package org.openorb.orb.csiv2;

import javax.net.ssl.SSLPeerUnverifiedException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.cert.X509Certificate;
import org.apache.avalon.framework.CascadingRuntimeException;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.INTERNAL;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.ORB;
import org.omg.CSI.SASContextBody;
import org.omg.CSI.SASContextBodyHelper;
import org.omg.IOP.Codec;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ForwardRequest;
import org.omg.PortableInterceptor.ServerRequestInfo;
import org.omg.PortableInterceptor.ServerRequestInterceptor;
import org.openorb.orb.core.LoggableLocalObject;
import org.openorb.orb.csiv2.CSIServerJAASModule;
import org.openorb.orb.iiop.IIOPServerRequest;
import org.openorb.orb.security.DistinguishedName;
import org.openorb.orb.ssl.SSLTransport;
import org.openorb.orb.util.Trace;

/* loaded from: input_file:org/openorb/orb/csiv2/CSIServerInterceptor.class */
class CSIServerInterceptor extends LoggableLocalObject implements ServerRequestInterceptor {
    private Codec m_codec;
    private ORB m_orb;
    private CSITransportServerInitializer m_ctsi;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CSIServerInterceptor(Codec codec, ORB orb, CSITransportServerInitializer cSITransportServerInitializer) {
        this.m_ctsi = null;
        this.m_codec = codec;
        this.m_orb = orb;
        this.m_ctsi = cSITransportServerInitializer;
    }

    public String name() {
        return "CSIServerInterceptor";
    }

    private void addSASServiceContext(ServerRequestInfo serverRequestInfo, byte[] bArr) {
        ServiceContext serviceContext = new ServiceContext();
        serviceContext.context_id = 15;
        serviceContext.context_data = bArr;
        serverRequestInfo.add_reply_service_context(serviceContext, true);
    }

    private SASContextBody getSASContextBodyFromSC(ServerRequestInfo serverRequestInfo) {
        SASContextBody sASContextBody = null;
        ServiceContext serviceContext = serverRequestInfo.get_request_service_context(15);
        if (serviceContext != null) {
            this.m_orb.create_any();
            try {
                sASContextBody = SASContextBodyHelper.extract(this.m_codec.decode_value(serviceContext.context_data, SASContextBodyHelper.type()));
            } catch (Exception e) {
                throw new CascadingRuntimeException("CDR Decoding error for SAS context element.", e);
            }
        }
        return sASContextBody;
    }

    private void throwNoPermission(ServerRequestInfo serverRequestInfo, int i, int i2, int i3, String str) {
        CSIContextError create = CSIContextError.create(this.m_orb, this.m_codec, i, i2, i3);
        if (getLogger().isDebugEnabled() && Trace.isLow()) {
            getLogger().debug(new StringBuffer().append("Throwing NO_PERMISSION: ").append(str).toString());
        }
        addSASServiceContext(serverRequestInfo, create.getEncodedSASContextBody(this.m_orb));
        throw new NO_PERMISSION(str, 0, CompletionStatus.COMPLETED_NO);
    }

    private String getSubjectNameFromCertificates(ServerRequestInfo serverRequestInfo) {
        String str = null;
        if (serverRequestInfo instanceof IIOPServerRequest) {
            SSLTransport transport = ((IIOPServerRequest) serverRequestInfo).getTransport();
            if (transport instanceof SSLTransport) {
                try {
                    X509Certificate[] peerCertificateChain = transport.getSocketSession().getPeerCertificateChain();
                    if (getLogger().isDebugEnabled() && Trace.isHigh()) {
                        getLogger().debug(new StringBuffer().append("Peer certificates: #").append(peerCertificateChain.length).toString());
                        for (int i = 0; i < peerCertificateChain.length; i++) {
                            getLogger().debug(new StringBuffer().append("[ ").append(i).append(" ]: ").append(peerCertificateChain[i]).toString());
                        }
                    }
                    if (peerCertificateChain.length >= 1) {
                        str = peerCertificateChain[0].getSubjectDN().getName();
                    }
                } catch (SSLPeerUnverifiedException e) {
                    if (getLogger().isWarnEnabled()) {
                        getLogger().warn("The client was not authenticated, couldn't get DN from peer");
                    }
                }
            } else if (getLogger().isWarnEnabled()) {
                getLogger().warn("Can't get DN from peer because we are running over plain IIOP");
            }
        }
        return str;
    }

    private String getClientASIdentity(ServerRequestInfo serverRequestInfo, CSIEstablishContext cSIEstablishContext) {
        String subjectNameFromCertificates;
        if (cSIEstablishContext.hasAuthenticationToken()) {
            subjectNameFromCertificates = cSIEstablishContext.getUsername();
        } else {
            subjectNameFromCertificates = getSubjectNameFromCertificates(serverRequestInfo);
            if (getLogger().isDebugEnabled() && Trace.isHigh()) {
                DistinguishedName parse = DistinguishedName.parse(subjectNameFromCertificates);
                getLogger().debug(new StringBuffer().append("DN1: '").append(parse).append("'").toString());
                DistinguishedName parse2 = DistinguishedName.parse("CN=basic, OU=basic, O=basic, L=basic, ST=basic, C=basic");
                getLogger().debug(new StringBuffer().append("DN2: '").append(parse2).append("'").toString());
                getLogger().debug(new StringBuffer().append("DN1==DN2: '").append(parse.equals(parse2)).append("'").toString());
            }
        }
        return subjectNameFromCertificates;
    }

    public void receive_request_service_contexts(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
        String identityPrincipalName;
        SASContextBody sASContextBodyFromSC = getSASContextBodyFromSC(serverRequestInfo);
        if (sASContextBodyFromSC != null) {
            if (getLogger().isDebugEnabled() && Trace.isMedium()) {
                getLogger().debug(new StringBuffer().append("SAS SC: Server calling method '").append(serverRequestInfo.operation()).append("' ( request id = ").append(serverRequestInfo.request_id()).append(" )").toString());
            }
            switch (sASContextBodyFromSC.discriminator()) {
                case 0:
                    CSIEstablishContext create = CSIEstablishContext.create(this.m_codec, sASContextBodyFromSC.establish_msg());
                    if (getLogger().isDebugEnabled() && Trace.isMedium()) {
                        getLogger().debug(new StringBuffer().append("SAS SC: Server received message: EstablishContext\n").append(create).toString());
                    }
                    String targetName = create.getTargetName();
                    if (targetName != null && !targetName.equals(CSIServerContext.getRealm())) {
                        throwNoPermission(serverRequestInfo, 0, 0, 4, "Target names do not match");
                    }
                    String clientASIdentity = getClientASIdentity(serverRequestInfo, create);
                    if (clientASIdentity == null) {
                        throwNoPermission(serverRequestInfo, 0, 0, 2, "Couldn't get client identity");
                    }
                    char[] password = create.getPassword();
                    try {
                        LoginContext loginContext = new LoginContext("CSIv2Server", new CSIServerJAASModule.CSICallbackHandler(clientASIdentity, password));
                        if (getLogger().isDebugEnabled() && Trace.isHigh()) {
                            getLogger().debug(new StringBuffer().append("SAS SC: Trying to login as '").append(clientASIdentity).append("'").append(" (password=").append(new String(password)).append(")").toString());
                        }
                        if (loginContext != null) {
                            try {
                                loginContext.login();
                            } catch (LoginException e) {
                                throwNoPermission(serverRequestInfo, 0, 0, 1, new StringBuffer().append("LoginException: ").append(e).toString());
                            } catch (FailedLoginException e2) {
                                String message = e2.getMessage();
                                int i = 1;
                                if (message.startsWith(CSIServerJAASModule.MSG_USERNAME_INCORRECT)) {
                                    i = 2;
                                } else if (message.startsWith(CSIServerJAASModule.MSG_USERNAME_INCORRECT)) {
                                    i = 3;
                                }
                                throwNoPermission(serverRequestInfo, 0, 0, i, new StringBuffer().append("FailedLoginException: ").append(e2).toString());
                            }
                        }
                        if (getLogger().isDebugEnabled() && Trace.isLow()) {
                            getLogger().debug("SAS SC: Login succeeded");
                        }
                        if (create.hasIdentityToken() && (identityPrincipalName = create.getIdentityPrincipalName()) != null) {
                            String userIdentity = CSIServerContext.getUserIdentity(clientASIdentity);
                            if (!userIdentity.equals(identityPrincipalName)) {
                                throwNoPermission(serverRequestInfo, 0, 0, 1, new StringBuffer().append("Identity '").append(identityPrincipalName).append("' does not match user's identity '").append(userIdentity).append("'").toString());
                            }
                        }
                        CSICompleteEstablishContext create2 = CSICompleteEstablishContext.create(this.m_codec);
                        if (getLogger().isDebugEnabled() && Trace.isMedium()) {
                            getLogger().debug(new StringBuffer().append("SAS SC: Server sending message: CompleteEstablishContext\n").append(create2).toString());
                        }
                        addSASServiceContext(serverRequestInfo, create2.getEncodedSASContextBody(this.m_orb));
                        return;
                    } catch (SecurityException e3) {
                        System.err.println(new StringBuffer().append("Cannot create LoginContext. ").append(e3.getMessage()).toString());
                        throw new NO_PERMISSION(new StringBuffer().append("SecurityException: ").append(e3).toString(), 0, CompletionStatus.COMPLETED_NO);
                    } catch (LoginException e4) {
                        System.err.println(new StringBuffer().append("Cannot create LoginContext. ").append(e4.getMessage()).toString());
                        throw new NO_PERMISSION(new StringBuffer().append("LoginException: ").append(e4).toString(), 0, CompletionStatus.COMPLETED_NO);
                    } catch (Exception e5) {
                        e5.printStackTrace();
                        throw new NO_PERMISSION(new StringBuffer().append("Unexpected Exception: ").append(e5).toString(), 0, CompletionStatus.COMPLETED_NO);
                    }
                case 1:
                    throw new INTERNAL("The CSIv2 TSS is not supposed to receive a CompleteEstablishContext message.");
                case 2:
                case 3:
                default:
                    return;
                case 4:
                    throw new INTERNAL("The CSIv2 TSS is not supposed to receive a ContextError message.");
                case 5:
                    throw new INTERNAL("The MessageInContext message is send by stateful CSIv2 implementations only. This message is currently not supported by this implementation.");
            }
        }
    }

    public void send_reply(ServerRequestInfo serverRequestInfo) {
    }

    public void receive_request(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    public void send_exception(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    public void send_other(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    public void destroy() {
    }
}
