package orbasec.seciop;

import java.util.Vector;
import orbasec.SecLev2.InteroperabilityPolicy;
import orbasec.corba.MechUtil;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.NO_RESOURCES;
import org.omg.CORBA.Policy;
import org.omg.IOP.IOR;
import org.omg.SECIOP.SPKM_1;
import org.omg.Security.DelegationDirective;
import org.omg.Security.EstablishTrust;
import org.omg.Security.QOP;
import org.omg.SecurityLevel2.Credentials;

/* loaded from: input_file:orbasec/seciop/PolicyUtil.class */
public class PolicyUtil extends orbasec.corba.PolicyUtil {
    public static SECIOP_OCI_TransportFeatures select_from_creds(Policy[] policyArr, String[] strArr, String[] strArr2, IOR ior, Credentials[] credentialsArr, QOP qop, DelegationDirective delegationDirective, EstablishTrust establishTrust) {
        new Vector();
        StringBuffer stringBuffer = new StringBuffer();
        boolean z = true;
        stringBuffer.append("No matching credentials available.\n");
        stringBuffer.append("   Policy Mechanisms: ");
        for (String str : strArr) {
            stringBuffer.append(new StringBuffer(String.valueOf(str)).append(" ").toString());
        }
        stringBuffer.append("\n   IOR mechanisms: ");
        for (String str2 : strArr2) {
            stringBuffer.append(new StringBuffer(String.valueOf(str2)).append(" ").toString());
        }
        stringBuffer.append("\n   Credentials: ");
        for (Credentials credentials : credentialsArr) {
            stringBuffer.append(orbasec.corba.CredUtil.toString(credentials));
        }
        stringBuffer.append("\n");
        for (String str3 : strArr) {
            int i = 0;
            while (true) {
                if (i >= strArr2.length) {
                    break;
                }
                String str4 = strArr2[i];
                if (MechUtil.genericMechSupportsMech(str4, str3)) {
                    z = false;
                    for (Credentials credentials2 : credentialsArr) {
                        stringBuffer.append(new StringBuffer("  Credential: ").append(credentials2.mechanism()).append(":").append(orbasec.corba.CredUtil.toString(credentials2)).append("\n").toString());
                        if (!orbasec.corba.CredUtil.supportsMechanism(credentials2, str3) || !orbasec.corba.CredUtil.supportsMechanism(credentials2, str4)) {
                            stringBuffer.append(new StringBuffer("      does not support mechanism ").append(str4).append("\n").toString());
                        } else if (qop != null && !orbasec.corba.CredUtil.supportsQOP(credentials2, qop)) {
                            stringBuffer.append(new StringBuffer("      does not support QOP ").append(qop.value()).append("\n").toString());
                        } else if (delegationDirective != null && !orbasec.corba.CredUtil.supportsDelegationDirective(credentials2, delegationDirective)) {
                            stringBuffer.append(new StringBuffer("      does not support delegation directive ").append(delegationDirective.value()).append("\n").toString());
                        } else if (establishTrust == null || orbasec.corba.CredUtil.supportsTrust(credentials2, establishTrust)) {
                            SECIOP_OCI_TransportFeatures sECIOP_OCI_TransportFeatures = new SECIOP_OCI_TransportFeatures();
                            int[] componentTags = MechUtil.getComponentTags(str3);
                            if (componentTags != null && componentTags.length > 0) {
                                for (int i2 : componentTags) {
                                    sECIOP_OCI_TransportFeatures.mechanism_component = orbasec.corba.IOPUtil.get_seciop_tagged_component(ior, i2);
                                    if (sECIOP_OCI_TransportFeatures.mechanism_component != null) {
                                        break;
                                    }
                                }
                            }
                            sECIOP_OCI_TransportFeatures.invoc_credentials = credentials2;
                            sECIOP_OCI_TransportFeatures.qop = qop;
                            sECIOP_OCI_TransportFeatures.estab_trust = establishTrust;
                            sECIOP_OCI_TransportFeatures.delegation_directive = delegationDirective;
                            sECIOP_OCI_TransportFeatures.mechanism = str3;
                            sECIOP_OCI_TransportFeatures.process_assoc_options();
                            if (features_are_valid(policyArr, sECIOP_OCI_TransportFeatures, stringBuffer)) {
                                return sECIOP_OCI_TransportFeatures;
                            }
                            stringBuffer.append("    cannot find suitable mechanism in Creds and IOR");
                        } else {
                            stringBuffer.append(new StringBuffer("     does not support client trust of ").append(establishTrust.trust_in_client).append(", target trust of ").append(establishTrust.trust_in_target).toString());
                        }
                    }
                } else {
                    i++;
                }
            }
        }
        if (z) {
            stringBuffer.append("  No matching mechanisms.");
        }
        throw new NO_RESOURCES(stringBuffer.toString(), 1, CompletionStatus.COMPLETED_NO);
    }

    static boolean features_are_valid(Policy[] policyArr, SECIOP_OCI_TransportFeatures sECIOP_OCI_TransportFeatures, StringBuffer stringBuffer) {
        InteroperabilityPolicy interoperabilityPolicy = orbasec.corba.PolicyUtil.get_interop_policy(policyArr);
        if (interoperabilityPolicy != null && interoperabilityPolicy.ignore_target_requires_supports(sECIOP_OCI_TransportFeatures.mechanism)) {
            return true;
        }
        boolean z = true;
        SPKM_1 unmarshal_SPKM_1_SEC_MECH = orbasec.corba.IOPUtil.unmarshal_SPKM_1_SEC_MECH(sECIOP_OCI_TransportFeatures.mechanism_component);
        if (sECIOP_OCI_TransportFeatures.association_options != (sECIOP_OCI_TransportFeatures.association_options & unmarshal_SPKM_1_SEC_MECH.target_supports)) {
            z = false;
            stringBuffer.append(new StringBuffer("     Target does not support selected options 0x").append(Integer.toHexString(sECIOP_OCI_TransportFeatures.association_options)).append(" target supports 0x").append(Integer.toHexString(unmarshal_SPKM_1_SEC_MECH.target_supports)).toString());
        }
        if (unmarshal_SPKM_1_SEC_MECH.target_requires != (sECIOP_OCI_TransportFeatures.invoc_credentials.invocation_options_supported() & unmarshal_SPKM_1_SEC_MECH.target_requires)) {
            z = false;
            stringBuffer.append(new StringBuffer("     Target requires more than selelcted options 0x").append(Integer.toHexString(sECIOP_OCI_TransportFeatures.invoc_credentials.invocation_options_supported())).append(" target requires 0x").append(Integer.toHexString(unmarshal_SPKM_1_SEC_MECH.target_requires)).toString());
        }
        if (z) {
            sECIOP_OCI_TransportFeatures.association_options = (short) (sECIOP_OCI_TransportFeatures.association_options | unmarshal_SPKM_1_SEC_MECH.target_requires);
        }
        if (orbasec.util.Debug.debug(Debug.SECIOP)) {
            orbasec.util.Debug.println(new StringBuffer("SECIOP_PolicyUtil.features are valid = ").append(z).toString());
            orbasec.util.Debug.println(sECIOP_OCI_TransportFeatures);
        }
        return z;
    }

    public static SECIOP_OCI_TransportFeatures select_features(IOR ior, Policy[] policyArr) {
        Credentials[] credentialsArr = orbasec.corba.PolicyUtil.get_invoc_creds_from_policies(policyArr);
        String[] strArr = orbasec.corba.PolicyUtil.get_mechanisms_from_policies(SECIOP.get_current(), policyArr);
        QOP qop = orbasec.corba.PolicyUtil.get_qop_from_policies(policyArr);
        DelegationDirective delegationDirective = orbasec.corba.PolicyUtil.get_delegation_directive_from_policies(policyArr);
        EstablishTrust establishTrust = orbasec.corba.PolicyUtil.get_trust_from_policies(policyArr);
        String[] strArr2 = orbasec.corba.IOPUtil.get_seciop_mechanism_names(ior);
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = MechUtil.resolveMechanism(strArr[i]);
        }
        for (int i2 = 0; i2 < strArr2.length; i2++) {
            strArr2[i2] = MechUtil.resolveMechanism(strArr2[i2]);
        }
        if (credentialsArr == null || credentialsArr.length < 1) {
            throw new NO_PERMISSION("No credentials.");
        }
        SECIOP_OCI_TransportFeatures select_from_creds = select_from_creds(policyArr, strArr, strArr2, ior, credentialsArr, qop, delegationDirective, establishTrust);
        if (orbasec.util.Debug.debug) {
            orbasec.util.Debug.println(Debug.SECIOP, "PolicyUtil.select_features:");
            orbasec.util.Debug.print(Debug.SECIOP, "  IOR Mechanism Names:");
            for (String str : strArr2) {
                orbasec.util.Debug.print(Debug.SECIOP, new StringBuffer(String.valueOf(str)).append(" ").toString());
            }
            orbasec.util.Debug.println(Debug.SECIOP, "\n");
            orbasec.util.Debug.print(Debug.SECIOP, "  Policy Mechanism Names:");
            for (String str2 : strArr) {
                orbasec.util.Debug.print(Debug.SECIOP, new StringBuffer(String.valueOf(str2)).append(" ").toString());
            }
            orbasec.util.Debug.println(Debug.SECIOP, "\n");
            orbasec.util.Debug.println(Debug.SECIOP, new StringBuffer("  Delegation Directive: ").append(delegationDirective == null ? "*" : orbasec.corba.CredUtil.toString(delegationDirective)).toString());
            orbasec.util.Debug.println(Debug.SECIOP, new StringBuffer("  QOP : ").append(qop == null ? "*" : orbasec.corba.CredUtil.toString(qop)).toString());
            orbasec.util.Debug.println(Debug.SECIOP, new StringBuffer("  client_trust : ").append(establishTrust == null ? "*" : String.valueOf(establishTrust.trust_in_client)).toString());
            orbasec.util.Debug.println(Debug.SECIOP, new StringBuffer("  target_trust : ").append(establishTrust == null ? "*" : String.valueOf(establishTrust.trust_in_target)).toString());
            orbasec.util.Debug.println(Debug.SECIOP, "  FEATURES SELECTED: ");
            orbasec.util.Debug.println(Debug.SECIOP, select_from_creds);
        }
        return select_from_creds;
    }

    public static Policy[] add_default_policies(Policy[] policyArr) {
        return orbasec.corba.PolicyUtil.add_default_policies(SECIOP.get_current(), policyArr);
    }

    public static boolean supports_features(IOR ior, Policy[] policyArr, SECIOP_OCI_TransportFeatures sECIOP_OCI_TransportFeatures) {
        try {
            return sECIOP_OCI_TransportFeatures.supports(select_features(ior, policyArr));
        } catch (NO_RESOURCES e) {
            if (!orbasec.util.Debug.debug(Debug.SECIOP)) {
                return false;
            }
            orbasec.util.Debug.println("SECIOP.PolicyUtil.supports_features: NO RESOURCES");
            orbasec.util.Debug.println(e);
            return false;
        }
    }
}
