package org.jacorb.security.ssl.sun_jsse;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateFactory;
import java.util.HashMap;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.security.cert.X509Certificate;
import org.apache.avalon.framework.configuration.Configurable;
import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.avalon.framework.logger.Logger;
import org.jacorb.orb.ORB;
import org.jacorb.orb.giop.GIOPConnection;
import org.jacorb.orb.iiop.ServerIIOPConnection;
import org.jacorb.orb.portableInterceptor.ServerRequestInfoImpl;
import org.jacorb.security.level2.CurrentImpl;
import org.jacorb.security.level2.KeyAndCert;
import org.jacorb.security.level2.ReceivedCredentialsImpl;
import org.jacorb.security.level2.SecAttributeManager;
import org.omg.CORBA.LocalObject;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.PortableInterceptor.ForwardRequest;
import org.omg.PortableInterceptor.ServerRequestInfo;
import org.omg.PortableInterceptor.ServerRequestInterceptor;
import org.omg.Security.AttributeType;
import org.omg.Security.ExtensibleFamily;
import org.omg.Security.SecAttribute;
import org.omg.SecurityLevel2.Current;
import org.omg.SecurityLevel2.ReceivedCredentials;

/* loaded from: input_file:APP-INF/lib/jacorb-2.2.3-jonas-patch-20071018.jar:org/jacorb/security/ssl/sun_jsse/ServerInvocationInterceptor.class */
public class ServerInvocationInterceptor extends LocalObject implements ServerRequestInterceptor, Configurable {
    public static final String DEFAULT_NAME = "ServerInvocationInterceptor";
    private String name;
    private CurrentImpl current;
    private SecAttributeManager attrib_mgr;
    private AttributeType type;
    private Logger logger;
    private HashMap sessionCredentials = new HashMap();
    private short serverSupportedOptions = 0;
    private short serverRequiredOptions = 0;

    public ServerInvocationInterceptor(Current current, ORB orb) throws ConfigurationException {
        this.name = null;
        this.current = null;
        this.attrib_mgr = null;
        this.type = null;
        this.current = (CurrentImpl) current;
        this.name = DEFAULT_NAME;
        this.attrib_mgr = SecAttributeManager.getInstance();
        this.type = new AttributeType(new ExtensibleFamily((short) 0, (short) 1), 2);
        configure(orb.getConfiguration());
    }

    @Override // org.apache.avalon.framework.configuration.Configurable
    public void configure(Configuration configuration) throws ConfigurationException {
        this.logger = ((org.jacorb.config.Configuration) configuration).getNamedLogger("jacorb.security.ssl.interceptor");
        this.serverSupportedOptions = Short.parseShort(configuration.getAttribute("jacorb.security.ssl.server.supported_options", "20"), 16);
        this.serverRequiredOptions = Short.parseShort(configuration.getAttribute("jacorb.security.ssl.server.required_options", "0"), 16);
    }

    @Override // org.omg.PortableInterceptor.InterceptorOperations
    public String name() {
        return this.name;
    }

    @Override // org.omg.PortableInterceptor.InterceptorOperations
    public void destroy() {
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void receive_request(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void receive_request_service_contexts(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
        GIOPConnection connection = ((ServerRequestInfoImpl) serverRequestInfo).request.getConnection();
        if (connection == null) {
            if (this.logger.isErrorEnabled()) {
                this.logger.error("target has no connection!");
                return;
            }
            return;
        }
        if (connection.isSSL()) {
            SSLSocket sSLSocket = (SSLSocket) ((ServerIIOPConnection) connection.getTransport()).getSocket();
            SSLSession session = sSLSocket.getSession();
            if (this.sessionCredentials.containsKey(session)) {
                this.current.set_received_credentials((ReceivedCredentialsImpl) this.sessionCredentials.get(session));
                if (this.logger.isDebugEnabled()) {
                    this.logger.info("Reusing SSL session credentials.");
                    return;
                }
                return;
            }
            CertificateFactory certificateFactory = null;
            try {
                certificateFactory = CertificateFactory.getInstance("X.509");
            } catch (Exception e) {
                if (this.logger.isWarnEnabled()) {
                    this.logger.warn(e.getMessage());
                }
            }
            try {
                X509Certificate[] peerCertificateChain = sSLSocket.getSession().getPeerCertificateChain();
                int length = peerCertificateChain.length;
                java.security.cert.X509Certificate[] x509CertificateArr = new java.security.cert.X509Certificate[length];
                for (int i = length - 1; 0 <= i; i--) {
                    x509CertificateArr[i] = (java.security.cert.X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(peerCertificateChain[i].getEncoded()));
                }
                KeyAndCert keyAndCert = new KeyAndCert(null, x509CertificateArr);
                if (keyAndCert.chain != null) {
                    this.current.set_received_credentials(new ReceivedCredentialsImpl(new SecAttribute[]{this.attrib_mgr.createAttribute(keyAndCert, this.type)}));
                } else if (this.logger.isInfoEnabled()) {
                    this.logger.info("Client sent no certificate chain!");
                }
            } catch (Exception e2) {
                if (this.logger.isWarnEnabled()) {
                    this.logger.warn(new StringBuffer().append("Exception ").append(e2.getMessage()).append(" in ServerInvocationInterceptor").toString());
                }
                if ((this.serverRequiredOptions & 64) != 0) {
                    throw new NO_PERMISSION("Establish trust in client required, but failed");
                }
            }
        }
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void send_reply(ServerRequestInfo serverRequestInfo) {
        removeAttribute();
        this.current.remove_received_credentials();
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void send_exception(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
        removeAttribute();
        this.current.remove_received_credentials();
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void send_other(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
        removeAttribute();
        this.current.remove_received_credentials();
    }

    private void removeAttribute() {
        ReceivedCredentials received_credentials = this.current.received_credentials();
        if (received_credentials == null) {
            return;
        }
        SecAttribute[] secAttributeArr = received_credentials.get_attributes(new AttributeType[]{this.type});
        if (secAttributeArr.length != 0) {
            this.attrib_mgr.removeAttribute(secAttributeArr[0]);
        }
    }
}
