package com.ibm.ISecurityLocalObjectBaseL13Impl;

import com.ibm.CORBA.iiop.ExtendedClientRequestInfo;
import com.ibm.CORBA.iiop.ExtendedORBInitInfo;
import com.ibm.CORBA.iiop.ORB;
import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ISecurityL13SupportImpl.SecurityMessages;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.ClientSessionKey;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSFactory;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.OID;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionEntry;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionManager;
import com.ibm.ISecurityUtilityImpl.CSIUtil;
import com.ibm.ISecurityUtilityImpl.ConfigURLProperties;
import com.ibm.ISecurityUtilityImpl.MechanismAmbiguityException;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ISecurityUtilityImpl.SecConstants;
import com.ibm.ISecurityUtilityImpl.SecurityConfiguration;
import com.ibm.ISecurityUtilityImpl.SecurityMinorCodes;
import com.ibm.ISecurityUtilityImpl.SecurityProtocol;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.ISecurityUtilityImpl.VaultConstants;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.orb.transport.ConnectionData;
import com.ibm.ws.orbimpl.transport.ConnectionInformationImpl;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.util.AccessController;
import com.ibm.wsspi.security.csiv2.CSIv2PerformPolicy;
import com.ibm.wsspi.security.token.TokenHolder;
import com.ibm.wsspi.security.token.WSOpaqueTokenHelper;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509CertSelector;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialExpiredException;
import org.omg.CORBA.Any;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.INTERNAL;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.Object;
import org.omg.CORBA.StringHolder;
import org.omg.CSI.EstablishContext;
import org.omg.CSI.GSS_NT_ExportedNameHelper;
import org.omg.CSI.IdentityToken;
import org.omg.CSI.KRB5MechOID;
import org.omg.CSI.MessageInContext;
import org.omg.CSI.X501DistinguishedNameHelper;
import org.omg.GSSUP.GSSUPMechOID;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ClientRequestInfo;
import org.omg.PortableInterceptor.ForwardRequest;
import org.omg.PortableInterceptor.ORBInitInfo;
import org.omg.Security.OpaqueHolder;
import org.omg.SecurityReplaceable.SecurityContextHolder;

/* loaded from: input_file:lib/sas.jar:com/ibm/ISecurityLocalObjectBaseL13Impl/CSIClientRI.class */
public class CSIClientRI extends CSIAllRI {
    private static final long serialVersionUID = 1749353143407384352L;

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIAllRI, com.ibm.ISecurityLocalObjectBaseL13Impl.CSIORBInit
    public void pre_init(ORBInitInfo oRBInitInfo) {
        if (ConfigURLProperties.isSecurityEnabled()) {
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugEntry("CSIClientRI.pre_init");
            }
            SecurityLogger.logAudit("CSIClientRI.pre_init", "security.ClientCSI");
            if (!ConfigURLProperties.getSecurityProtocol().equalsIgnoreCase(SecurityProtocol.IBMString)) {
                try {
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("CSIClientRI.pre_init", "Registering client request interceptor.");
                    }
                    this.slotid = oRBInitInfo.allocate_slot_id();
                    ((ExtendedORBInitInfo) oRBInitInfo).add_client_request_interceptor(this, false);
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.pre_init", "254", this);
                    SecurityLogger.debugMessage("CSIClientRI.pre_init", "An exception has been thrown registering the interceptor.");
                    SecurityLogger.logException("CSIClientRI.pre_init", e, 0, 0);
                }
            }
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.pre_init");
            }
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIORBInit
    public void post_init(ORBInitInfo oRBInitInfo) {
        if (ConfigURLProperties.isSecurityEnabled()) {
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugEntry("CSIClientRI.post_init");
            }
            this.myVault = VaultImpl.getInstance();
            this.csiUtil = new CSIUtil();
            if (this.myVault != null) {
                this.orb = this.myVault.getORB();
                this._mechanismFactory = this.myVault.getMechanismFactory();
                VaultImpl vaultImpl = this.myVault;
                this.secConfig = VaultImpl.getSecurityConfiguration();
            } else {
                SecurityLogger.logError("security.JSAS0010E", new Object[]{"CSIClientRI.post_init"});
            }
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.post_init");
            }
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIAllRI
    public void send_request(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        ServiceContext create_sc_from_mic_message;
        String str = "";
        if (SecurityLogger.debugTraceEnabled) {
            entry(clientRequestInfo, "CSIClientRI.send_request");
        }
        if (is_local(clientRequestInfo)) {
            send_request_local(clientRequestInfo);
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.send_request");
                return;
            }
            return;
        }
        CurrentImpl current = this.csiUtil.getCurrent();
        CSIv2EffectivePerformPolicy effectivePolicy = current.getEffectivePolicy();
        current.setEffectivePolicy(null);
        this.myVault.put_effective_policy(clientRequestInfo.request_id(), effectivePolicy);
        if (effectivePolicy == null) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRI.send_request", "Effective policy object is null, not a CSIv2 request.");
            }
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.send_request");
                return;
            }
            return;
        }
        if (SecurityLogger.debugTraceEnabled) {
            str = new StringBuffer().append("Effective policy object instance is: ").append(effectivePolicy).toString();
            SecurityLogger.debugMessage("CSIClientRI.send_request", str);
        }
        if (SecurityConnectionInterceptor.isSpecialNamingMethod(clientRequestInfo.operation(), clientRequestInfo.effective_target()) || SecurityConnectionInterceptor.isSpecialSSLRequiredNamingMethod(clientRequestInfo.operation(), clientRequestInfo.effective_target()) || !(effectivePolicy.getTargetTCPPort() == 0 || effectivePolicy.claimClientAuthenticationRequired() || !ORB.isSpecialMethod(clientRequestInfo.operation()))) {
            SecurityLogger.debugMessage("CSIClientRI.send_request", "Special naming method or other corba special method. Return from interceptor.");
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.send_request");
                return;
            }
            return;
        }
        SessionManager sessionManager = this.myVault.getSessionManager();
        SessionEntry sessionEntry = null;
        long j = 0;
        ClientSessionKey clientSessionKey = null;
        ConnectionInformationImpl connectionInformationImpl = (ConnectionInformationImpl) ((ExtendedClientRequestInfo) clientRequestInfo).getConnectionData();
        ConnectionData connectionData = connectionInformationImpl != null ? (ConnectionData) connectionInformationImpl.getConnectionData() : null;
        String connectionKey = connectionData != null ? connectionData.getConnectionKey() : "";
        if (SecurityLogger.debugTraceEnabled) {
            str = new StringBuffer().append(" cdata  != null ").append(connectionData).toString();
            SecurityLogger.debugMessage("CSIClientRI.send_request", str);
        }
        CSICredentialsManager cSICredentialsManager = new CSICredentialsManager();
        boolean performClientAuthentication = effectivePolicy.performClientAuthentication();
        boolean performIdentityAssertion = effectivePolicy.performIdentityAssertion();
        IdentityToken identityToken = new IdentityToken();
        boolean z = false;
        if (SecurityLogger.debugTraceEnabled) {
            str = new StringBuffer().append("Identity Assertion set: ").append(performIdentityAssertion).append("  Client Authentication set: ").append(performClientAuthentication).toString();
            SecurityLogger.debugMessage("CSIClientRI.send_request", str);
        }
        if (SecurityLogger.debugTraceEnabled) {
            str = new StringBuffer().append("Authorization token enabled? ").append(effectivePolicy.performAuthorizationToken()).toString();
            SecurityLogger.debugMessage("CSIClientRI.send_request", str);
        }
        if (!performIdentityAssertion) {
            identityToken.absent(true);
            if (SecurityLogger.debugTraceEnabled) {
                str = "Identity Assertion set to absent: ";
                SecurityLogger.debugMessage("CSIClientRI.send_request", str);
            }
        }
        if (performClientAuthentication || performIdentityAssertion) {
            String realm = RealmSecurityName.getRealm(effectivePolicy.getTargetSecurityName());
            if (realm == null || realm.equals("")) {
                realm = effectivePolicy.getTargetSecurityName();
            }
            String targetHostName = effectivePolicy.getTargetHostName();
            if (SecurityLogger.debugTraceEnabled) {
                str = new StringBuffer().append("Target Realm Name: ").append(realm).append(", Target Host: ").append(targetHostName).toString();
                SecurityLogger.debugMessage("CSIClientRI.send_request", str);
            }
            Subject subject = null;
            if (performIdentityAssertion) {
                subject = (Subject) AccessController.doPrivileged(new PrivilegedAction(this, cSICredentialsManager) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.1
                    private final CSICredentialsManager val$credsMgr;
                    private final CSIClientRI this$0;

                    {
                        this.this$0 = this;
                        this.val$credsMgr = cSICredentialsManager;
                    }

                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        return this.val$credsMgr.getInvocationSubject();
                    }
                });
            } else if (realm != null && !realm.equals("") && targetHostName != null && !targetHostName.equals("")) {
                String str2 = realm;
                boolean validateBasicAuth = this.secConfig.validateBasicAuth();
                try {
                    try {
                        if (effectivePolicy.claimClientAuthenticationRequired()) {
                            this.secConfig.setValidateBasicAuth(false);
                        }
                        subject = (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction(this, cSICredentialsManager, str2, targetHostName) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.2
                            private final CSICredentialsManager val$tmpcredsMgr;
                            private final String val$in_targetRealmName;
                            private final String val$in_targetHostName;
                            private final CSIClientRI this$0;

                            {
                                this.this$0 = this;
                                this.val$tmpcredsMgr = cSICredentialsManager;
                                this.val$in_targetRealmName = str2;
                                this.val$in_targetHostName = targetHostName;
                            }

                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws Exception {
                                return this.val$tmpcredsMgr.getClientSubject(this.val$in_targetRealmName, this.val$in_targetHostName);
                            }
                        });
                        if (effectivePolicy.claimClientAuthenticationRequired()) {
                            this.secConfig.setValidateBasicAuth(validateBasicAuth);
                        }
                    } catch (Throwable th) {
                        if (effectivePolicy.claimClientAuthenticationRequired()) {
                            this.secConfig.setValidateBasicAuth(validateBasicAuth);
                        }
                        throw th;
                    }
                } catch (PrivilegedActionException e) {
                    FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.send_request", "487", this);
                    Exception exception = e.getException();
                    SecurityLogger.logException("CSIClientRI.send_request", exception, 0, 0);
                    throw new NO_PERMISSION(exception.getMessage(), 1229079296, CompletionStatus.COMPLETED_NO);
                }
            }
            if (subject == null) {
                if (SecurityLogger.traceEnabled) {
                    str = SecurityMessages.getMsgOrUseDefault("JSAS0020W", "JSAS0020W: Unable to get credentials.");
                    SecurityLogger.traceMessage("CSIClientRI.send_request", str);
                }
                if (this.secConfig.getCSIv2PerformClientAuthenticationRequired() || effectivePolicy.claimClientAuthenticationRequired()) {
                    if (SecurityLogger.traceEnabled) {
                        str = "ERROR: No credential found, client auth required by client or server, throwing NO_PERMISSION.";
                        SecurityLogger.traceMessage("CSIClientRI.send_request", str);
                    }
                    throw new NO_PERMISSION(str, SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
                }
                if (SecurityLogger.traceEnabled) {
                    SecurityLogger.traceMessage("CSIClientRI.send_request", "WARNING: No credential found, client auth not required, sending out unauthenticated.");
                    return;
                }
                return;
            }
            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
            if (wSCredentialFromSubject.isUnauthenticated()) {
                if (SecurityLogger.debugTraceEnabled) {
                    str = "Encountered unauthenticated credential.";
                    SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                }
                if (!current.getAllowUnauthCredForAuthenticate() && !performIdentityAssertion && (this.secConfig.getCSIv2PerformClientAuthenticationRequired() || effectivePolicy.claimClientAuthenticationRequired())) {
                    if (SecurityLogger.traceEnabled) {
                        str = "ERROR: Unauthenticated credential found, client auth required by client or server, throwing NO_PERMISSION.";
                        SecurityLogger.traceMessage("CSIClientRI.send_request", str);
                    }
                    throw new NO_PERMISSION(str, SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
                }
                if (!performIdentityAssertion) {
                    if (SecurityLogger.traceEnabled) {
                        SecurityLogger.traceMessage("CSIClientRI.send_request", "Unauthenticated credential found, client auth not required, sending out unauthenticated.");
                        return;
                    }
                    return;
                } else {
                    if ((effectivePolicy.getPerformIdentityTokenType() & 1) == 0) {
                        SecurityLogger.logError("security.JSAS0489E", new Object[]{"CSIClientRI.send_request"});
                        throw new NO_PERMISSION("security.JSAS0489E", SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
                    }
                    if (SecurityLogger.debugTraceEnabled) {
                        str = "Identity Assertion set to anonymous: ";
                        SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                    }
                    identityToken.anonymous(true);
                    z = true;
                    try {
                        current.set_invocation_subject(subject);
                    } catch (Exception e2) {
                        FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.send_request", "570", this);
                        SecurityLogger.logException("CSIClientRI.send_request", e2, 0, 0);
                    }
                }
            }
            try {
                if (this.secConfig.processIsServer() && !ContextManagerFactory.getInstance().getWSCredTokenMapper().checkValidityOfAllTokens(subject)) {
                    if (SecurityLogger.traceEnabled) {
                        SecurityLogger.traceMessage("CSIClientRI.send_request", SecurityMessages.getMsgOrUseDefault("JSAS0030W", "JSAS0030W: Credentials are invalid. Trying unauthenticated login."));
                    }
                    throw new NO_PERMISSION("Credentials have expired.", SecurityMinorCodes.CREDENTIAL_TOKEN_EXPIRED, CompletionStatus.COMPLETED_NO);
                }
                if (effectivePolicy.isStateful()) {
                    String str3 = "";
                    try {
                        if (connectionData != null) {
                            str3 = new StringBuffer().append(connectionData.getLocalHost()).append(":").append(connectionData.getLocalPort()).toString();
                            if (SecurityLogger.traceEnabled) {
                                str = new StringBuffer().append("localHostPort for client session key: ").append(str3).toString();
                                SecurityLogger.traceMessage("CSIClientRI.send_request", str);
                            }
                        } else if (SecurityLogger.traceEnabled) {
                            str = "Connection data is null, this may cause a problem with multi-thread stateful clients.";
                            SecurityLogger.traceMessage("CSIClientRI.send_request", str);
                        }
                        String clientUniqueIDForOutboundRequests = this.secConfig.processIsServer() ? ContextManagerFactory.getInstance().getClientUniqueIDForOutboundRequests(subject) : null;
                        if (clientUniqueIDForOutboundRequests == null) {
                            clientUniqueIDForOutboundRequests = wSCredentialFromSubject.getRealmUniqueSecurityName();
                        }
                        clientSessionKey = new ClientSessionKey(clientUniqueIDForOutboundRequests, Integer.toString(wSCredentialFromSubject.hashCode()), new Long(wSCredentialFromSubject.getExpiration()).toString(), realm, connectionKey, str3);
                        effectivePolicy.setClientSessionKey(clientSessionKey);
                        sessionEntry = sessionManager.csi_client_session_lookup(clientSessionKey);
                        if (sessionEntry != null) {
                            j = sessionEntry.get_client_context_id();
                            switch (sessionEntry.get_session_state()) {
                                case 1:
                                    if (SecurityLogger.debugTraceEnabled) {
                                        str = "Session state:  SESSION_IN_COMPLETE_STATE.  Proceeding with MessageInContext.";
                                        SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                    }
                                    MessageInContext messageInContext = new MessageInContext(sessionEntry.get_client_context_id(), false);
                                    this.csiUtil.print_mic_message(messageInContext, "CSIClientRI.send_request");
                                    create_sc_from_mic_message = messageInContext != null ? this.csiUtil.create_sc_from_mic_message(messageInContext) : null;
                                    if (create_sc_from_mic_message != null) {
                                        clientRequestInfo.add_request_service_context(create_sc_from_mic_message, true);
                                        effectivePolicy.setStatefulContextID(sessionEntry.get_client_context_id());
                                        effectivePolicy.setClientSessionKey(clientSessionKey);
                                        this.csiUtil.getVault().put_effective_policy(clientRequestInfo.request_id(), effectivePolicy);
                                        this.csiUtil.setUnauthenticatedToNullIfNeeded();
                                        if (SecurityLogger.debugTraceEnabled) {
                                            SecurityLogger.debugMessage("CSIClientRI.send_request", "*** SENDING REQUEST ***");
                                        }
                                        if (SecurityLogger.debugEntryEnabled) {
                                            SecurityLogger.debugExit("CSIClientRI.send_request");
                                            return;
                                        }
                                        return;
                                    }
                                    if (SecurityLogger.debugTraceEnabled) {
                                        str = "Service context not available.  Going out in stateless mode.";
                                        SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                    }
                                    j = 0;
                                    break;
                                case 2:
                                    if (SecurityLogger.debugTraceEnabled) {
                                        str = "Session state:  SESSION_IN_INCOMPLETE_STATE.  Proceeding to authenticate in stateless mode.";
                                        SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                    }
                                    j = 0;
                                    break;
                                case 3:
                                case 5:
                                default:
                                    if (SecurityLogger.debugTraceEnabled) {
                                        str = "Session state:  INVALID STATE.  Proceeding to authenticate in stateless mode.";
                                        SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                    }
                                    sessionEntry.set_session_state(7);
                                    j = 0;
                                    break;
                                case 4:
                                    if (SecurityLogger.debugTraceEnabled) {
                                        str = "Session state:  SESSION_NEW.  Proceeding to authenticate in stateful mode.";
                                        SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                    }
                                    sessionEntry.set_session_state(2);
                                    break;
                                case 6:
                                    if (SecurityLogger.debugTraceEnabled) {
                                        str = "Session state:  SESSION_AUTHENTICATING.  Proceeding to EstablishContext in stateful mode.";
                                        SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                    }
                                    EstablishContext establishContext = sessionEntry.get_ec_message();
                                    if (establishContext != null) {
                                        this.csiUtil.print_ec_message(establishContext, "CSIClientRI.send_request");
                                    }
                                    create_sc_from_mic_message = establishContext != null ? this.csiUtil.create_sc_from_ec_message(establishContext) : null;
                                    if (create_sc_from_mic_message != null) {
                                        clientRequestInfo.add_request_service_context(create_sc_from_mic_message, true);
                                        effectivePolicy.setStatefulContextID(sessionEntry.get_client_context_id());
                                        effectivePolicy.setClientSessionKey(clientSessionKey);
                                        this.csiUtil.getVault().put_effective_policy(clientRequestInfo.request_id(), effectivePolicy);
                                        this.csiUtil.setUnauthenticatedToNullIfNeeded();
                                        if (SecurityLogger.debugTraceEnabled) {
                                            SecurityLogger.debugMessage("CSIClientRI.send_request", "*** SENDING REQUEST ***");
                                        }
                                        if (SecurityLogger.debugEntryEnabled) {
                                            SecurityLogger.debugExit("CSIClientRI.send_request");
                                            return;
                                        }
                                        return;
                                    }
                                    if (SecurityLogger.debugTraceEnabled) {
                                        str = "Service context not available in existing session.  Going out in stateless mode.";
                                        SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                    }
                                    j = 0;
                                    break;
                            }
                        } else {
                            j = 0;
                        }
                    } catch (Exception e3) {
                        FFDCFilter.processException(e3, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.send_request", "701", this);
                        if (SecurityLogger.traceEnabled) {
                            SecurityLogger.traceMessage("CSIClientRI.send_request", SecurityMessages.getMsgOrUseDefault("JSAS0030W", "JSAS0030W: Credentials are invalid. Trying unauthenticated login."));
                        }
                        SecurityLogger.logException("CSIClientRI.send_request", e3, 0, 0);
                        throw new NO_PERMISSION(new StringBuffer().append("Credentials have expired.  Exception = ").append(e3).toString(), SecurityMinorCodes.CREDENTIAL_TOKEN_EXPIRED, CompletionStatus.COMPLETED_NO);
                    }
                } else if (SecurityLogger.debugTraceEnabled) {
                    str = "This is a stateless request.";
                    SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                }
                effectivePolicy.setStatefulContextID(j);
                effectivePolicy.setClientSessionKey(clientSessionKey);
                this.csiUtil.getVault().put_effective_policy(clientRequestInfo.request_id(), effectivePolicy);
                if (effectivePolicy.performAuthorizationToken() || this.secConfig.isRMIOutboundLoginEnabled()) {
                    try {
                        if (SecurityLogger.debugTraceEnabled) {
                            str = new StringBuffer().append("Going into outbound login config.  Outbound login: ").append(this.secConfig.isRMIOutboundLoginEnabled()).append(", Authz Token: ").append(effectivePolicy.performAuthorizationToken()).toString();
                            SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                        }
                        CSIv2PerformPolicy cSIv2PerformPolicy = new CSIv2PerformPolicy(effectivePolicy);
                        Subject subject2 = subject;
                        subject = this.secConfig.processIsServer() ? (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction(this, subject2, this.secConfig, cSIv2PerformPolicy) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.3
                            private final Subject val$subjectPriv;
                            private final SecurityConfiguration val$secConfigPriv;
                            private final CSIv2PerformPolicy val$csiv2PerformPolicy;
                            private final CSIClientRI this$0;

                            {
                                this.this$0 = this;
                                this.val$subjectPriv = subject2;
                                this.val$secConfigPriv = r6;
                                this.val$csiv2PerformPolicy = cSIv2PerformPolicy;
                            }

                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws WSLoginFailedException {
                                return ContextManagerFactory.getInstance().login(this.val$secConfigPriv.getRMIOutboundLoginConfig(), this.val$csiv2PerformPolicy, SubjectHelper.createNewSubjectFromExisting(this.val$subjectPriv));
                            }
                        }) : (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction(this, subject2) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.4
                            private final Subject val$subjectPriv;
                            private final CSIClientRI this$0;

                            {
                                this.this$0 = this;
                                this.val$subjectPriv = subject2;
                            }

                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws WSLoginFailedException {
                                Subject createNewSubjectFromExisting = SubjectHelper.createNewSubjectFromExisting(this.val$subjectPriv);
                                byte[] createOpaqueTokenFromSubject = WSOpaqueTokenHelper.getInstance().createOpaqueTokenFromSubject(this.val$subjectPriv);
                                if (createOpaqueTokenFromSubject != null) {
                                    createNewSubjectFromExisting.getPrivateCredentials().add(new TokenHolder(createOpaqueTokenFromSubject, WSOpaqueTokenHelper.getInstance().getOpaqueTokenName(), WSOpaqueTokenHelper.getInstance().getOpaqueTokenVersion()));
                                }
                                return createNewSubjectFromExisting;
                            }
                        });
                        if (SecurityLogger.debugTraceEnabled) {
                            str = (String) AccessController.doPrivileged(new PrivilegedAction(this, subject) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.5
                                private final Subject val$newSubjectPriv;
                                private final CSIClientRI this$0;

                                {
                                    this.this$0 = this;
                                    this.val$newSubjectPriv = subject;
                                }

                                @Override // java.security.PrivilegedAction
                                public Object run() {
                                    return new StringBuffer().append("Subject with opaque token: ").append(this.val$newSubjectPriv).toString();
                                }
                            });
                            SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                        }
                    } catch (PrivilegedActionException e4) {
                        FFDCFilter.processException(e4, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.send_request", "962", this);
                        Exception exception2 = e4.getException();
                        SecurityLogger.logException("CSIClientRI.send_request", exception2, 0, 0);
                        throw new NO_PERMISSION(new StringBuffer().append("Problem occurred in credential mapping or attribute propagation.  Exception = ").append(exception2.toString()).toString(), 1229079296, CompletionStatus.COMPLETED_NO);
                    } catch (Exception e5) {
                        FFDCFilter.processException(e5, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.send_request", "970", this);
                        SecurityLogger.debugMessage("CSIClientRI.send_request", "Java runtime exception.");
                        SecurityLogger.logException("CSIClientRI.send_request", e5, 0, 0);
                        throw new INTERNAL(new StringBuffer().append("Java runtime exception.  Exception = ").append(e5.toString()).toString(), SecurityMinorCodes.JAVA_EXCEPTION, CompletionStatus.COMPLETED_NO);
                    }
                }
                SecurityContextHolder securityContextHolder = new SecurityContextHolder();
                try {
                    String str4 = null;
                    String performClientAuthMechOID = effectivePolicy.getPerformClientAuthMechOID();
                    if (OID.compareOIDs(performClientAuthMechOID, GSSUPMechOID.value)) {
                        str4 = VaultConstants.GSSUP_MECH_TYPE;
                    } else if (OID.compareOIDs(performClientAuthMechOID, this.secConfig.getWSSecurityContextCustomOID())) {
                        str4 = VaultConstants.CUSTOM_MECH_TYPE;
                    } else if (OID.compareOIDs(performClientAuthMechOID, "oid:1.3.18.0.2.30.2")) {
                        str4 = VaultConstants.LTPA_MECH_TYPE;
                    } else if (OID.compareOIDs(performClientAuthMechOID, KRB5MechOID.value)) {
                        str4 = VaultConstants.KRB5_MECH_TYPE;
                    } else {
                        String[] performIDANamingMechList = effectivePolicy.getPerformIDANamingMechList();
                        if (performIDANamingMechList != null) {
                            for (int i = 0; i < performIDANamingMechList.length; i++) {
                                if (OID.compareOIDs(performIDANamingMechList[i], GSSUPMechOID.value)) {
                                    str4 = VaultConstants.GSSUP_MECH_TYPE;
                                } else if (OID.compareOIDs(performIDANamingMechList[i], this.secConfig.getWSSecurityContextCustomOID())) {
                                    str4 = VaultConstants.CUSTOM_MECH_TYPE;
                                } else if (OID.compareOIDs(performIDANamingMechList[i], KRB5MechOID.value)) {
                                    str4 = VaultConstants.KRB5_MECH_TYPE;
                                } else if (OID.compareOIDs(performIDANamingMechList[i], "oid:1.3.18.0.2.30.2")) {
                                    str4 = VaultConstants.LTPA_MECH_TYPE;
                                }
                            }
                        }
                        if (str4 == null) {
                            str4 = VaultConstants.GSSUP_MECH_TYPE;
                        }
                    }
                    if (SecurityLogger.debugTraceEnabled) {
                        str = new StringBuffer().append("Creating ").append(str4).append(" security context.").toString();
                        SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                    }
                    securityContextHolder.value = (SecurityContextImpl) this._mechanismFactory.getSecurityContext(str4, connectionKey, 2);
                    if (performIdentityAssertion && !z) {
                        try {
                            PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction(this, wSCredentialFromSubject) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.6
                                private final WSCredential val$wsPrivCred;
                                private final CSIClientRI this$0;

                                {
                                    this.this$0 = this;
                                    this.val$wsPrivCred = wSCredentialFromSubject;
                                }

                                @Override // java.security.PrivilegedExceptionAction
                                public Object run() throws WSLoginFailedException, CredentialDestroyedException, CredentialExpiredException {
                                    return this.val$wsPrivCred.get("wssecurity.identity_name");
                                }
                            };
                            PrivilegedExceptionAction privilegedExceptionAction2 = new PrivilegedExceptionAction(this, wSCredentialFromSubject) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.7
                                private final WSCredential val$wsPrivCred;
                                private final CSIClientRI this$0;

                                {
                                    this.this$0 = this;
                                    this.val$wsPrivCred = wSCredentialFromSubject;
                                }

                                @Override // java.security.PrivilegedExceptionAction
                                public Object run() throws WSLoginFailedException, CredentialDestroyedException, CredentialExpiredException {
                                    return this.val$wsPrivCred.get("wssecurity.identity_value");
                                }
                            };
                            try {
                                String str5 = (String) AccessController.doPrivileged(privilegedExceptionAction);
                                byte[] bArr = (byte[]) AccessController.doPrivileged(privilegedExceptionAction2);
                                if (str5 == null) {
                                    str5 = VaultConstants.ClientAuthToken;
                                    bArr = StringBytesConversion.getConvertedBytes(wSCredentialFromSubject.getRealmSecurityName());
                                }
                                boolean z2 = false;
                                boolean z3 = false;
                                boolean z4 = false;
                                String[] performIDANamingMechList2 = effectivePolicy.getPerformIDANamingMechList();
                                if (performIDANamingMechList2 == null) {
                                    z3 = true;
                                } else {
                                    for (int i2 = 0; i2 < performIDANamingMechList2.length; i2++) {
                                        if (OID.compareOIDs(performIDANamingMechList2[i2], GSSUPMechOID.value)) {
                                            z3 = true;
                                        }
                                        if (OID.compareOIDs(performIDANamingMechList2[i2], KRB5MechOID.value)) {
                                            z2 = true;
                                        }
                                        if (OID.compareOIDs(performIDANamingMechList2[i2], "oid:1.3.18.0.2.30.2")) {
                                            z4 = true;
                                        }
                                        if (SecurityLogger.debugTraceEnabled) {
                                            str = new StringBuffer().append("Mechanism available from target: ").append(performIDANamingMechList2[i2]).toString();
                                            SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                        }
                                    }
                                }
                                if (SecurityLogger.debugTraceEnabled) {
                                    str = new StringBuffer().append("Identity Name in Credential: ").append(str5).toString();
                                    SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                }
                                if (VaultConstants.ClientAuthToken.equals(str5) || VaultConstants.DeserializedSubjectIdentity.equals(str5)) {
                                    new StringHolder();
                                    new OpaqueHolder();
                                    String convertedString = StringBytesConversion.getConvertedString(bArr);
                                    String realm2 = RealmSecurityName.getRealm(convertedString);
                                    String securityName = RealmSecurityName.getSecurityName(convertedString);
                                    boolean z5 = (this.secConfig.assertLDAPShortName() || !this.secConfig.getActiveUserRegistry().equals("LDAP") || (effectivePolicy.getPerformIdentityTokenType() & 8) == 0) ? false : true;
                                    if (SecurityLogger.debugTraceEnabled) {
                                        str = new StringBuffer().append("performDNAssertion: ").append(z5).toString();
                                        SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                    }
                                    if (z5 || (effectivePolicy.getPerformIdentityTokenType() & 2) == 0) {
                                        if (!z5) {
                                            SecurityLogger.logError("security.JSAS0490E", new Object[]{"CSIClientRI.send_request"});
                                            if (effectivePolicy.isStateful() && sessionEntry != null && j != 0) {
                                                sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                                            }
                                            throw new NO_PERMISSION("security.JSAS0490E", SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
                                        }
                                        try {
                                            String uniqueSecurityName = wSCredentialFromSubject.getUniqueSecurityName();
                                            wSCredentialFromSubject.getRealmUniqueSecurityName();
                                            try {
                                                Any create_any = this.orb.create_any();
                                                X501DistinguishedNameHelper.insert(create_any, (byte[]) AccessController.doPrivileged(new PrivilegedExceptionAction(this, uniqueSecurityName) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.8
                                                    private final String val$doPriv_Principal;
                                                    private final CSIClientRI this$0;

                                                    {
                                                        this.this$0 = this;
                                                        this.val$doPriv_Principal = uniqueSecurityName;
                                                    }

                                                    @Override // java.security.PrivilegedExceptionAction
                                                    public Object run() throws Exception {
                                                        X509CertSelector x509CertSelector = new X509CertSelector();
                                                        x509CertSelector.setIssuer(this.val$doPriv_Principal);
                                                        return x509CertSelector.getIssuerAsBytes();
                                                    }
                                                }));
                                                identityToken.dn(this.csiUtil.getCodec().encode_value(create_any));
                                                if (SecurityLogger.debugTraceEnabled) {
                                                    str = new StringBuffer().append("Identity Assertion set to DN name (clientAuthenticationToken): ").append(uniqueSecurityName).toString();
                                                    SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                                }
                                            } catch (PrivilegedActionException e6) {
                                                FFDCFilter.processException(e6, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.send_request", "1303", this);
                                                SecurityLogger.logError("security.JSAS0622E", new Object[]{"CSIClientRI.send_request", e6.getException()});
                                                if (effectivePolicy.isStateful() && sessionEntry != null && j != 0) {
                                                    sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                                                }
                                                throw new NO_PERMISSION(new StringBuffer().append("security.JSAS0622E").append("  Privileged exception = ").append(e6).toString(), SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
                                            } catch (Exception e7) {
                                                FFDCFilter.processException(e7, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.send_request", "1316", this);
                                                SecurityLogger.logError("security.JSAS0622E", new Object[]{"CSIClientRI.send_request", e7});
                                                if (effectivePolicy.isStateful() && sessionEntry != null && j != 0) {
                                                    sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                                                }
                                                throw new NO_PERMISSION(new StringBuffer().append("security.JSAS0622E").append("  Original exception = ").append(e7).toString(), SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
                                            }
                                        } catch (Exception e8) {
                                            if (SecurityLogger.debugTraceEnabled) {
                                                str = new StringBuffer().append("Exception occurred getting unique security name from credential: ").append(e8.getMessage()).toString();
                                                SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                                SecurityLogger.traceException("CSIClientRI.send_request", e8, 0, 0);
                                            }
                                            FFDCFilter.processException(e8, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.send_request", "1263", this);
                                            throw new NO_PERMISSION(new StringBuffer().append(str).append("  Original exception = ").append(e8).toString(), SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
                                        }
                                    } else {
                                        try {
                                            Any create_any2 = this.orb.create_any();
                                            if (z3) {
                                                if (securityName != null && securityName.length() > 0 && securityName.indexOf("@") > -1) {
                                                    int length = securityName.length();
                                                    StringBuffer stringBuffer = new StringBuffer(2 * length);
                                                    for (int i3 = 0; i3 < length; i3++) {
                                                        char charAt = securityName.charAt(i3);
                                                        if (charAt == '@') {
                                                            stringBuffer.append(SecConstants.STRING_ESCAPE_CHARACTER).append(charAt);
                                                        } else {
                                                            stringBuffer.append(charAt);
                                                        }
                                                    }
                                                    securityName = stringBuffer.toString();
                                                }
                                                GSSFactory gSSFactory = new GSSFactory(GSSUPMechOID.value);
                                                if ((realm2 == null || realm2.equals("")) && securityName != null && !securityName.equals("")) {
                                                    GSS_NT_ExportedNameHelper.insert(create_any2, gSSFactory.encodeExportedTargetName(securityName));
                                                } else if (realm2 == null || realm2.equals("") || !(securityName == null || securityName.equals(""))) {
                                                    GSS_NT_ExportedNameHelper.insert(create_any2, gSSFactory.encodeExportedTargetName(new StringBuffer().append(securityName).append("@").append(realm2).toString()));
                                                } else {
                                                    GSS_NT_ExportedNameHelper.insert(create_any2, gSSFactory.encodeExportedTargetName(new StringBuffer().append("@").append(realm2).toString()));
                                                }
                                            } else if (!z2 && z4) {
                                                GSS_NT_ExportedNameHelper.insert(create_any2, new GSSFactory("oid:1.3.18.0.2.30.2").encodeExportedTargetName(convertedString));
                                            }
                                            identityToken.principal_name(this.csiUtil.getCodec().encode_value(create_any2));
                                            if (SecurityLogger.debugTraceEnabled) {
                                                str = new StringBuffer().append("Identity Assertion set to principal_name (clientAuthenticationToken): ").append(securityName).toString();
                                                SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                            }
                                        } catch (Exception e9) {
                                            FFDCFilter.processException(e9, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.send_request", "1229", this);
                                            SecurityLogger.logError("security.JSAS0622E", new Object[]{"CSIClientRI.send_request", e9});
                                            if (effectivePolicy.isStateful() && sessionEntry != null && j != 0) {
                                                sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                                            }
                                            throw new NO_PERMISSION(new StringBuffer().append("security.JSAS0622E").append("  Original exception = ").append(e9).toString(), SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
                                        }
                                    }
                                } else if (VaultConstants.ClientCertificate.equals(str5)) {
                                    if ((effectivePolicy.getPerformIdentityTokenType() & 4) == 0) {
                                        SecurityLogger.logError("security.JSAS0491E", new Object[]{"CSIClientRI.send_request"});
                                        if (effectivePolicy.isStateful() && sessionEntry != null && j != 0) {
                                            sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                                        }
                                        throw new NO_PERMISSION("security.JSAS0491E", SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
                                    }
                                    identityToken.certificate_chain(bArr);
                                    if (SecurityLogger.debugTraceEnabled) {
                                        str = "Identity Assertion set to certificates (clientCertificate): ";
                                        SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                    }
                                } else if (VaultConstants.ITTPrincipalName.equals(str5)) {
                                    if ((effectivePolicy.getPerformIdentityTokenType() & 2) == 0) {
                                        SecurityLogger.logError("security.JSAS0492E", new Object[]{"CSIClientRI.send_request"});
                                        if (effectivePolicy.isStateful() && sessionEntry != null && j != 0) {
                                            sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                                        }
                                        throw new NO_PERMISSION("security.JSAS0492E", SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
                                    }
                                    identityToken.principal_name(bArr);
                                    if (SecurityLogger.debugTraceEnabled) {
                                        str = "Identity Assertion set to principal_name (ITTPrincipalName): ";
                                        SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                    }
                                } else if (VaultConstants.ITTDistinguishedName.equals(str5)) {
                                    if ((effectivePolicy.getPerformIdentityTokenType() & 8) == 0) {
                                        SecurityLogger.logError("security.JSAS0493E", new Object[]{"CSIClientRI.send_request"});
                                        if (effectivePolicy.isStateful() && sessionEntry != null && j != 0) {
                                            sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                                        }
                                        throw new NO_PERMISSION("security.JSAS0493E", SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
                                    }
                                    identityToken.dn(bArr);
                                    if (SecurityLogger.debugTraceEnabled) {
                                        str = "Identity Assertion set to distinguished name (ITTDistinguishedName): ";
                                        SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                    }
                                } else if (VaultConstants.ITTX509CertChain.equals(str5)) {
                                    if ((effectivePolicy.getPerformIdentityTokenType() & 4) == 0) {
                                        SecurityLogger.logError("security.JSAS0491E", new Object[]{"CSIClientRI.send_request"});
                                        if (effectivePolicy.isStateful() && sessionEntry != null && j != 0) {
                                            sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                                        }
                                        throw new NO_PERMISSION("security.JSAS0491E", SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
                                    }
                                    identityToken.certificate_chain(bArr);
                                    if (SecurityLogger.debugTraceEnabled) {
                                        str = "Identity Assertion set to certificates (ITTX509CertChain): ";
                                        SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                    }
                                } else if (this.secConfig.getauthenticationTarget() == 4) {
                                    identityToken.absent(true);
                                    if (SecurityLogger.debugTraceEnabled) {
                                        str = "Identity Assertion set to absent: ";
                                        SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                    }
                                }
                            } catch (PrivilegedActionException e10) {
                                if (SecurityLogger.debugTraceEnabled) {
                                    SecurityLogger.debugMessage("CSIClientRI.send_request", new StringBuffer().append("Exception occurred: ").append(e10.getException().getMessage()).toString());
                                    SecurityLogger.traceException("CSIClientRI.send_request", e10.getException(), 0, 0);
                                }
                                FFDCFilter.processException(e10.getException(), "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.send_request", "1098", this);
                                throw e10.getException();
                            }
                        } catch (Exception e11) {
                            FFDCFilter.processException(e11, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.send_request", "1104", this);
                            SecurityLogger.logActivity("CSIClientRI.send_request", 0, "Cannot get Identity Values: ");
                            if (effectivePolicy.isStateful() && sessionEntry != null && j != 0) {
                                sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                            }
                            throw new NO_PERMISSION(new StringBuffer().append("Cannot get Identity Values: ").append("  Original exception = ").append(e11).toString(), SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
                        }
                    }
                    if (securityContextHolder == null || securityContextHolder.value == null) {
                        SecurityLogger.logError("security.JSAS0120E", new Object[]{"CSIClientRI.send_request"});
                        if (effectivePolicy.isStateful() && sessionEntry != null && j != 0) {
                            sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                        }
                        throw new NO_PERMISSION("security.JSAS0120E", SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
                    }
                    if (performClientAuthentication && !performIdentityAssertion) {
                        try {
                            if (SubjectHelper.getWSCredentialFromSubject(subject).getCredentialToken() == null && this.secConfig.processIsServer()) {
                                SecurityLogger.debugMessage("CSIClientRI.send_request", "The WSCredential does not contain a forwardable token. Please enable Identity Assertion for this scenario.");
                                throw new NO_PERMISSION("The WSCredential does not contain a forwardable token. Please enable Identity Assertion for this scenario.", SecurityMinorCodes.INVALID_CREDENTIAL_TOKEN, CompletionStatus.COMPLETED_NO);
                            }
                            ((SecurityContextImpl) securityContextHolder.value).set_target_host_and_port(targetHostName);
                            ((SecurityContextImpl) securityContextHolder.value).set_target_realm(realm);
                            ((SecurityContextImpl) securityContextHolder.value).setTokenType(VaultConstants.CLIENTAUTH_ONLY);
                            if (SecurityLogger.debugTraceEnabled) {
                                SecurityLogger.debugMessage("CSIClientRI.send_request", "Setting Client Authentication Token in the SecurityContextImpl. ");
                            }
                        } catch (Exception e12) {
                            if (SecurityLogger.debugTraceEnabled) {
                                str = new StringBuffer().append("Exception occurred getting token from credential: ").append(e12.getMessage()).toString();
                                SecurityLogger.debugMessage("CSIClientRI.send_request", str);
                                SecurityLogger.traceException("CSIClientRI.send_request", e12, 0, 0);
                            }
                            FFDCFilter.processException(e12, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.send_request", "1506", this);
                            throw new NO_PERMISSION(new StringBuffer().append(str).append("  Original exception = ").append(e12).toString(), SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
                        }
                    } else if (performIdentityAssertion && performClientAuthentication) {
                        ((SecurityContextImpl) securityContextHolder.value).setTokenType(VaultConstants.CLIENTAUTH_AND_IDENTITY);
                    } else if (performIdentityAssertion) {
                        ((SecurityContextImpl) securityContextHolder.value).setTokenType(VaultConstants.IDENTITY_ONLY);
                    }
                    ((SecurityContextImpl) securityContextHolder.value).setIdentityToken(identityToken);
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("CSIClientRI.send_request", "Setting Identity Token in the SecurityContextImpl. ");
                    }
                    ((SecurityContextImpl) securityContextHolder.value).setClientSubject(subject);
                    ((SecurityContextImpl) securityContextHolder.value).csi_client_preprotect(clientRequestInfo, securityContextHolder);
                } catch (MechanismAmbiguityException e13) {
                    FFDCFilter.processException(e13, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.send_request", "1037", this);
                    SecurityLogger.logError("security.JSAS0120E", new Object[]{"CSIClientRI.send_request", e13});
                    if (effectivePolicy.isStateful() && sessionEntry != null && j != 0) {
                        sessionManager.csi_client_session_status_update(j, clientSessionKey, 7);
                    }
                    throw new NO_PERMISSION(new StringBuffer().append("security.JSAS0120E").append("  Original exception = ").append(e13).toString(), SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
                }
            } catch (Exception e14) {
                FFDCFilter.processException(e14, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.send_request", "597", this);
                SecurityLogger.debugMessage("CSIClientRI.send_request", "Java runtime exception.");
                SecurityLogger.logException("CSIClientRI.send_request", e14, 0, 0);
                throw new INTERNAL(new StringBuffer().append("Java runtime exception.  Exception = ").append(e14).toString(), SecurityMinorCodes.JAVA_EXCEPTION, CompletionStatus.COMPLETED_NO);
            }
        } else if (effectivePolicy.performTLClientAuth() && connectionData.getConnectionType() == 1) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRI.send_request", "TLSClientAuth over SSL only, No security service returned.");
            }
        } else if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRI.send_request", "No security is required at csiv2 message and attribute layers.  No security context will be sent.");
        }
        if (effectivePolicy.isStateful() && sessionEntry != null && j != 0) {
            sessionManager.csi_client_session_status_update(j, clientSessionKey, 6);
        }
        this.csiUtil.setUnauthenticatedToNullIfNeeded();
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRI.send_request", "*** SENDING REQUEST ***");
        }
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIClientRI.send_request");
        }
    }

    public void send_request_local(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIAllRI
    public void receive_reply(ClientRequestInfo clientRequestInfo) {
        if (SecurityLogger.debugTraceEnabled) {
            entry(clientRequestInfo, "CSIClientRI.receive_reply");
        }
        if (is_local(clientRequestInfo)) {
            receive_reply_local(clientRequestInfo);
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.receive_reply");
                return;
            }
            return;
        }
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = this.myVault.get_effective_policy(clientRequestInfo.request_id());
        this.myVault.clear_effective_policy(clientRequestInfo.request_id());
        if (SecurityConnectionInterceptor.isSpecialNamingMethod(clientRequestInfo.operation(), clientRequestInfo.effective_target()) || SecurityConnectionInterceptor.isSpecialSSLRequiredNamingMethod(clientRequestInfo.operation(), clientRequestInfo.effective_target()) || ORB.isSpecialMethod(clientRequestInfo.operation())) {
            SecurityLogger.debugMessage("CSIClientRI.receive_reply", "Special naming method or other corba special method. Return from interceptor.");
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.receive_reply");
                return;
            }
            return;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRI.receive_reply", "*** RECEIVING REPLY ***");
        }
        this.myVault.getSessionManager().csi_client_session_complete(clientRequestInfo, cSIv2EffectivePerformPolicy);
        ServiceContext serviceContext = this.csiUtil.get_sc_from_reply(clientRequestInfo);
        if (cSIv2EffectivePerformPolicy != null && cSIv2EffectivePerformPolicy.performTLClientAuth() && !cSIv2EffectivePerformPolicy.performClientAuthentication() && !cSIv2EffectivePerformPolicy.performIdentityAssertion()) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRI.receive_reply", "Returning from SSL client authentication reply.");
            }
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.receive_reply");
                return;
            }
            return;
        }
        if (serviceContext == null) {
            this.myVault.clear_effective_policy(clientRequestInfo.request_id());
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRI.receive_reply", "No security context in message.  Either returned from MessageInContext or reply is not meant for CSIv2 interceptor.");
            }
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.receive_reply");
                return;
            }
            return;
        }
        if (serviceContext != null) {
            this.csiUtil.get_message_from_sc(serviceContext);
        }
        SecurityContextHolder securityContextHolder = new SecurityContextHolder();
        securityContextHolder.value = new com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl(this.myVault, "");
        ((SecurityContextImpl) securityContextHolder.value).csi_continue_security_context(clientRequestInfo, securityContextHolder);
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRI.receive_reply", "*** MESSAGE COMPLETED ***");
        }
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIClientRI.receive_reply");
        }
    }

    public void receive_reply_local(ClientRequestInfo clientRequestInfo) {
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIAllRI
    public void receive_exception(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        if (SecurityLogger.debugTraceEnabled) {
            entry(clientRequestInfo, "CSIClientRI.receive_exception");
        }
        if (is_local(clientRequestInfo)) {
            receive_exception_local(clientRequestInfo);
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.receive_exception");
                return;
            }
            return;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRI.receive_exception", "*** RECEIVING EXCEPTION ***");
        }
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = this.myVault.get_effective_policy(clientRequestInfo.request_id());
        this.myVault.clear_effective_policy(clientRequestInfo.request_id());
        String read_detailed_message = this.csiUtil.read_detailed_message(clientRequestInfo);
        if (!read_detailed_message.equals("")) {
            SecurityLogger.debugMessage("CSIClientRI.receive_exception", new StringBuffer().append("The following exception was received from the server: ").append(read_detailed_message).toString());
        }
        this.myVault.getSessionManager().csi_client_session_complete_exception(clientRequestInfo, cSIv2EffectivePerformPolicy);
        ServiceContext serviceContext = this.csiUtil.get_sc_from_reply(clientRequestInfo);
        if (cSIv2EffectivePerformPolicy != null && cSIv2EffectivePerformPolicy.performTLClientAuth() && !cSIv2EffectivePerformPolicy.performClientAuthentication() && !cSIv2EffectivePerformPolicy.performIdentityAssertion()) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRI.receive_exception", " TLSClientAuth over SSL only, return from receive_exception. ");
                SecurityLogger.debugMessage("CSIClientRI.receive_exception", "*** MESSAGE COMPLETED ***");
            }
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.receive_exception");
                return;
            }
            return;
        }
        if (serviceContext == null) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRI.receive_exception", "No CSIv2 service context in message, must be a SAS or insecure reply.");
            }
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.receive_exception");
                return;
            }
            return;
        }
        if (serviceContext != null) {
            this.csiUtil.get_message_from_sc(serviceContext);
        }
        SecurityContextHolder securityContextHolder = new SecurityContextHolder();
        securityContextHolder.value = new com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl(this.myVault, "");
        ((SecurityContextImpl) securityContextHolder.value).csi_continue_security_context(clientRequestInfo, securityContextHolder);
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRI.receive_exception", "*** MESSAGE COMPLETED ***");
        }
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIClientRI.receive_exception");
        }
    }

    public void receive_exception_local(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIAllRI
    public void receive_other(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        if (SecurityLogger.debugTraceEnabled) {
            entry(clientRequestInfo, "CSIClientRI.receive_other");
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRI.receive_other", "*** RECEIVE OTHER ***");
        }
        if (is_local(clientRequestInfo)) {
            receive_other_local(clientRequestInfo);
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.receive_other");
                return;
            }
            return;
        }
        if (SecurityConnectionInterceptor.isSpecialNamingMethod(clientRequestInfo.operation(), clientRequestInfo.effective_target()) || SecurityConnectionInterceptor.isSpecialSSLRequiredNamingMethod(clientRequestInfo.operation(), clientRequestInfo.effective_target()) || ORB.isSpecialMethod(clientRequestInfo.operation())) {
            SecurityLogger.debugMessage("CSIClientRI.receive_other", "Special naming method or other corba special method. Return from interceptor.");
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.receive_other");
                return;
            }
            return;
        }
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = this.myVault.get_effective_policy(clientRequestInfo.request_id());
        SessionManager sessionManager = this.myVault.getSessionManager();
        switch (clientRequestInfo.reply_status()) {
            case 0:
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRI.receive_other", "receive_other status: SUCCESSFUL.");
                }
                receive_reply(clientRequestInfo);
                break;
            case 3:
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRI.receive_other", "receive_other status: LOCATION_FORWARD.");
                }
                if (sessionManager != null && cSIv2EffectivePerformPolicy != null) {
                    sessionManager.csi_client_session_status_update(cSIv2EffectivePerformPolicy.getStatefulContextID(), cSIv2EffectivePerformPolicy.getClientSessionKey(), 7);
                    break;
                }
                break;
            default:
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRI.receive_other", new StringBuffer().append("receive_other status: ").append((int) clientRequestInfo.reply_status()).toString());
                }
                if (sessionManager != null && cSIv2EffectivePerformPolicy != null) {
                    sessionManager.csi_client_session_status_update(cSIv2EffectivePerformPolicy.getStatefulContextID(), cSIv2EffectivePerformPolicy.getClientSessionKey(), 7);
                    break;
                }
                break;
        }
        this.myVault.clear_effective_policy(clientRequestInfo.request_id());
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIClientRI.receive_other");
        }
    }

    public void receive_other_local(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
    }

    public boolean is_local(ClientRequestInfo clientRequestInfo) {
        if (((ExtendedClientRequestInfo) clientRequestInfo).isLocal()) {
            if (!SecurityLogger.debugTraceEnabled) {
                return true;
            }
            SecurityLogger.debugMessage("CSIClientRI.is_local", "Local ORB request.");
            return true;
        }
        if (!SecurityLogger.debugTraceEnabled) {
            return false;
        }
        SecurityLogger.debugMessage("CSIClientRI.is_local", "Remote ORB request.");
        return false;
    }

    public void entry(ClientRequestInfo clientRequestInfo, String str) {
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry(str);
        }
        if (SecurityLogger.debugTraceEnabled) {
            StringBuffer stringBuffer = new StringBuffer(100);
            stringBuffer.append("Request_id: ").append(clientRequestInfo.request_id()).append(", ");
            Object effective_target = clientRequestInfo.effective_target();
            if (effective_target != null) {
                stringBuffer.append("class: ").append(effective_target.getClass().getName()).append(", ");
            }
            stringBuffer.append("operation: ").append(clientRequestInfo.operation());
            SecurityLogger.debugMessage(str, stringBuffer.toString());
        }
    }
}
