package org.openejb.corba.security.config.tss;

import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import javax.security.cert.X509Certificate;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.omg.CORBA.Any;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.ORB;
import org.omg.CORBA.UserException;
import org.omg.CSIIOP.TLS_SEC_TRANS;
import org.omg.CSIIOP.TLS_SEC_TRANSHelper;
import org.omg.CSIIOP.TransportAddress;
import org.omg.IOP.Codec;
import org.omg.IOP.TaggedComponent;
import org.openejb.corba.security.SASException;

/* loaded from: input_file:repository/openejb/jars/openejb-core-2.0-G1M4.jar:org/openejb/corba/security/config/tss/TSSSSLTransportConfig.class */
public class TSSSSLTransportConfig extends TSSTransportMechConfig {
    private static final Log log;
    private short port;
    private String hostname;
    private short handshakeTimeout = -1;
    private short supports;
    private short requires;
    static Class class$org$openejb$corba$security$config$tss$TSSSSLTransportConfig;

    public TSSSSLTransportConfig() {
    }

    public TSSSSLTransportConfig(TaggedComponent taggedComponent, Codec codec) throws UserException {
        TLS_SEC_TRANS extract = TLS_SEC_TRANSHelper.extract(codec.decode_value(taggedComponent.component_data, TLS_SEC_TRANSHelper.type()));
        this.supports = extract.target_supports;
        this.requires = extract.target_requires;
        this.port = extract.addresses[0].port;
        this.hostname = extract.addresses[0].host_name;
    }

    public short getPort() {
        return this.port;
    }

    public void setPort(short s) {
        this.port = s;
    }

    public String getHostname() {
        return this.hostname;
    }

    public void setHostname(String str) {
        this.hostname = str;
    }

    public short getHandshakeTimeout() {
        return this.handshakeTimeout;
    }

    public void setHandshakeTimeout(short s) {
        this.handshakeTimeout = s;
    }

    @Override // org.openejb.corba.security.config.tss.TSSTransportMechConfig
    public short getSupports() {
        return this.supports;
    }

    public void setSupports(short s) {
        this.supports = s;
    }

    @Override // org.openejb.corba.security.config.tss.TSSTransportMechConfig
    public short getRequires() {
        return this.requires;
    }

    public void setRequires(short s) {
        this.requires = s;
    }

    @Override // org.openejb.corba.security.config.tss.TSSTransportMechConfig
    public TaggedComponent encodeIOR(ORB orb, Codec codec) {
        TaggedComponent taggedComponent = new TaggedComponent();
        TLS_SEC_TRANS tls_sec_trans = new TLS_SEC_TRANS();
        tls_sec_trans.target_supports = this.supports;
        tls_sec_trans.target_requires = this.requires;
        tls_sec_trans.addresses = new TransportAddress[1];
        tls_sec_trans.addresses[0] = new TransportAddress(this.hostname, this.port);
        try {
            Any create_any = orb.create_any();
            TLS_SEC_TRANSHelper.insert(create_any, tls_sec_trans);
            taggedComponent.tag = 36;
            taggedComponent.component_data = codec.encode_value(create_any);
        } catch (Exception e) {
            log.error("Error enncoding transport tagged component, defaulting encoding to NULL");
            taggedComponent.tag = 34;
            taggedComponent.component_data = new byte[0];
        }
        return taggedComponent;
    }

    @Override // org.openejb.corba.security.config.tss.TSSTransportMechConfig
    public Subject check(SSLSession sSLSession) throws SASException {
        if (sSLSession == null && this.requires != 0) {
            throw new NO_PERMISSION("Missing required SSL session");
        }
        try {
            if (log.isDebugEnabled()) {
                log.debug("Scraping principal from SSL session");
            }
            X509Certificate x509Certificate = sSLSession.getPeerCertificateChain()[0];
            Subject subject = new Subject();
            String obj = x509Certificate.getSubjectDN().toString();
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("Obtained principal ").append(obj).toString());
            }
            subject.getPrincipals().add(new X500Principal(obj));
            return subject;
        } catch (SSLPeerUnverifiedException e) {
            if ((this.requires & 64) != 0) {
                if (log.isDebugEnabled()) {
                    log.debug("Unverified peer, throwing exception");
                }
                throw new SASException(1);
            }
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("Unverified peer, returning null");
            return null;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$openejb$corba$security$config$tss$TSSSSLTransportConfig == null) {
            cls = class$("org.openejb.corba.security.config.tss.TSSSSLTransportConfig");
            class$org$openejb$corba$security$config$tss$TSSSSLTransportConfig = cls;
        } else {
            cls = class$org$openejb$corba$security$config$tss$TSSSSLTransportConfig;
        }
        log = LogFactory.getLog(cls);
    }
}
