package com.sun.portal.rproxy.https;

import com.sun.portal.desktop.dp.xml.XMLDPAttrs;
import com.sun.portal.rproxy.server.ReverseProxyConfigConstants;
import com.sun.portal.util.SystemProperties;
import java.util.Enumeration;
import java.util.StringTokenizer;
import org.mozilla.jss.crypto.X509Certificate;
import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;

/* JADX WARN: Classes with same name are omitted:
  input_file:116411-01/SUNWpsgw/reloc/SUNWps/lib/gateway.jar:com/sun/portal/rproxy/https/ApprovalCallback.class
  input_file:116411-01/SUNWpsnlp/reloc/SUNWps/lib/netletproxy.jar:com/sun/portal/rproxy/https/ApprovalCallback.class
 */
/* loaded from: input_file:116411-01/SUNWpsrwp/reloc/SUNWps/lib/gateway.jar:com/sun/portal/rproxy/https/ApprovalCallback.class */
public class ApprovalCallback implements SSLCertificateApprovalCallback {
    private String reqHost;
    private static ApprovalCallback theInstance = null;
    public static boolean trustAllServerCerts;
    public static boolean trustAllServerCertDomains;

    private ApprovalCallback() {
        this.reqHost = null;
    }

    public ApprovalCallback(String str) {
        this.reqHost = null;
        if (str != null) {
            this.reqHost = str.toLowerCase();
        }
    }

    public static ApprovalCallback getInstance() {
        if (theInstance == null) {
            theInstance = new ApprovalCallback();
        }
        return theInstance;
    }

    public boolean approve(X509Certificate x509Certificate, SSLCertificateApprovalCallback.ValidityStatus validityStatus) {
        JSSDebug.debug.message(new StringBuffer().append("ApprovalCallback: SubjectDN = ").append(x509Certificate.getSubjectDN().getName()).toString());
        Enumeration reasons = validityStatus.getReasons();
        if (this.reqHost == null) {
            int i = 0;
            while (reasons.hasMoreElements()) {
                int reason = ((SSLCertificateApprovalCallback.ValidityItem) reasons.nextElement()).getReason();
                JSSDebug.debug.message(new StringBuffer().append("ApprovalCallback: reason ").append(reason).toString());
                if (reason == -8172 || reason == -8171 || reason == -8156 || reason == -8179) {
                    if (!trustAllServerCerts) {
                        i++;
                    }
                } else if (reason != -12276) {
                    i++;
                } else if (!trustAllServerCertDomains) {
                    i++;
                }
            }
            return i == 0;
        }
        boolean z = true;
        while (reasons.hasMoreElements()) {
            int reason2 = ((SSLCertificateApprovalCallback.ValidityItem) reasons.nextElement()).getReason();
            JSSDebug.debug.message(new StringBuffer().append("ApprovalCallback: reason ").append(reason2).toString());
            if (reason2 == -8172 || reason2 == -8171 || reason2 == -8156 || reason2 == -8179) {
                if (!trustAllServerCerts) {
                    z = false;
                }
            } else if (reason2 != -12276) {
                z = false;
            } else if (!trustAllServerCertDomains) {
                StringTokenizer stringTokenizer = new StringTokenizer(x509Certificate.getSubjectDN().getName(), ReverseProxyConfigConstants.CONNECTIONMANAGERDELIMITER);
                boolean z2 = false;
                while (true) {
                    if (!stringTokenizer.hasMoreTokens()) {
                        break;
                    }
                    String lowerCase = stringTokenizer.nextToken().trim().toLowerCase();
                    if (lowerCase.startsWith("cn=")) {
                        z2 = true;
                        if (!lowerCase.substring(3).equals(this.reqHost)) {
                            z = false;
                        }
                    }
                }
                if (!z2) {
                    z = false;
                }
            }
        }
        return z;
    }

    static {
        trustAllServerCerts = false;
        trustAllServerCertDomains = false;
        String str = SystemProperties.get("gateway.trust_all_server_certs");
        if (str == null || !str.equals(XMLDPAttrs.TRUE_ATTR)) {
            trustAllServerCerts = false;
        } else {
            trustAllServerCerts = true;
        }
        String str2 = SystemProperties.get("gateway.trust_all_server_cert_domains");
        if (str2 == null || !str2.equals(XMLDPAttrs.TRUE_ATTR)) {
            trustAllServerCertDomains = false;
        } else {
            trustAllServerCertDomains = true;
        }
    }
}
