package org.jacorb.security.sas;

import java.util.Hashtable;
import org.jacorb.config.Configurable;
import org.jacorb.config.Configuration;
import org.jacorb.config.ConfigurationException;
import org.jacorb.orb.Delegate;
import org.jacorb.orb.MinorCodes;
import org.jacorb.orb.ORB;
import org.jacorb.orb.giop.GIOPConnection;
import org.jacorb.orb.portableInterceptor.ORBInitInfoImpl;
import org.jacorb.orb.portableInterceptor.ServerRequestInfoImpl;
import org.jacorb.sasPolicy.ATLASPolicy;
import org.jacorb.sasPolicy.SASPolicy;
import org.jacorb.sasPolicy.SASPolicyValues;
import org.jacorb.util.ObjectUtil;
import org.omg.CORBA.Any;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.LocalObject;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.Policy;
import org.omg.CORBA.portable.ObjectImpl;
import org.omg.CSI.CompleteEstablishContext;
import org.omg.CSI.ContextError;
import org.omg.CSI.EstablishContext;
import org.omg.CSI.MessageInContext;
import org.omg.CSI.SASContextBody;
import org.omg.CSI.SASContextBodyHelper;
import org.omg.IOP.Codec;
import org.omg.IOP.CodecFactoryPackage.UnknownEncoding;
import org.omg.IOP.Encoding;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ForwardRequest;
import org.omg.PortableInterceptor.ORBInitInfo;
import org.omg.PortableInterceptor.ServerRequestInfo;
import org.omg.PortableInterceptor.ServerRequestInterceptor;
import org.slf4j.Logger;

/* loaded from: input_file:org/jacorb/security/sas/SASTargetInterceptor.class */
public class SASTargetInterceptor extends LocalObject implements ServerRequestInterceptor, Configurable {
    private static final String name = "SASTargetInterceptor";
    protected ORB orb;
    protected Codec codec;
    protected int sasReplySlotID;
    protected int sasContextsCubby;
    private Logger logger = null;
    protected int clientUserNameSlotID = -1;
    protected boolean useSsl = false;
    protected ISASContext sasContext = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/jacorb/security/sas/SASTargetInterceptor$CachedContext.class */
    public class CachedContext {
        public byte[] client_authentication_token;
        public String principalName;

        CachedContext(byte[] bArr, String str) {
            this.client_authentication_token = bArr;
            this.principalName = str;
        }
    }

    public SASTargetInterceptor(ORBInitInfo oRBInitInfo) throws UnknownEncoding, ConfigurationException {
        this.orb = null;
        this.codec = null;
        this.sasReplySlotID = -1;
        this.sasContextsCubby = -1;
        this.sasReplySlotID = oRBInitInfo.allocate_slot_id();
        this.sasContextsCubby = GIOPConnection.allocate_cubby_id();
        this.codec = oRBInitInfo.codec_factory().create_codec(new Encoding((short) 0, (byte) 1, (byte) 0));
        this.orb = ((ORBInitInfoImpl) oRBInitInfo).getORB();
        configure(this.orb.getConfiguration());
    }

    @Override // org.jacorb.config.Configurable
    public void configure(Configuration configuration) throws ConfigurationException {
        this.logger = configuration.getLogger("jacorb.security.sas.TSS");
        this.useSsl = configuration.getAttribute("jacorb.security.sas.tss.requires_sas", "false").equals("true");
        String str = null;
        try {
            str = configuration.getAttribute("jacorb.security.sas.contextClass");
            this.sasContext = (ISASContext) ObjectUtil.classForName(str).newInstance();
        } catch (ConfigurationException e) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("ConfigurationException", (Throwable) e);
            }
        } catch (Exception e2) {
            if (this.logger.isErrorEnabled()) {
                this.logger.error("Could not instantiate class " + str + ": " + e2);
            }
        }
        if (this.sasContext != null) {
            this.sasContext.configure(configuration);
            this.sasContext.initTarget();
        } else if (this.logger.isErrorEnabled()) {
            this.logger.error("Could not load SAS context class: " + str);
        }
    }

    @Override // org.omg.PortableInterceptor.InterceptorOperations
    public String name() {
        return name;
    }

    @Override // org.omg.PortableInterceptor.InterceptorOperations
    public void destroy() {
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void receive_request_service_contexts(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("receive_request_service_contexts for " + serverRequestInfo.operation());
        }
        Policy policy = null;
        try {
            policy = serverRequestInfo.get_server_policy(102);
        } catch (Exception e) {
        }
        if (policy == null || this.sasContext == null) {
            return;
        }
        GIOPConnection connection = ((ServerRequestInfoImpl) serverRequestInfo).request.getConnection();
        if (this.useSsl && !connection.isSSL()) {
            if (this.logger.isErrorEnabled()) {
                this.logger.error("SSL required for operation " + serverRequestInfo.operation());
            }
            throw new NO_PERMISSION("SSL Required!", MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_NO);
        }
        SASContextBody sASContextBody = null;
        long j = 0;
        byte[] bArr = null;
        try {
            sASContextBody = SASContextBodyHelper.extract(this.codec.decode_value(serverRequestInfo.get_request_service_context(15).context_data, SASContextBodyHelper.type()));
        } catch (BAD_PARAM e2) {
        } catch (Exception e3) {
            if (this.logger.isWarnEnabled()) {
                this.logger.warn("Could not parse service context: ", (Throwable) e3);
            }
            makeContextError(serverRequestInfo, 0L, 1, 1, new byte[0]);
            throw new NO_PERMISSION("Could not parse service context: " + e3, MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_NO);
        }
        if (sASContextBody == null) {
            return;
        }
        if (sASContextBody.discriminator() == 5) {
            try {
                MessageInContext in_context_msg = sASContextBody.in_context_msg();
                j = in_context_msg.client_context_id;
                bArr = getSASContext(connection, in_context_msg.client_context_id);
                if (bArr == null) {
                    if (this.logger.isErrorEnabled()) {
                        this.logger.error("Invalid context in MessageInContext " + serverRequestInfo.operation() + ": " + in_context_msg.client_context_id);
                    }
                    makeContextError(serverRequestInfo, j, 2, 1, new byte[0]);
                    throw new NO_PERMISSION("SAS Invalid context in MessageInContext", MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_NO);
                }
            } catch (Exception e4) {
                if (this.logger.isErrorEnabled()) {
                    this.logger.error("Could not parse service MessageInContext " + serverRequestInfo.operation() + ": " + e4);
                }
                makeContextError(serverRequestInfo, j, 1, 1, new byte[0]);
                throw new NO_PERMISSION("SAS Error parsing MessageInContext: " + e4, MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_NO);
            }
        }
        String str = null;
        if (sASContextBody.discriminator() == 0) {
            try {
                EstablishContext establish_msg = sASContextBody.establish_msg();
                j = establish_msg.client_context_id;
                bArr = establish_msg.client_authentication_token;
                if (!this.sasContext.validateContext(this.orb, this.codec, bArr)) {
                    this.logger.info("Could not validate context EstablishContext " + serverRequestInfo.operation());
                    makeContextError(serverRequestInfo, j, 1, 1, bArr);
                    throw new NO_PERMISSION("SAS Error validating context", MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_NO);
                }
                str = this.sasContext.getValidatedPrincipal();
                if (bArr == null) {
                    if (this.logger.isErrorEnabled()) {
                        this.logger.error("Could not parse service EstablishContext " + serverRequestInfo.operation() + ": " + establish_msg.client_context_id);
                    }
                    makeContextError(serverRequestInfo, j, 1, 1, bArr);
                    throw new NO_PERMISSION("SAS Error parsing EstablishContext", MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_NO);
                }
            } catch (NO_PERMISSION e5) {
                if (this.logger.isErrorEnabled()) {
                    this.logger.error("Err " + serverRequestInfo.operation() + ": " + e5);
                }
                makeContextError(serverRequestInfo, j, 1, 1, bArr);
                throw e5;
            } catch (Exception e6) {
                if (this.logger.isErrorEnabled()) {
                    this.logger.error("Could not parse service EstablishContext " + serverRequestInfo.operation() + ": " + e6);
                }
                makeContextError(serverRequestInfo, j, 1, 1, bArr);
                throw new NO_PERMISSION("SAS Error parsing EstablishContext: " + e6, MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_NO);
            }
        }
        try {
            Any create_any = this.orb.create_any();
            if (str == null) {
                str = getSASContextPrincipalName(connection, j);
            }
            create_any.insert_string(str);
            serverRequestInfo.set_slot(SASInitializer.sasPrincipalNamePIC, create_any);
        } catch (Exception e7) {
            if (this.logger.isErrorEnabled()) {
                this.logger.error("Error inserting service context into slots for " + serverRequestInfo.operation() + ": " + e7);
            }
            makeContextError(serverRequestInfo, j, 1, 1, bArr);
            throw new NO_PERMISSION("SAS Error insert service context into slots: " + e7, MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_NO);
        }
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void receive_request(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("receive_request for " + serverRequestInfo.operation());
        }
        if (this.sasContext == null) {
            return;
        }
        GIOPConnection connection = ((ServerRequestInfoImpl) serverRequestInfo).request.getConnection();
        SASPolicyValues sASPolicyValues = null;
        try {
            SASPolicy sASPolicy = (SASPolicy) ((Delegate) ((ObjectImpl) ((ServerRequestInfoImpl) serverRequestInfo).target())._get_delegate()).getPOA().getPolicy(102);
            if (sASPolicy != null) {
                sASPolicyValues = sASPolicy.value();
            }
        } catch (BAD_PARAM e) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("No SAS Policy for " + serverRequestInfo.operation());
            }
        } catch (Exception e2) {
            if (this.logger.isWarnEnabled()) {
                this.logger.warn("Error fetching SAS policy for " + serverRequestInfo.operation() + ": " + e2);
            }
            throw new NO_PERMISSION("Error fetching SAS policy: " + e2, MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_NO);
        }
        if (sASPolicyValues == null) {
            return;
        }
        if (sASPolicyValues.targetRequires == 0 && sASPolicyValues.targetSupports == 0) {
            return;
        }
        try {
            ATLASPolicy aTLASPolicy = (ATLASPolicy) ((Delegate) ((ObjectImpl) ((ServerRequestInfoImpl) serverRequestInfo).target())._get_delegate()).getPOA().getPolicy(103);
            if (aTLASPolicy != null) {
                aTLASPolicy.value();
            }
        } catch (BAD_PARAM e3) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("No ATLAS Policy for " + serverRequestInfo.operation());
            }
        } catch (Exception e4) {
            if (this.logger.isWarnEnabled()) {
                this.logger.warn("Error fetching ATLAS policy for " + serverRequestInfo.operation() + ": " + e4);
            }
            throw new NO_PERMISSION("Error fetching ATLAS policy: " + e4, MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_NO);
        }
        SASContextBody sASContextBody = null;
        long j = 0;
        byte[] bArr = null;
        try {
            sASContextBody = SASContextBodyHelper.extract(this.codec.decode_value(serverRequestInfo.get_request_service_context(15).context_data, SASContextBodyHelper.type()));
        } catch (BAD_PARAM e5) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Could not parse service context for operation " + serverRequestInfo.operation());
            }
        } catch (Exception e6) {
            if (this.logger.isWarnEnabled()) {
                this.logger.warn("Could not parse service context for operation " + serverRequestInfo.operation() + ": " + e6);
            }
        }
        if (sASContextBody == null && (sASPolicyValues.targetRequires & 64) != 0 && !serverRequestInfo.operation().equals("_non_existent") && !serverRequestInfo.operation().equals("_is_a")) {
            if (this.logger.isErrorEnabled()) {
                this.logger.error("Did not parse service context for operation " + serverRequestInfo.operation());
            }
            throw new NO_PERMISSION("No SAS service context found", MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_NO);
        }
        if (sASContextBody == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("No context found, but not required");
                return;
            }
            return;
        }
        if (sASContextBody.discriminator() == 5) {
            try {
                MessageInContext in_context_msg = sASContextBody.in_context_msg();
                j = in_context_msg.client_context_id;
                bArr = getSASContext(connection, in_context_msg.client_context_id);
                if (bArr == null) {
                    if (this.logger.isErrorEnabled()) {
                        this.logger.error("Could not find context in MessageInContext " + serverRequestInfo.operation() + ": " + in_context_msg.client_context_id);
                    }
                    makeContextError(serverRequestInfo, j, 2, 1, bArr);
                    throw new NO_PERMISSION("SAS Error invalid context in MessageInContext", MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_NO);
                }
            } catch (Exception e7) {
                if (this.logger.isErrorEnabled()) {
                    this.logger.error("Could not parse service MessageInContext " + serverRequestInfo.operation() + ": " + e7);
                }
                makeContextError(serverRequestInfo, j, 1, 1, bArr);
                throw new NO_PERMISSION("SAS Error parsing MessageInContext: " + e7, MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_NO);
            }
        }
        if (sASContextBody.discriminator() == 0) {
            try {
                EstablishContext establish_msg = sASContextBody.establish_msg();
                j = establish_msg.client_context_id;
                bArr = establish_msg.client_authentication_token;
                String validatedPrincipal = this.sasContext.getValidatedPrincipal();
                if (bArr == null) {
                    if (this.logger.isErrorEnabled()) {
                        this.logger.error("Could not parse service EstablishContext " + serverRequestInfo.operation() + ": " + establish_msg.client_context_id);
                    }
                    makeContextError(serverRequestInfo, j, 2, 1, bArr);
                    throw new NO_PERMISSION("SAS Error parsing EstablishContext", MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_NO);
                }
                if (sASPolicyValues.stateful) {
                    cacheSASContext(connection, establish_msg.client_context_id, bArr, validatedPrincipal);
                }
            } catch (NO_PERMISSION e8) {
                if (this.logger.isErrorEnabled()) {
                    this.logger.error("Err " + serverRequestInfo.operation() + ": " + e8);
                }
                makeContextError(serverRequestInfo, j, 1, 1, bArr);
                throw e8;
            } catch (Exception e9) {
                if (this.logger.isErrorEnabled()) {
                    this.logger.error("Could not parse service EstablishContext " + serverRequestInfo.operation() + ": " + e9);
                }
                makeContextError(serverRequestInfo, j, 2, 1, bArr);
                throw new NO_PERMISSION("SAS Error parsing EstablishContext: " + e9, MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_NO);
            }
        }
        try {
            makeCompleteEstablishContext(serverRequestInfo, j, sASPolicyValues);
        } catch (Exception e10) {
            if (this.logger.isErrorEnabled()) {
                this.logger.error("Error inserting service context into slots for " + serverRequestInfo.operation() + ": " + e10);
            }
            makeContextError(serverRequestInfo, j, 1, 1, bArr);
            throw new NO_PERMISSION("SAS Error insert service context into slots: " + e10, MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_NO);
        }
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void send_reply(ServerRequestInfo serverRequestInfo) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("send_reply for " + serverRequestInfo.operation());
        }
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void send_exception(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("send_exception for " + serverRequestInfo.operation());
        }
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void send_other(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("send_other for " + serverRequestInfo.operation());
        }
    }

    protected Any makeCompleteEstablishContext(ServerRequestInfo serverRequestInfo, long j, SASPolicyValues sASPolicyValues) {
        CompleteEstablishContext completeEstablishContext = new CompleteEstablishContext();
        completeEstablishContext.client_context_id = j;
        completeEstablishContext.context_stateful = sASPolicyValues.stateful;
        completeEstablishContext.final_context_token = new byte[0];
        SASContextBody sASContextBody = new SASContextBody();
        sASContextBody.complete_msg(completeEstablishContext);
        Any create_any = this.orb.create_any();
        SASContextBodyHelper.insert(create_any, sASContextBody);
        if (serverRequestInfo != null) {
            try {
                serverRequestInfo.add_reply_service_context(new ServiceContext(15, this.codec.encode_value(create_any)), true);
            } catch (Exception e) {
                this.logger.error("Error setting reply service context:" + e);
                throw new NO_PERMISSION("SAS Error setting reply service context: " + e, MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_MAYBE);
            }
        }
        return create_any;
    }

    protected Any makeContextError(ServerRequestInfo serverRequestInfo, long j, int i, int i2, byte[] bArr) {
        ContextError contextError = new ContextError();
        contextError.client_context_id = j;
        contextError.error_token = bArr;
        contextError.major_status = i;
        contextError.minor_status = i2;
        SASContextBody sASContextBody = new SASContextBody();
        sASContextBody.error_msg(contextError);
        Any create_any = this.orb.create_any();
        SASContextBodyHelper.insert(create_any, sASContextBody);
        if (serverRequestInfo != null) {
            try {
                serverRequestInfo.add_reply_service_context(new ServiceContext(15, this.codec.encode_value(create_any)), true);
            } catch (Exception e) {
                this.logger.error("Error setting reply service context:" + e);
                throw new NO_PERMISSION("SAS Error setting reply service context: " + e, MinorCodes.SAS_TSS_FAILURE, CompletionStatus.COMPLETED_MAYBE);
            }
        }
        return create_any;
    }

    public void cacheSASContext(GIOPConnection gIOPConnection, long j, byte[] bArr, String str) {
        synchronized (gIOPConnection) {
            Hashtable hashtable = (Hashtable) gIOPConnection.get_cubby(this.sasContextsCubby);
            if (hashtable == null) {
                hashtable = new Hashtable();
                gIOPConnection.set_cubby(this.sasContextsCubby, hashtable);
            }
            hashtable.put(new Long(j), new CachedContext(bArr, str));
        }
    }

    public void purgeSASContext(GIOPConnection gIOPConnection, long j) {
        synchronized (gIOPConnection) {
            Hashtable hashtable = (Hashtable) gIOPConnection.get_cubby(this.sasContextsCubby);
            if (hashtable == null) {
                hashtable = new Hashtable();
                gIOPConnection.set_cubby(this.sasContextsCubby, hashtable);
            }
            hashtable.remove(new Long(j));
        }
    }

    public byte[] getSASContext(GIOPConnection gIOPConnection, long j) {
        Long l = new Long(j);
        synchronized (gIOPConnection) {
            Hashtable hashtable = (Hashtable) gIOPConnection.get_cubby(this.sasContextsCubby);
            if (hashtable == null) {
                hashtable = new Hashtable();
                gIOPConnection.set_cubby(this.sasContextsCubby, hashtable);
            }
            if (!hashtable.containsKey(l)) {
                return null;
            }
            return ((CachedContext) hashtable.get(l)).client_authentication_token;
        }
    }

    public String getSASContextPrincipalName(GIOPConnection gIOPConnection, long j) {
        Long l = new Long(j);
        synchronized (gIOPConnection) {
            Hashtable hashtable = (Hashtable) gIOPConnection.get_cubby(this.sasContextsCubby);
            if (hashtable == null) {
                hashtable = new Hashtable();
                gIOPConnection.set_cubby(this.sasContextsCubby, hashtable);
            }
            if (!hashtable.containsKey(l)) {
                return null;
            }
            return ((CachedContext) hashtable.get(l)).principalName;
        }
    }
}
