package tecgraf.openbus.core;

import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Random;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.omg.CORBA.Any;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.INTERNAL;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.UserException;
import org.omg.IOP.CodecPackage.FormatMismatch;
import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
import org.omg.IOP.CodecPackage.TypeMismatch;
import org.omg.PortableInterceptor.ForwardRequest;
import org.omg.PortableInterceptor.InvalidSlot;
import org.omg.PortableInterceptor.ServerRequestInfo;
import org.omg.PortableInterceptor.ServerRequestInterceptor;
import tecgraf.openbus.CallDispatchCallback;
import tecgraf.openbus.core.Credential;
import tecgraf.openbus.core.Session;
import tecgraf.openbus.core.v2_1.OctetSeqHolder;
import tecgraf.openbus.core.v2_1.credential.CredentialDataHelper;
import tecgraf.openbus.core.v2_1.services.access_control.CallChain;
import tecgraf.openbus.core.v2_1.services.access_control.InvalidLogins;
import tecgraf.openbus.exception.CryptographyException;
import tecgraf.openbus.interceptors.CallChainInfo;
import tecgraf.openbus.interceptors.CallChainInfoHelper;
import tecgraf.openbus.security.Cryptography;

/* loaded from: input_file:tecgraf/openbus/core/ServerRequestInterceptorImpl.class */
final class ServerRequestInterceptorImpl extends InterceptorImpl implements ServerRequestInterceptor {
    private static final Logger logger = Logger.getLogger(ServerRequestInterceptorImpl.class.getName());

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerRequestInterceptorImpl(String str, ORBMediator oRBMediator) {
        super(str, oRBMediator);
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void receive_request_service_contexts(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    private Credential retrieveCredential(ServerRequestInfo serverRequestInfo) {
        try {
            byte[] bArr = serverRequestInfo.get_request_service_context(1112888065).context_data;
            if (bArr != null) {
                return new Credential(CredentialDataHelper.extract(codec().decode_value(bArr, CredentialDataHelper.type())));
            }
        } catch (BAD_PARAM e) {
            switch (e.minor) {
                case 26:
                    break;
                default:
                    throw e;
            }
        } catch (FormatMismatch | TypeMismatch e2) {
            logger.log(Level.SEVERE, "Falha inesperada ao decodificar a credencial", e2);
            throw new INTERNAL("Falha inesperada ao decodificar a credencial");
        }
        try {
            byte[] bArr2 = serverRequestInfo.get_request_service_context(1112888064).context_data;
            if (bArr2 != null) {
                return new Credential(tecgraf.openbus.core.v2_0.credential.CredentialDataHelper.extract(codec().decode_value(bArr2, tecgraf.openbus.core.v2_0.credential.CredentialDataHelper.type())));
            }
        } catch (BAD_PARAM e3) {
            switch (e3.minor) {
                case 26:
                    break;
                default:
                    throw e3;
            }
        } catch (FormatMismatch | TypeMismatch e4) {
            logger.log(Level.SEVERE, "Falha inesperada ao decodificar a credencial", e4);
            throw new INTERNAL("Falha inesperada ao decodificar a credencial");
        }
        logger.info("Nenhuma credencial suportada encontrada");
        throw new NO_PERMISSION("Nenhuma credencial suportada encontrada", 1112888070, CompletionStatus.COMPLETED_NO);
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void receive_request(ServerRequestInfo serverRequestInfo) {
        String operation = serverRequestInfo.operation();
        logger.finest(String.format("[in] receive_request: %s", operation));
        int request_id = serverRequestInfo.request_id();
        byte[] object_id = serverRequestInfo.object_id();
        OpenBusContextImpl context = context();
        Credential retrieveCredential = retrieveCredential(serverRequestInfo);
        try {
            try {
                String str = retrieveCredential.bus;
                String str2 = retrieveCredential.login;
                ConnectionImpl connForDispatch = getConnForDispatch(context, str, str2, object_id, operation);
                if (!str.equals(connForDispatch.busId())) {
                    logger.severe(String.format("Recebeu chamade de outro barramento: operação (%s) login (%s) bus (%s)", operation, str2, str));
                    throw new NO_PERMISSION(1112888066, CompletionStatus.COMPLETED_NO);
                }
                context.currentConnection(connForDispatch);
                if (!validateLogin(connForDispatch, str2, serverRequestInfo)) {
                    logger.severe(String.format("Credencial com login inválido: operação (%s) login (%s)", operation, str2));
                    throw new NO_PERMISSION(1112888066, CompletionStatus.COMPLETED_NO);
                }
                OctetSeqHolder octetSeqHolder = new OctetSeqHolder();
                String loginInfo = getLoginInfo(connForDispatch, str2, octetSeqHolder, serverRequestInfo);
                if (!validateCredential(retrieveCredential, serverRequestInfo, connForDispatch)) {
                    doResetCredential(serverRequestInfo, connForDispatch, retrieveCredential, octetSeqHolder.value);
                    throw new NO_PERMISSION(1112888064, CompletionStatus.COMPLETED_NO);
                }
                if (!validateChain(retrieveCredential, null, connForDispatch)) {
                    logger.fine(String.format("Recebeu chamada com cadeia inválida: operação (%s) requestId (%d)", operation, Integer.valueOf(request_id)));
                    throw new NO_PERMISSION(1112888065, CompletionStatus.COMPLETED_NO);
                }
                saveRequestInformations(retrieveCredential, connForDispatch, serverRequestInfo);
                logger.fine(String.format("Recebendo chamada pelo barramento: login (%s) entidade (%s) operação (%s) requestId (%d)", str2, loginInfo, operation, Integer.valueOf(request_id)));
                logger.finest(String.format("[out] receive_request: %s", operation));
            } catch (CryptographyException e) {
                logger.log(Level.SEVERE, "Falha ao criptografar com chave pública", (Throwable) e);
                throw new NO_PERMISSION(1112888069, CompletionStatus.COMPLETED_NO);
            }
        } catch (Throwable th) {
            logger.finest(String.format("[out] receive_request: %s", operation));
            throw th;
        }
    }

    private ConnectionImpl getConnForDispatch(OpenBusContextImpl openBusContextImpl, String str, String str2, byte[] bArr, String str3) {
        ConnectionImpl connectionImpl = null;
        CallDispatchCallback onCallDispatch = openBusContextImpl.onCallDispatch();
        if (onCallDispatch != null) {
            try {
                connectionImpl = (ConnectionImpl) onCallDispatch.dispatch(openBusContextImpl, str, str2, bArr, str3);
            } catch (Exception e) {
                logger.log(Level.SEVERE, "Callback 'onCallDispatch' gerou um erro durante execução.", (Throwable) e);
            }
        }
        if (connectionImpl == null) {
            connectionImpl = (ConnectionImpl) openBusContextImpl.defaultConnection();
        }
        if (connectionImpl == null || connectionImpl.login() == null || !connectionImpl.busId().equals(str)) {
            throw new NO_PERMISSION(1112888068, CompletionStatus.COMPLETED_NO);
        }
        return connectionImpl;
    }

    private void doResetCredential(ServerRequestInfo serverRequestInfo, ConnectionImpl connectionImpl, Credential credential, byte[] bArr) throws CryptographyException {
        byte[] newSecret = newSecret();
        Cryptography cryptography = Cryptography.getInstance();
        byte[] encrypt = cryptography.encrypt(newSecret, cryptography.generateRSAPublicKeyFromX509EncodedKey(bArr));
        int nextAvailableSessionId = connectionImpl.nextAvailableSessionId();
        Session.ServerSideSession serverSideSession = new Session.ServerSideSession(nextAvailableSessionId, newSecret, credential.login);
        connectionImpl.cache.srvSessions.put(Integer.valueOf(serverSideSession.getSession()), serverSideSession);
        try {
            serverRequestInfo.add_reply_service_context(new Credential.Reset(connectionImpl.login(), nextAvailableSessionId, encrypt, credential.legacy.booleanValue()).toServiceContext(orb(), codec()), false);
            logger.fine(String.format("Resetando a credencial: operação (%s) requestId (%d)", serverRequestInfo.operation(), Integer.valueOf(serverRequestInfo.request_id())));
        } catch (InvalidTypeForEncoding e) {
            String format = String.format("Falha ao codificar reset: operação (%s) requestId (%d)", serverRequestInfo.operation(), Integer.valueOf(serverRequestInfo.request_id()));
            logger.log(Level.SEVERE, format, (Throwable) e);
            throw new INTERNAL(format);
        }
    }

    private boolean validateLogin(ConnectionImpl connectionImpl, String str, ServerRequestInfo serverRequestInfo) {
        try {
            return connectionImpl.cache.logins.validateLogin(str);
        } catch (NO_PERMISSION e) {
            String operation = serverRequestInfo.operation();
            int request_id = serverRequestInfo.request_id();
            if (e.minor == 1112888319) {
                logger.log(Level.SEVERE, String.format("Erro ao validar o login. Conexão dispatcher está deslogada. operação (%s) requestId (%d)", operation, Integer.valueOf(request_id)), (Throwable) e);
                throw new NO_PERMISSION(1112888068, CompletionStatus.COMPLETED_NO);
            }
            logger.log(Level.SEVERE, String.format("Erro ao validar o login. operação (%s) requestId (%d)", operation, Integer.valueOf(request_id)), (Throwable) e);
            throw new NO_PERMISSION(1112888067, CompletionStatus.COMPLETED_NO);
        } catch (Exception e2) {
            logger.log(Level.SEVERE, "Erro ao validar o login.", (Throwable) e2);
            throw new NO_PERMISSION(1112888067, CompletionStatus.COMPLETED_NO);
        }
    }

    private String getLoginInfo(ConnectionImpl connectionImpl, String str, OctetSeqHolder octetSeqHolder, ServerRequestInfo serverRequestInfo) {
        String operation = serverRequestInfo.operation();
        int request_id = serverRequestInfo.request_id();
        try {
            return connectionImpl.cache.logins.getLoginEntity(str, octetSeqHolder);
        } catch (NO_PERMISSION e) {
            if (e.minor == 1112888319) {
                logger.log(Level.SEVERE, String.format("Erro ao verificar o login. Conexão dispatcher está deslogada. operação (%s) requestId (%d)", operation, Integer.valueOf(request_id)), (Throwable) e);
                throw new NO_PERMISSION(1112888068, CompletionStatus.COMPLETED_NO);
            }
            logger.log(Level.SEVERE, String.format("Erro ao verificar o login. operação (%s) requestId (%d)", operation, Integer.valueOf(request_id)), (Throwable) e);
            throw new NO_PERMISSION(1112888067, CompletionStatus.COMPLETED_NO);
        } catch (InvalidLogins e2) {
            logger.log(Level.SEVERE, String.format("Login verificado é inválido. operação (%s) requestId (%d)", operation, Integer.valueOf(request_id)), (Throwable) e2);
            throw new NO_PERMISSION(1112888066, CompletionStatus.COMPLETED_NO);
        } catch (Exception e3) {
            logger.log(Level.SEVERE, String.format("Erro ao verificar o login. operação (%s) requestId (%d)", operation, Integer.valueOf(request_id)), (Throwable) e3);
            throw new NO_PERMISSION(1112888067, CompletionStatus.COMPLETED_NO);
        }
    }

    private boolean validateCredential(Credential credential, ServerRequestInfo serverRequestInfo, ConnectionImpl connectionImpl) {
        Session.ServerSideSession serverSideSession = connectionImpl.cache.srvSessions.get(Integer.valueOf(credential.session));
        if (serverSideSession == null || !serverSideSession.getCaller().equals(credential.login)) {
            logger.fine(String.format("Recebeu chamada sem sessão associda: operação (%s) requestId (%d)", serverRequestInfo.operation(), Integer.valueOf(serverRequestInfo.request_id())));
            return false;
        }
        if (Arrays.equals(generateCredentialDataHash(serverRequestInfo, serverSideSession.getSecret(), credential.ticket, credential.legacy.booleanValue()), credential.hash) && serverSideSession.checkTicket(credential.ticket)) {
            logger.finest(String.format("credencial válida: operação (%s) requestId (%d) sessão (%d) ticket (%d)", serverRequestInfo.operation(), Integer.valueOf(serverRequestInfo.request_id()), Integer.valueOf(serverSideSession.getSession()), Integer.valueOf(credential.ticket)));
            return true;
        }
        logger.finest(String.format("Falha na validação do hash da credencial: operação (%s) requestId (%d)", serverRequestInfo.operation(), Integer.valueOf(serverRequestInfo.request_id())));
        return false;
    }

    private boolean validateChain(Credential credential, RSAPublicKey rSAPublicKey, ConnectionImpl connectionImpl) {
        Cryptography cryptography = Cryptography.getInstance();
        if (rSAPublicKey == null) {
            rSAPublicKey = connectionImpl.busPublicKey();
        }
        if (credential.chain == null) {
            return false;
        }
        try {
            Credential.Chain decodeChain = credential.decodeChain(codec());
            if (cryptography.verifySignature(rSAPublicKey, decodeChain.encoded(), decodeChain.signature()) && decodeChain.bus.equals(credential.bus) && decodeChain.target.equals(connectionImpl.login().entity)) {
                return decodeChain.caller.id.equals(credential.login);
            }
            return false;
        } catch (UserException e) {
            logger.log(Level.SEVERE, "Falha inesperada ao decodificar a cadeia", (Throwable) e);
            throw new INTERNAL("Falha inesperada ao decodificar a cadeia");
        } catch (CryptographyException e2) {
            logger.log(Level.SEVERE, "Falha inesperada ao verificar assinatura da cadeia.", (Throwable) e2);
            throw new INTERNAL("Falha inesperada ao verificar assinatura da cadeia.");
        }
    }

    private void saveRequestInformations(Credential credential, ConnectionImpl connectionImpl, ServerRequestInfo serverRequestInfo) {
        CallChainInfo callChainInfo = new CallChainInfo();
        Credential.Chain chain = credential.chain;
        callChainInfo.chain = chain.signedChain;
        callChainInfo.legacy = credential.legacy.booleanValue();
        callChainInfo.bus = credential.bus;
        callChainInfo.legacy_chain = chain.signedLegacy;
        if (!credential.legacy.booleanValue() && connectionImpl.legacy() && connectionImpl.legacySupport().converter() != null) {
            try {
                try {
                    context().joinChain(new CallerChainImpl(new CallChain(chain.bus, chain.target, chain.originators, chain.caller), chain.signedChain));
                    callChainInfo.legacy_chain = connectionImpl.legacySupport().converter().convertSignedChain();
                    context().exitChain();
                } catch (Exception e) {
                    String format = String.format("Falha ao converter cadeia assinada: operação (%s) requestId (%d)", serverRequestInfo.operation(), Integer.valueOf(serverRequestInfo.request_id()));
                    logger.log(Level.SEVERE, format, (Throwable) e);
                    throw new NO_PERMISSION(format, 1112888070, CompletionStatus.COMPLETED_NO);
                }
            } catch (Throwable th) {
                context().exitChain();
                throw th;
            }
        }
        Any create_any = orb().create_any();
        CallChainInfoHelper.insert(create_any, callChainInfo);
        try {
            serverRequestInfo.set_slot(mediator().getSignedChainSlotId(), create_any);
            setCurrentConnection(serverRequestInfo, connectionImpl);
        } catch (InvalidSlot e2) {
            logger.log(Level.SEVERE, "Falha inesperada ao armazenar dados em slot", (Throwable) e2);
            throw new INTERNAL("Falha inesperada ao armazenar dados em slot");
        }
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void send_reply(ServerRequestInfo serverRequestInfo) {
        String operation = serverRequestInfo.operation();
        removeCurrentConnection(serverRequestInfo);
        try {
            serverRequestInfo.set_slot(mediator().getSignedChainSlotId(), orb().create_any());
            logger.fine(String.format("Chamada atendida: operação (%s) requestId (%d)", operation, Integer.valueOf(serverRequestInfo.request_id())));
        } catch (InvalidSlot e) {
            logger.log(Level.SEVERE, "Falha inesperada ao limpar informações nos slots", (Throwable) e);
            throw new INTERNAL("Falha inesperada ao limpar informações nos slots");
        }
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void send_exception(ServerRequestInfo serverRequestInfo) {
    }

    @Override // org.omg.PortableInterceptor.ServerRequestInterceptorOperations
    public void send_other(ServerRequestInfo serverRequestInfo) {
    }

    private byte[] newSecret() {
        byte[] bArr = new byte[16];
        new Random().nextBytes(bArr);
        return bArr;
    }

    private void setCurrentConnection(ServerRequestInfo serverRequestInfo, ConnectionImpl connectionImpl) {
        try {
            int uniqueId = mediator().getUniqueId();
            Any create_any = orb().create_any();
            create_any.insert_long(uniqueId);
            OpenBusContextImpl context = mediator().getContext();
            serverRequestInfo.set_slot(context.getCurrentConnectionSlotId(), create_any);
            context.setConnectionById(uniqueId, connectionImpl);
            logger.finest(String.format("Salvando conexão que realiza o dispatch: conexão (%s) login (%s) operação (%s) requestId (%s)", connectionImpl.connId(), connectionImpl.login().id, serverRequestInfo.operation(), Integer.valueOf(serverRequestInfo.request_id())));
        } catch (InvalidSlot e) {
            logger.log(Level.SEVERE, "Falha inesperada ao acessar o slot da thread corrente", (Throwable) e);
            throw new INTERNAL("Falha inesperada ao acessar o slot da thread corrente");
        }
    }

    private void removeCurrentConnection(ServerRequestInfo serverRequestInfo) {
        try {
            OpenBusContextImpl context = mediator().getContext();
            Any any = serverRequestInfo.get_slot(context.getCurrentConnectionSlotId());
            if (any.type().kind().value() == 0) {
                logger.log(Level.SEVERE, "BUG: Falha inesperada ao acessar o slot da conexão corrente");
                throw new INTERNAL("BUG: Falha inesperada ao acessar o slot da conexão corrente");
            }
            context.setConnectionById(any.extract_long(), null);
            serverRequestInfo.set_slot(context.getCurrentConnectionSlotId(), orb().create_any());
        } catch (InvalidSlot e) {
            logger.log(Level.SEVERE, "Falha inesperada ao acessar o slot da thread corrente", (Throwable) e);
            throw new INTERNAL("Falha inesperada ao acessar o slot da thread corrente");
        }
    }
}
