package org.jacorb.security.sas;

import java.net.URLDecoder;
import java.util.Hashtable;
import org.jacorb.config.Configurable;
import org.jacorb.config.Configuration;
import org.jacorb.config.ConfigurationException;
import org.jacorb.orb.CDRInputStream;
import org.jacorb.orb.MinorCodes;
import org.jacorb.orb.ORB;
import org.jacorb.orb.giop.ClientConnection;
import org.jacorb.orb.portableInterceptor.ClientRequestInfoImpl;
import org.jacorb.orb.portableInterceptor.ORBInitInfoImpl;
import org.jacorb.util.ObjectUtil;
import org.omg.ATLAS.ATLASProfile;
import org.omg.ATLAS.ATLASProfileHelper;
import org.omg.ATLAS.AuthTokenData;
import org.omg.ATLAS.AuthTokenDispenser;
import org.omg.ATLAS.AuthTokenDispenserHelper;
import org.omg.CORBA.Any;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.LocalObject;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CSI.AuthorizationElement;
import org.omg.CSI.CompleteEstablishContext;
import org.omg.CSI.ContextError;
import org.omg.CSI.EstablishContext;
import org.omg.CSI.IdentityToken;
import org.omg.CSI.MessageInContext;
import org.omg.CSI.SASContextBody;
import org.omg.CSI.SASContextBodyHelper;
import org.omg.CSIIOP.CompoundSecMechList;
import org.omg.CSIIOP.CompoundSecMechListHelper;
import org.omg.CSIIOP.ServiceConfiguration;
import org.omg.IOP.Codec;
import org.omg.IOP.CodecFactoryPackage.UnknownEncoding;
import org.omg.IOP.Encoding;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ClientRequestInfo;
import org.omg.PortableInterceptor.ClientRequestInterceptor;
import org.omg.PortableInterceptor.ForwardRequest;
import org.omg.PortableInterceptor.ORBInitInfo;
import org.slf4j.Logger;

/* loaded from: input_file:org/jacorb/security/sas/SASClientInterceptor.class */
public class SASClientInterceptor extends LocalObject implements ClientRequestInterceptor, Configurable {
    protected static final int SecurityAttributeService = 15;
    protected Codec codec;
    protected String name;
    protected final String DEFAULT_NAME = "SASClientInterceptor";
    private Logger logger = null;
    protected byte[] contextToken = new byte[0];
    protected boolean useStateful = true;
    protected Hashtable atlasCache = new Hashtable();
    protected ISASContext sasContext = null;

    public SASClientInterceptor(ORBInitInfo oRBInitInfo) throws UnknownEncoding, ConfigurationException {
        this.codec = null;
        this.name = null;
        this.name = "SASClientInterceptor";
        this.codec = oRBInitInfo.codec_factory().create_codec(new Encoding((short) 0, (byte) 1, (byte) 0));
        configure(((ORBInitInfoImpl) oRBInitInfo).getORB().getConfiguration());
    }

    @Override // org.jacorb.config.Configurable
    public void configure(Configuration configuration) throws ConfigurationException {
        this.logger = configuration.getLogger("jacorb.security.sas.CSS.log.verbosity");
        this.useStateful = configuration.getAttribute("jacorb.security.sas.stateful", "true").equals("true");
        String str = null;
        try {
            str = configuration.getAttribute("jacorb.security.sas.contextClass");
            this.sasContext = (ISASContext) ObjectUtil.classForName(str).newInstance();
        } catch (ConfigurationException e) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("ConfigurationException", e);
            }
        } catch (Exception e2) {
            if (this.logger.isErrorEnabled()) {
                this.logger.error("Could not instantiate class " + str + ": " + e2);
            }
        }
        if (this.sasContext != null) {
            this.sasContext.configure(configuration);
            this.sasContext.initClient();
        } else if (this.logger.isErrorEnabled()) {
            this.logger.error("Could not load SAS context class: " + str);
        }
    }

    public void setContextToken(byte[] bArr) {
        this.contextToken = bArr;
    }

    @Override // org.omg.PortableInterceptor.InterceptorOperations
    public String name() {
        return this.name;
    }

    @Override // org.omg.PortableInterceptor.InterceptorOperations
    public void destroy() {
    }

    @Override // org.omg.PortableInterceptor.ClientRequestInterceptorOperations
    public void send_request(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        Any makeMessageInContext;
        ORB orb = ((ClientRequestInfoImpl) clientRequestInfo).orb;
        CompoundSecMechList compoundSecMechList = null;
        try {
            CDRInputStream cDRInputStream = new CDRInputStream(clientRequestInfo.get_effective_component(33).component_data);
            cDRInputStream.openEncapsulatedArray();
            compoundSecMechList = CompoundSecMechListHelper.read(cDRInputStream);
        } catch (BAD_PARAM e) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Did not find tagged component TAG_CSI_SEC_MECH_LIST: " + clientRequestInfo.operation());
            }
        } catch (Exception e2) {
            if (this.logger.isWarnEnabled()) {
                this.logger.warn("Did not find tagged component TAG_CSI_SEC_MECH_LIST: " + e2);
            }
        }
        if (compoundSecMechList != null && compoundSecMechList.mechanism_list[0].as_context_mech.target_supports == 0 && compoundSecMechList.mechanism_list[0].as_context_mech.target_requires == 0 && compoundSecMechList.mechanism_list[0].sas_context_mech.target_supports == 0 && compoundSecMechList.mechanism_list[0].sas_context_mech.target_requires == 0) {
            return;
        }
        ClientConnection clientConnection = ((ClientRequestInfoImpl) clientRequestInfo).connection;
        long j = 0;
        if (this.useStateful) {
            j = clientConnection.cacheSASContext("css".getBytes());
        }
        if (j < 0 && this.logger.isInfoEnabled()) {
            this.logger.info("New SAS Context: " + (-j));
        }
        AuthorizationElement[] aTLASTokens = compoundSecMechList != null ? getATLASTokens(orb, compoundSecMechList) : new AuthorizationElement[0];
        try {
            if (j <= 0) {
                IdentityToken identityToken = new IdentityToken();
                identityToken.absent(true);
                this.contextToken = this.sasContext.createClientContext(orb, this.codec, compoundSecMechList);
                makeMessageInContext = makeEstablishContext(orb, -j, aTLASTokens, identityToken, this.contextToken);
            } else {
                makeMessageInContext = makeMessageInContext(orb, j, false);
            }
            clientRequestInfo.add_request_service_context(new ServiceContext(15, this.codec.encode_value(makeMessageInContext)), true);
        } catch (Exception e3) {
            if (this.logger.isWarnEnabled()) {
                this.logger.warn("Could not set security service context: " + e3);
            }
            throw new NO_PERMISSION("SAS Could not set security service context: " + e3, 1245904897, CompletionStatus.COMPLETED_NO);
        }
    }

    @Override // org.omg.PortableInterceptor.ClientRequestInterceptorOperations
    public void send_poll(ClientRequestInfo clientRequestInfo) {
    }

    @Override // org.omg.PortableInterceptor.ClientRequestInterceptorOperations
    public void receive_reply(ClientRequestInfo clientRequestInfo) {
        ServiceContext serviceContext = null;
        try {
            serviceContext = clientRequestInfo.get_reply_service_context(15);
        } catch (BAD_PARAM e) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("No SAS security context found: " + clientRequestInfo.operation());
            }
        } catch (Exception e2) {
            if (this.logger.isWarnEnabled()) {
                this.logger.warn("No SAS security context found: " + e2);
            }
        }
        if (serviceContext == null || serviceContext.context_data.length <= 1) {
            return;
        }
        try {
            SASContextBody extract = SASContextBodyHelper.extract(this.codec.decode_value(serviceContext.context_data, SASContextBodyHelper.type()));
            ClientConnection clientConnection = ((ClientRequestInfoImpl) clientRequestInfo).connection;
            if (extract.discriminator() == 1) {
                CompleteEstablishContext complete_msg = extract.complete_msg();
                if (complete_msg.client_context_id > 0 && !complete_msg.context_stateful) {
                    clientConnection.purgeSASContext(complete_msg.client_context_id);
                }
            }
            if (extract.discriminator() == 4) {
                ContextError error_msg = extract.error_msg();
                if (error_msg.client_context_id > 0) {
                    clientConnection.purgeSASContext(error_msg.client_context_id);
                }
            }
        } catch (Exception e3) {
            if (this.logger.isWarnEnabled()) {
                this.logger.warn("Could not parse SAS reply: " + e3);
            }
            e3.printStackTrace();
            throw new NO_PERMISSION("SAS Could not parse SAS reply: " + e3, 1245904897, CompletionStatus.COMPLETED_MAYBE);
        }
    }

    @Override // org.omg.PortableInterceptor.ClientRequestInterceptorOperations
    public void receive_exception(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        ServiceContext serviceContext = null;
        try {
            serviceContext = clientRequestInfo.get_reply_service_context(15);
        } catch (BAD_PARAM e) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("No SAS security context found (exception): " + clientRequestInfo.operation());
            }
        } catch (Exception e2) {
            if (this.logger.isWarnEnabled()) {
                this.logger.warn("No SAS security context found (exception): " + e2);
            }
        }
        if (serviceContext == null || serviceContext.context_data.length <= 1) {
            return;
        }
        try {
            SASContextBody extract = SASContextBodyHelper.extract(this.codec.decode_value(serviceContext.context_data, SASContextBodyHelper.type()));
            ClientConnection clientConnection = ((ClientRequestInfoImpl) clientRequestInfo).connection;
            if (extract.discriminator() == 1) {
                CompleteEstablishContext complete_msg = extract.complete_msg();
                this.logger.debug("receive_exception MTCompleteEstablishContext: " + complete_msg.client_context_id);
                if (complete_msg.client_context_id > 0 && !complete_msg.context_stateful) {
                    clientConnection.purgeSASContext(complete_msg.client_context_id);
                }
            }
            if (extract.discriminator() == 4) {
                ContextError error_msg = extract.error_msg();
                this.logger.debug("receive_exception MTContextError: " + error_msg.client_context_id);
                if (error_msg.client_context_id > 0) {
                    clientConnection.purgeSASContext(error_msg.client_context_id);
                }
                if (error_msg.major_status == 2) {
                    throw new ForwardRequest(clientRequestInfo.target());
                }
            }
        } catch (Exception e3) {
            if (this.logger.isWarnEnabled()) {
                this.logger.warn("Could not parse SAS reply: " + e3);
            }
            throw new NO_PERMISSION("SAS Could not parse SAS reply: " + e3, 1245904897, CompletionStatus.COMPLETED_MAYBE);
        }
    }

    @Override // org.omg.PortableInterceptor.ClientRequestInterceptorOperations
    public void receive_other(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
    }

    protected Any makeEstablishContext(org.omg.CORBA.ORB orb, long j, AuthorizationElement[] authorizationElementArr, IdentityToken identityToken, byte[] bArr) {
        EstablishContext establishContext = new EstablishContext();
        establishContext.client_context_id = j;
        establishContext.client_authentication_token = bArr;
        establishContext.identity_token = identityToken;
        establishContext.authorization_token = authorizationElementArr;
        SASContextBody sASContextBody = new SASContextBody();
        sASContextBody.establish_msg(establishContext);
        Any create_any = orb.create_any();
        SASContextBodyHelper.insert(create_any, sASContextBody);
        return create_any;
    }

    protected Any makeMessageInContext(org.omg.CORBA.ORB orb, long j, boolean z) {
        MessageInContext messageInContext = new MessageInContext();
        messageInContext.client_context_id = j;
        messageInContext.discard_context = z;
        SASContextBody sASContextBody = new SASContextBody();
        sASContextBody.in_context_msg(messageInContext);
        Any create_any = orb.create_any();
        SASContextBodyHelper.insert(create_any, sASContextBody);
        return create_any;
    }

    protected AuthorizationElement[] getATLASTokens(org.omg.CORBA.ORB orb, CompoundSecMechList compoundSecMechList) throws NO_PERMISSION {
        ATLASProfile aTLASProfile = null;
        try {
            ServiceConfiguration[] serviceConfigurationArr = compoundSecMechList.mechanism_list[0].sas_context_mech.privilege_authorities;
            for (int i = 0; i < serviceConfigurationArr.length; i++) {
                if (serviceConfigurationArr[i].syntax == 3) {
                    aTLASProfile = ATLASProfileHelper.extract(this.codec.decode(serviceConfigurationArr[i].name));
                }
            }
            if (aTLASProfile == null) {
                return new AuthorizationElement[0];
            }
            String str = new String(aTLASProfile.the_cache_id);
            String the_url = aTLASProfile.the_locator.the_url();
            if (the_url != null) {
                the_url = URLDecoder.decode(the_url);
            }
            synchronized (this.atlasCache) {
                if (this.atlasCache.containsKey(str)) {
                    return ((AuthTokenData) this.atlasCache.get(str)).auth_token;
                }
                try {
                    AuthTokenDispenser narrow = AuthTokenDispenserHelper.narrow(orb.string_to_object(the_url));
                    if (narrow == null) {
                        if (this.logger.isWarnEnabled()) {
                            this.logger.warn("SAS found null ATLAS server " + the_url);
                        }
                        throw new NO_PERMISSION("SAS found null ATLAS server " + the_url, MinorCodes.SAS_ATLAS_FAILURE, CompletionStatus.COMPLETED_NO);
                    }
                    try {
                        AuthTokenData authTokenData = narrow.get_my_authorization_token();
                        synchronized (this.atlasCache) {
                            this.atlasCache.put(str, authTokenData);
                        }
                        return authTokenData.auth_token;
                    } catch (Exception e) {
                        if (this.logger.isWarnEnabled()) {
                            this.logger.warn("Error getting ATLAS tokens from server " + the_url + ": " + e);
                        }
                        throw new NO_PERMISSION("SAS Error getting ATLAS tokens from server: " + e, MinorCodes.SAS_ATLAS_FAILURE, CompletionStatus.COMPLETED_NO);
                    }
                } catch (Exception e2) {
                    this.logger.warn("Could not find ATLAS server " + the_url + ": " + e2);
                    throw new NO_PERMISSION("SAS Could not find ATLAS server " + the_url + ": " + e2, MinorCodes.SAS_ATLAS_FAILURE, CompletionStatus.COMPLETED_NO);
                }
            }
        } catch (Exception e3) {
            if (this.logger.isWarnEnabled()) {
                this.logger.warn("Error parsing ATLAS from IOR: " + e3);
            }
            throw new NO_PERMISSION("SAS Error parsing ATLAS from IOR: " + e3, MinorCodes.SAS_ATLAS_FAILURE, CompletionStatus.COMPLETED_NO);
        }
    }
}
