package orbasec.iiop;

import com.ooc.OCI.AccRegistry;
import com.ooc.OCI.AcceptCB;
import java.net.Socket;
import orbasec.SecLev2.TrustedAuthority;
import orbasec.SecLev2.TrustedAuthorityPolicy;
import orbasec.SecLev2.TrustedAuthorityPolicyHelper;
import orbasec.corba.AttrDef;
import orbasec.corba.CredUtil;
import orbasec.corba.LocalObject;
import orbasec.corba.MechUtil;
import orbasec.corba.MinorBadOperation;
import orbasec.corba.Opaque;
import orbasec.corba.SecurityAttributes;
import orbasec.corba.SecurityFeatures;
import org.omg.CORBA.BAD_OPERATION;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.BOA;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.INTERNAL;
import org.omg.CORBA.ORB;
import org.omg.Security.AttributeListHolder;
import org.omg.Security.AttributeType;
import org.omg.Security.AuthenticationStatus;
import org.omg.Security.CommunicationDirection;
import org.omg.Security.CredentialsType;
import org.omg.Security.DelegationMode;
import org.omg.Security.DelegationState;
import org.omg.Security.MechandOptions;
import org.omg.Security.QOP;
import org.omg.Security.SecAttribute;
import org.omg.Security.SecurityFeature;
import org.omg.SecurityLevel2.Current;
import org.omg.SecurityLevel2.ReceivedCredentials;
import org.omg.SecurityLevel2.TargetCredentials;
import org.omg.TimeBase.UtcTHolder;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:orbasec/iiop/Credentials.class */
public class Credentials extends LocalObject implements ReceivedCredentials, TargetCredentials {
    int protocol_tag_;
    ORB orb_;
    BOA boa_;
    Vault vault_;
    String host_;
    int port_;
    Current current_;
    SecurityFeatures features_;
    SecurityAttributes attributes_;
    AuthenticationStatus authentication_state_;
    CredentialsType credentials_type_;
    String mechanism_;
    short accepting_options_supported_;
    short accepting_options_required_;
    short invocation_options_required_;
    short invocation_options_supported_;
    short association_options_used_;
    DelegationMode delegation_mode_;
    Credentials accepting_credentials_;
    Credentials initiating_credentials_;
    DelegationState delegation_state_;
    short options_supported;
    short ic_mask;
    short min_required_mask;
    TrustedAuthorityPolicy trusted_auth_policy_;
    static AttributeType[] Unsettable = {CredUtil.genAttributeType(0, 0, 0)};
    String cert_name_;
    Acceptor iiop_acceptor_;
    ConFactory iiop_confactory_;
    int iiop_port_;
    TrustedAuthority[] own_cas_;
    TrustedAuthority[] client_peer_cas_;
    TrustedAuthority[] server_peer_cas_;

    @Override // org.omg.SecurityLevel2.Credentials
    public SecAttribute[] get_attributes(AttributeType[] attributeTypeArr) {
        return attributeTypeArr == null ? this.attributes_.attributes() : this.attributes_.find(attributeTypeArr);
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public boolean set_privileges(boolean z, SecAttribute[] secAttributeArr, AttributeListHolder attributeListHolder) {
        return false;
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public boolean set_attributes(SecAttribute[] secAttributeArr, AttributeListHolder attributeListHolder) {
        SecAttribute[] attributes = this.attributes_.attributes();
        boolean equivalent = CredUtil.equivalent(secAttributeArr, attributes);
        attributeListHolder.value = attributes;
        return equivalent;
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public boolean get_security_feature(CommunicationDirection communicationDirection, SecurityFeature securityFeature) {
        switch (communicationDirection.value()) {
            case 0:
                return this.features_.value_of(securityFeature);
            case 1:
                throw new BAD_PARAM("Request Direction not supported");
            case 2:
                throw new BAD_PARAM("Reply Direction not supported");
            default:
                throw new INTERNAL("Bad CommunicatonDirection value");
        }
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public AuthenticationStatus authentication_state() {
        return this.authentication_state_;
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public CredentialsType credentials_type() {
        return this.credentials_type_;
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public String mechanism() {
        return this.mechanism_;
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public short accepting_options_supported() {
        return this.accepting_options_supported_;
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public void accepting_options_supported(short s) {
        check_set_options(this.options_supported, s);
        this.accepting_options_supported_ = s;
        this.accepting_options_required_ = (short) (this.accepting_options_required_ | (s & this.accepting_options_required_));
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public short accepting_options_required() {
        return this.accepting_options_required_;
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public void accepting_options_required(short s) {
        check_set_options(this.accepting_options_supported_, s);
        this.accepting_options_required_ = s;
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public short invocation_options_required() {
        return this.invocation_options_required_;
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public void invocation_options_required(short s) {
        check_set_options(this.invocation_options_supported_, s);
        this.invocation_options_required_ = s;
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public short invocation_options_supported() {
        return this.invocation_options_supported_;
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public void invocation_options_supported(short s) {
        check_set_options(this.options_supported, s);
        this.invocation_options_supported_ = s;
    }

    @Override // org.omg.SecurityLevel2.ReceivedCredentials, org.omg.SecurityLevel2.TargetCredentials
    public short association_options_used() {
        if (_A_isOwn()) {
            throw new BAD_OPERATION("Invalid on own credentials");
        }
        return this.association_options_used_;
    }

    @Override // org.omg.SecurityLevel2.ReceivedCredentials
    public DelegationMode delegation_mode() {
        return this.delegation_mode_;
    }

    public void delegation_mode(DelegationMode delegationMode) {
        if (!supports_delegation(delegationMode)) {
            throw new BAD_PARAM();
        }
        this.delegation_mode_ = delegationMode;
    }

    @Override // org.omg.SecurityLevel2.ReceivedCredentials
    public org.omg.SecurityLevel2.Credentials accepting_credentials() {
        if (_A_isReceived()) {
            return this.accepting_credentials_;
        }
        throw new BAD_OPERATION("Invalid on own credentials");
    }

    void _A_accepting_credentials(org.omg.SecurityLevel2.Credentials credentials) {
        this.accepting_credentials_ = (Credentials) credentials;
    }

    @Override // org.omg.SecurityLevel2.TargetCredentials
    public org.omg.SecurityLevel2.Credentials initiating_credentials() {
        if (_A_isTarget()) {
            return this.initiating_credentials_;
        }
        throw new BAD_OPERATION("Invalid on own credentials.", MinorBadOperation.Credentials.value(), CompletionStatus.COMPLETED_NO);
    }

    void _A_initiating_credentials(Credentials credentials) {
        this.initiating_credentials_ = credentials;
    }

    @Override // org.omg.SecurityLevel2.ReceivedCredentials
    public DelegationState delegation_state() {
        if (_A_isReceived()) {
            return this.delegation_state_;
        }
        throw new BAD_OPERATION("Invalid on own credentials");
    }

    void _A_delegation_state(DelegationState delegationState) {
        if (!_A_isReceived()) {
            throw new BAD_OPERATION("Invalid on own credentials");
        }
        this.delegation_state_ = delegationState;
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public org.omg.SecurityLevel2.Credentials copy() {
        return _A_copy();
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public void destroy() {
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public boolean is_valid(UtcTHolder utcTHolder) {
        return true;
    }

    @Override // org.omg.SecurityLevel2.Credentials
    public boolean refresh(byte[] bArr) {
        throw new BAD_OPERATION();
    }

    void _A_setReceived() {
        this.credentials_type_ = CredentialsType.SecReceivedCredentials;
    }

    void _A_setOwn() {
        this.credentials_type_ = CredentialsType.SecOwnCredentials;
    }

    void _A_setTarget() {
        this.credentials_type_ = CredentialsType.SecTargetCredentials;
    }

    boolean _A_isReceived() {
        return this.credentials_type_.value() == 1;
    }

    boolean _A_isOwn() {
        return this.credentials_type_.value() == 0;
    }

    boolean _A_isTarget() {
        return this.credentials_type_.value() == 2;
    }

    private void initialize_assoc_options() {
        this.ic_mask = (short) 4;
        this.ic_mask = (short) (this.ic_mask | 2);
        this.min_required_mask = (short) 1;
        this.min_required_mask = (short) (this.min_required_mask | 128);
        MechandOptions[] mechandOptionsArr = IIOP.get_vault().get_supported_mechs();
        int i = 0;
        while (true) {
            if (i >= mechandOptionsArr.length) {
                break;
            }
            if (MechUtil.mechSupportsMech(mechandOptionsArr[i].mechanism_type, this.mechanism_)) {
                this.options_supported = mechandOptionsArr[i].options_supported;
                break;
            }
            i++;
        }
        if (this.options_supported == 0) {
            this.options_supported = this.min_required_mask;
        }
        this.min_required_mask = (short) (this.min_required_mask & this.options_supported);
        this.accepting_options_supported_ = this.options_supported;
        this.accepting_options_required_ = this.min_required_mask;
        this.invocation_options_supported_ = this.options_supported;
        this.invocation_options_required_ = this.min_required_mask;
    }

    void _A_set_options_supported(short s) {
        this.options_supported = s;
    }

    short _A_options_supported() {
        return this.options_supported;
    }

    boolean supports_QOP(QOP qop) {
        switch (qop.value()) {
            case 0:
                return this.features_.no_protection();
            case 1:
                return this.features_.integrity();
            case 2:
                return this.features_.confidentiality();
            case 3:
                return this.features_.integrity_and_confidentiality();
            default:
                throw new INTERNAL("Bad QOP value");
        }
    }

    void _A_supports_invoc_options(short s) {
        check_set_options(this.invocation_options_required_, s);
    }

    private void check_set_options(short s, short s2) {
        if (s2 != (s & s2)) {
            throw new BAD_PARAM("required options must be supported");
        }
        if ((s2 & 1) != 0) {
            if (!supports_QOP(QOP.SecQOPNoProtection)) {
                throw new BAD_PARAM("NoProtection not supported");
            }
            if ((s2 & this.ic_mask) != 0) {
                throw new BAD_PARAM("NoProtection or IntegAndConf, but not both");
            }
        } else if (this.ic_mask == (s2 & this.ic_mask)) {
            if (!supports_QOP(QOP.SecQOPIntegrityAndConfidentiality)) {
                throw new BAD_PARAM("IntegAndConf not supported");
            }
        } else {
            if ((s2 & 2) != 0 && !supports_QOP(QOP.SecQOPIntegrity)) {
                throw new BAD_PARAM("Integrity not supported");
            }
            if ((s2 & 4) != 0 && !supports_QOP(QOP.SecQOPConfidentiality)) {
                throw new BAD_PARAM("Confidentiality not supported");
            }
        }
        if (this.min_required_mask != (s2 & this.min_required_mask)) {
            throw new BAD_PARAM("minimum set required");
        }
    }

    boolean supports_delegation(DelegationMode delegationMode) {
        switch (delegationMode.value()) {
            case 0:
                return this.features_.no_delegation();
            case 1:
                return this.features_.simple_delegation();
            case 2:
                return this.features_.composite_delegation();
            default:
                throw new INTERNAL("Bad DelegationMode");
        }
    }

    private Credentials() {
    }

    private Credentials(ORB orb, BOA boa, String str, int i, Vault vault) {
        this.orb_ = orb;
        this.boa_ = boa;
        this.host_ = str;
        this.port_ = i;
        this.vault_ = vault;
        this.attributes_ = new SecurityAttributes();
        this.authentication_state_ = AuthenticationStatus.SecAuthSuccess;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Credentials(int i, ORB orb, BOA boa, String str, int i2, Vault vault, boolean z, String str2, AcceptCB acceptCB) {
        this(orb, boa, str, i2, vault);
        _A_initialize_own(i, orb, boa, str, i2, z, str2, acceptCB);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Credentials(Credentials credentials, Socket socket) {
        this(credentials.orb_, credentials.boa_, credentials.host_, credentials.port_, credentials.vault_);
    }

    org.omg.SecurityLevel2.Credentials _A_copy() {
        Credentials credentials = new Credentials();
        credentials.orb_ = this.orb_;
        credentials.boa_ = this.boa_;
        credentials.current_ = this.current_;
        credentials.features_ = this.features_;
        credentials.attributes_ = this.attributes_;
        credentials.accepting_options_supported_ = this.accepting_options_supported_;
        credentials.accepting_options_required_ = this.accepting_options_required_;
        credentials.invocation_options_required_ = this.invocation_options_required_;
        credentials.association_options_used_ = this.association_options_used_;
        credentials.delegation_state_ = this.delegation_state_;
        credentials.mechanism_ = this.mechanism_;
        credentials.delegation_mode_ = this.delegation_mode_;
        credentials.credentials_type_ = this.credentials_type_;
        credentials.authentication_state_ = this.authentication_state_;
        credentials.iiop_acceptor_ = this.iiop_acceptor_;
        credentials.iiop_confactory_ = this.iiop_confactory_;
        credentials.iiop_port_ = this.iiop_port_;
        credentials.trusted_auth_policy_ = TrustedAuthorityPolicyHelper.narrow(this.trusted_auth_policy_.copy());
        return credentials;
    }

    public String _A_inquire() {
        return CredUtil.toString(this);
    }

    void _A_set_access_id(Opaque opaque, Opaque opaque2) {
        this.attributes_.replace_or_add(AttrDef.genAccessId(opaque, opaque2));
        this.attributes_.replace_or_add(AttrDef.genSubjectId(opaque2));
        this.attributes_.replace_or_add(AttrDef.genIssuerId(opaque));
    }

    void _A_set_anonymous() {
        Opaque encodePrintableString = Opaque.encodePrintableString("anonymous");
        _A_set_access_id(encodePrintableString, encodePrintableString);
    }

    byte[] _A_get_access_id_name() {
        return this.attributes_.find_first(AttrDef.SubjectId).value;
    }

    SecAttribute _A_get_mechanism_id() {
        return this.attributes_.find_first(AttrDef.Mechanism);
    }

    void _A_set_mechanism_id(SecAttribute secAttribute) {
        this.attributes_.replace_or_add(secAttribute);
    }

    void _A_set_mechanism_id(String str) {
        _A_set_mechanism_id(_A_define_mechanism_id(str));
    }

    SecAttribute _A_define_mechanism_id(String str) {
        return AttrDef.genMechanism(str);
    }

    public String toString() {
        return _A_inquire();
    }

    public void set_policy_attributes(String str, String str2, String str3) {
    }

    static boolean can_set(AttributeType attributeType) {
        for (int i = 0; i < Unsettable.length; i++) {
            if (CredUtil.equals(attributeType, Unsettable[i])) {
                return false;
            }
        }
        return true;
    }

    static boolean can_set(SecAttribute secAttribute) {
        return can_set(secAttribute.attribute_type);
    }

    void _A_set_mechanism(String str) {
        this.mechanism_ = str;
        _A_set_mechanism_id(this.mechanism_);
    }

    void _A_initialize_own(int i, ORB orb, BOA boa, String str, int i2, boolean z, String str2, AcceptCB acceptCB) {
        this.orb_ = orb;
        this.boa_ = boa;
        this.host_ = str;
        this.iiop_port_ = i2;
        this.protocol_tag_ = i;
        _A_setOwn();
        this.mechanism_ = MechUtil.resolveMechanism(str2);
        this.attributes_.add(AttrDef.genMechanism(this.mechanism_));
        this.attributes_.add(AttrDef.genLocalHost(this.host_));
        initialize_assoc_options();
        this.authentication_state_ = AuthenticationStatus.SecAuthFailure;
        if (orbasec.util.Debug.debug(Debug.IIOP)) {
            orbasec.util.Debug.println("Credentials: Final Association Options");
            orbasec.util.Debug.println(new StringBuffer("accepting_options_supported  = 0x").append(Integer.toHexString(this.accepting_options_supported_)).toString());
            orbasec.util.Debug.println(new StringBuffer("accepting_options_required   = 0x").append(Integer.toHexString(this.accepting_options_required_)).toString());
            orbasec.util.Debug.println(new StringBuffer("invocation_options_supported = 0x").append(Integer.toHexString(this.invocation_options_supported_)).toString());
            orbasec.util.Debug.println(new StringBuffer("invocation_options_required  = 0x").append(Integer.toHexString(this.invocation_options_required_)).toString());
            orbasec.util.Debug.println(new StringBuffer("options_supported            = 0x").append(Integer.toHexString(this.options_supported)).toString());
        }
        if (z) {
            _A_create_acceptor(acceptCB);
            this.attributes_.add(AttrDef.genLocalPort(this.iiop_port_));
        }
        _A_set_anonymous();
        this.features_ = new SecurityFeatures();
        this.features_._A_set_from_options(this.accepting_options_supported_);
        this.features_._A_no_delegation(true);
        delegation_mode(DelegationMode.SecDelModeNoDelegation);
        this.authentication_state_ = AuthenticationStatus.SecAuthSuccess;
    }

    private void _A_create_acceptor(AcceptCB acceptCB) {
        com.ooc.CORBA.BOA boa = this.boa_;
        AccRegistry accRegistry = boa.get_acc_registry();
        if (orbasec.util.Debug.debug) {
            orbasec.util.Debug.println(Debug.IIOP, new StringBuffer("IIOP.Credentials.Adding IIOP acceptor: host: ").append(this.host_).append(" port: ").append(this.iiop_port_).toString());
        }
        this.iiop_acceptor_ = new Acceptor(this.protocol_tag_, this.host_, this.iiop_port_, this);
        if (orbasec.util.Debug.debug) {
            orbasec.util.Debug.println(Debug.IIOP, new StringBuffer("IIOP.Credentials.Added IIOP acceptor: iiopHost: ").append(this.host_).append(" port: ").append(this.iiop_acceptor_.iiop_port_).toString());
        }
        this.iiop_port_ = this.iiop_acceptor_.iiop_port_;
        accRegistry.add_acceptor(this.iiop_acceptor_);
        this.iiop_acceptor_.get_info().add_accept_cb(acceptCB);
        boa.init_servers();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void _A_initialize_received(Credentials credentials, Socket socket) {
        if (orbasec.util.Debug.debug(Debug.IIOP)) {
            orbasec.util.Debug.println("Credentials:_A_initialize_received");
            orbasec.util.Debug.println(new StringBuffer("    Socket: ").append(socket).toString());
            orbasec.util.Debug.println("    Local Creds:");
            orbasec.util.Debug.println(CredUtil.toString(credentials));
        }
        _A_setReceived();
        _A_delegation_state(DelegationState.SecInitiator);
        _A_accepting_credentials(credentials);
        this.mechanism_ = MechUtil.getSymbolicMechanism(Debug.IIOP, new short[0]);
        this.attributes_.add(AttrDef.genMechanism(this.mechanism_));
        this.attributes_.add(AttrDef.genLocalHost(socket.getLocalAddress().getHostName()));
        this.attributes_.add(AttrDef.genLocalPort(socket.getLocalPort()));
        this.attributes_.add(AttrDef.genPeerHost(socket.getInetAddress().getHostName()));
        this.attributes_.add(AttrDef.genPeerPort(socket.getPort()));
        _A_set_anonymous();
        if (orbasec.util.Debug.debug(Debug.IIOP)) {
            orbasec.util.Debug.println(new StringBuffer("Mechanism:").append(this.mechanism_).toString());
        }
        initialize_assoc_options();
        this.association_options_used_ = (short) 129;
        this.invocation_options_supported_ = (short) 0;
        this.invocation_options_required_ = (short) 0;
        this.accepting_options_supported_ = (short) 0;
        this.accepting_options_required_ = (short) 0;
        this.features_ = new SecurityFeatures();
        this.features_._A_set_from_options((short) 0);
        this.delegation_mode_ = DelegationMode.SecDelModeNoDelegation;
        this.authentication_state_ = AuthenticationStatus.SecAuthSuccess;
        if (orbasec.util.Debug.debug(Debug.IIOP)) {
            orbasec.util.Debug.println(CredUtil.toString(this));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void _A_initialize_target(Credentials credentials, Socket socket) {
        if (orbasec.util.Debug.debug(Debug.IIOP)) {
            orbasec.util.Debug.println("Credentials:_A_initialize_received");
            orbasec.util.Debug.println(new StringBuffer("    Socket: ").append(socket).toString());
            orbasec.util.Debug.println("    Local Creds:");
            orbasec.util.Debug.println(CredUtil.toString(credentials));
        }
        _A_setTarget();
        _A_initiating_credentials(credentials);
        this.mechanism_ = MechUtil.getSymbolicMechanism(Debug.IIOP, new short[0]);
        this.attributes_.add(AttrDef.genMechanism(this.mechanism_));
        this.attributes_.add(AttrDef.genLocalHost(socket.getLocalAddress().getHostName()));
        this.attributes_.add(AttrDef.genLocalPort(socket.getLocalPort()));
        this.attributes_.add(AttrDef.genPeerHost(socket.getInetAddress().getHostName()));
        this.attributes_.add(AttrDef.genPeerPort(socket.getPort()));
        _A_set_anonymous();
        if (orbasec.util.Debug.debug(Debug.IIOP)) {
            orbasec.util.Debug.println(new StringBuffer("Mechanism:").append(this.mechanism_).toString());
        }
        initialize_assoc_options();
        this.association_options_used_ = (short) 129;
        this.invocation_options_supported_ = (short) 0;
        this.invocation_options_required_ = (short) 0;
        this.accepting_options_supported_ = (short) 0;
        this.accepting_options_required_ = (short) 0;
        this.features_ = new SecurityFeatures();
        this.features_._A_set_from_options((short) 0);
        this.delegation_mode_ = DelegationMode.SecDelModeNoDelegation;
        this.authentication_state_ = AuthenticationStatus.SecAuthSuccess;
        if (orbasec.util.Debug.debug(Debug.IIOP)) {
            orbasec.util.Debug.println(CredUtil.toString(this));
        }
    }
}
