package com.sun.portal.rproxy.https;

import com.sun.portal.rproxy.configservlet.client.GatewayProfile;
import com.sun.portal.rproxy.configservlet.server.Operation;
import com.sun.portal.util.SystemProperties;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.StringTokenizer;
import org.mozilla.jss.crypto.X509Certificate;
import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;

/* loaded from: input_file:116742-23/SUNWpsrwp/reloc/SUNWps/lib/gateway.jar:com/sun/portal/rproxy/https/ApprovalCallback.class */
public class ApprovalCallback implements SSLCertificateApprovalCallback {
    private String reqHost;
    public static boolean trustAllServerCerts;
    private static ApprovalCallback theInstance = null;
    protected static List srapGateway_trustedSSLDomainList = new ArrayList();

    private ApprovalCallback() {
        this.reqHost = null;
    }

    public ApprovalCallback(String str) {
        this.reqHost = null;
        if (str != null) {
            this.reqHost = str.toLowerCase();
        }
    }

    public static ApprovalCallback getInstance() {
        if (theInstance == null) {
            theInstance = new ApprovalCallback();
        }
        return theInstance;
    }

    public boolean approve(X509Certificate x509Certificate, SSLCertificateApprovalCallback.ValidityStatus validityStatus) {
        JSSDebug.debug.message(new StringBuffer().append("ApprovalCallback: SubjectDN = ").append(x509Certificate.getSubjectDN().getName()).toString());
        Enumeration reasons = validityStatus.getReasons();
        String certHost = getCertHost(x509Certificate.getSubjectDN().getName());
        if (this.reqHost == null) {
            int i = 0;
            while (reasons.hasMoreElements()) {
                int reason = ((SSLCertificateApprovalCallback.ValidityItem) reasons.nextElement()).getReason();
                JSSDebug.debug.message(new StringBuffer().append("ApprovalCallback: reason ").append(reason).toString());
                if (reason == -8172 || reason == -8171 || reason == -8156 || reason == -8179) {
                    if (!trustAllServerCerts) {
                        i++;
                    }
                } else if (reason != -12276) {
                    i++;
                } else if (!isTrustedDomain(certHost)) {
                    i++;
                }
            }
            return i == 0;
        }
        boolean z = true;
        while (reasons.hasMoreElements()) {
            int reason2 = ((SSLCertificateApprovalCallback.ValidityItem) reasons.nextElement()).getReason();
            JSSDebug.debug.message(new StringBuffer().append("ApprovalCallback: reason ").append(reason2).toString());
            if (reason2 == -8172 || reason2 == -8171 || reason2 == -8156 || reason2 == -8179) {
                if (!trustAllServerCerts) {
                    z = false;
                }
            } else if (reason2 != -12276) {
                z = false;
            } else if (!isTrustedDomain(certHost) && !certHost.equalsIgnoreCase(this.reqHost)) {
                z = false;
            }
        }
        return z;
    }

    private static boolean isTrustedDomain(String str) {
        if (trustAllServerCerts) {
            return false;
        }
        String lowerCase = str.toLowerCase();
        if (srapGateway_trustedSSLDomainList == null || srapGateway_trustedSSLDomainList.size() < 1) {
            return false;
        }
        if (srapGateway_trustedSSLDomainList.contains(lowerCase)) {
            return true;
        }
        Iterator it = srapGateway_trustedSSLDomainList.iterator();
        while (it.hasNext()) {
            String trim = it.next().toString().trim();
            int indexOf = trim.indexOf("*");
            if (indexOf != -1) {
                if (indexOf == 0) {
                    if (lowerCase.endsWith(trim.substring(1, trim.length()))) {
                        return true;
                    }
                } else if (lowerCase.startsWith(trim.substring(0, indexOf)) && lowerCase.endsWith(trim.substring(indexOf + 1, trim.length()))) {
                    return true;
                }
            }
        }
        return false;
    }

    private static String getCertHost(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, Operation.RANGE_STR);
        while (stringTokenizer.hasMoreTokens()) {
            String lowerCase = stringTokenizer.nextToken().trim().toLowerCase();
            if (lowerCase.startsWith("cn=")) {
                return lowerCase.substring(3);
            }
        }
        return "";
    }

    static {
        trustAllServerCerts = false;
        String str = SystemProperties.get("gateway.trust_all_server_certs");
        if (str == null || !str.equals("true")) {
            trustAllServerCerts = false;
        } else {
            trustAllServerCerts = true;
        }
        Iterator it = GatewayProfile.getStringList("TrustedSSLDomainList").iterator();
        while (it.hasNext()) {
            srapGateway_trustedSSLDomainList.add(it.next().toString().toLowerCase());
        }
    }
}
