package com.iplanet.portalserver.gwutils;

import com.iplanet.portalserver.gateway.server.ReverseProxyConfigConstants;
import com.iplanet.portalserver.profile.impl.ProfileUtil;
import com.iplanet.portalserver.util.SystemProperties;
import com.netscape.jss.crypto.X509Certificate;
import com.netscape.jss.ssl.SSLCertificateApprovalCallback;
import java.util.Enumeration;
import java.util.StringTokenizer;

/* JADX WARN: Classes with same name are omitted:
  input_file:116905-03/SUNWwtdt/reloc/SUNWips/lib/ips_gateway.jar:com/iplanet/portalserver/gwutils/ServerCertApprovalCallback.class
  input_file:116905-03/SUNWwtgwd/reloc/SUNWips/lib/ips_gateway.jar:com/iplanet/portalserver/gwutils/ServerCertApprovalCallback.class
  input_file:116905-03/SUNWwtsvd/reloc/SUNWips/lib/ips_gateway.jar:com/iplanet/portalserver/gwutils/ServerCertApprovalCallback.class
 */
/* loaded from: input_file:116905-03/SUNWwtsvd/reloc/SUNWips/lib/ips_netletproxy.jar:com/iplanet/portalserver/gwutils/ServerCertApprovalCallback.class */
public class ServerCertApprovalCallback implements SSLCertificateApprovalCallback {
    private String reqHost;
    private static ServerCertApprovalCallback theInstance = null;
    public static boolean trustAllServerCerts;

    static {
        trustAllServerCerts = false;
        String str = SystemProperties.get("ips.gateway.trust_all_server_certs");
        if (str == null || !str.equals("true")) {
            trustAllServerCerts = false;
        } else {
            trustAllServerCerts = true;
        }
    }

    private ServerCertApprovalCallback() {
        this.reqHost = null;
    }

    public ServerCertApprovalCallback(String str) {
        this.reqHost = null;
        if (str != null) {
            this.reqHost = str.toLowerCase();
        }
    }

    public boolean approve(X509Certificate x509Certificate, SSLCertificateApprovalCallback.ValidityStatus validityStatus) {
        GWDebug.debug.message(new StringBuffer("ServerCertApprovalCallback: SubjectDN = ").append(x509Certificate.getSubjectDN().getName()).toString());
        if (trustAllServerCerts) {
            return true;
        }
        Enumeration reasons = validityStatus.getReasons();
        if (this.reqHost == null) {
            int i = 0;
            while (reasons.hasMoreElements()) {
                GWDebug.debug.message(new StringBuffer("ServerCertApprovalCallback: reason ").append(((SSLCertificateApprovalCallback.ValidityItem) reasons.nextElement()).getReason()).toString());
                i++;
            }
            return i == 0;
        }
        boolean z = true;
        while (reasons.hasMoreElements()) {
            int reason = ((SSLCertificateApprovalCallback.ValidityItem) reasons.nextElement()).getReason();
            GWDebug.debug.message(new StringBuffer("ServerCertApprovalCallback: reason ").append(reason).toString());
            if (reason != -12276) {
                z = false;
            } else {
                StringTokenizer stringTokenizer = new StringTokenizer(x509Certificate.getSubjectDN().getName(), ReverseProxyConfigConstants.CONNECTIONMANAGERDELIMITER);
                boolean z2 = false;
                while (true) {
                    if (!stringTokenizer.hasMoreTokens()) {
                        break;
                    }
                    String lowerCase = stringTokenizer.nextToken().trim().toLowerCase();
                    if (lowerCase.startsWith(ProfileUtil.NAME_PREFIX)) {
                        z2 = true;
                        if (!lowerCase.substring(3).equals(this.reqHost)) {
                            z = false;
                        }
                    }
                }
                if (!z2) {
                    z = false;
                }
            }
        }
        return z;
    }

    public static ServerCertApprovalCallback getInstance() {
        if (theInstance == null) {
            theInstance = new ServerCertApprovalCallback();
        }
        return theInstance;
    }
}
