package com.ibm.ISecurityUtilityImpl;

import com.ibm.CORBA.channel.giop.GIOPMessageContext;
import com.ibm.CORBA.iiop.CDRInputStream;
import com.ibm.CORBA.iiop.ExtendedClientRequestInfo;
import com.ibm.CORBA.iiop.ExtendedServerRequestInfo;
import com.ibm.CORBA.iiop.ORB;
import com.ibm.ISecurityLocalObjectBaseL13Impl.CurrentImpl;
import com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSEncodeDecodeException;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSFactory;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.OID;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.AuthenticationFailedException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSSecurityContextException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.orbimpl.transport.ConnectionInformationImpl;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.config.AdminData;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.csiv2.TrustedIDEvaluatorFactory;
import com.ibm.ws.util.PlatformHelperFactory;
import com.ibm.ws.util.StringUtils;
import com.ibm.wsspi.security.csiv2.TrustedIDEvaluator;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.rmi.RemoteException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import org.omg.CORBA.Any;
import org.omg.CORBA.BAD_OPERATION;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.MARSHAL;
import org.omg.CSI.CompleteEstablishContext;
import org.omg.CSI.ContextError;
import org.omg.CSI.EstablishContext;
import org.omg.CSI.MessageInContext;
import org.omg.CSI.SASContextBody;
import org.omg.CSI.SASContextBodyHelper;
import org.omg.GSSUP.GSSUPMechOID;
import org.omg.GSSUP.InitialContextToken;
import org.omg.GSSUP.InitialContextTokenHelper;
import org.omg.IOP.Codec;
import org.omg.IOP.CodecPackage.FormatMismatch;
import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
import org.omg.IOP.CodecPackage.TypeMismatch;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.RequestInfo;
import org.omg.Security.OpaqueHelper;
import org.omg.Security.OpaqueHolder;

/* loaded from: input_file:wasJars/sas.jar:com/ibm/ISecurityUtilityImpl/CSIUtil.class */
public class CSIUtil {
    private Codec codec;
    private ORB orb;
    private VaultImpl vault;
    private CurrentImpl current;
    private byte[] nullByteArray;
    private static CSIUtil csiUtil = null;
    private static final TraceComponent tc = Tr.register(CSIUtil.class, "SASRas", "com.ibm.ISecurityL13SupportImpl.sec");
    private static final Class thisClass = CSIUtil.class;

    public static CSIUtil getInstance() {
        if (csiUtil == null) {
            csiUtil = new CSIUtil();
        }
        return csiUtil;
    }

    public CSIUtil(boolean z) {
        this.codec = null;
        this.orb = null;
        this.vault = null;
        this.current = null;
        this.nullByteArray = new byte[0];
    }

    public CSIUtil() {
        this.codec = null;
        this.orb = null;
        this.vault = null;
        this.current = null;
        this.nullByteArray = new byte[0];
        if (SecurityObjectLocator.getCSIv2Config().getBoolean("com.ibm.CORBA.securityEnabled")) {
            getORB();
            this.vault = VaultImpl.getInstance();
        }
    }

    public SASContextBody get_message_from_sc(ServiceContext serviceContext) {
        return get_message_from_sc(serviceContext.context_data);
    }

    public SASContextBody get_message_from_sc(com.ibm.CORBA.iiop.ServiceContext serviceContext) {
        return get_message_from_sc(serviceContext.getContextData());
    }

    public SASContextBody get_message_from_sc(byte[] bArr) {
        Any any = null;
        SASContextBody sASContextBody = null;
        try {
            if (bArr != null) {
                any = getCodec().decode_value(bArr, SASContextBodyHelper.type());
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The context_data in the service_context is null.");
            }
            if (any != null) {
                sASContextBody = SASContextBodyHelper.extract(any);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The any object from the service context was null.");
            }
        } catch (TypeMismatch e) {
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.get_message_from_sc", "198", this);
            Tr.debug(tc, "TypeMismatch getting message from service context", new Object[]{e});
        } catch (BAD_OPERATION e2) {
            Manager.Ffdc.log(e2, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.get_message_from_sc", "188", this);
            Tr.debug(tc, "CORBA_BAD_OPERATION getting message from service context", new Object[]{e2});
        } catch (MARSHAL e3) {
            Manager.Ffdc.log(e3, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.get_message_from_sc", "183", this);
            Tr.debug(tc, "CORBA MARSHALL exception getting message from service context", e3);
        } catch (FormatMismatch e4) {
            Manager.Ffdc.log(e4, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.get_message_from_sc", "193", this);
            Tr.debug(tc, "FormatMismatch getting message from service context", new Object[]{e4});
        }
        return sASContextBody;
    }

    public ServiceContext get_sc_from_request(RequestInfo requestInfo) {
        return ((ExtendedServerRequestInfo) requestInfo).getRequestServiceContext(15);
    }

    public ServiceContext get_sc_from_reply(RequestInfo requestInfo) {
        return ((ExtendedClientRequestInfo) requestInfo).getReplyServiceContext(15);
    }

    public com.ibm.CORBA.iiop.ServiceContext get_sc_from_request(GIOPMessageContext gIOPMessageContext) {
        com.ibm.CORBA.iiop.ServiceContext serviceContext = null;
        try {
            serviceContext = gIOPMessageContext.getServiceContexts().get(15);
        } catch (UnsupportedOperationException e) {
        }
        return serviceContext;
    }

    public com.ibm.CORBA.iiop.ServiceContext get_sc_from_reply(GIOPMessageContext gIOPMessageContext) {
        com.ibm.CORBA.iiop.ServiceContext serviceContext = null;
        try {
            serviceContext = gIOPMessageContext.getServiceContexts().get(15);
        } catch (UnsupportedOperationException e) {
        }
        return serviceContext;
    }

    public ServiceContext create_sc_from_ec_message(EstablishContext establishContext) {
        ServiceContext serviceContext = null;
        ORB orb = getORB();
        if (orb != null) {
            SASContextBody sASContextBody = new SASContextBody();
            sASContextBody.establish_msg(establishContext);
            Any create_any = orb.create_any();
            SASContextBodyHelper.insert(create_any, sASContextBody);
            byte[] bArr = null;
            try {
                bArr = getCodec().encode_value(create_any);
            } catch (InvalidTypeForEncoding e) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.create_sc_from_ec_message", "305", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "An InvalidTypeForEncoding exception occurred.", new Object[]{e});
                }
            }
            if (bArr != null) {
                serviceContext = new ServiceContext(15, bArr);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "create_sc_from_ec_message The service context data is null.");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "create_sc_from_ec_message There is no ORB, I can't go on.");
        }
        return serviceContext;
    }

    public ServiceContext create_sc_from_mic_message(MessageInContext messageInContext) {
        ServiceContext serviceContext = null;
        ORB orb = getORB();
        if (orb != null) {
            SASContextBody sASContextBody = new SASContextBody();
            sASContextBody.in_context_msg(messageInContext);
            Any create_any = orb.create_any();
            SASContextBodyHelper.insert(create_any, sASContextBody);
            byte[] bArr = null;
            try {
                bArr = getCodec().encode_value(create_any);
            } catch (InvalidTypeForEncoding e) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.create_sc_from_mic_message", "356", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "create_sc_from_mic_message An InvalidTypeForEncoding exception occurred.", new Object[]{e});
                }
            }
            if (bArr != null) {
                serviceContext = new ServiceContext(15, bArr);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "create_sc_from_mic_message The service context data is null.");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "create_sc_from_mic_message There is no ORB, I can't go on.");
        }
        return serviceContext;
    }

    public ServiceContext create_sc_from_ce_message(ContextError contextError) {
        ServiceContext serviceContext = null;
        ORB orb = getORB();
        if (orb != null) {
            SASContextBody sASContextBody = new SASContextBody();
            sASContextBody.error_msg(contextError);
            Any create_any = orb.create_any();
            SASContextBodyHelper.insert(create_any, sASContextBody);
            byte[] bArr = null;
            try {
                bArr = getCodec().encode_value(create_any);
            } catch (InvalidTypeForEncoding e) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.create_sc_from_ce_message", "406", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "An InvalidTypeForEncoding exception occurred.", new Object[]{e});
                }
            }
            if (bArr != null) {
                serviceContext = new ServiceContext(15, bArr);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The service context data is null.");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The orb is null.");
        }
        return serviceContext;
    }

    public ServiceContext create_sc_from_cec_message(CompleteEstablishContext completeEstablishContext) {
        ServiceContext serviceContext = null;
        ORB orb = getORB();
        if (orb != null) {
            SASContextBody sASContextBody = new SASContextBody();
            sASContextBody.complete_msg(completeEstablishContext);
            Any create_any = orb.create_any();
            SASContextBodyHelper.insert(create_any, sASContextBody);
            byte[] bArr = null;
            try {
                bArr = getCodec().encode_value(create_any);
            } catch (InvalidTypeForEncoding e) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.create_sc_from_cec_message", "456", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "InvalidTypeForEncoding exception.", new Object[]{e});
                }
            }
            if (bArr != null) {
                serviceContext = new ServiceContext(15, bArr);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The service context data is null.");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The orb is null.");
        }
        return serviceContext;
    }

    public void print_ec_message(EstablishContext establishContext, String str) {
        StringBuffer stringBuffer = new StringBuffer(100);
        stringBuffer.append("Message type is ASSOC_ESTABLISH_CONTEXT - client_context_id: ").append(establishContext.client_context_id);
        if (establishContext.identity_token != null) {
            if (establishContext.identity_token.discriminator() == 0) {
                stringBuffer.append(", identity_token: ITTAbsent");
            } else if (establishContext.identity_token.discriminator() == 1) {
                stringBuffer.append(", identity_token: ITTAnonymous");
            } else if (establishContext.identity_token.discriminator() == 8) {
                stringBuffer.append(", identity_token: ITTDistinguishedName");
            } else if (establishContext.identity_token.discriminator() == 2) {
                stringBuffer.append(", identity_token: ITTPrincipalName");
            } else if (establishContext.identity_token.discriminator() == 4) {
                stringBuffer.append(", identity_token: ITTX509CertChain");
            } else {
                stringBuffer.append(", identity_token: unknown type");
            }
        }
        if (establishContext.client_authentication_token != null) {
            stringBuffer.append(", client_authentication_token length: ").append(establishContext.client_authentication_token.length);
        }
        Tr.debug(tc, stringBuffer.toString());
    }

    public void print_cec_message(CompleteEstablishContext completeEstablishContext, String str) {
        StringBuffer stringBuffer = new StringBuffer(100);
        stringBuffer.append("Message type is ASSOC_COMPLETE_ESTABLISH_CONTEXT - client_context_id: ").append(completeEstablishContext.client_context_id).append(", context_stateful: ").append(completeEstablishContext.context_stateful);
        if (completeEstablishContext.final_context_token != null) {
            stringBuffer.append(", final_context_token length: ").append(completeEstablishContext.final_context_token.length);
        }
        Tr.debug(tc, stringBuffer.toString());
    }

    public void print_ce_message(ContextError contextError, String str) {
        StringBuffer stringBuffer = new StringBuffer(100);
        stringBuffer.append("Message type is ASSOC_CONTEXT_ERROR - client_context_id: ").append(contextError.client_context_id).append(", major_status: ").append(contextError.major_status).append(", minor_status: ").append(contextError.minor_status);
        if (contextError.error_token != null) {
            stringBuffer.append(", error_token length: ").append(contextError.error_token.length);
        }
        Tr.debug(tc, stringBuffer.toString());
    }

    public void print_mic_message(MessageInContext messageInContext, String str) {
        StringBuffer stringBuffer = new StringBuffer(100);
        stringBuffer.append("Message type is ASSOC_MESSAGE_IN_CONTEXT - client_context_id: ").append(messageInContext.client_context_id).append(", discard_context: ").append(messageInContext.discard_context);
        Tr.debug(tc, stringBuffer.toString());
    }

    public ORB getORB() {
        if (this.orb == null) {
            this.vault = VaultImpl.getInstance();
            if (this.vault != null) {
                this.orb = this.vault.getORB();
            }
        }
        return this.orb;
    }

    public VaultImpl getVault() {
        if (this.vault == null) {
            this.vault = VaultImpl.getInstance();
        }
        return this.vault;
    }

    public Codec getCodec() {
        if (this.codec == null) {
            this.codec = getVault().getCodec();
        }
        return this.codec;
    }

    public CurrentImpl getCurrent() {
        if (this.current == null) {
            this.current = getVault().getCurrent();
        }
        return this.current;
    }

    public SecurityContextImpl get_security_context_impl(String str, String str2) {
        SecurityContextImpl securityContextImpl;
        this.vault = getVault();
        try {
            securityContextImpl = this.vault.getMechanismFactory().getSecurityContext(str, str2);
        } catch (MechanismAmbiguityException e) {
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.get_security_context_impl", "657", this);
            securityContextImpl = null;
            Tr.debug(tc, "MechanismAmbiguityException trying to get security context.", new Object[]{e});
        }
        return securityContextImpl;
    }

    public String parseCert(X509Certificate[] x509CertificateArr) throws AuthenticationFailedException {
        try {
            Class<?> cls = Class.forName("com.ibm.ws.security.core.UserMappingImpl");
            return (String) cls.getMethod("mapCertificateToName", X509Certificate[].class).invoke(cls.newInstance(), x509CertificateArr);
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parseCert", "678", this);
            throw new AuthenticationFailedException(e.getMessage());
        }
    }

    public String parseDN(String str) throws AuthenticationFailedException {
        try {
            Class<?> cls = Class.forName("com.ibm.ws.security.core.UserMappingImpl");
            return (String) cls.getMethod("mapDNToName", String.class).invoke(cls.newInstance(), str);
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parseDN", "695", this);
            throw new AuthenticationFailedException(e.getMessage());
        }
    }

    public String parsePrincipal(String str) throws AuthenticationFailedException {
        try {
            Class<?> cls = Class.forName("com.ibm.ws.security.core.UserMappingImpl");
            return (String) cls.getMethod("mapPrincipalToName", String.class).invoke(cls.newInstance(), str);
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parsePrincipal", "710", this);
            throw new AuthenticationFailedException(e.getMessage());
        }
    }

    public String parseAssertedCertificate(X509Certificate[] x509CertificateArr) throws AuthenticationFailedException {
        String str;
        if (PlatformHelperFactory.getPlatformHelper().isZOS()) {
            try {
                Class<?> cls = Class.forName(SecurityConfig.SAF_IDENTITY_MAPPER);
                str = (String) cls.getMethod("mapAssertedCertificateToName", X509Certificate[].class).invoke(cls.newInstance(), x509CertificateArr);
            } catch (Exception e) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parseAssertedCertificate", "741", this);
                throw new AuthenticationFailedException(e.getMessage());
            }
        } else {
            str = parseCert(x509CertificateArr);
        }
        return str;
    }

    public String parseAssertedDN(String str) throws AuthenticationFailedException {
        String str2;
        if (PlatformHelperFactory.getPlatformHelper().isZOS()) {
            try {
                Class<?> cls = Class.forName(SecurityConfig.SAF_IDENTITY_MAPPER);
                str2 = (String) cls.getMethod("mapAssertedDNToName", String.class).invoke(cls.newInstance(), str);
            } catch (Exception e) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parseAssertedDN", "761", this);
                throw new AuthenticationFailedException(e.getMessage());
            }
        } else {
            str2 = parseDN(str);
        }
        return str2;
    }

    public String parseTransportLayerCertificate(X509Certificate[] x509CertificateArr) throws AuthenticationFailedException {
        String str;
        if (PlatformHelperFactory.getPlatformHelper().isZOS()) {
            try {
                Class<?> cls = Class.forName(SecurityConfig.SAF_IDENTITY_MAPPER);
                str = (String) cls.getMethod("mapTransportLayerCertificateToName", X509Certificate[].class).invoke(cls.newInstance(), x509CertificateArr);
            } catch (Exception e) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parseAssertedCertificate", "781", this);
                throw new AuthenticationFailedException(e.getMessage());
            }
        } else {
            str = parseCert(x509CertificateArr);
        }
        return str;
    }

    public static X509Certificate convert(javax.security.cert.X509Certificate x509Certificate) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509Certificate.getEncoded()));
        } catch (CertificateEncodingException e) {
            Manager.Ffdc.log(e, thisClass, "com.ibm.ISecurityUtilityImpl.CSIUtil.convert", "725");
            return null;
        } catch (CertificateException e2) {
            Manager.Ffdc.log(e2, thisClass, "com.ibm.ISecurityUtilityImpl.CSIUtil.convert", "729");
            return null;
        } catch (javax.security.cert.CertificateEncodingException e3) {
            Manager.Ffdc.log(e3, thisClass, "com.ibm.ISecurityUtilityImpl.CSIUtil.convert", "727");
            return null;
        }
    }

    public static javax.security.cert.X509Certificate convert(X509Certificate x509Certificate) {
        try {
            return javax.security.cert.X509Certificate.getInstance(x509Certificate.getEncoded());
        } catch (CertificateEncodingException e) {
            Manager.Ffdc.log(e, thisClass, "com.ibm.ISecurityUtilityImpl.CSIUtil.convert", "740");
            return null;
        } catch (javax.security.cert.CertificateEncodingException e2) {
            Manager.Ffdc.log(e2, thisClass, "com.ibm.ISecurityUtilityImpl.CSIUtil.convert", "742");
            return null;
        } catch (javax.security.cert.CertificateException e3) {
            Manager.Ffdc.log(e3, thisClass, "com.ibm.ISecurityUtilityImpl.CSIUtil.convert", "744");
            return null;
        }
    }

    public boolean isTrusted(X509Certificate[] x509CertificateArr) {
        boolean z = false;
        TrustedIDEvaluator trustedIDEvaluatorFactory = TrustedIDEvaluatorFactory.getInstance();
        if (trustedIDEvaluatorFactory != null) {
            z = trustedIDEvaluatorFactory.isTrusted(x509CertificateArr);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Check for user associated with cert returning " + z);
            }
        }
        return z;
    }

    public boolean isTrusted(String str, String str2) {
        boolean z = false;
        TrustedIDEvaluator trustedIDEvaluatorFactory = TrustedIDEvaluatorFactory.getInstance();
        if (trustedIDEvaluatorFactory != null) {
            z = trustedIDEvaluatorFactory.isTrusted(str, str2);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Check for " + str + " with password returning " + z);
            }
        }
        return z;
    }

    public boolean isTrusted(String str) {
        boolean z = false;
        TrustedIDEvaluator trustedIDEvaluatorFactory = TrustedIDEvaluatorFactory.getInstance();
        if (trustedIDEvaluatorFactory != null) {
            z = trustedIDEvaluatorFactory.isTrusted(str);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Check for " + str + " returning " + z);
            }
        }
        return z;
    }

    public String get_server_session_hash(ConnectionInformationImpl connectionInformationImpl, int i) {
        StringBuffer stringBuffer = new StringBuffer(50);
        stringBuffer.append(connectionInformationImpl.getRemoteHost()).append(":").append(connectionInformationImpl.getRemotePort()).append(":").append(connectionInformationImpl.getConnectionCreationTime()).append(":").append(i);
        return stringBuffer.toString();
    }

    public String read_detailed_message(RequestInfo requestInfo) {
        String read_wstring;
        ServiceContext serviceContext = null;
        try {
            serviceContext = requestInfo.get_reply_service_context(14);
        } catch (BAD_PARAM e) {
        } catch (Exception e2) {
            Manager.Ffdc.log(e2, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.read_detailed_message", "827", this);
        }
        if (serviceContext == null) {
            read_wstring = "";
        } else {
            CDRInputStream createCDRInputStream = ORB.createCDRInputStream(this.orb, serviceContext.context_data, serviceContext.context_data.length);
            createCDRInputStream.consumeEndian();
            read_wstring = createCDRInputStream.read_wstring();
        }
        return read_wstring;
    }

    public short get_message_type(RequestInfo requestInfo) {
        SASContextBody sASContextBody;
        ServiceContext requestServiceContext = ((ExtendedServerRequestInfo) requestInfo).getRequestServiceContext(15);
        if (requestServiceContext == null || (sASContextBody = get_message_from_sc(requestServiceContext)) == null) {
            return (short) -1;
        }
        return sASContextBody.discriminator();
    }

    public byte[] create_gss_initial_context_token(String str, OpaqueHolder opaqueHolder) throws WSSecurityContextException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "create_gss_initial_context_token", new Object[]{str, opaqueHolder, this});
        }
        try {
            CSIUtil cSIUtil = new CSIUtil();
            if (OID.compareOIDs(str, GSSUPMechOID.value)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unexpected GSSUP mechanism mapped in token base Security Context ");
                }
                throw new WSSecurityContextException(18, 0, "create_gss_initial_context_token: Unexpected GSSUP mechanism mapped in token base Security Context ");
            }
            GSSFactory gSSFactory = this.vault.getGSSFactory(str);
            byte[] bArr = opaqueHolder.value;
            ORB orb = getORB();
            if (orb == null && cSIUtil.getVault() != null) {
                orb = cSIUtil.getVault().getORB();
                if (orb == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Orb is null.");
                    }
                    throw new WSSecurityContextException(15, 0, "create_gss_initial_context_token: Orb is null.");
                }
            }
            Any create_any = orb.create_any();
            if (create_any == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Any is null.");
                }
                throw new WSSecurityContextException(15, 0, "create_gss_initial_context_token: Any is null.");
            }
            OpaqueHelper.insert(create_any, bArr);
            try {
                byte[] encodeGSSToken = gSSFactory.encodeGSSToken(getCodec().encode_value(create_any));
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "create_gss_initial_context_token", encodeGSSToken);
                }
                return encodeGSSToken;
            } catch (Exception e) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.create_gss_initial_context_token", "942", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Orb is null.");
                }
                throw new WSSecurityContextException(18, 0, "create_gss_initial_context_token: Orb is null.");
            }
        } catch (Exception e2) {
            Manager.Ffdc.log(e2, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.create_gss_initial_context_token", "958", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Java exception: " + e2.toString());
            }
            throw new WSSecurityContextException(15, 0, "create_gss_initial_context_token: Java exception: " + e2.toString());
        }
    }

    public void parse_gss_initial_context_token(byte[] bArr, OpaqueHolder opaqueHolder) throws WSSecurityContextException {
        try {
            if (tc.isEntryEnabled()) {
                Tr.entry(tc, "parse_gss_initial_context_token", new Object[]{bArr, opaqueHolder, this});
            }
            String mechOIDFromGSSToken = GSSFactory.getMechOIDFromGSSToken(bArr);
            MechanismFactory mechanismFactory = getVault().getMechanismFactory();
            if (mechanismFactory == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "MechanismFactory is null.");
                }
                throw new WSSecurityContextException(15, 0, "MechanismFactory is null.");
            }
            String mapMechTypeToOid = GSSFactory.mapMechTypeToOid(mechanismFactory.getMechanismTypeIdentity(mechOIDFromGSSToken));
            if (OID.compareOIDs(mapMechTypeToOid, GSSUPMechOID.value)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unexpected GSSUP mechanism mapped in token base Security Context ");
                }
                throw new WSSecurityContextException(12, 0, "CSIUtil.parse_gss_initial_context_token: Unexpected GSSUP mechanism mapped in token base Security Context ");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "OID from receiving GSS token: " + mechOIDFromGSSToken + ", OID mapped from Security Context: " + mapMechTypeToOid);
            }
            if (!OID.compareOIDs(mechOIDFromGSSToken, mapMechTypeToOid)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Mismatched OID from receiving GSS token with respect to token-base Security Context");
                }
                throw new WSSecurityContextException(12, 0, "CSIUtil.parse_gss_initial_context_token: Mismatched OID from receiving GSS token with respect to token-base Security Context");
            }
            try {
                try {
                    try {
                        opaqueHolder.value = OpaqueHelper.extract(getCodec().decode_value(this.vault.getGSSFactory(mapMechTypeToOid).decodeGSSToken(bArr), OpaqueHelper.type()));
                        if (opaqueHolder.value == null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Could not extract token from Any.");
                            }
                            throw new WSSecurityContextException(18, 0, "CSIUtil.parse_gss_initial_context_token: Could not extract token from Any.");
                        }
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "parse_gss_initial_context_token");
                        }
                    } catch (BAD_OPERATION e) {
                        Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parse_gss_initial_context_token", "1082", this);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "org.omg.CORBA.BAD_OPERATION exception extracting token from Any: " + e.toString(), new Object[]{e});
                        }
                        throw new WSSecurityContextException(18, 0, "CSIUtil.parse_gss_initial_context_token: org.omg.CORBA.BAD_OPERATION exception extracting token from Any: " + e.toString());
                    }
                } catch (FormatMismatch e2) {
                    Manager.Ffdc.log(e2, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parse_gss_initial_context_token", "1067", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "org.omg.IOP.CodecPackage.FormatMismatch exception: " + e2.toString(), new Object[]{e2});
                    }
                    throw new WSSecurityContextException(18, 0, "CSIUtil.parse_gss_initial_context_token: org.omg.IOP.CodecPackage.FormatMismatch exception: " + e2.toString());
                } catch (TypeMismatch e3) {
                    Manager.Ffdc.log(e3, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parse_gss_initial_context_token", "1055", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "org.omg.IOP.CodecPackage.TypeMismatch exception: " + e3.toString(), new Object[]{e3});
                    }
                    throw new WSSecurityContextException(18, 0, "CSIUtil.parse_gss_initial_context_token: org.omg.IOP.CodecPackage.TypeMismatch exception: " + e3.toString());
                }
            } catch (GSSEncodeDecodeException e4) {
                Manager.Ffdc.log(e4, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parse_gss_initial_context_token", "1038", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "GSSEncodeDecodeException: " + e4.toString());
                }
                throw new WSSecurityContextException(18, 0, "CSIUtil.parse_gss_initial_context_token: GSSEncodeDecodeException: " + e4.toString());
            }
        } catch (MechanismAmbiguityException e5) {
            Manager.Ffdc.log(e5, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parse_gss_initial_context_token", "1108", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "MechanismAmbiguityException occurred in getMechanismTypeIdentity.", new Object[]{e5});
            }
        } catch (Exception e6) {
            Manager.Ffdc.log(e6, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parse_gss_initial_context_token", "1114", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "java.lang.Exception: " + e6.toString(), new Object[]{e6});
            }
            throw new WSSecurityContextException(13, 0, "CSIUtil.parse_gss_initial_context_token: java.lang.Exception: " + e6.toString());
        }
    }

    public void parse_gssup_initial_context_token(byte[] bArr, BasicAuthWithRealm basicAuthWithRealm) throws WSSecurityContextException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "parse_gssup_initial_context_token", new Object[]{bArr, basicAuthWithRealm, this});
        }
        try {
            GSSFactory gSSFactory = this.vault.getGSSFactory(GSSUPMechOID.value);
            try {
                try {
                    try {
                        InitialContextToken extract = InitialContextTokenHelper.extract(getCodec().decode_value(gSSFactory.decodeGSSToken(bArr), InitialContextTokenHelper.type()));
                        try {
                            String decodeExportedTargetName = gSSFactory.decodeExportedTargetName(extract.target_name);
                            try {
                                String str = new String(extract.username, "UTF8");
                                String str2 = new String(extract.password, "UTF8");
                                String str3 = "";
                                if (str != null && !str.equals("")) {
                                    int lastIndexOf = str.lastIndexOf("@");
                                    if (lastIndexOf < 0) {
                                        str3 = str;
                                    } else {
                                        str3 = str.substring(0, lastIndexOf);
                                        str.substring(lastIndexOf + 1);
                                    }
                                }
                                basicAuthWithRealm.setUserid(str3);
                                basicAuthWithRealm.setPassword(str2);
                                basicAuthWithRealm.setRealm(decodeExportedTargetName);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Security name from GSS token: " + basicAuthWithRealm.getUserid() + "@" + basicAuthWithRealm.getRealm() + ", password: " + StringUtils.mask(basicAuthWithRealm.getPassword()));
                                }
                                if (tc.isEntryEnabled()) {
                                    Tr.exit(tc, "parse_gssup_initial_context_token");
                                }
                            } catch (Exception e) {
                                Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parse_gssup_initial_context_token", "1253", this);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "java.lang.Exception: " + e.toString(), new Object[]{e});
                                }
                                throw new WSSecurityContextException(13, 0, "parse_gssup_initial_context_token: java.lang.Exception: " + e.toString());
                            }
                        } catch (GSSEncodeDecodeException e2) {
                            Manager.Ffdc.log(e2, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parse_gssup_initial_context_token", "1206", this);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "GSSEncodeDecodeException: " + e2.toString());
                            }
                            throw new WSSecurityContextException(18, 0, "parse_gssup_initial_context_token: GSSEncodeDecodeException: " + e2.toString());
                        }
                    } catch (BAD_OPERATION e3) {
                        Manager.Ffdc.log(e3, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parse_gssup_initial_context_token", "1188", this);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "org.omg.CORBA.BAD_OPERATION exception extracting token from Any: " + e3.toString(), new Object[]{e3});
                        }
                        throw new WSSecurityContextException(18, 0, "parse_gssup_initial_context_token: org.omg.CORBA.BAD_OPERATION exception extracting token from Any: " + e3.toString());
                    }
                } catch (TypeMismatch e4) {
                    Manager.Ffdc.log(e4, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parse_gssup_initial_context_token", "1160", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "org.omg.IOP.CodecPackage.TypeMismatch exception: " + e4.toString(), new Object[]{e4});
                    }
                    throw new WSSecurityContextException(18, 0, "parse_gssup_initial_context_token: org.omg.IOP.CodecPackage.TypeMismatch exception: " + e4.toString());
                } catch (FormatMismatch e5) {
                    Manager.Ffdc.log(e5, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parse_gssup_initial_context_token", "1171", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "org.omg.IOP.CodecPackage.FormatMismatch exception: " + e5.toString(), new Object[]{e5});
                    }
                    throw new WSSecurityContextException(18, 0, "parse_gssup_initial_context_token: org.omg.IOP.CodecPackage.FormatMismatch exception: " + e5.toString());
                }
            } catch (GSSEncodeDecodeException e6) {
                Manager.Ffdc.log(e6, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parse_gssup_initial_context_token", "1144", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "GSSEncodeDecodeException: " + e6.toString());
                }
                throw new WSSecurityContextException(18, 0, "parse_gssup_initial_context_token: GSSEncodeDecodeException: " + e6.toString());
            }
        } catch (Exception e7) {
            Manager.Ffdc.log(e7, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.parse_gssup_initial_context_token", "1265", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "java.lang.Exception: " + e7.toString(), new Object[]{e7});
            }
            throw new WSSecurityContextException(13, 0, "parse_gssup_initial_context_token: java.lang.Exception: " + e7.toString());
        }
    }

    public static String clean(String str) {
        String str2 = null;
        if (str != null) {
            str2 = str.trim();
            if ((str2.startsWith("\"") && str2.endsWith("\"")) || (str2.startsWith("'") && str2.endsWith("'"))) {
                str2 = str2.substring(1, str2.length() - 1).trim();
            }
        }
        return str2;
    }

    public byte[] serializeRootException() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "serializeRootException", this);
        }
        byte[] bArr = this.nullByteArray;
        Throwable rootException = getCurrent().getRootException();
        Tr.debug(tc, "Root exception", new Object[]{rootException});
        if (rootException != null) {
            Throwable th = rootException;
            int i = 0;
            while (th != null) {
                while (th != null && (th instanceof WSLoginFailedException)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "instanceof WSLoginFailedException");
                    }
                    th = ((WSLoginFailedException) th).getCause();
                    if (th != null) {
                        rootException = th;
                    }
                    int i2 = i;
                    i++;
                    if (i2 > 10) {
                        break;
                    }
                }
                while (th != null && (th instanceof RemoteException)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "instanceof java.rmi.RemoteException");
                    }
                    th = ((RemoteException) th).detail;
                    if (th != null) {
                        rootException = th;
                    }
                    int i3 = i;
                    i++;
                    if (i3 > 10) {
                        break;
                    }
                }
                while (th != null && (th instanceof WSSecurityException)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "instanceof WSSecurityException");
                    }
                    ArrayList exceptions = ((WSSecurityException) th).getExceptions();
                    if (exceptions != null && exceptions.size() > 0) {
                        th = (Throwable) exceptions.get(0);
                        if (th != null) {
                            rootException = th;
                        }
                    }
                    int i4 = i;
                    i++;
                    if (i4 > 10) {
                        break;
                    }
                }
                int i5 = i;
                i++;
                if (i5 > 10) {
                    break;
                }
            }
        }
        if (rootException != null) {
            ByteArrayOutputStream byteArrayOutputStream = null;
            ObjectOutputStream objectOutputStream = null;
            try {
                try {
                    ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                    ObjectOutputStream objectOutputStream2 = new ObjectOutputStream(byteArrayOutputStream2);
                    objectOutputStream2.writeObject(rootException);
                    objectOutputStream2.flush();
                    bArr = byteArrayOutputStream2.toByteArray();
                    if (tc.isDebugEnabled()) {
                        if (bArr != null) {
                            Tr.debug(tc, "Serializing root cause exception, byte array size: " + bArr.length, new Object[]{rootException});
                        } else {
                            Tr.debug(tc, "Error serializing root cause exception, byte array = 0", new Object[]{rootException});
                        }
                    }
                    if (byteArrayOutputStream2 != null) {
                        try {
                            byteArrayOutputStream2.close();
                        } catch (Exception e) {
                        }
                    }
                    if (objectOutputStream2 != null) {
                        objectOutputStream2.close();
                    }
                } catch (Throwable th2) {
                    if (0 != 0) {
                        try {
                            byteArrayOutputStream.close();
                        } catch (Exception e2) {
                            throw th2;
                        }
                    }
                    if (0 != 0) {
                        objectOutputStream.close();
                    }
                    throw th2;
                }
            } catch (Exception e3) {
                Manager.Ffdc.log(e3, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.serializeRootException", "1386", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception serializing the root cause exception: " + e3.getMessage(), new Object[]{e3});
                }
                if (0 != 0) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Exception e4) {
                    }
                }
                if (0 != 0) {
                    objectOutputStream.close();
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "serializeRootException", bArr);
        }
        return bArr;
    }

    public void deserializeRootException(byte[] bArr) {
        Throwable th = null;
        if (bArr == null || Arrays.equals(bArr, this.nullByteArray)) {
            return;
        }
        ByteArrayInputStream byteArrayInputStream = null;
        ObjectInputStream objectInputStream = null;
        try {
            try {
                ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(bArr);
                ObjectInputStream objectInputStream2 = new ObjectInputStream(byteArrayInputStream2);
                th = (Throwable) objectInputStream2.readObject();
                if (tc.isDebugEnabled()) {
                    if (th != null) {
                        Tr.debug(tc, "Deserializing root cause exception, exception = " + th.getMessage(), new Object[]{th});
                    } else {
                        Tr.debug(tc, "Error deserializing root cause exception, t = null", new Object[]{th});
                    }
                }
                if (byteArrayInputStream2 != null) {
                    try {
                        byteArrayInputStream2.close();
                    } catch (Exception e) {
                    }
                }
                if (objectInputStream2 != null) {
                    objectInputStream2.close();
                }
            } catch (Throwable th2) {
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e2) {
                        throw th2;
                    }
                }
                if (0 != 0) {
                    objectInputStream.close();
                }
                throw th2;
            }
        } catch (Exception e3) {
            Manager.Ffdc.log(e3, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.deserializeRootException", "1438", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception serializing the root cause exception: " + e3.getMessage(), new Object[]{e3});
            }
            if (0 != 0) {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e4) {
                }
            }
            if (0 != 0) {
                objectInputStream.close();
            }
        }
        getCurrent().setRootException(th);
    }

    public ContextManager getContextManager() {
        return ContextManagerFactory.getInstance();
    }

    public void setUnauthenticatedToNullIfNeeded() {
        if (SecurityObjectLocator.getAdminData().getBoolean(AdminData.IS_SERVER_PROCESS)) {
            try {
                WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(getContextManager().getInvocationSubject());
                if (wSCredentialFromSubject != null && wSCredentialFromSubject.isUnauthenticated()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Setting invocation cred to NULL.");
                    }
                    getContextManager().setInvocationSubject(null);
                }
            } catch (Exception e) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.CSIUtil.setUnauthenticatedToNullIfNeeded", "1497", this);
            }
        }
    }

    public X509Certificate[] convertJavaxToJavaCerts(javax.security.cert.X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = null;
        if (x509CertificateArr != null) {
            x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
            for (int i = 0; i < x509CertificateArr.length; i++) {
                CSIUtil cSIUtil = csiUtil;
                x509CertificateArr2[i] = convert(x509CertificateArr[i]);
            }
            if (tc.isDebugEnabled() && x509CertificateArr2 != null) {
                Tr.debug(tc, "Transport layer certificate chain found.");
            }
            if (tc.isDebugEnabled() && x509CertificateArr2 != null) {
                for (int i2 = 0; i2 < x509CertificateArr2.length; i2++) {
                    Tr.debug(tc, "   Certificate[" + i2 + "]: " + x509CertificateArr2[i2].toString());
                }
            }
        }
        return x509CertificateArr2;
    }

    public boolean isCORBAAuthRequired() {
        return getContextManager().isAuthenticateSpecialMethodsEnabled() && getContextManager().isSecurityServiceStarted();
    }
}
