package com.sun.enterprise.iiop.security;

import com.sun.corba.ee.impl.encoding.CDROutputObject;
import com.sun.corba.ee.impl.encoding.EncapsInputStream;
import com.sun.corba.ee.org.omg.CSIIOP.AS_ContextSec;
import com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech;
import com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMechList;
import com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMechListHelper;
import com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec;
import com.sun.corba.ee.org.omg.CSIIOP.ServiceConfiguration;
import com.sun.corba.ee.org.omg.CSIIOP.TLS_SEC_TRANS;
import com.sun.corba.ee.org.omg.CSIIOP.TLS_SEC_TRANSHelper;
import com.sun.corba.ee.org.omg.CSIIOP.TransportAddress;
import com.sun.corba.ee.spi.folb.SocketInfo;
import com.sun.corba.ee.spi.ior.IOR;
import com.sun.enterprise.deployment.EjbDescriptor;
import com.sun.enterprise.deployment.EjbIORConfigurationDescriptor;
import com.sun.enterprise.deployment.MethodPermission;
import com.sun.enterprise.util.Utility;
import com.sun.logging.LogDomains;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.glassfish.enterprise.iiop.api.GlassFishORBHelper;
import org.glassfish.enterprise.iiop.impl.CSIv2Policy;
import org.glassfish.internal.api.ORBLocator;
import org.glassfish.pfl.basic.func.UnaryFunction;
import org.omg.CORBA.INV_POLICY;
import org.omg.CORBA.ORB;
import org.omg.IOP.TaggedComponent;
import org.omg.PortableInterceptor.IORInfo;

/* loaded from: input_file:MICRO-INF/runtime/ejb.security-5.2021.5.jar:com/sun/enterprise/iiop/security/CSIV2TaggedComponentInfo.class */
public final class CSIV2TaggedComponentInfo {
    public static final int SUPPORTED_IDENTITY_TOKEN_TYPES = 15;
    private static final String DEFAULT_REALM = "default";
    private static final Logger logger = LogDomains.getLogger(CSIV2TaggedComponentInfo.class, "javax.enterprise.system.core.security");
    private static final TaggedComponent NULL_TAGGED_COMPONENT = new TaggedComponent(34, new byte[0]);
    private ORB orb;
    private int sslMutualAuthPort;
    private GlassFishORBHelper orbHelper;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:MICRO-INF/runtime/ejb.security-5.2021.5.jar:com/sun/enterprise/iiop/security/CSIV2TaggedComponentInfo$DescriptorMaker.class */
    public interface DescriptorMaker extends UnaryFunction<EjbIORConfigurationDescriptor, TaggedComponent> {
    }

    public CSIV2TaggedComponentInfo(ORB orb) {
        this.orb = orb;
        this.orbHelper = Lookups.getGlassFishORBHelper();
    }

    public CSIV2TaggedComponentInfo(ORB orb, int i) {
        this(orb);
        this.sslMutualAuthPort = i;
    }

    public EjbDescriptor getEjbDescriptor(IORInfo iORInfo) {
        CSIv2Policy cSIv2Policy = null;
        try {
            cSIv2Policy = (CSIv2Policy) iORInfo.get_effective_policy(this.orbHelper.getCSIv2PolicyType());
        } catch (INV_POLICY e) {
            logger.log(Level.FINE, "CSIV2TaggedComponentInfo.getEjbDescriptor: CSIv2Policy not present");
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "TxSecIORInterceptor.establish_components: CSIv2Policy: " + cSIv2Policy);
        }
        EjbDescriptor ejbDescriptor = null;
        if (cSIv2Policy != null) {
            ejbDescriptor = cSIv2Policy.getEjbDescriptor();
        }
        return ejbDescriptor;
    }

    public TaggedComponent createSecurityTaggedComponent(int i, EjbDescriptor ejbDescriptor) {
        TaggedComponent taggedComponent = null;
        try {
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "IIOP: Creating a Security Tagged Component");
            }
            taggedComponent = createCompoundSecMechListComponent(createCompoundSecMechs(i, ejbDescriptor));
        } catch (Exception e) {
            logger.log(Level.SEVERE, "iiop.createcompund_exception", (Throwable) e);
        }
        return taggedComponent;
    }

    public TaggedComponent createSecurityTaggedComponent(List<SocketInfo> list, EjbDescriptor ejbDescriptor) {
        TaggedComponent taggedComponent = null;
        if (ejbDescriptor != null) {
            try {
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, "IIOP: Creating a Security Tagged Component");
                }
                taggedComponent = createCompoundSecMechListComponent(createCompoundSecMechs(list, ejbDescriptor));
            } catch (Exception e) {
                logger.log(Level.SEVERE, "iiop.createcompund_exception", (Throwable) e);
            }
        }
        return taggedComponent;
    }

    private boolean getBooleanValue(Properties properties, String str) {
        return properties.getProperty(str, "false").equals("true");
    }

    public TaggedComponent createSecurityTaggedComponent(int i) {
        TaggedComponent taggedComponent = null;
        try {
            Properties cSIv2Props = this.orbHelper.getCSIv2Props();
            boolean booleanValue = getBooleanValue(cSIv2Props, ORBLocator.ORB_SSL_SERVER_REQUIRED);
            boolean booleanValue2 = getBooleanValue(cSIv2Props, ORBLocator.ORB_CLIENT_AUTH_REQUIRED);
            CompoundSecMech[] compoundSecMechArr = new CompoundSecMech[1];
            compoundSecMechArr[0] = new CompoundSecMech(booleanValue2 ? (short) 64 : (short) 0, createSSLInfo(i, (EjbIORConfigurationDescriptor) null, booleanValue), createASContextSec(null, "default"), createSASContextSec(null));
            taggedComponent = createCompoundSecMechListComponent(compoundSecMechArr);
        } catch (Exception e) {
            logger.log(Level.SEVERE, "iiop.createcompund_exception", (Throwable) e);
        }
        return taggedComponent;
    }

    private TaggedComponent createCompoundSecMechListComponent(CompoundSecMech[] compoundSecMechArr) {
        CDROutputObject create_output_stream = this.orb.create_output_stream();
        create_output_stream.putEndian();
        CompoundSecMechListHelper.write(create_output_stream, new CompoundSecMechList(false, compoundSecMechArr));
        return new TaggedComponent(33, create_output_stream.toByteArray());
    }

    private Set<EjbIORConfigurationDescriptor> getIORConfigurationDescriptors(EjbDescriptor ejbDescriptor) {
        if (ejbDescriptor == null) {
            return null;
        }
        Set<EjbIORConfigurationDescriptor> iORConfigurationDescriptors = ejbDescriptor.getIORConfigurationDescriptors();
        if (iORConfigurationDescriptors.size() == 0) {
            EjbIORConfigurationDescriptor ejbIORConfigurationDescriptor = new EjbIORConfigurationDescriptor();
            ejbIORConfigurationDescriptor.setIntegrity(EjbIORConfigurationDescriptor.SUPPORTED);
            ejbIORConfigurationDescriptor.setConfidentiality(EjbIORConfigurationDescriptor.SUPPORTED);
            ejbIORConfigurationDescriptor.setEstablishTrustInClient(EjbIORConfigurationDescriptor.SUPPORTED);
            iORConfigurationDescriptors.add(ejbIORConfigurationDescriptor);
            if (ejbDescriptor.getPermissionedRoles().size() > 0) {
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, "IIOP:Application has protected methods");
                }
                ejbIORConfigurationDescriptor.setAuthMethodRequired(true);
                String realm = ejbDescriptor.getApplication() != null ? ejbDescriptor.getApplication().getRealm() : "default";
                if (realm == null) {
                    realm = "default";
                }
                ejbIORConfigurationDescriptor.setRealmName(realm);
                Iterator<MethodPermission> it = ejbDescriptor.getMethodPermissionsFromDD().keySet().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (it.next().isUnchecked()) {
                        EjbIORConfigurationDescriptor ejbIORConfigurationDescriptor2 = new EjbIORConfigurationDescriptor();
                        ejbIORConfigurationDescriptor2.setIntegrity(EjbIORConfigurationDescriptor.SUPPORTED);
                        ejbIORConfigurationDescriptor2.setConfidentiality(EjbIORConfigurationDescriptor.SUPPORTED);
                        ejbIORConfigurationDescriptor2.setEstablishTrustInClient(EjbIORConfigurationDescriptor.SUPPORTED);
                        ejbIORConfigurationDescriptor2.setRealmName(realm);
                        iORConfigurationDescriptors.add(ejbIORConfigurationDescriptor2);
                        break;
                    }
                }
            }
        }
        return iORConfigurationDescriptors;
    }

    private CompoundSecMech[] createCompoundSecMechs(DescriptorMaker descriptorMaker, EjbDescriptor ejbDescriptor) throws IOException {
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "IIOP: Creating CompoundSecMech");
        }
        if (ejbDescriptor == null) {
            return null;
        }
        Set<EjbIORConfigurationDescriptor> iORConfigurationDescriptors = getIORConfigurationDescriptors(ejbDescriptor);
        CompoundSecMech[] compoundSecMechArr = new CompoundSecMech[iORConfigurationDescriptors.size()];
        Iterator<EjbIORConfigurationDescriptor> it = iORConfigurationDescriptors.iterator();
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "IORDescSet SIZE:" + iORConfigurationDescriptors.size());
        }
        String str = "default";
        for (int i = 0; i < iORConfigurationDescriptors.size(); i++) {
            EjbIORConfigurationDescriptor next = it.next();
            int targetRequires = getTargetRequires(next);
            TaggedComponent evaluate = descriptorMaker.evaluate(next);
            if (ejbDescriptor.getApplication() != null) {
                str = ejbDescriptor.getApplication().getRealm();
            }
            if (str == null) {
                str = next.getRealmName();
            }
            if (str == null) {
                str = "default";
            }
            AS_ContextSec createASContextSec = createASContextSec(next, str);
            SAS_ContextSec createSASContextSec = createSASContextSec(next);
            compoundSecMechArr[i] = new CompoundSecMech((short) (targetRequires | createASContextSec.target_requires | createSASContextSec.target_requires), evaluate, createASContextSec, createSASContextSec);
        }
        return compoundSecMechArr;
    }

    private CompoundSecMech[] createCompoundSecMechs(final List<SocketInfo> list, EjbDescriptor ejbDescriptor) throws IOException {
        return createCompoundSecMechs(new DescriptorMaker() { // from class: com.sun.enterprise.iiop.security.CSIV2TaggedComponentInfo.1
            @Override // org.glassfish.pfl.basic.func.UnaryFunction
            public TaggedComponent evaluate(EjbIORConfigurationDescriptor ejbIORConfigurationDescriptor) {
                return CSIV2TaggedComponentInfo.this.createSSLInfo((List<SocketInfo>) list, ejbIORConfigurationDescriptor, false);
            }
        }, ejbDescriptor);
    }

    private CompoundSecMech[] createCompoundSecMechs(final int i, EjbDescriptor ejbDescriptor) throws IOException {
        return createCompoundSecMechs(new DescriptorMaker() { // from class: com.sun.enterprise.iiop.security.CSIV2TaggedComponentInfo.2
            @Override // org.glassfish.pfl.basic.func.UnaryFunction
            public TaggedComponent evaluate(EjbIORConfigurationDescriptor ejbIORConfigurationDescriptor) {
                return CSIV2TaggedComponentInfo.this.createSSLInfo(i, ejbIORConfigurationDescriptor, false);
            }
        }, ejbDescriptor);
    }

    public AS_ContextSec createASContextSec(EjbIORConfigurationDescriptor ejbIORConfigurationDescriptor, String str) throws IOException {
        int i = 0;
        byte[] bArr = new byte[0];
        byte[] bArr2 = new byte[0];
        String str2 = null;
        boolean z = false;
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "IIOP: Creating AS_Context");
        }
        if (ejbIORConfigurationDescriptor != null) {
            str2 = ejbIORConfigurationDescriptor.getAuthenticationMethod();
            z = ejbIORConfigurationDescriptor.isAuthMethodRequired();
        }
        if (str2 != null && str2.equalsIgnoreCase("NONE")) {
            return new AS_ContextSec((short) 0, (short) 0, bArr, bArr2);
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "IIOP:AS_Context: Realm Name for login = " + str);
        }
        if (str == null) {
            str = ejbIORConfigurationDescriptor.getRealmName();
        }
        if (str == null) {
            str = "default";
        }
        byte[] createExportedName = GSSUtils.createExportedName(GSSUtils.GSSUP_MECH_OID, str.getBytes());
        if (z) {
            i = 64;
        }
        return new AS_ContextSec((short) 64, (short) i, GSSUtils.getMechanism(), createExportedName);
    }

    /* JADX WARN: Type inference failed for: r0v6, types: [byte[], byte[][]] */
    public SAS_ContextSec createSASContextSec(EjbIORConfigurationDescriptor ejbIORConfigurationDescriptor) throws IOException {
        ServiceConfiguration[] serviceConfigurationArr = new ServiceConfiguration[0];
        ?? r0 = new byte[0];
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "IIOP: Creating SAS_Context");
        }
        String callerPropagation = ejbIORConfigurationDescriptor != null ? ejbIORConfigurationDescriptor.getCallerPropagation() : null;
        if (callerPropagation != null && callerPropagation.equalsIgnoreCase("NONE")) {
            return new SAS_ContextSec((short) 0, (short) 0, serviceConfigurationArr, (byte[][]) r0, 0);
        }
        byte[] mechanism = GSSUtils.getMechanism();
        byte[][] bArr = new byte[1][mechanism.length];
        for (int i = 0; i < mechanism.length; i++) {
            bArr[0][i] = mechanism[i];
        }
        return new SAS_ContextSec((short) 1024, (short) 0, serviceConfigurationArr, bArr, 1024 != 0 ? 15 : 0);
    }

    public int getTargetSupports(EjbIORConfigurationDescriptor ejbIORConfigurationDescriptor) {
        if (ejbIORConfigurationDescriptor == null) {
            return 0;
        }
        int i = 0;
        if (!ejbIORConfigurationDescriptor.getIntegrity().equalsIgnoreCase("NONE")) {
            i = 0 | 2;
        }
        if (!ejbIORConfigurationDescriptor.getConfidentiality().equalsIgnoreCase("NONE")) {
            i |= 4;
        }
        if (!ejbIORConfigurationDescriptor.getEstablishTrustInTarget().equalsIgnoreCase("NONE")) {
            i |= 32;
        }
        if (!ejbIORConfigurationDescriptor.getEstablishTrustInClient().equalsIgnoreCase("NONE")) {
            i |= 64;
        }
        return i;
    }

    public int getTargetRequires(EjbIORConfigurationDescriptor ejbIORConfigurationDescriptor) {
        if (ejbIORConfigurationDescriptor == null) {
            return 0;
        }
        int i = 0;
        if (ejbIORConfigurationDescriptor.getIntegrity().equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) {
            i = 0 | 2;
        }
        if (ejbIORConfigurationDescriptor.getConfidentiality().equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) {
            i |= 4;
        }
        if (ejbIORConfigurationDescriptor.getEstablishTrustInTarget().equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) {
            i |= 32;
        }
        if (ejbIORConfigurationDescriptor.getEstablishTrustInClient().equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) {
            i |= 64;
        }
        return i;
    }

    private int getTargetSupportsDefault(EjbIORConfigurationDescriptor ejbIORConfigurationDescriptor) {
        if (ejbIORConfigurationDescriptor == null) {
            return 102;
        }
        return getTargetSupports(ejbIORConfigurationDescriptor);
    }

    private int getTargetRequiresDefault(EjbIORConfigurationDescriptor ejbIORConfigurationDescriptor, boolean z) {
        int i = 0;
        if (ejbIORConfigurationDescriptor != null) {
            i = getTargetRequires(ejbIORConfigurationDescriptor);
        } else if (z) {
            i = 70;
        }
        return i;
    }

    private TaggedComponent createTlsSecTransComponent(int i, int i2, TransportAddress[] transportAddressArr) {
        TLS_SEC_TRANS tls_sec_trans = new TLS_SEC_TRANS((short) i, (short) i2, transportAddressArr);
        CDROutputObject create_output_stream = this.orb.create_output_stream();
        create_output_stream.putEndian();
        TLS_SEC_TRANSHelper.write(create_output_stream, tls_sec_trans);
        return new TaggedComponent(36, create_output_stream.toByteArray());
    }

    private TransportAddress[] generateTransportAddresses(int i) {
        return new TransportAddress[]{new TransportAddress(Utility.getLocalAddress(), Utility.intToShort(i))};
    }

    private TransportAddress[] generateTransportAddresses(List<SocketInfo> list) {
        TransportAddress[] transportAddressArr = new TransportAddress[list.size()];
        for (int i = 0; i < list.size(); i++) {
            SocketInfo socketInfo = list.get(i);
            transportAddressArr[i] = new TransportAddress(socketInfo.host(), Utility.intToShort(socketInfo.port()));
        }
        return transportAddressArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public TaggedComponent createSSLInfo(int i, EjbIORConfigurationDescriptor ejbIORConfigurationDescriptor, boolean z) {
        int targetSupportsDefault = getTargetSupportsDefault(ejbIORConfigurationDescriptor);
        int targetRequiresDefault = getTargetRequiresDefault(ejbIORConfigurationDescriptor, z);
        int i2 = ejbIORConfigurationDescriptor != null && (targetRequiresDefault & 64) == 64 ? this.sslMutualAuthPort : i;
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "IIOP: Creating Transport Mechanism for sslport " + i2);
        }
        return ((targetSupportsDefault | targetRequiresDefault) == 0 || i2 == -1) ? NULL_TAGGED_COMPONENT : createTlsSecTransComponent(targetSupportsDefault, targetRequiresDefault, generateTransportAddresses(i2));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public TaggedComponent createSSLInfo(List<SocketInfo> list, EjbIORConfigurationDescriptor ejbIORConfigurationDescriptor, boolean z) {
        int targetSupportsDefault = getTargetSupportsDefault(ejbIORConfigurationDescriptor);
        int targetRequiresDefault = getTargetRequiresDefault(ejbIORConfigurationDescriptor, z);
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "IIOP: Creating Transport Mechanism for socketInfos " + list);
        }
        return (targetSupportsDefault | targetRequiresDefault) == 0 ? NULL_TAGGED_COMPONENT : createTlsSecTransComponent(targetSupportsDefault, targetRequiresDefault, generateTransportAddresses(list));
    }

    public boolean allMechanismsRequireSSL(Set set) {
        int size = set.size();
        if (size == 0) {
            return false;
        }
        Iterator it = set.iterator();
        for (int i = 0; i < size; i++) {
            if (getTargetRequires((EjbIORConfigurationDescriptor) it.next()) == 0) {
                return false;
            }
        }
        return true;
    }

    public CompoundSecMech[] getSecurityMechanisms(IOR ior) {
        Iterator iteratorById = ior.getProfile().getTaggedProfileTemplate().iteratorById(33);
        if (!iteratorById.hasNext()) {
            if (!logger.isLoggable(Level.FINE)) {
                return null;
            }
            logger.log(Level.FINE, "IIOP:TAG_CSI_SEC_MECH_LIST tagged component not found");
            return null;
        }
        com.sun.corba.ee.spi.ior.TaggedComponent taggedComponent = (com.sun.corba.ee.spi.ior.TaggedComponent) iteratorById.next();
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "Component:" + taggedComponent);
        }
        if (iteratorById.hasNext()) {
            logger.log(Level.SEVERE, "iiop.many_tagged_component");
            throw new RuntimeException("More than one TAG_CSI_SEC_MECH_LIST tagged component found ");
        }
        byte[] bArr = taggedComponent.getIOPComponent(this.orb).component_data;
        EncapsInputStream encapsInputStream = new EncapsInputStream(this.orb, bArr, bArr.length);
        encapsInputStream.consumeEndian();
        return CompoundSecMechListHelper.read(encapsInputStream).mechanism_list;
    }

    public TLS_SEC_TRANS getSSLInformation(CompoundSecMech compoundSecMech) {
        return getSSLComponent(compoundSecMech.transport_mech);
    }

    private TLS_SEC_TRANS getSSLComponent(TaggedComponent taggedComponent) {
        TLS_SEC_TRANS read;
        if (taggedComponent.tag == 34) {
            read = null;
        } else {
            byte[] bArr = taggedComponent.component_data;
            EncapsInputStream encapsInputStream = new EncapsInputStream(this.orb, bArr, bArr.length);
            encapsInputStream.consumeEndian();
            read = TLS_SEC_TRANSHelper.read(encapsInputStream);
        }
        return read;
    }
}
