package tecgraf.openbus.core;

import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Random;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.omg.CORBA.Any;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.INTERNAL;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.ORB;
import org.omg.IOP.Codec;
import org.omg.IOP.CodecPackage.FormatMismatch;
import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
import org.omg.IOP.CodecPackage.TypeMismatch;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ForwardRequest;
import org.omg.PortableInterceptor.InvalidSlot;
import org.omg.PortableInterceptor.ServerRequestInfo;
import org.omg.PortableInterceptor.ServerRequestInterceptor;
import tecgraf.openbus.CallDispatchCallback;
import tecgraf.openbus.Connection;
import tecgraf.openbus.core.Session;
import tecgraf.openbus.core.v1_05.access_control_service.Credential;
import tecgraf.openbus.core.v1_05.access_control_service.CredentialHelper;
import tecgraf.openbus.core.v2_0.OctetSeqHolder;
import tecgraf.openbus.core.v2_0.credential.CredentialData;
import tecgraf.openbus.core.v2_0.credential.CredentialDataHelper;
import tecgraf.openbus.core.v2_0.credential.CredentialReset;
import tecgraf.openbus.core.v2_0.credential.CredentialResetHelper;
import tecgraf.openbus.core.v2_0.credential.SignedCallChain;
import tecgraf.openbus.core.v2_0.credential.SignedCallChainHelper;
import tecgraf.openbus.core.v2_0.services.ServiceFailure;
import tecgraf.openbus.core.v2_0.services.access_control.CallChain;
import tecgraf.openbus.core.v2_0.services.access_control.CallChainHelper;
import tecgraf.openbus.core.v2_0.services.access_control.InvalidChainCode;
import tecgraf.openbus.core.v2_0.services.access_control.InvalidLoginCode;
import tecgraf.openbus.core.v2_0.services.access_control.InvalidLogins;
import tecgraf.openbus.core.v2_0.services.access_control.InvalidPublicKeyCode;
import tecgraf.openbus.core.v2_0.services.access_control.LoginInfo;
import tecgraf.openbus.core.v2_0.services.access_control.NoCredentialCode;
import tecgraf.openbus.core.v2_0.services.access_control.UnknownBusCode;
import tecgraf.openbus.core.v2_0.services.access_control.UnverifiedLoginCode;
import tecgraf.openbus.exception.CryptographyException;
import tecgraf.openbus.security.Cryptography;

/* loaded from: input_file:tecgraf/openbus/core/ServerRequestInterceptorImpl.class */
final class ServerRequestInterceptorImpl extends InterceptorImpl implements ServerRequestInterceptor {
    private static final Logger logger = Logger.getLogger(ServerRequestInterceptorImpl.class.getName());
    private static final String UNKNOWN_BUS = "";

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerRequestInterceptorImpl(String str, ORBMediator oRBMediator) {
        super(str, oRBMediator);
    }

    public void receive_request_service_contexts(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    private CredentialWrapper retrieveCredential(ServerRequestInfo serverRequestInfo) {
        ORB orb = getMediator().getORB();
        Codec codec = getMediator().getCodec();
        byte[] bArr = null;
        try {
            bArr = serverRequestInfo.get_request_service_context(1112888064).context_data;
        } catch (BAD_PARAM e) {
            switch (e.minor) {
                case 23:
                case 26:
                    break;
                default:
                    throw e;
            }
        }
        if (bArr != null) {
            try {
                try {
                    CredentialData extract = CredentialDataHelper.extract(codec.decode_value(bArr, CredentialDataHelper.type()));
                    SignedCallChain signedCallChain = extract.chain;
                    Any create_any = orb.create_any();
                    SignedCallChainHelper.insert(create_any, signedCallChain);
                    serverRequestInfo.set_slot(getMediator().getSignedChainSlotId(), create_any);
                    return new CredentialWrapper(false, extract, null);
                } catch (InvalidSlot e2) {
                    logger.log(Level.SEVERE, "Falha inesperada ao armazenar a credencial em seu slot", e2);
                    throw new INTERNAL("Falha inesperada ao armazenar a credencial em seu slot");
                }
            } catch (FormatMismatch e3) {
                logger.log(Level.SEVERE, "Falha inesperada ao decodificar a credencial", e3);
                throw new INTERNAL("Falha inesperada ao decodificar a credencial");
            } catch (TypeMismatch e4) {
                logger.log(Level.SEVERE, "Falha inesperada ao decodificar a credencial", e4);
                throw new INTERNAL("Falha inesperada ao decodificar a credencial");
            }
        }
        byte[] bArr2 = null;
        try {
            bArr2 = serverRequestInfo.get_request_service_context(1234).context_data;
        } catch (BAD_PARAM e5) {
            switch (e5.minor) {
                case 23:
                case 26:
                    break;
                default:
                    throw e5;
            }
        }
        if (bArr2 == null) {
            logger.info("Nenhuma credencial suportada encontrada");
            throw new NO_PERMISSION("Nenhuma credencial suportada encontrada", NoCredentialCode.value, CompletionStatus.COMPLETED_NO);
        }
        CredentialWrapper credentialWrapper = new CredentialWrapper();
        try {
            Credential extract2 = CredentialHelper.extract(codec.decode_value(bArr2, CredentialHelper.type()));
            String str = extract2.identifier;
            CallChain callChain = new CallChain(UNKNOWN_BUS, !extract2.delegate.equals(UNKNOWN_BUS) ? new LoginInfo[]{new LoginInfo("<unknown>", extract2.delegate)} : new LoginInfo[0], new LoginInfo(str, extract2.owner));
            Any create_any2 = orb.create_any();
            CallChainHelper.insert(create_any2, callChain);
            byte[] encode_value = codec.encode_value(create_any2);
            CredentialData credentialData = new CredentialData();
            credentialData.bus = UNKNOWN_BUS;
            credentialData.login = str;
            credentialData.session = -1;
            credentialData.ticket = -1;
            credentialData.hash = LEGACY_HASH;
            credentialData.chain = new SignedCallChain(LEGACY_ENCRYPTED_BLOCK, encode_value);
            credentialWrapper.isLegacy = true;
            credentialWrapper.credential = credentialData;
            credentialWrapper.legacyCredential = extract2;
            try {
                Any create_any3 = orb.create_any();
                SignedCallChainHelper.insert(create_any3, credentialWrapper.credential.chain);
                serverRequestInfo.set_slot(getMediator().getSignedChainSlotId(), create_any3);
                return credentialWrapper;
            } catch (InvalidSlot e6) {
                logger.log(Level.SEVERE, "Falha ao armazenar a credencial em seu slot", e6);
                throw new INTERNAL("Falha ao armazenar a credencial em seu slot");
            }
        } catch (TypeMismatch e7) {
            String format = String.format("Falha ao decodificar a credencial 1.5: %s", e7.getClass().getSimpleName());
            logger.log(Level.SEVERE, format, e7);
            throw new INTERNAL(format, 0, CompletionStatus.COMPLETED_NO);
        } catch (InvalidTypeForEncoding e8) {
            String format2 = String.format("Falha ao construir credencial 2.0 a partir da 1.5: %s", e8.getClass().getSimpleName());
            logger.log(Level.SEVERE, format2, e8);
            throw new INTERNAL(format2, 0, CompletionStatus.COMPLETED_NO);
        } catch (FormatMismatch e9) {
            String format3 = String.format("Falha ao decodificar a credencial 1.5: %s", e9.getClass().getSimpleName());
            logger.log(Level.SEVERE, format3, e9);
            throw new INTERNAL(format3, 0, CompletionStatus.COMPLETED_NO);
        }
    }

    public void receive_request(ServerRequestInfo serverRequestInfo) {
        ConnectionImpl connForDispatch;
        String operation = serverRequestInfo.operation();
        byte[] object_id = serverRequestInfo.object_id();
        ORB orb = getMediator().getORB();
        OpenBusContextImpl context = getMediator().getContext();
        CredentialWrapper retrieveCredential = retrieveCredential(serverRequestInfo);
        try {
            CredentialData credentialData = retrieveCredential.credential;
            if (credentialData != null) {
                String str = credentialData.bus;
                String str2 = credentialData.login;
                if (retrieveCredential.isLegacy) {
                    boolean z = false;
                    connForDispatch = getConnForDispatch(context, str, str2, object_id, operation);
                    context.setCurrentConnection(connForDispatch);
                    try {
                        if (connForDispatch.cache.logins.validateLogin(str2, connForDispatch)) {
                            if (connForDispatch.cache.valids.isValid(retrieveCredential.legacyCredential, connForDispatch)) {
                                z = true;
                            }
                        }
                        if (!z) {
                            logger.fine(String.format("Login de credencial 1.5 não é válido: login (%s) operação (%s)", str2, operation));
                            throw new NO_PERMISSION(0, CompletionStatus.COMPLETED_NO);
                        }
                    } catch (Exception e) {
                        logger.log(Level.SEVERE, "Erro ao validar o login 1.5.", (Throwable) e);
                        throw new NO_PERMISSION(0, CompletionStatus.COMPLETED_NO);
                    }
                } else {
                    connForDispatch = getConnForDispatch(context, str, str2, object_id, operation);
                    context.setCurrentConnection(connForDispatch);
                    try {
                        if (!connForDispatch.cache.logins.validateLogin(str2, connForDispatch)) {
                            throw new NO_PERMISSION(InvalidLoginCode.value, CompletionStatus.COMPLETED_NO);
                        }
                    } catch (NO_PERMISSION e2) {
                        if (((NO_PERMISSION) e2).minor == 1112888319) {
                            logger.log(Level.SEVERE, "Erro ao validar o login. Conexão dispatcher está deslogada.", e2);
                            throw new NO_PERMISSION(UnknownBusCode.value, CompletionStatus.COMPLETED_NO);
                        }
                        logger.log(Level.SEVERE, "Erro ao validar o login.", e2);
                        throw new NO_PERMISSION(UnverifiedLoginCode.value, CompletionStatus.COMPLETED_NO);
                    } catch (Exception e3) {
                        logger.log(Level.SEVERE, "Erro ao validar o login.", (Throwable) e3);
                        throw new NO_PERMISSION(UnverifiedLoginCode.value, CompletionStatus.COMPLETED_NO);
                    }
                }
                OctetSeqHolder octetSeqHolder = new OctetSeqHolder();
                try {
                    String loginEntity = connForDispatch.cache.logins.getLoginEntity(str2, octetSeqHolder, connForDispatch);
                    if (!validateCredential(credentialData, serverRequestInfo, connForDispatch)) {
                        logger.finest(String.format("Recebeu chamada sem sessão associda: %s", operation));
                        doResetCredential(serverRequestInfo, orb, connForDispatch, str2, octetSeqHolder.value);
                        throw new NO_PERMISSION(1112888064, CompletionStatus.COMPLETED_NO);
                    }
                    if (!validateChain(credentialData, octetSeqHolder, serverRequestInfo, connForDispatch)) {
                        logger.finest(String.format("Recebeu chamada com cadeia inválida: %s", operation));
                        throw new NO_PERMISSION(InvalidChainCode.value, CompletionStatus.COMPLETED_NO);
                    }
                    Any create_any = orb.create_any();
                    create_any.insert_string(connForDispatch.busid());
                    serverRequestInfo.set_slot(getMediator().getBusSlotId(), create_any);
                    logger.fine(String.format("Recebendo chamada pelo barramento: login (%s) entidade (%s) operação (%s)", str2, loginEntity, operation));
                    setCurrentConnection(serverRequestInfo, connForDispatch);
                } catch (Exception e4) {
                    logger.log(Level.SEVERE, "Erro ao verificar o login.", (Throwable) e4);
                    throw new NO_PERMISSION(UnverifiedLoginCode.value, CompletionStatus.COMPLETED_NO);
                } catch (ServiceFailure e5) {
                    logger.log(Level.SEVERE, "Erro ao verificar o login.", (Throwable) e5);
                    throw new NO_PERMISSION(UnverifiedLoginCode.value, CompletionStatus.COMPLETED_NO);
                } catch (NO_PERMISSION e6) {
                    if (((NO_PERMISSION) e6).minor == 1112888319) {
                        logger.log(Level.SEVERE, "Erro ao verificar o login. Conexão dispatcher está deslogada.", e6);
                        throw new NO_PERMISSION(UnknownBusCode.value, CompletionStatus.COMPLETED_NO);
                    }
                    logger.log(Level.SEVERE, "Erro ao verificar o login.", e6);
                    throw new NO_PERMISSION(UnverifiedLoginCode.value, CompletionStatus.COMPLETED_NO);
                } catch (InvalidLogins e7) {
                    logger.log(Level.SEVERE, "Erro ao verificar o login.", (Throwable) e7);
                    throw new NO_PERMISSION(InvalidLoginCode.value, CompletionStatus.COMPLETED_NO);
                }
            } else {
                logger.fine(String.format("Recebeu chamada fora do barramento: %s", operation));
            }
        } catch (InvalidSlot e8) {
            logger.log(Level.SEVERE, "Falha inesperada ao acessar o slot da credencial", e8);
            throw new INTERNAL("Falha inesperada ao acessar o slot da credencial");
        } catch (CryptographyException e9) {
            logger.log(Level.SEVERE, "Falha ao criptografar com chave pública", (Throwable) e9);
            throw new NO_PERMISSION(InvalidPublicKeyCode.value, CompletionStatus.COMPLETED_NO);
        }
    }

    private ConnectionImpl getConnForDispatch(OpenBusContextImpl openBusContextImpl, String str, String str2, byte[] bArr, String str3) {
        ConnectionImpl connectionImpl = null;
        CallDispatchCallback onCallDispatch = openBusContextImpl.onCallDispatch();
        if (onCallDispatch != null) {
            try {
                connectionImpl = (ConnectionImpl) onCallDispatch.dispatch(openBusContextImpl, str, str2, bArr, str3);
            } catch (Exception e) {
                logger.log(Level.SEVERE, "Callback 'onCallDispatch' gerou um erro durante execução.", (Throwable) e);
            }
        }
        if (connectionImpl == null) {
            connectionImpl = (ConnectionImpl) openBusContextImpl.getDefaultConnection();
            if (connectionImpl == null) {
                throw new NO_PERMISSION(UnknownBusCode.value, CompletionStatus.COMPLETED_NO);
            }
        }
        if (connectionImpl.login() == null || !(connectionImpl.busid().equals(str) || UNKNOWN_BUS.equals(str))) {
            throw new NO_PERMISSION(UnknownBusCode.value, CompletionStatus.COMPLETED_NO);
        }
        return connectionImpl;
    }

    private void doResetCredential(ServerRequestInfo serverRequestInfo, ORB orb, ConnectionImpl connectionImpl, String str, byte[] bArr) throws CryptographyException {
        byte[] newSecret = newSecret();
        Cryptography cryptography = Cryptography.getInstance();
        byte[] encrypt = cryptography.encrypt(newSecret, cryptography.generateRSAPublicKeyFromX509EncodedKey(bArr));
        int nextAvailableSessionId = connectionImpl.nextAvailableSessionId();
        Session.ServerSideSession serverSideSession = new Session.ServerSideSession(nextAvailableSessionId, newSecret, str);
        connectionImpl.cache.srvSessions.put(Integer.valueOf(serverSideSession.getSession()), serverSideSession);
        CredentialReset credentialReset = new CredentialReset(connectionImpl.login().id, nextAvailableSessionId, encrypt);
        Any create_any = orb.create_any();
        CredentialResetHelper.insert(create_any, credentialReset);
        try {
            byte[] encode_value = getMediator().getCodec().encode_value(create_any);
            logger.finest("Resetando a credencial: " + serverRequestInfo.operation());
            serverRequestInfo.add_reply_service_context(new ServiceContext(1112888064, encode_value), false);
        } catch (InvalidTypeForEncoding e) {
            logger.log(Level.SEVERE, "Falha inesperada ao codificar a credencial", e);
            throw new INTERNAL("Falha inesperada ao codificar a credencial");
        }
    }

    private boolean validateCredential(CredentialData credentialData, ServerRequestInfo serverRequestInfo, ConnectionImpl connectionImpl) {
        if (Arrays.equals(credentialData.hash, LEGACY_HASH)) {
            logger.finest("Credencial OpenBus 1.5");
            return true;
        }
        Session.ServerSideSession serverSideSession = connectionImpl.cache.srvSessions.get(Integer.valueOf(credentialData.session));
        if (serverSideSession == null || !serverSideSession.getCaller().equals(credentialData.login)) {
            return false;
        }
        logger.finest(String.format("sessão utilizada: id = %d ticket = %d", Integer.valueOf(serverSideSession.getSession()), Integer.valueOf(credentialData.ticket)));
        if (Arrays.equals(generateCredentialDataHash(serverRequestInfo, serverSideSession.getSecret(), credentialData.ticket), credentialData.hash) && serverSideSession.checkTicket(credentialData.ticket)) {
            return true;
        }
        logger.finest("Falha na validação do hash da credencial");
        return false;
    }

    private boolean validateChain(CredentialData credentialData, OctetSeqHolder octetSeqHolder, ServerRequestInfo serverRequestInfo, ConnectionImpl connectionImpl) {
        Cryptography cryptography = Cryptography.getInstance();
        RSAPublicKey busPublicKey = connectionImpl.getBusPublicKey();
        SignedCallChain signedCallChain = credentialData.chain;
        if (signedCallChain == null) {
            return false;
        }
        if (Arrays.equals(signedCallChain.signature, LEGACY_ENCRYPTED_BLOCK)) {
            logger.finest("Cadeia OpenBus 1.5");
            return true;
        }
        try {
            CallChain unmarshallSignedChain = unmarshallSignedChain(signedCallChain, logger);
            if (cryptography.verifySignature(busPublicKey, signedCallChain.encoded, signedCallChain.signature)) {
                LoginInfo login = connectionImpl.login();
                if (!unmarshallSignedChain.target.equals(login.entity)) {
                    ORB orb = getMediator().getORB();
                    logger.finest(String.format("O login não é o mesmo do alvo da cadeia. É necessário refazer a sessão de credencial através de um reset. Operação: %s", serverRequestInfo.operation()));
                    doResetCredential(serverRequestInfo, orb, connectionImpl, credentialData.login, octetSeqHolder.value);
                    throw new NO_PERMISSION(1112888064, CompletionStatus.COMPLETED_NO);
                }
                if (unmarshallSignedChain.caller.id.equals(credentialData.login)) {
                    try {
                        Any create_any = getMediator().getORB().create_any();
                        create_any.insert_string(login.entity);
                        serverRequestInfo.set_slot(getMediator().getSignedChainTargetSlotId(), create_any);
                        return true;
                    } catch (InvalidSlot e) {
                        logger.log(Level.SEVERE, "Falha inesperada ao armazenar o target em seu slot", e);
                        throw new INTERNAL("Falha inesperada ao armazenar o target em seu slot");
                    }
                }
            }
            return false;
        } catch (CryptographyException e2) {
            logger.log(Level.SEVERE, "Falha inesperada ao verificar assinatura da cadeia.", (Throwable) e2);
            throw new INTERNAL("Falha inesperada ao verificar assinatura da cadeia.");
        }
    }

    public void send_reply(ServerRequestInfo serverRequestInfo) {
        removeCurrentConnection(serverRequestInfo);
        Any create_any = getMediator().getORB().create_any();
        try {
            serverRequestInfo.set_slot(getMediator().getSignedChainSlotId(), create_any);
            serverRequestInfo.set_slot(getMediator().getSignedChainTargetSlotId(), create_any);
            serverRequestInfo.set_slot(getMediator().getBusSlotId(), create_any);
        } catch (InvalidSlot e) {
            logger.log(Level.SEVERE, "Falha inesperada ao limpar informações nos slots", e);
            throw new INTERNAL("Falha inesperada ao limpar informações nos slots");
        }
    }

    public void send_exception(ServerRequestInfo serverRequestInfo) {
    }

    public void send_other(ServerRequestInfo serverRequestInfo) {
    }

    private byte[] newSecret() {
        byte[] bArr = new byte[16];
        new Random().nextBytes(bArr);
        return bArr;
    }

    private void setCurrentConnection(ServerRequestInfo serverRequestInfo, Connection connection) {
        try {
            long id = Thread.currentThread().getId();
            OpenBusContextImpl context = getMediator().getContext();
            Any create_any = getMediator().getORB().create_any();
            create_any.insert_longlong(id);
            serverRequestInfo.set_slot(context.getCurrentConnectionSlotId(), create_any);
            context.setConnectionByThreadId(id, connection);
        } catch (InvalidSlot e) {
            logger.log(Level.SEVERE, "Falha inesperada ao acessar o slot da thread corrente", e);
            throw new INTERNAL("Falha inesperada ao acessar o slot da thread corrente");
        }
    }

    private void removeCurrentConnection(ServerRequestInfo serverRequestInfo) {
        try {
            OpenBusContextImpl context = getMediator().getContext();
            Any any = serverRequestInfo.get_slot(context.getCurrentConnectionSlotId());
            if (any.type().kind().value() == 0) {
                logger.log(Level.SEVERE, "BUG: Falha inesperada ao acessar o slot da conexão corrente");
                throw new INTERNAL("BUG: Falha inesperada ao acessar o slot da conexão corrente");
            }
            context.setConnectionByThreadId(any.extract_longlong(), null);
            serverRequestInfo.set_slot(context.getCurrentConnectionSlotId(), getMediator().getORB().create_any());
        } catch (InvalidSlot e) {
            logger.log(Level.SEVERE, "Falha inesperada ao acessar o slot da thread corrente", e);
            throw new INTERNAL("Falha inesperada ao acessar o slot da thread corrente");
        }
    }
}
