package com.netscape.admin.dirserv.panel;

import com.netscape.admin.dirserv.DSUtil;
import com.netscape.admin.dirserv.task.LDAPTask;
import com.netscape.management.client.util.Debug;
import java.util.Enumeration;
import java.util.Hashtable;
import netscape.ldap.LDAPAttribute;
import netscape.ldap.LDAPAttributeSet;
import netscape.ldap.LDAPConnection;
import netscape.ldap.LDAPDN;
import netscape.ldap.LDAPEntry;
import netscape.ldap.LDAPException;
import netscape.ldap.LDAPModification;
import netscape.ldap.LDAPModificationSet;
import netscape.ldap.LDAPSearchResults;

/* compiled from: EncryptionPanel.java */
/* loaded from: input_file:114273-03/IPLTdscon/reloc/usr/iplanet/console5.1/java/jars/ds51.jar:com/netscape/admin/dirserv/panel/EncryptionConfigData.class */
class EncryptionConfigData {
    public boolean sslConsoleOn = false;
    public int clientAuth = 1;
    public boolean sslServerOn = false;
    public String cipherPrefs = CIPHER_PREFS;
    public Hashtable cipherSetupTable = new Hashtable(5);
    public static final int CLIENT_AUTH_DISABLED = 0;
    public static final int CLIENT_AUTH_ALLOWED = 1;
    public static final int CLIENT_AUTH_REQUIRED = 2;
    static final String CIPHER_PREFS = "-rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha";
    static final String CIPHER_SSL3_OFF = "-rsa_null_md5,-rsa_rc4_128_md5,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_des_sha,-rsa_fips_des_sha,-rsa_3des_sha,-rsa_fips_3des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null";
    static final String CIPHER_TLS_OFF = "-tls_rsa_export1024_with_rc4_56_sha,-tls_rsa_export1024_with_des_cbc_sha";

    public void readFromDirectory(LDAPConnection lDAPConnection, LDAPConnection lDAPConnection2, String str) throws LDAPException {
        String[] strArr = {"nsslapd-security"};
        String[] strArr2 = {"nsserversecurity"};
        LDAPEntry read = lDAPConnection2.read(str, strArr2);
        LDAPEntry read2 = lDAPConnection.read("cn=config", strArr);
        LDAPEntry read3 = lDAPConnection.read("cn=encryption,cn=config");
        LDAPSearchResults search = lDAPConnection.search("cn=encryption,cn=config", 1, "objectclass=*", null, false);
        if (read != null) {
            this.sslConsoleOn = DSUtil.getAttrValue(read, strArr2[0]).equalsIgnoreCase("on");
        } else {
            Debug.println(0, "EncryptionConfigData.readFromDirectory: sieEntry is null");
        }
        if (read2 != null) {
            this.sslServerOn = DSUtil.getAttrValue(read2, strArr[0]).equalsIgnoreCase("on");
        } else {
            Debug.println(0, "EncryptionConfigData.readFromDirectory: configEntry is null");
        }
        if (read3 != null) {
            String attrValue = DSUtil.getAttrValue(read3, "nssslclientauth");
            if (attrValue.equalsIgnoreCase("allowed")) {
                this.clientAuth = 1;
            } else if (attrValue.equalsIgnoreCase("required")) {
                this.clientAuth = 2;
            } else {
                this.clientAuth = 0;
            }
            this.cipherPrefs = DSUtil.getAttrValue(read3, "nsssl3ciphers");
            if (this.cipherPrefs == null || this.cipherPrefs.length() == 0) {
                this.cipherPrefs = CIPHER_PREFS;
            }
        } else {
            Debug.println(0, "EncryptionConfigData.readFromDirectory: encryptionEntry is null");
        }
        if (search == null) {
            Debug.println("EncryptionConfigData.readFromDirectory: encryptionEntry is null");
            return;
        }
        while (search.hasMoreElements()) {
            LDAPEntry lDAPEntry = (LDAPEntry) search.nextElement();
            CipherSetup cipherSetup = new CipherSetup();
            String dn = lDAPEntry.getDN();
            cipherSetup.family = dn.substring(dn.indexOf(61) + 1, dn.indexOf(44));
            cipherSetup.enabled = DSUtil.getAttrValue(lDAPEntry, "nssslactivation").equalsIgnoreCase("on");
            cipherSetup.selectedDevice = DSUtil.getAttrValue(lDAPEntry, "nsssltoken");
            cipherSetup.selectedCertificate = DSUtil.getAttrValue(lDAPEntry, "nssslpersonalityssl");
            if (this.cipherSetupTable.put(cipherSetup.family, cipherSetup) != null) {
                Debug.println(0, "EncryptionConfigData.readFromDirectory: cipher conflict ignored");
            }
            Debug.println(new StringBuffer().append("EncryptionConfigData.readFromDirectory: read prefs for ").append(cipherSetup.family).toString());
        }
    }

    public void writeToDirectory(LDAPConnection lDAPConnection, LDAPConnection lDAPConnection2, String str) throws LDAPException {
        String str2;
        Enumeration keys = this.cipherSetupTable.keys();
        while (keys.hasMoreElements()) {
            CipherSetup cipherSetup = (CipherSetup) this.cipherSetupTable.get(keys.nextElement());
            LDAPAttributeSet lDAPAttributeSet = new LDAPAttributeSet();
            if (cipherSetup.selectedDevice.length() >= 1) {
                lDAPAttributeSet.add(new LDAPAttribute("nsssltoken", cipherSetup.selectedDevice));
            }
            if (cipherSetup.selectedCertificate.length() >= 1) {
                lDAPAttributeSet.add(new LDAPAttribute("nssslpersonalityssl", cipherSetup.selectedCertificate));
            }
            lDAPAttributeSet.add(new LDAPAttribute("nssslactivation", (cipherSetup.enabled && this.sslServerOn) ? "on" : "off"));
            lDAPAttributeSet.add(new LDAPAttribute(LDAPTask.OBJECTCLASS, new String[]{"top", "nsEncryptionModule"}));
            addOrModifyLDAPEntry(lDAPConnection, new LDAPEntry(new StringBuffer().append("cn=").append(cipherSetup.family).append(",cn=encryption,cn=config").toString(), lDAPAttributeSet));
        }
        LDAPModificationSet lDAPModificationSet = new LDAPModificationSet();
        lDAPModificationSet.add(2, new LDAPAttribute("nsssl3", this.sslServerOn ? "on" : "off"));
        switch (this.clientAuth) {
            case 0:
            default:
                str2 = "off";
                break;
            case 1:
                str2 = "allowed";
                break;
            case 2:
                str2 = "required";
                break;
        }
        lDAPModificationSet.add(2, new LDAPAttribute("nssslclientauth", str2));
        lDAPModificationSet.add(2, new LDAPAttribute("nsssl3ciphers", this.cipherPrefs));
        String str3 = LDAPDN.explodeDN(str, true)[0];
        lDAPModificationSet.add(2, new LDAPAttribute("nskeyfile", new StringBuffer().append("alias/").append(str3.toLowerCase()).append("-key3.db").toString()));
        lDAPModificationSet.add(2, new LDAPAttribute("nscertfile", new StringBuffer().append("alias/").append(str3.toLowerCase()).append("-cert7.db").toString()));
        lDAPConnection.modify("cn=encryption,cn=config", lDAPModificationSet);
        LDAPModificationSet lDAPModificationSet2 = new LDAPModificationSet();
        lDAPModificationSet2.add(2, new LDAPAttribute("nsslapd-security", this.sslServerOn ? "on" : "off"));
        lDAPConnection.modify("cn=config", lDAPModificationSet2);
        lDAPConnection2.modify(str, new LDAPModification(2, new LDAPAttribute("nsserversecurity", this.sslConsoleOn ? "on" : "off")));
    }

    static void addOrModifyLDAPEntry(LDAPConnection lDAPConnection, LDAPEntry lDAPEntry) throws LDAPException {
        try {
            lDAPConnection.add(lDAPEntry);
        } catch (LDAPException e) {
            if (e.getLDAPResultCode() != 68) {
                Debug.println(0, new StringBuffer().append("EncryptionPanel.addOrModifyEntry: exception for ").append(lDAPEntry).toString());
                throw e;
            }
            LDAPModificationSet lDAPModificationSet = new LDAPModificationSet();
            Enumeration attributes = lDAPEntry.getAttributeSet().getAttributes();
            while (attributes.hasMoreElements()) {
                lDAPModificationSet.add(2, (LDAPAttribute) attributes.nextElement());
            }
            lDAPConnection.modify(lDAPEntry.getDN(), lDAPModificationSet);
        }
    }
}
