package com.sun.portal.util;

import com.sun.portal.cli.cert.JSSUtil;
import com.sun.portal.cli.cert.Password;
import com.sun.portal.cli.cert.SRADecoderException;
import com.sun.portal.rewriter.engines.js.parser.TokenStream;
import com.sun.portal.rproxy.cert.CertAdminPasswordCallback;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.net.SocketException;
import org.mozilla.jss.CertDatabaseException;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.KeyDatabaseException;
import org.mozilla.jss.crypto.AlreadyInitializedException;
import org.mozilla.jss.ssl.SSLSocket;

/* JADX WARN: Classes with same name are omitted:
  input_file:118950-23/SUNWpsgw/reloc/SUNWps/lib/gateway.jar:com/sun/portal/util/GWNSSInit.class
  input_file:118950-23/SUNWpsnlp/reloc/SUNWps/lib/gateway.jar:com/sun/portal/util/GWNSSInit.class
 */
/* loaded from: input_file:118950-23/SUNWpsrwp/reloc/SUNWps/lib/gateway.jar:com/sun/portal/util/GWNSSInit.class */
public class GWNSSInit {
    public static String nickname = "server-cert";
    public static final int[] cipherSuites128BitSSL2 = {65287, 65283, 65281};
    public static final int[] cipherSuites128BitSSL3 = {10, 4, 5, 30, 65279};
    public static final int[] cipherSuites40BitSSL2 = {65284, 65282};
    public static final int[] cipherSuites40BitSSL3 = {3, 6};
    public static final int[] cipherSuitesOthersSSL2 = {65286};
    public static final int[] cipherSuitesOthersSSL3 = {9, 29, 65278};
    public static final int[] cipherSuitesSSL3Null = {1, 28};
    public static final int[] cipherSuites128BitTLS = new int[0];
    public static final int[] cipherSuitesOthersTLS = {98, 100};
    private static final int[] cipherSuitesNotSupported = {TokenStream.RELOP};

    public static void enableAllCiphers() throws SocketException {
        enableCipher(cipherSuites40BitSSL2);
        enableCipher(cipherSuites40BitSSL3);
        enableCipher(cipherSuitesOthersSSL2);
        enableCipher(cipherSuitesOthersSSL3);
        enableCipher(cipherSuites128BitSSL2);
        enableCipher(cipherSuites128BitSSL3);
        enableCipher(cipherSuitesOthersTLS);
        enableCipher(cipherSuites128BitTLS);
        enableCipher(cipherSuitesSSL3Null);
    }

    public static void disableAllCiphers() throws SocketException {
        disableCipher(cipherSuites40BitSSL2);
        disableCipher(cipherSuites40BitSSL3);
        disableCipher(cipherSuitesOthersSSL2);
        disableCipher(cipherSuitesOthersSSL3);
        disableCipher(cipherSuites128BitSSL2);
        disableCipher(cipherSuites128BitSSL3);
        disableCipher(cipherSuitesOthersTLS);
        disableCipher(cipherSuites128BitTLS);
        disableCipher(cipherSuitesSSL3Null);
    }

    public static void enableCipher(int[] iArr) throws SocketException {
        setCipherState(iArr, true);
    }

    public static void disableCipher(int[] iArr) throws SocketException {
        setCipherState(iArr, false);
    }

    private static void setCipherState(int[] iArr, boolean z) throws SocketException {
        for (int i : iArr) {
            SSLSocket.setCipherPreferenceDefault(i, z);
        }
    }

    public static boolean initialize() throws SocketException {
        String property = System.getProperty("gateway.keybase", System.getProperty("SRAP_CONFIG_DIR", "/etc/opt/SUNWps"));
        if (GWDebug.debug.messageEnabled()) {
            GWDebug.debug.message(new StringBuffer().append("GWNSSInit: certdbDir = ").append(property).toString());
        }
        try {
            JSSUtil.setDefaultDecoder(property);
        } catch (SRADecoderException e) {
            GWDebug.debug.error(new StringBuffer().append("GWNSSInit: Unable to initialize the password encryption module : ").append(e.getMessage()).toString());
        }
        String property2 = System.getProperty("gateway.nickname", new StringBuffer().append(System.getProperty("SRAP_CONFIG_DIR", "/etc/opt/SUNWps")).append(File.separatorChar).append("cert").append(File.separatorChar).append(".nickname").toString());
        if (GWDebug.debug.messageEnabled()) {
            GWDebug.debug.message(new StringBuffer().append("GWNSSInit: nicknamefile = ").append(property2).toString());
        }
        if (property2 != null) {
            try {
                nickname = new BufferedReader(new InputStreamReader(new FileInputStream(property2))).readLine();
            } catch (Exception e2) {
                if (GWDebug.debug.errorEnabled()) {
                    GWDebug.debug.error(new StringBuffer().append("GWNSSInit: Unable to read jss nickname from file ").append(property2).toString());
                }
            }
        } else if (GWDebug.debug.errorEnabled()) {
            GWDebug.debug.error("GWNSSInit: Unable to get nickname file name");
        }
        String property3 = System.getProperty("gateway.pass", new StringBuffer().append(System.getProperty("SRAP_CONFIG_DIR", "/etc/opt/SUNWps")).append(File.separatorChar).append("cert").append(File.separatorChar).append(".jsspass").toString());
        if (GWDebug.debug.messageEnabled()) {
            GWDebug.debug.message(new StringBuffer().append("GWNSSInit: pwfile = ").append(property3).toString());
        }
        if (property3 == null) {
            if (!GWDebug.debug.errorEnabled()) {
                return false;
            }
            GWDebug.debug.error("GWNSSInit: Unable to get password file name");
            return false;
        }
        try {
            Password decryptPassword = JSSUtil.decryptPassword(new BufferedReader(new InputStreamReader(new FileInputStream(property3))).readLine());
            String password = decryptPassword.getPassword();
            if (decryptPassword.isEncrypted() && GWDebug.debug.messageEnabled()) {
                GWDebug.debug.message("GWNSSInit: Found encrypted password");
            }
            try {
                CryptoManager.initialize(new CryptoManager.InitializationValues(property));
                CryptoManager.getInstance().setPasswordCallback(new CertAdminPasswordCallback(password));
                if (GWDebug.debug.messageEnabled()) {
                    GWDebug.debug.message("GWNSSInit: NSSInit initialization done successfully");
                }
                disableCipher(cipherSuitesNotSupported);
                enableAllCiphers();
                return true;
            } catch (KeyDatabaseException e3) {
                if (!GWDebug.debug.errorEnabled()) {
                    return false;
                }
                GWDebug.debug.error(new StringBuffer().append("GWNSSInit: Couldn't open the key database.").append(e3).toString());
                return false;
            } catch (AlreadyInitializedException e4) {
                if (!GWDebug.debug.warningEnabled()) {
                    return true;
                }
                GWDebug.debug.warning(new StringBuffer().append("GWNSSInit: CryptoManager already initialized.").append(e4).toString());
                return true;
            } catch (CertDatabaseException e5) {
                if (!GWDebug.debug.errorEnabled()) {
                    return false;
                }
                GWDebug.debug.error(new StringBuffer().append("GWNSSInit: Couldn't open the certificate database.").append(e5).toString());
                return false;
            } catch (Exception e6) {
                if (!GWDebug.debug.errorEnabled()) {
                    return false;
                }
                GWDebug.debug.error(new StringBuffer().append("GWNSSInit: Exception occurred: ").append(e6.getMessage()).toString());
                return false;
            }
        } catch (Exception e7) {
            if (!GWDebug.debug.errorEnabled()) {
                return false;
            }
            GWDebug.debug.error(new StringBuffer().append("GWNSSInit: Unable to read jss password from file ").append(property3).toString());
            return false;
        }
    }
}
