package com.ibm.ISecurityLocalObjectBaseL13Impl;

import com.ibm.CORBA.iiop.ExtendedORBInitInfo;
import com.ibm.CORBA.iiop.ExtendedServerRequestInfo;
import com.ibm.CORBA.iiop.ORB;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SecurityExecutionEnvironment;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.ServerConnectionKey;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionEntry;
import com.ibm.ISecurityUtilityImpl.AuditData;
import com.ibm.ISecurityUtilityImpl.VaultConstants;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.security.ProviderFailureException;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.ws.security.audit.utils.DataHelper;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.config.CSIv2Config;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.MultiDomainHelper;
import com.ibm.wsspi.security.audit.AuditOutcome;
import com.ibm.wsspi.security.audit.ContextHandler;
import com.ibm.wsspi.security.token.PropagationToken;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import org.omg.CORBA.INTERNAL;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.Object;
import org.omg.CORBA.SystemException;
import org.omg.CSI.EstablishContext;
import org.omg.CSI.IdentityToken;
import org.omg.CSI.SASContextBody;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ForwardRequest;
import org.omg.PortableInterceptor.ORBInitInfo;
import org.omg.PortableInterceptor.ServerRequestInfo;
import org.omg.SecurityLevel2.InvalidCredential;

/* loaded from: input_file:WEB-INF/lib/admin-8.5.0.jar:com/ibm/ISecurityLocalObjectBaseL13Impl/CSIServerRIForCFW.class */
public class CSIServerRIForCFW extends CSIServerRIBase {
    private static final TraceComponent tc = Tr.register((Class<?>) CSIServerRIForCFW.class, "SASRas", "com.ibm.ISecurityL13SupportImpl.sec");
    private String princ = null;
    private static Class controlAdminServiceClz;
    private static Class rirProxyClz;

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase, com.ibm.ISecurityLocalObjectBaseL13Impl.CSIORBInit, org.omg.PortableInterceptor.ORBInitializerOperations
    public void pre_init(ORBInitInfo oRBInitInfo) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "pre_init", oRBInitInfo);
        }
        super.pre_init(oRBInitInfo);
        if (SecurityObjectLocator.getCSIv2Config().getBoolean("com.ibm.CORBA.securityEnabled")) {
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Registering server request interceptor for CFW");
                }
                ((ExtendedORBInitInfo) oRBInitInfo).add_server_request_interceptor(this, false);
            } catch (Exception e) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIForCFW.pre_init", "157", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "An exception has been thrown registering the interceptor", e);
                }
                throw ((INTERNAL) new INTERNAL().initCause(e));
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "pre_init");
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase, com.ibm.ISecurityLocalObjectBaseL13Impl.CSIORBInit, org.omg.PortableInterceptor.ORBInitializerOperations
    public void post_init(ORBInitInfo oRBInitInfo) {
        super.post_init(oRBInitInfo);
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "post_init", oRBInitInfo);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "post_init");
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase, org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void receive_request_service_contexts(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase, org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void receive_request(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
        String str;
        Map csi_lookup_connection_propagation_token_map;
        Map csi_lookup_connection_propagation_token_map2;
        Subject createUnauthenticatedSubject;
        boolean z;
        long j = 0;
        ContextHandler contextHandler = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "receive_request", serverRequestInfo);
        }
        if (tc.isDebugEnabled()) {
            entry(serverRequestInfo);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "*** RECEIVING REQUEST ***");
        }
        ServiceContext seedServiceContext = getSeedServiceContext(serverRequestInfo);
        SecurityExecutionEnvironment securityExecutionEnvironment = null;
        String str2 = null;
        Exception exc = null;
        if (seedServiceContext != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "got seed_sc for internal request");
            }
            try {
                securityExecutionEnvironment = SecurityExecutionEnvironment.createFromBytes(seedServiceContext.context_data);
            } catch (Exception e) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIForCFW.receive_request", "224", this);
                exc = e;
            }
            if (securityExecutionEnvironment != null) {
                str2 = securityExecutionEnvironment.getManagedNodeUUID();
                String userBeforeRunAs = securityExecutionEnvironment.getUserBeforeRunAs();
                ContextManagerFactory.getInstance().getThreadLocal().get_state_of_curr_obj().setUserBeforeRunAs(userBeforeRunAs);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "seed not null, managedNodeUUID is: " + str2 + ", userBeforeRunAs is: " + userBeforeRunAs);
                }
            }
        } else {
            str2 = getManagedNodeUUID(serverRequestInfo);
        }
        boolean z2 = false;
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "receive_request *** setting security config thread context ***");
            }
            ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Context at beginning of receive: " + SecurityObjectLocator.peekContext());
            }
            str = "<unknown>";
            if (SecurityObjectLocator.getSecurityConfigManager().isAdminAgent()) {
                z2 = pushAdminContext(str2);
            } else {
                Object target = ((ExtendedServerRequestInfo) serverRequestInfo).getTarget();
                str = target != null ? target.getClass().getName() : "<unknown>";
                String iORInfoDomain = MultiDomainHelper.getIORInfoDomain(serverRequestInfo, str);
                if (iORInfoDomain.equalsIgnoreCase("admin")) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "receive_request pushing admin context");
                    }
                    SecurityObjectLocator.pushAdminContext();
                } else if (iORInfoDomain.equalsIgnoreCase("app")) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "receive_request pushing app context for class " + str);
                    }
                    SecurityObjectLocator.pushAppContext(str);
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "receive_request unknown IORInfoDomain: " + iORInfoDomain + ", not setting config thread context");
                }
            }
            CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
            try {
                if (contextManagerFactory.isPMIEnabled()) {
                    j = System.currentTimeMillis();
                    contextManagerFactory.pmiCountStatistic("RMIAuthCount");
                }
                try {
                    if (qualifyServerRequest(serverRequestInfo)) {
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "receive_request");
                        }
                        if (contextManagerFactory.isPMIEnabled()) {
                            contextManagerFactory.pmiTimeStatistic("RMIAuthTime", System.currentTimeMillis() - j);
                        }
                        if (z) {
                            return;
                        } else {
                            return;
                        }
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "*** GET J2EE APPLICATION NAME ***");
                    }
                    byte[] object_id = serverRequestInfo.object_id();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "retrieved userKeyBytes", new String(object_id));
                    }
                    Map j2EEName = getJ2EEName(object_id);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "j2eeName = " + j2EEName);
                    }
                    if (seedServiceContext != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found seed service context, this is internal request.");
                        }
                        ContextManager contextManagerFactory2 = ContextManagerFactory.getInstance();
                        try {
                        } catch (Exception e2) {
                            createUnauthenticatedSubject = contextManagerFactory2.createUnauthenticatedSubject();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Login failed with seed.  Setting UNAUTHENTICATED.");
                            }
                        }
                        if (securityExecutionEnvironment == null) {
                            throw new Exception(exc);
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Built seed successfully.");
                        }
                        createUnauthenticatedSubject = loginWithSeed(securityExecutionEnvironment, j2EEName);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Successful login with seed.");
                        }
                        if (j2EEName != null && cSIv2Config.getBoolean("com.ibm.CSI.rmiInboundMappingEnabled")) {
                            createUnauthenticatedSubject = mapAuthenticatedSubject(createUnauthenticatedSubject, j2EEName);
                            if (tc.isDebugEnabled()) {
                                String str3 = null;
                                try {
                                    str3 = SubjectHelper.getWSCredentialFromSubject(createUnauthenticatedSubject).getSecurityName();
                                    Tr.debug(tc, "Successful mapping to username " + str3);
                                } catch (Exception e3) {
                                    Tr.debug(tc, "Exception caught when mapping to username " + str3 + " Exception: " + e3.getMessage());
                                }
                            }
                        }
                        contextManagerFactory2.initializeCallerContext(createUnauthenticatedSubject);
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "receive_request");
                        }
                        if (contextManagerFactory.isPMIEnabled()) {
                            contextManagerFactory.pmiTimeStatistic("RMIAuthTime", System.currentTimeMillis() - j);
                        }
                        if (z2) {
                            popAdminContext();
                            return;
                        }
                        return;
                    }
                    CurrentImpl current = this.myVault.getCurrent();
                    SASContextBody sASContextBody = null;
                    X509Certificate[] x509CertificateArr = null;
                    byte[] bArr = null;
                    ServiceContext privateReceiveRequestServiceContextFromFilter = getPrivateReceiveRequestServiceContextFromFilter(serverRequestInfo);
                    if (privateReceiveRequestServiceContextFromFilter == null) {
                        current.clear_requestor_context();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "No private service context");
                        }
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "receive_request");
                        }
                        if (contextManagerFactory.isPMIEnabled()) {
                            contextManagerFactory.pmiTimeStatistic("RMIAuthTime", System.currentTimeMillis() - j);
                        }
                        if (z2) {
                            popAdminContext();
                            return;
                        }
                        return;
                    }
                    try {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found private service context from filter.");
                        }
                        SessionEntry sessionEntry = new SessionEntry(privateReceiveRequestServiceContextFromFilter.context_data);
                        EstablishContext establishContext = sessionEntry.get_ec_message();
                        if (establishContext != null) {
                            sASContextBody = new SASContextBody();
                            sASContextBody.establish_msg(establishContext);
                        }
                        ServerConnectionKey serverConnectionKey = new ServerConnectionKey(sessionEntry.get_remote_connection_unique_id(), sessionEntry.get_remote_host(), sessionEntry.get_remote_port());
                        if (sessionEntry.get_cert_chain() != null) {
                            x509CertificateArr = sessionEntry.get_cert_chain();
                        } else {
                            bArr = sessionEntry.get_transport_layer_data();
                            if (bArr != null && tc.isDebugEnabled()) {
                                Tr.debug(tc, "Session entry has transport layer data: " + bArr);
                            }
                        }
                        if (((ExtendedServerRequestInfo) serverRequestInfo).getTarget() != null) {
                            str = ((ExtendedServerRequestInfo) serverRequestInfo).getTarget().getClass().getName();
                        }
                        String str4 = null;
                        boolean z3 = cSIv2Config.getBoolean("com.ibm.CSI.neverUseClientCertificateForCallerLogin");
                        if (z3) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Client certificate not considered for login.");
                            }
                        } else if (cSIv2Config.getBoolean("com.ibm.CORBA.serverSecurityEnabled")) {
                            if (x509CertificateArr != null && x509CertificateArr[0] != null) {
                                str4 = x509CertificateArr[0].getSubjectDN().getName();
                            } else if (bArr != null) {
                                str4 = new String(bArr);
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Server security enabled, getting transport principal (if present): " + str);
                            }
                        } else if (SecurityComponentFactory.list != null && SecurityComponentFactory.list.find(str)) {
                            if (x509CertificateArr != null && x509CertificateArr[0] != null) {
                                str4 = x509CertificateArr[0].getSubjectDN().getName();
                            } else if (bArr != null) {
                                str4 = new String(bArr);
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Server security disabled, getting transport principal (if present) for class_name " + str + ": " + str4);
                            }
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Transport principal : " + str4);
                        }
                        AuditData initializeAuditService = initializeAuditService(serverRequestInfo.operation(), sessionEntry.get_remote_host(), sessionEntry.get_remote_port(), str4);
                        if (!verifySecurityInfoIsSufficientToContinue(x509CertificateArr, sASContextBody, bArr, sessionEntry.get_remote_host(), sessionEntry.get_remote_port(), str, serverRequestInfo.operation(), initializeAuditService)) {
                            current.clear_requestor_context();
                            if (tc.isEntryEnabled()) {
                                Tr.exit(tc, "receive_request");
                            }
                            if (contextManagerFactory.isPMIEnabled()) {
                                contextManagerFactory.pmiTimeStatistic("RMIAuthTime", System.currentTimeMillis() - j);
                            }
                            if (z2) {
                                popAdminContext();
                                return;
                            }
                            return;
                        }
                        byte[] bArr2 = null;
                        Subject subject = null;
                        SecurityContextImpl securityContextImpl = this.csiUtil.get_security_context_impl("", "");
                        long j2 = sessionEntry.get_client_context_id();
                        boolean z4 = false;
                        List list = null;
                        if (sessionEntry.get_renegotiate_to_stateless()) {
                            j2 = 0;
                        }
                        if (SecurityObjectLocator.getSecurityConfigManager().isAdminAgent() && str2 != null && str2.length() > 0) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Admin Agent session managed node uuid: " + str2);
                            }
                            sessionEntry.set_managed_node_uuid(str2);
                        }
                        if (sASContextBody != null && sASContextBody.discriminator() == 0) {
                            EstablishContext establish_msg = sASContextBody.establish_msg();
                            this.csiUtil.print_ec_message(establish_msg, "receive_request");
                            IdentityToken identityToken = establish_msg.identity_token;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "identity token present: " + (identityToken.discriminator() != 0) + ", client_authentication_token present: " + (establish_msg.client_authentication_token != null && establish_msg.client_authentication_token.length > 0) + ", certificate chain present: " + (x509CertificateArr != null));
                            }
                            securityContextImpl = getSecurityContext(establish_msg, initializeAuditService, null, sessionEntry, j2, serverConnectionKey);
                            this.csiUtil.getCurrent().setSecurityContext(securityContextImpl);
                            if (identityToken.discriminator() == 0 || identityToken.discriminator() == 1) {
                                if (establish_msg.client_authentication_token == null || establish_msg.client_authentication_token.length <= 0 || identityToken.discriminator() == 1) {
                                    processUnauthenticated(initializeAuditService, securityContextImpl, sessionEntry, j2, serverConnectionKey);
                                    if (tc.isEntryEnabled()) {
                                        Tr.exit(tc, "receive_request");
                                    }
                                    if (contextManagerFactory.isPMIEnabled()) {
                                        contextManagerFactory.pmiTimeStatistic("RMIAuthTime", System.currentTimeMillis() - j);
                                    }
                                    if (z2) {
                                        popAdminContext();
                                        return;
                                    }
                                    return;
                                }
                                if (sessionEntry.get_session_state() == 1) {
                                    bArr2 = sessionEntry.get_in_token();
                                    securityContextImpl.setIdentityName(sessionEntry.get_identity_assertion_type());
                                    securityContextImpl.setIdentityValue(sessionEntry.get_identity_assertion_data());
                                } else {
                                    bArr2 = processClientAuthToken(establish_msg, initializeAuditService, securityContextImpl);
                                    sessionEntry.set_in_token(bArr2);
                                    sessionEntry.set_identity_assertion_type(securityContextImpl.getIdentityName());
                                    sessionEntry.set_identity_assertion_data(securityContextImpl.getIdentityValue());
                                }
                            } else if (sessionEntry.get_session_state() == 1) {
                                bArr2 = sessionEntry.get_in_token();
                                securityContextImpl.setIdentityName(sessionEntry.get_identity_assertion_type());
                                securityContextImpl.setIdentityValue(sessionEntry.get_identity_assertion_data());
                            } else {
                                bArr2 = processIdentityToken(establish_msg, identityToken, initializeAuditService, sessionEntry, j2, serverConnectionKey, securityContextImpl, x509CertificateArr, str4);
                                sessionEntry.set_in_token(bArr2);
                                sessionEntry.set_identity_assertion_type(securityContextImpl.getIdentityName());
                                sessionEntry.set_identity_assertion_data(securityContextImpl.getIdentityValue());
                            }
                            list = handlePropagationToken(establish_msg, sessionEntry, initializeAuditService);
                        } else {
                            if (z3) {
                                if (tc.isEntryEnabled()) {
                                    Tr.exit(tc, " there is no identity to process, returning from receive_request.");
                                }
                                if (contextManagerFactory.isPMIEnabled()) {
                                    contextManagerFactory.pmiTimeStatistic("RMIAuthTime", System.currentTimeMillis() - j);
                                }
                                if (z2) {
                                    popAdminContext();
                                    return;
                                }
                                return;
                            }
                            if (x509CertificateArr != null && x509CertificateArr.length > 0) {
                                subject = this.sessionMgr.csi_lookup_connection_cred(serverConnectionKey);
                                if (subject != null) {
                                    try {
                                        if (!SubjectHelper.isWSCredentialValid(subject, true)) {
                                            throw new InvalidCredential();
                                        }
                                        this.csiUtil.getCurrent().initialize_requestor_context(subject);
                                        initializeAuditService.setReceivedSubject(subject);
                                        if (cSIv2Config.getBoolean("com.ibm.CSI.rmiInboundPropagationEnabled") && (csi_lookup_connection_propagation_token_map2 = this.sessionMgr.csi_lookup_connection_propagation_token_map(serverConnectionKey)) != null) {
                                            try {
                                                Iterator it = csi_lookup_connection_propagation_token_map2.keySet().iterator();
                                                while (it.hasNext()) {
                                                    PropagationToken propagationToken = (PropagationToken) csi_lookup_connection_propagation_token_map2.get((String) it.next());
                                                    if (propagationToken != null) {
                                                        final PropagationToken propagationToken2 = (PropagationToken) propagationToken.clone();
                                                        AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIForCFW.1
                                                            @Override // java.security.PrivilegedExceptionAction
                                                            public Object run() throws WSSecurityException {
                                                                ContextManagerFactory.getInstance().setPropagationToken(propagationToken2.getName() + ":" + ((int) propagationToken2.getVersion()), propagationToken2);
                                                                return null;
                                                            }
                                                        });
                                                    }
                                                }
                                            } catch (PrivilegedActionException e4) {
                                                Manager.Ffdc.log(e4.getException(), this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.receive_request", "608", this);
                                            }
                                        }
                                        if (j2EEName != null && cSIv2Config.getBoolean("com.ibm.CSI.rmiInboundMappingEnabled")) {
                                            Subject mapAuthenticatedSubject = mapAuthenticatedSubject(subject, j2EEName);
                                            if (tc.isDebugEnabled()) {
                                                String str5 = null;
                                                try {
                                                    str5 = SubjectHelper.getWSCredentialFromSubject(mapAuthenticatedSubject).getSecurityName();
                                                    Tr.debug(tc, "Successful mapping received subject to username " + str5);
                                                } catch (Exception e5) {
                                                    Tr.debug(tc, "Exception caught when mapping to username " + str5 + " Exception: " + e5.getMessage());
                                                }
                                            }
                                            this.csiUtil.getCurrent().initialize_requestor_context(mapAuthenticatedSubject);
                                            initializeAuditService.setReceivedSubject(mapAuthenticatedSubject);
                                            if (cSIv2Config.getBoolean("com.ibm.CSI.rmiInboundPropagationEnabled") && (csi_lookup_connection_propagation_token_map = this.sessionMgr.csi_lookup_connection_propagation_token_map(serverConnectionKey)) != null) {
                                                try {
                                                    Iterator it2 = csi_lookup_connection_propagation_token_map.keySet().iterator();
                                                    while (it2.hasNext()) {
                                                        PropagationToken propagationToken3 = (PropagationToken) csi_lookup_connection_propagation_token_map.get((String) it2.next());
                                                        if (propagationToken3 != null) {
                                                            final PropagationToken propagationToken4 = (PropagationToken) propagationToken3.clone();
                                                            AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIForCFW.2
                                                                @Override // java.security.PrivilegedExceptionAction
                                                                public Object run() throws WSSecurityException {
                                                                    ContextManagerFactory.getInstance().setPropagationToken(propagationToken4.getName() + ":" + ((int) propagationToken4.getVersion()), propagationToken4);
                                                                    return null;
                                                                }
                                                            });
                                                        }
                                                    }
                                                } catch (PrivilegedActionException e6) {
                                                    Manager.Ffdc.log(e6.getException(), this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.receive_request", "665", this);
                                                }
                                            }
                                        }
                                        if (contextManagerFactory.isPMIEnabled()) {
                                            contextManagerFactory.pmiTimeStatistic("RMIAuthTime", System.currentTimeMillis() - j);
                                        }
                                        if (z2) {
                                            popAdminContext();
                                            return;
                                        }
                                        return;
                                    } catch (InvalidCredential e7) {
                                        subject = null;
                                    }
                                }
                                if (subject == null) {
                                    processCertificateChain(x509CertificateArr, str4, initializeAuditService, securityContextImpl, sessionEntry, j2, serverConnectionKey);
                                }
                                z4 = true;
                            } else if (bArr == null || bArr.length <= 0) {
                                processInvalidMessage(initializeAuditService, sessionEntry, j2, serverConnectionKey);
                            } else {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "No msg or cert_chain, using transport layer data: " + new String(bArr));
                                }
                                securityContextImpl.setIdentityName(VaultConstants.TransportLayerData);
                                securityContextImpl.setIdentityValue(bArr);
                                initializeAuditService.setMechType(VaultConstants.TRANSPORT_LAYER_MECH_TYPE);
                                bArr2 = bArr;
                                z4 = true;
                            }
                        }
                        if (subject == null) {
                            subject = authenticateSecurityTokens(bArr2, x509CertificateArr, initializeAuditService, securityContextImpl, sessionEntry, j2, serverConnectionKey, sessionEntry.get_remote_host(), sessionEntry.get_remote_port(), j2EEName);
                        }
                        try {
                            if (sessionEntry.get_session_state() != 1) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Either session is not complete or Kerberos authentication, calling finishSessionProcessingForFilter()");
                                }
                                finishSessionProcessingForFilter(serverRequestInfo, securityContextImpl, subject, sessionEntry, j2, serverConnectionKey, z4, list);
                            }
                            if (j2EEName != null && cSIv2Config.getBoolean("com.ibm.CSI.rmiInboundMappingEnabled")) {
                                Subject mapAuthenticatedSubject2 = mapAuthenticatedSubject(subject, j2EEName);
                                if (tc.isDebugEnabled()) {
                                    String str6 = null;
                                    try {
                                        str6 = SubjectHelper.getWSCredentialFromSubject(mapAuthenticatedSubject2).getSecurityName();
                                        Tr.debug(tc, "Successful mapping received subject to username " + str6);
                                    } catch (Exception e8) {
                                        Tr.debug(tc, "Exception caught when mapping to username " + str6 + " Exception: " + e8.getMessage());
                                    }
                                }
                                this.csiUtil.getCurrent().initialize_requestor_context(mapAuthenticatedSubject2);
                            }
                            if (auditService != null) {
                                contextHandler = auditService.getContextHandler();
                                if (contextHandler == null) {
                                    Tr.error(tc, "security.audit.service.context.error");
                                    auditService.processAuditFailure("security.audit.service.context.error", null);
                                }
                            }
                            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "SUCCESS")) {
                                if (initializeAuditService == null || initializeAuditService.getReceivedSubject() == null) {
                                    this.princ = null;
                                } else {
                                    this.princ = ((Principal) initializeAuditService.getReceivedSubject().getPrincipals().toArray()[0]).getName();
                                }
                                contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(new Long(initializeAuditService.getStatefulContextId()).toString(), null, initializeAuditService.getRemoteHost(), new Integer(initializeAuditService.getRemotePort()).toString()));
                                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData("WebSphere", initializeAuditService.getOperation(), this.princ, initializeAuditService.getTransportPrincipal(), "authnSuccess", initializeAuditService.getOperation(), "ORB", new Long(0L), null, null, null, null));
                                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(auditService.getLastTrailId(), auditService.getEventTrailIds(), new Date(), new Long(0L).longValue()));
                                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
                                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(this.activeUserRegistry)));
                                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(initializeAuditService.getProviderName(), new Boolean(initializeAuditService.getProviderSuccessful()).toString()));
                                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "SUCCESS", 5L);
                                try {
                                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                                } catch (ProviderFailureException e9) {
                                    Tr.error(tc, "security.JSAS1503E", new Object[]{e9});
                                    auditService.processAuditFailure("security.audit.service.sendevent.error", e9);
                                }
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "*** BEGIN PREINVOKE ***");
                            }
                            if (tc.isEntryEnabled()) {
                                Tr.exit(tc, "receive_request");
                            }
                            if (contextManagerFactory.isPMIEnabled()) {
                                contextManagerFactory.pmiTimeStatistic("RMIAuthTime", System.currentTimeMillis() - j);
                            }
                            if (z2) {
                                popAdminContext();
                            }
                        } catch (Exception e10) {
                            Manager.Ffdc.log(e10, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIForCFW.receive_request", "757", this);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Exception updating private service context for reply.", new Object[]{e10});
                            }
                            throw new NO_PERMISSION(e10.getMessage());
                        }
                    } catch (Exception e11) {
                        Manager.Ffdc.log(e11, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIForCFW.receive_request", "404", this);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception occurred during session de-serialization.", e11);
                        }
                        throw new NO_PERMISSION(e11.getMessage());
                    }
                } catch (Throwable th) {
                    if (th instanceof SystemException) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "SystemException class: " + th.getClass().getName() + ", message: " + th.getMessage(), new Object[]{th});
                        }
                        throw ((SystemException) th);
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception class: " + th.getClass().getName() + ", message: " + th.getMessage(), new Object[]{th});
                    }
                    throw new INTERNAL("Exception class: " + th.getClass().getName() + ", message: " + th.getMessage());
                }
            } catch (Throwable th2) {
                if (contextManagerFactory.isPMIEnabled()) {
                    contextManagerFactory.pmiTimeStatistic("RMIAuthTime", System.currentTimeMillis() - 0);
                }
                throw th2;
            }
        } finally {
            if (z2) {
                popAdminContext();
            }
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase, org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void send_reply(ServerRequestInfo serverRequestInfo) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "send_reply", serverRequestInfo);
        }
        if (tc.isDebugEnabled()) {
            entry(serverRequestInfo);
        }
        boolean z = false;
        try {
            z = pushAdminContext(getManagedNodeUUID(serverRequestInfo));
            CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
            try {
                if (is_local_server_request(serverRequestInfo)) {
                    send_reply_local(serverRequestInfo);
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "send_reply");
                    }
                    if (z) {
                        popAdminContext();
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Going to pop unconditionally in send_reply since we always push in receive_request: " + SecurityObjectLocator.peekContext());
                    }
                    SecurityObjectLocator.popContext();
                    return;
                }
                String name = ((ExtendedServerRequestInfo) serverRequestInfo).getTarget() != null ? ((ExtendedServerRequestInfo) serverRequestInfo).getTarget().getClass().getName() : "<unknown>";
                if (SecurityConnectionInterceptor.isSpecialNamingMethod(serverRequestInfo.operation(), name) || SecurityConnectionInterceptor.isSpecialSSLRequiredNamingMethod(serverRequestInfo.operation(), name) || (ORB.isSpecialMethod(serverRequestInfo.operation()) && !this.csiUtil.isCORBAAuthRequired())) {
                    this.csiUtil.getCurrent().clear_requestor_context();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Special naming method or other corba special method. Return from interceptor.");
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "send_reply");
                    }
                    if (z) {
                        popAdminContext();
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Going to pop unconditionally in send_reply since we always push in receive_request: " + SecurityObjectLocator.peekContext());
                    }
                    SecurityObjectLocator.popContext();
                    return;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "*** END POSTINVOKE ***");
                }
                SecurityContextImpl securityContext = this.csiUtil.getCurrent().getSecurityContext();
                this.csiUtil.getCurrent().setSecurityContext((SecurityContextImpl) null);
                if (securityContext != null) {
                    long csi_get_context_id_from_service_context = this.sessionMgr.csi_get_context_id_from_service_context(securityContext);
                    securityContext.csi_server_preprotect(serverRequestInfo, securityContext);
                    if (securityContext.get_discard_context()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Discarding context per request.  SESSION_REJECTED for future requests.");
                        }
                        ServerConnectionKey serverConnectionKey = securityContext.get_server_conn_key();
                        if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_STATEFUL) && csi_get_context_id_from_service_context != 0 && serverConnectionKey != null) {
                            this.sessionMgr.csi_server_session_status_update(csi_get_context_id_from_service_context, serverConnectionKey, 7);
                        }
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Could not get security context in send_reply.  May be unprotected request.");
                }
                this.csiUtil.getCurrent().clear_requestor_context();
                if (z) {
                    popAdminContext();
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Going to pop unconditionally in send_reply since we always push in receive_request: " + SecurityObjectLocator.peekContext());
                }
                SecurityObjectLocator.popContext();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "*** SENDING REPLY ***");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "send_reply");
                }
            } catch (Throwable th) {
                if (th instanceof SystemException) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "SystemException class: " + th.getClass().getName() + ", message: " + th.getMessage());
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "send_reply");
                    }
                    throw ((SystemException) th);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception class: " + th.getClass().getName() + ", message: " + th.getMessage());
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "send_reply");
                }
                throw new INTERNAL("Exception class: " + th.getClass().getName() + ", message: " + th.getMessage());
            }
        } catch (Throwable th2) {
            if (z) {
                popAdminContext();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Going to pop unconditionally in send_reply since we always push in receive_request: " + SecurityObjectLocator.peekContext());
            }
            SecurityObjectLocator.popContext();
            throw th2;
        }
    }

    public void send_reply_local(ServerRequestInfo serverRequestInfo) {
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase, org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void send_exception(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "send_exception", serverRequestInfo);
        }
        if (tc.isDebugEnabled()) {
            entry(serverRequestInfo);
        }
        try {
            boolean pushAdminContext = pushAdminContext(getManagedNodeUUID(serverRequestInfo));
            if (is_local_server_request(serverRequestInfo)) {
                send_exception_local(serverRequestInfo);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "send_exception");
                }
                if (pushAdminContext) {
                    popAdminContext();
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Popping unconditionally in send_exception  since we always push in receive_request: " + SecurityObjectLocator.peekContext());
                }
                SecurityObjectLocator.popContext();
                return;
            }
            String name = ((ExtendedServerRequestInfo) serverRequestInfo).getTarget() != null ? ((ExtendedServerRequestInfo) serverRequestInfo).getTarget().getClass().getName() : "<unknown>";
            if (SecurityConnectionInterceptor.isSpecialNamingMethod(serverRequestInfo.operation(), name) || SecurityConnectionInterceptor.isSpecialSSLRequiredNamingMethod(serverRequestInfo.operation(), name) || (ORB.isSpecialMethod(serverRequestInfo.operation()) && !this.csiUtil.isCORBAAuthRequired())) {
                this.csiUtil.getCurrent().clear_requestor_context();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Special naming method or other corba special method. Return from interceptor.");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "send_exception");
                }
                if (pushAdminContext) {
                    popAdminContext();
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Popping unconditionally in send_exception  since we always push in receive_request: " + SecurityObjectLocator.peekContext());
                }
                SecurityObjectLocator.popContext();
                return;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "*** END POSTINVOKE ***");
            }
            SecurityContextImpl securityContext = this.csiUtil.getCurrent().getSecurityContext();
            this.csiUtil.getCurrent().setSecurityContext((SecurityContextImpl) null);
            String read_detailed_message = this.csiUtil.read_detailed_message(serverRequestInfo);
            if (!read_detailed_message.equals("") && tc.isDebugEnabled()) {
                Tr.debug(tc, "The following exception occurred on the server, sending context error back to client: " + read_detailed_message);
            }
            if (securityContext != null) {
                securityContext.csi_server_preprotect(serverRequestInfo, securityContext);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Could not get security context in send_exception.  May be unprotected request.");
            }
            this.csiUtil.getCurrent().clear_requestor_context();
            if (pushAdminContext) {
                popAdminContext();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Popping unconditionally in send_exception  since we always push in receive_request: " + SecurityObjectLocator.peekContext());
            }
            SecurityObjectLocator.popContext();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "*** SENDING EXCEPTION ***");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "send_exception");
            }
        } catch (Throwable th) {
            if (0 != 0) {
                popAdminContext();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Popping unconditionally in send_exception  since we always push in receive_request: " + SecurityObjectLocator.peekContext());
            }
            SecurityObjectLocator.popContext();
            throw th;
        }
    }

    public void send_exception_local(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase, org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void send_other(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "send_other");
        }
        if (tc.isDebugEnabled()) {
            entry(serverRequestInfo);
        }
        try {
            boolean pushAdminContext = pushAdminContext(getManagedNodeUUID(serverRequestInfo));
            if (is_local_server_request(serverRequestInfo)) {
                send_other_local(serverRequestInfo);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "send_other");
                }
                if (pushAdminContext) {
                    popAdminContext();
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Popping unconditionally in send_other since we always push in receive_request: " + SecurityObjectLocator.peekContext());
                }
                SecurityObjectLocator.popContext();
                return;
            }
            String name = ((ExtendedServerRequestInfo) serverRequestInfo).getTarget() != null ? ((ExtendedServerRequestInfo) serverRequestInfo).getTarget().getClass().getName() : "<unknown>";
            if (SecurityConnectionInterceptor.isSpecialNamingMethod(serverRequestInfo.operation(), name) || SecurityConnectionInterceptor.isSpecialSSLRequiredNamingMethod(serverRequestInfo.operation(), name) || (ORB.isSpecialMethod(serverRequestInfo.operation()) && !this.csiUtil.isCORBAAuthRequired())) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Special naming method.");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "send_other");
                }
                if (pushAdminContext) {
                    popAdminContext();
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Popping unconditionally in send_other since we always push in receive_request: " + SecurityObjectLocator.peekContext());
                }
                SecurityObjectLocator.popContext();
                return;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "*** END POSTINVOKE ***");
            }
            SecurityContextImpl securityContext = this.csiUtil.getCurrent().getSecurityContext();
            this.csiUtil.getCurrent().setSecurityContext((SecurityContextImpl) null);
            if (securityContext != null) {
                securityContext.csi_server_preprotect(serverRequestInfo, securityContext);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Could not get security context in send_other.  May be unprotected request.");
            }
            this.csiUtil.getCurrent().clear_requestor_context();
            if (pushAdminContext) {
                popAdminContext();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Popping unconditionally in send_other since we always push in receive_request: " + SecurityObjectLocator.peekContext());
            }
            SecurityObjectLocator.popContext();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "*** SENDING OTHER ***");
            }
            if (tc.isEntryEnabled()) {
                Tr.entry(tc, "send_other");
            }
        } catch (Throwable th) {
            if (0 != 0) {
                popAdminContext();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Popping unconditionally in send_other since we always push in receive_request: " + SecurityObjectLocator.peekContext());
            }
            SecurityObjectLocator.popContext();
            throw th;
        }
    }

    public void send_other_local(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    public void entry(ServerRequestInfo serverRequestInfo) {
        StringBuffer stringBuffer = new StringBuffer(100);
        String name = ((ExtendedServerRequestInfo) serverRequestInfo).getTarget() != null ? ((ExtendedServerRequestInfo) serverRequestInfo).getTarget().getClass().getName() : "<unknown>";
        if (name != null) {
            stringBuffer.append("Request_id: ").append(serverRequestInfo.request_id()).append(", class: ").append(name).append(", operation: ").append(serverRequestInfo.operation());
        } else {
            stringBuffer.append("Enter... request_id: ").append(serverRequestInfo.request_id()).append(", operation: ").append(serverRequestInfo.operation());
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, stringBuffer.toString());
        }
    }

    static {
        controlAdminServiceClz = null;
        rirProxyClz = null;
        try {
            controlAdminServiceClz = Class.forName("com.ibm.ws.management.ControlAdminService");
            rirProxyClz = Class.forName("com.ibm.ws390.orb.RIRProtectedProxyHandler");
        } catch (Throwable th) {
        }
    }
}
