orb = orb;
        this.componentView = componentView;
        this.factory = marshallerFactory;
        this.configuration = marshallingConfiguration;
        this.transactionManager = transactionManager;
        this.classLoader = classLoader;
        this.home = z;
        this.legacySecurityDomain = str;
        this.securityDomain = securityDomain;
        try {
            sASCurrent = (SASCurrent) this.orb.resolve_initial_references("SASCurrent");
        } catch (InvalidName e) {
            sASCurrent = null;
        }
        this.sasCurrent = sASCurrent;
        try {
            inboundTransactionCurrent = (InboundTransactionCurrent) this.orb.resolve_initial_references(InboundTransactionCurrent.NAME);
        } catch (InvalidName e2) {
            inboundTransactionCurrent = null;
        }
        this.inboundTxCurrent = inboundTransactionCurrent;
    }

    @Override // org.omg.PortableServer.Servant
    public Object _get_interface_def() {
        return this.interfaceDef != null ? this.interfaceDef : super._get_interface_def();
    }

    @Override // org.omg.PortableServer.Servant
    public String[] _all_interfaces(POA poa, byte[] bArr) {
        return (String[]) this.repositoryIds.clone();
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.omg.CORBA.portable.InvokeHandler
    public OutputStream _invoke(String str, InputStream inputStream, ResponseHandler responseHandler) {
        org.omg.CORBA_2_3.portable.OutputStream outputStream;
        Object invoke;
        EjbLogger.ROOT_LOGGER.tracef("EJBObject invocation: %s", str);
        SkeletonStrategy skeletonStrategy = this.methodInvokerMap.get(str);
        if (skeletonStrategy == null) {
            EjbLogger.ROOT_LOGGER.debugf("Unable to find opname '%s' valid operations:%s", str, this.methodInvokerMap.keySet());
            throw new BAD_OPERATION(str);
        }
        NamespaceContextSelector namespaceContextSelector = this.componentView.getComponent().getNamespaceContextSelector();
        ClassLoader currentContextClassLoaderPrivileged = WildFlySecurityManager.getCurrentContextClassLoaderPrivileged();
        NamespaceContextSelector.pushCurrentSelector(namespaceContextSelector);
        try {
            WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(this.classLoader);
            try {
                if (!this.home && str.equals("_get_handle")) {
                    invoke = new HandleImplIIOP(this.orb.object_to_string(_this_object()));
                } else if (this.home && str.equals("_get_homeHandle")) {
                    invoke = this.homeHandle;
                } else if (this.home && str.equals("_get_EJBMetaData")) {
                    invoke = this.ejbMetaData;
                } else {
                    NamePrincipal namePrincipal = null;
                    NamePrincipal namePrincipal2 = null;
                    char[] cArr = null;
                    if (this.sasCurrent != null) {
                        byte[] bArr = this.sasCurrent.get_incoming_principal_name();
                        if (bArr != null && bArr.length > 0) {
                            String str2 = new String(bArr, StandardCharsets.UTF_8);
                            int indexOf = str2.indexOf(64);
                            if (indexOf > 0) {
                                str2 = str2.substring(0, indexOf);
                            }
                            namePrincipal = new NamePrincipal(str2);
                        }
                        byte[] bArr2 = this.sasCurrent.get_incoming_username();
                        if (bArr2 != null && bArr2.length > 0) {
                            byte[] bArr3 = this.sasCurrent.get_incoming_password();
                            String str3 = new String(bArr2, StandardCharsets.UTF_8);
                            int indexOf2 = str3.indexOf(64);
                            if (indexOf2 > 0) {
                                str3 = str3.substring(0, indexOf2);
                            }
                            namePrincipal2 = new NamePrincipal(str3);
                            cArr = new String(bArr3, StandardCharsets.UTF_8).toCharArray();
                        }
                    }
                    Object[] readParams = skeletonStrategy.readParams((org.omg.CORBA_2_3.portable.InputStream) inputStream);
                    if (!this.home && str.equals("isIdentical") && readParams.length == 1) {
                        Object obj = readParams[0];
                        invoke = Boolean.valueOf((obj instanceof Object) && handleIsIdentical((Object) obj));
                    } else if (this.securityDomain != null) {
                        SecurityIdentity anonymousSecurityIdentity = this.securityDomain.getAnonymousSecurityIdentity();
                        AuthenticationConfiguration authenticationConfiguration = AuthenticationConfiguration.EMPTY;
                        if (namePrincipal != null) {
                            if (namePrincipal2 != null) {
                                char[] cArr2 = cArr;
                                authenticationConfiguration = authenticationConfiguration.useName(namePrincipal2.getName()).usePassword(cArr2);
                                anonymousSecurityIdentity = authenticate(namePrincipal2, cArr2).createRunAsIdentity(namePrincipal.getName(), true);
                            } else {
                                anonymousSecurityIdentity = this.securityDomain.getAnonymousSecurityIdentity().createRunAsIdentity(namePrincipal.getName(), true);
                            }
                        } else if (namePrincipal2 != null) {
                            char[] cArr3 = cArr;
                            authenticationConfiguration = authenticationConfiguration.useName(namePrincipal2.getName()).usePassword(cArr3);
                            anonymousSecurityIdentity = authenticate(namePrincipal2, cArr3);
                        }
                        InterceptorContext interceptorContext = new InterceptorContext();
                        prepareInterceptorContext(skeletonStrategy, readParams, interceptorContext);
                        try {
                            AuthenticationContext with = AuthenticationContext.captureCurrent().with(MatchRule.ALL.matchProtocol(EJB3SubsystemModel.IIOP), authenticationConfiguration);
                            invoke = anonymousSecurityIdentity.runAs((PrivilegedExceptionAction<Object>) () -> {
                                return with.run(() -> {
                                    return this.componentView.invoke(interceptorContext);
                                });
                            });
                        } catch (PrivilegedActionException e) {
                            throw e.getCause();
                        }
                    } else {
                        SecurityContext securityContext = null;
                        if (this.legacySecurityDomain != null && (namePrincipal != null || namePrincipal2 != null)) {
                            Object obj2 = namePrincipal != null ? this.sasCurrent : cArr;
                            NamePrincipal namePrincipal3 = namePrincipal != null ? namePrincipal : namePrincipal2;
                            if (WildFlySecurityManager.isChecking()) {
                                securityContext = (SecurityContext) AccessController.doPrivileged(() -> {
                                    SecurityContext createSecurityContext = SecurityContextFactory.createSecurityContext(this.legacySecurityDomain);
                                    createSecurityContext.getUtil().createSubjectInfo(namePrincipal3, obj2, null);
                                    return createSecurityContext;
                                });
                            } else {
                                securityContext = SecurityContextFactory.createSecurityContext(this.legacySecurityDomain);
                                securityContext.getUtil().createSubjectInfo(namePrincipal3, obj2, null);
                            }
                        }
                        if (securityContext != null) {
                            setSecurityContextOnAssociation(securityContext);
                        }
                        try {
                            InterceptorContext interceptorContext2 = new InterceptorContext();
                            if (securityContext != null) {
                                interceptorContext2.putPrivateData((Class<Class>) SecurityContext.class, (Class) securityContext);
                            }
                            prepareInterceptorContext(skeletonStrategy, readParams, interceptorContext2);
                            invoke = this.componentView.invoke(interceptorContext2);
                            if (securityContext != null) {
                                clearSecurityContextOnAssociation();
                            }
                        } catch (Throwable th) {
                            if (securityContext != null) {
                                clearSecurityContextOnAssociation();
                            }
                            throw th;
                        }
                    }
                }
                outputStream = (org.omg.CORBA_2_3.portable.OutputStream) responseHandler.createReply();
                if (skeletonStrategy.isNonVoid()) {
                    skeletonStrategy.writeRetval(outputStream, invoke);
                }
            } catch (Throwable th2) {
                th = th2;
                EjbLogger.ROOT_LOGGER.trace("Exception in EJBObject invocation", th);
                if (th instanceof MBeanException) {
                    th = ((MBeanException) th).getTargetException();
                }
                RmiIdlUtil.rethrowIfCorbaSystemException(th);
                outputStream = (org.omg.CORBA_2_3.portable.OutputStream) responseHandler.createExceptionReply();
                skeletonStrategy.writeException(outputStream, th);
            }
            org.omg.CORBA_2_3.portable.OutputStream outputStream2 = outputStream;
            NamespaceContextSelector.popCurrentSelector();
            WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(currentContextClassLoaderPrivileged);
            return outputStream2;
        } catch (Throwable th3) {
            NamespaceContextSelector.popCurrentSelector();
            WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(currentContextClassLoaderPrivileged);
            throw th3;
        }
    }

    private void prepareInterceptorContext(SkeletonStrategy skeletonStrategy, Object[] objArr, InterceptorContext interceptorContext) throws IOException, ClassNotFoundException {
        if (!this.home && (this.componentView.getComponent() instanceof StatefulSessionComponent)) {
            interceptorContext.putPrivateData((Class<Class>) SessionID.class, (Class) unmarshalIdentifier());
        }
        interceptorContext.setContextData(new HashMap());
        interceptorContext.setParameters(objArr);
        interceptorContext.setMethod(skeletonStrategy.getMethod());
        interceptorContext.putPrivateData((Class<Class>) ComponentView.class, (Class) this.componentView);
        interceptorContext.putPrivateData((Class<Class>) Component.class, (Class) this.componentView.getComponent());
        interceptorContext.putPrivateData((Class<Class>) InvocationType.class, (Class) InvocationType.REMOTE);
        interceptorContext.setTransaction(this.inboundTxCurrent == null ? null : this.inboundTxCurrent.getCurrentTransaction());
    }

    private boolean handleIsIdentical(Object object) throws RemoteException {
        return this.orb.object_to_string(_this_object()).equals(this.orb.object_to_string(object));
    }

    private Object unmarshalIdentifier() throws IOException, ClassNotFoundException {
        try {
            byte[] bArr = this.poaCurrent.get_object_id();
            Unmarshaller createUnmarshaller = this.factory.createUnmarshaller(this.configuration);
            createUnmarshaller.start(new InputStreamByteInput(new ByteArrayInputStream(bArr)));
            Object readObject = createUnmarshaller.readObject();
            createUnmarshaller.finish();
            return readObject;
        } catch (NoContext e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.jboss.as.ejb3.iiop.LocalIIOPInvoker
    public Object invoke(String str, Object[] objArr, Transaction transaction, Principal principal, Object obj) throws Exception {
        EjbLogger.ROOT_LOGGER.tracef("EJBObject local invocation: %s", str);
        SkeletonStrategy skeletonStrategy = this.methodInvokerMap.get(str);
        if (skeletonStrategy == null) {
            throw new BAD_OPERATION(str);
        }
        if (transaction != null) {
            this.transactionManager.resume(transaction);
        }
        try {
            InterceptorContext interceptorContext = new InterceptorContext();
            prepareInterceptorContext(skeletonStrategy, objArr, interceptorContext);
            Object invoke = this.componentView.invoke(interceptorContext);
            if (transaction != null && this.transactionManager.getStatus() != 6) {
                this.transactionManager.suspend();
            }
            return invoke;
        } catch (Throwable th) {
            if (transaction != null && this.transactionManager.getStatus() != 6) {
                this.transactionManager.suspend();
            }
            throw th;
        }
    }

    public void setHomeHandle(HomeHandle homeHandle) {
        this.homeHandle = homeHandle;
    }

    public void setEjbMetaData(EJBMetaData eJBMetaData) {
        this.ejbMetaData = eJBMetaData;
    }

    private static void setSecurityContextOnAssociation(SecurityContext securityContext) {
        AccessController.doPrivileged(() -> {
            SecurityContextAssociation.setSecurityContext(securityContext);
            return null;
        });
    }

    private static void clearSecurityContextOnAssociation() {
        AccessController.doPrivileged(() -> {
            SecurityContextAssociation.clearSecurityContext();
            return null;
        });
    }

    private SecurityIdentity authenticate(Principal principal, char[] cArr) throws Exception {
        ServerAuthenticationContext createNewAuthenticationContext = this.securityDomain.createNewAuthenticationContext();
        PasswordGuessEvidence passwordGuessEvidence = new PasswordGuessEvidence(cArr != null ? cArr : null);
        try {
            try {
                createNewAuthenticationContext.setAuthenticationPrincipal(principal);
                if (!createNewAuthenticationContext.verifyEvidence(passwordGuessEvidence)) {
                    createNewAuthenticationContext.fail();
                    throw new SecurityException("Authentication failed");
                }
                if (!createNewAuthenticationContext.authorize()) {
                    createNewAuthenticationContext.fail();
                    throw new SecurityException("Authorization failed");
                }
                createNewAuthenticationContext.succeed();
                SecurityIdentity authorizedIdentity = createNewAuthenticationContext.getAuthorizedIdentity();
                passwordGuessEvidence.destroy();
                return authorizedIdentity;
            } catch (IllegalArgumentException | IllegalStateException | RealmUnavailableException e) {
                createNewAuthenticationContext.fail();
                throw e;
            }
        } catch (Throwable th) {
            passwordGuessEvidence.destroy();
            throw th;
        }
    }
}
