package com.netscape.admin.dirserv.config;

import com.netscape.admin.dirserv.DSAdmin;
import com.netscape.admin.dirserv.DSAdminEvent;
import com.netscape.admin.dirserv.DSSchemaHelper;
import com.netscape.admin.dirserv.DSUtil;
import com.netscape.admin.dirserv.IDSAdminEventListener;
import com.netscape.admin.dirserv.panel.BlankPanel;
import com.netscape.admin.dirserv.panel.GroupPanel;
import com.netscape.admin.dirserv.panel.UIFactory;
import com.netscape.management.client.console.ConsoleInfo;
import com.netscape.management.client.security.CipherPreferenceDialog;
import com.netscape.management.client.security.EncryptionOptions;
import com.netscape.management.client.security.EncryptionPanel;
import com.netscape.management.client.util.MultilineLabel;
import java.awt.Component;
import java.awt.Container;
import java.awt.GridBagConstraints;
import java.awt.GridBagLayout;
import java.awt.GridLayout;
import java.awt.Insets;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.ListIterator;
import java.util.Vector;
import javax.swing.Box;
import javax.swing.ButtonGroup;
import javax.swing.JCheckBox;
import javax.swing.JComboBox;
import javax.swing.JLabel;
import javax.swing.JPanel;
import javax.swing.JRadioButton;
import javax.swing.SwingUtilities;
import netscape.ldap.LDAPAttribute;
import netscape.ldap.LDAPAttributeSet;
import netscape.ldap.LDAPConnection;
import netscape.ldap.LDAPDN;
import netscape.ldap.LDAPEntry;
import netscape.ldap.LDAPException;
import netscape.ldap.LDAPModification;
import netscape.ldap.LDAPModificationSet;
import netscape.ldap.LDAPSearchResults;
import netscape.ldap.util.DN;

/* loaded from: input_file:115614-20/SUNWdsvcp/reloc/usr/sadm/mps/admin/v5.2/java/jars/ds523.jar:com/netscape/admin/dirserv/config/ConfigEncryptionPanel.class */
public class ConfigEncryptionPanel extends ConfigBasePanel implements ActionListener, EncryptionOptions, IDSAdminEventListener {
    private boolean _isRefreshing;
    private boolean _isInitializing;
    private boolean _isCancelled;
    private boolean _needsRestartServer;
    private ArrayList _warnings;
    private JPanel _contentPanel;
    private JPanel _encryptParent;
    private EncryptionPanel _encrypt;
    private JCheckBox _cbSSLInConsole;
    private JRadioButton _rbNoClientAuth;
    private JRadioButton _rbAllowClientAuth;
    private JRadioButton _rbRequireClientAuth;
    private JLabel _lDSMLClientAuth;
    private JComboBox _comboDSMLClientAuth;
    private boolean _isSSLInConsoleDirty;
    private boolean _isClientAuthDirty;
    private boolean _isDSMLClientAuthDirty;
    private boolean _isEncryptionPanelDirty;
    private String _cipherPrefs;
    private boolean _enableSSL;
    private String _saveClientAuth;
    private String _saveDSMLClientAuth;
    private boolean _saveSSLInConsole;
    private ArrayList _listeners;
    private ArrayList _suffixesWithEncryptedAttributes;
    private static final String CIPHER_PREFS = "-rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha";
    private static final String CIPHER_SSL3_OFF = "-rsa_null_md5,-rsa_rc4_128_md5,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_des_sha,-rsa_fips_des_sha,-rsa_3des_sha,-rsa_fips_3des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null";
    private static final String CIPHER_TLS_OFF = "-tls_rsa_export1024_with_rc4_56_sha,-tls_rsa_export1024_with_des_cbc_sha";
    private Hashtable _htCipherSetup = new Hashtable(5);
    private int HTTP_BASIC_ONLY = 0;
    private int CLIENT_CERT_FIRST = 1;
    private int ONLY_CERT = 2;
    private int CLIENT_CERT = 3;
    private int ANONYMOUS = 4;
    private String[] DSML_CLIENT_VALUES = {ConfigBasePanel._resource.getString("encryptionpanel", "httponly-label"), ConfigBasePanel._resource.getString("encryptionpanel", "clientcertificatefirst-label"), ConfigBasePanel._resource.getString("encryptionpanel", "onlycertificate-label"), ConfigBasePanel._resource.getString("encryptionpanel", "clientcertificate-label"), ConfigBasePanel._resource.getString("encryptionpanel", "useanonymous-label")};
    private final JLabel REFRESH_LABEL = new JLabel(ConfigBasePanel._resource.getString("encryptionpanel-reloading", "label"));
    private final MultilineLabel NO_RIGHTS_LABEL = new MultilineLabel(ConfigBasePanel._resource.getString("encryptionpanel-no-rights", "label"), 2, 50);

    /* renamed from: com.netscape.admin.dirserv.config.ConfigEncryptionPanel$1, reason: invalid class name */
    /* loaded from: input_file:115614-20/SUNWdsvcp/reloc/usr/sadm/mps/admin/v5.2/java/jars/ds523.jar:com/netscape/admin/dirserv/config/ConfigEncryptionPanel$1.class */
    class AnonymousClass1 implements Runnable {
        private final ConfigEncryptionPanel this$0;

        AnonymousClass1(ConfigEncryptionPanel configEncryptionPanel) {
            this.this$0 = configEncryptionPanel;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                this.this$0._warnings = new ArrayList();
                this.this$0.readDataFromServer();
                this.this$0.createContentPanel();
                this.this$0._isEncryptionPanelDirty = false;
                SwingUtilities.invokeLater(new Runnable(this) { // from class: com.netscape.admin.dirserv.config.ConfigEncryptionPanel.2
                    private final AnonymousClass1 this$1;

                    {
                        this.this$1 = this;
                    }

                    @Override // java.lang.Runnable
                    public void run() {
                        this.this$1.this$0.showComponent(this.this$1.this$0._contentPanel, false);
                    }
                });
            } catch (LDAPException e) {
                SwingUtilities.invokeLater(new Runnable(this, ConfigBasePanel._resource.getString("encryptionpanel-error-reading", "label", new String[]{DSUtil.getLDAPErrorMessage(e)})) { // from class: com.netscape.admin.dirserv.config.ConfigEncryptionPanel.4
                    private final String val$msg;
                    private final AnonymousClass1 this$1;

                    {
                        this.this$1 = this;
                        this.val$msg = r5;
                    }

                    @Override // java.lang.Runnable
                    public void run() {
                        this.this$1.this$0.showComponent(new MultilineLabel(this.val$msg, 2, 50), true);
                    }
                });
            } catch (NullPointerException e2) {
                SwingUtilities.invokeLater(new Runnable(this) { // from class: com.netscape.admin.dirserv.config.ConfigEncryptionPanel.3
                    private final AnonymousClass1 this$1;

                    {
                        this.this$1 = this;
                    }

                    @Override // java.lang.Runnable
                    public void run() {
                        this.this$1.this$0.showComponent(this.this$1.this$0.NO_RIGHTS_LABEL, true);
                    }
                });
            }
            this.this$0._isInitialized = true;
            this.this$0._isInitializing = false;
        }
    }

    public ConfigEncryptionPanel() {
        this._helpToken = "configuration-system-encryption-help";
        setTitle(ConfigBasePanel._resource.getString("encryptionpanel", "title"));
    }

    public void addSSLConfigListener(ISSLConfigListener iSSLConfigListener) {
        if (this._listeners == null) {
            this._listeners = new ArrayList();
        }
        this._listeners.add(iSSLConfigListener);
    }

    public void removeSSLConfigListener(ISSLConfigListener iSSLConfigListener) {
        if (this._listeners != null) {
            this._listeners.remove(iSSLConfigListener);
        }
    }

    @Override // com.netscape.admin.dirserv.config.ConfigBasePanel, com.netscape.admin.dirserv.config.IConfigPanel
    public void init() {
        if (this._isInitializing) {
            return;
        }
        this._isInitializing = true;
        this._framework.getServerObject().addDSAdminEventListener(this);
        showComponent(this.REFRESH_LABEL, true);
        new Thread(new AnonymousClass1(this)).start();
    }

    @Override // com.netscape.admin.dirserv.config.ConfigBasePanel, com.netscape.admin.dirserv.config.IConfigPanel
    public void resetCallback() {
        this._isRefreshing = true;
        try {
            readDataFromServer();
            if (this._contentPanel == null) {
                createContentPanel();
            }
            BlankPanel.setChangeState(this._cbSSLInConsole, 1);
            this._cbSSLInConsole.setSelected(this._saveSSLInConsole);
            this._isSSLInConsoleDirty = false;
            if (this._saveClientAuth.equalsIgnoreCase("off")) {
                this._rbNoClientAuth.setSelected(true);
            } else if (this._saveClientAuth.equalsIgnoreCase("allowed")) {
                this._rbAllowClientAuth.setSelected(true);
            } else if (this._saveClientAuth.equalsIgnoreCase("required")) {
                this._rbRequireClientAuth.setSelected(true);
            } else {
                Thread.dumpStack();
            }
            BlankPanel.setChangeState(this._rbNoClientAuth, 1);
            BlankPanel.setChangeState(this._rbAllowClientAuth, 1);
            BlankPanel.setChangeState(this._rbRequireClientAuth, 1);
            this._isClientAuthDirty = false;
            if (this._saveDSMLClientAuth.equalsIgnoreCase("httpBasicOnly")) {
                this._comboDSMLClientAuth.setSelectedItem(this.DSML_CLIENT_VALUES[this.HTTP_BASIC_ONLY]);
            } else if (this._saveDSMLClientAuth.equalsIgnoreCase("clientCertFirst")) {
                if (this._rbNoClientAuth.isSelected()) {
                    this._comboDSMLClientAuth.setSelectedItem(this.DSML_CLIENT_VALUES[this.HTTP_BASIC_ONLY]);
                } else if (this._rbRequireClientAuth.isSelected()) {
                    this._comboDSMLClientAuth.setSelectedItem(this.DSML_CLIENT_VALUES[this.CLIENT_CERT]);
                } else {
                    this._comboDSMLClientAuth.setSelectedItem(this.DSML_CLIENT_VALUES[this.CLIENT_CERT_FIRST]);
                }
            } else if (this._saveDSMLClientAuth.equalsIgnoreCase("clientCertOnly")) {
                if (this._rbNoClientAuth.isSelected()) {
                    this._comboDSMLClientAuth.setSelectedItem(this.DSML_CLIENT_VALUES[this.ANONYMOUS]);
                } else if (this._rbRequireClientAuth.isSelected()) {
                    this._comboDSMLClientAuth.setSelectedItem(this.DSML_CLIENT_VALUES[this.CLIENT_CERT]);
                } else {
                    this._comboDSMLClientAuth.setSelectedItem(this.DSML_CLIENT_VALUES[this.ONLY_CERT]);
                }
            }
            BlankPanel.setChangeState(this._lDSMLClientAuth, 1);
            this._isDSMLClientAuthDirty = false;
            this._encryptParent.remove(this._encrypt);
            this._encrypt = new EncryptionPanel(getConsoleInfo(), (String) getServerInfo().get("SIE"), this);
            hackToSelectCertificate();
            this._encryptParent.add("Center", this._encrypt);
            this._isEncryptionPanelDirty = false;
            this._rbNoClientAuth.setEnabled(this._enableSSL);
            this._rbAllowClientAuth.setEnabled(this._enableSSL);
            this._rbRequireClientAuth.setEnabled(this._enableSSL);
            this._cbSSLInConsole.setEnabled(this._enableSSL && !this._rbRequireClientAuth.isSelected());
            this._comboDSMLClientAuth.setEnabled(this._enableSSL);
            this._lDSMLClientAuth.setEnabled(this._enableSSL);
            SwingUtilities.invokeLater(new Runnable(this) { // from class: com.netscape.admin.dirserv.config.ConfigEncryptionPanel.5
                private final ConfigEncryptionPanel this$0;

                {
                    this.this$0 = this;
                }

                @Override // java.lang.Runnable
                public void run() {
                    this.this$0.showComponent(this.this$0._contentPanel, false);
                }
            });
        } catch (NullPointerException e) {
            SwingUtilities.invokeLater(new Runnable(this) { // from class: com.netscape.admin.dirserv.config.ConfigEncryptionPanel.6
                private final ConfigEncryptionPanel this$0;

                {
                    this.this$0 = this;
                }

                @Override // java.lang.Runnable
                public void run() {
                    this.this$0.showComponent(this.this$0.NO_RIGHTS_LABEL, true);
                }
            });
        } catch (LDAPException e2) {
            SwingUtilities.invokeLater(new Runnable(this, ConfigBasePanel._resource.getString("encryptionpanel-error-reading", "label", new String[]{DSUtil.getLDAPErrorMessage(e2)})) { // from class: com.netscape.admin.dirserv.config.ConfigEncryptionPanel.7
                private final String val$msg;
                private final ConfigEncryptionPanel this$0;

                {
                    this.this$0 = this;
                    this.val$msg = r5;
                }

                @Override // java.lang.Runnable
                public void run() {
                    this.this$0.showComponent(new MultilineLabel(this.val$msg, 2, 50), true);
                }
            });
        }
        fireValidDirtyChange();
        this._isRefreshing = false;
    }

    @Override // com.netscape.admin.dirserv.config.ConfigBasePanel, com.netscape.admin.dirserv.config.IConfigPanel
    public void okCallback() throws ConfigPanelException {
        String str;
        this._needsRestartServer = false;
        boolean z = false;
        Vector vector = new Vector();
        if (this._enableSSL) {
            int i = 0;
            int i2 = 0;
            int i3 = 0;
            Enumeration keys = this._htCipherSetup.keys();
            while (keys.hasMoreElements()) {
                CipherSetup cipherSetup = (CipherSetup) this._htCipherSetup.get(keys.nextElement());
                if (cipherSetup.enabled) {
                    i++;
                    if (cipherSetup.selectedDevice.length() == 0) {
                        i2++;
                    }
                    if (cipherSetup.selectedCertificate.length() == 0) {
                        i3++;
                    }
                }
            }
            if (i == 0) {
                vector.addElement(ConfigBasePanel._resource.getString("encryptionpanel", "nosslpreferences-msg"));
            }
            if (i2 >= 1) {
                vector.addElement(ConfigBasePanel._resource.getString("encryptionpanel", "nosslfamily-msg"));
            }
            if (i3 >= 1) {
                vector.addElement(ConfigBasePanel._resource.getString("encryptionpanel", "nocertificate-msg"));
            }
            if (vector.size() > 0) {
                Enumeration elements = vector.elements();
                String str2 = (String) elements.nextElement();
                while (true) {
                    str = str2;
                    if (!elements.hasMoreElements()) {
                        break;
                    } else {
                        str2 = new StringBuffer().append(str).append("\n").append((String) elements.nextElement()).toString();
                    }
                }
                throw new ConfigPanelException(ConfigBasePanel._resource.getString("encryptionpanel", "invalidsslsettings-title"), str);
            }
        }
        String str3 = null;
        LDAPConnection lDAPConnection = getServerInfo().getLDAPConnection();
        String currentDN = getConsoleInfo().getCurrentDN();
        try {
            if (this._enableSSL) {
                if (this._isEncryptionPanelDirty) {
                    Enumeration keys2 = this._htCipherSetup.keys();
                    while (keys2.hasMoreElements()) {
                        CipherSetup cipherSetup2 = (CipherSetup) this._htCipherSetup.get(keys2.nextElement());
                        LDAPAttributeSet lDAPAttributeSet = new LDAPAttributeSet();
                        if (cipherSetup2.selectedDevice.length() >= 1) {
                            lDAPAttributeSet.add(new LDAPAttribute("nsssltoken", cipherSetup2.selectedDevice));
                        }
                        if (cipherSetup2.selectedCertificate.length() >= 1) {
                            lDAPAttributeSet.add(new LDAPAttribute("nssslpersonalityssl", cipherSetup2.selectedCertificate));
                        }
                        lDAPAttributeSet.add(new LDAPAttribute("nssslactivation", (cipherSetup2.enabled && this._enableSSL) ? "on" : "off"));
                        lDAPAttributeSet.add(new LDAPAttribute("objectclass", new String[]{"top", "nsEncryptionModule"}));
                        LDAPEntry lDAPEntry = new LDAPEntry(new StringBuffer().append("cn=").append(cipherSetup2.family).append(",cn=encryption,cn=config").toString(), lDAPAttributeSet);
                        lDAPEntry.getDN();
                        addOrModifyLDAPEntry(lDAPConnection, lDAPEntry);
                        z = true;
                    }
                }
                LDAPModificationSet lDAPModificationSet = new LDAPModificationSet();
                if (this._isEncryptionPanelDirty) {
                    lDAPModificationSet.add(2, new LDAPAttribute("nsssl3", this._enableSSL ? "on" : "off"));
                    lDAPModificationSet.add(2, new LDAPAttribute("nsssl3ciphers", this._cipherPrefs));
                    String str4 = LDAPDN.explodeDN(currentDN, true)[0];
                    lDAPModificationSet.add(2, new LDAPAttribute("nskeyfile", new StringBuffer().append("alias/").append(str4.toLowerCase()).append("-key3.db").toString()));
                    lDAPModificationSet.add(2, new LDAPAttribute("nscertfile", new StringBuffer().append("alias/").append(str4.toLowerCase()).append("-cert7.db").toString()));
                }
                if (this._isClientAuthDirty) {
                    String str5 = null;
                    if (this._rbNoClientAuth.isSelected()) {
                        str5 = "off";
                    } else if (this._rbAllowClientAuth.isSelected()) {
                        str5 = "allowed";
                    } else if (this._rbRequireClientAuth.isSelected()) {
                        str5 = "required";
                    } else {
                        Thread.dumpStack();
                    }
                    lDAPModificationSet.add(2, new LDAPAttribute("nssslclientauth", str5));
                }
                if (lDAPModificationSet.size() > 0 && !this._isCancelled) {
                    lDAPConnection.modify("cn=encryption,cn=config", lDAPModificationSet);
                    z = true;
                }
            }
            if (this._isEncryptionPanelDirty && !this._isCancelled) {
                LDAPModificationSet lDAPModificationSet2 = new LDAPModificationSet();
                lDAPModificationSet2.add(2, new LDAPAttribute("nsslapd-security", this._enableSSL ? "on" : "off"));
                lDAPConnection.modify("cn=config", lDAPModificationSet2);
                if (this._listeners != null) {
                    ListIterator listIterator = this._listeners.listIterator();
                    while (listIterator.hasNext()) {
                        ISSLConfigListener iSSLConfigListener = (ISSLConfigListener) listIterator.next();
                        if (this._enableSSL) {
                            iSSLConfigListener.notifySSLEnabled();
                        } else {
                            iSSLConfigListener.notifySSLDisabled();
                        }
                    }
                }
                z = true;
            }
            if (this._isDSMLClientAuthDirty) {
                LDAPModificationSet lDAPModificationSet3 = new LDAPModificationSet();
                String str6 = null;
                Object selectedItem = this._comboDSMLClientAuth.getSelectedItem();
                if (selectedItem == this.DSML_CLIENT_VALUES[this.HTTP_BASIC_ONLY]) {
                    str6 = "httpBasicOnly";
                } else if (selectedItem == this.DSML_CLIENT_VALUES[this.CLIENT_CERT_FIRST]) {
                    str6 = "clientCertFirst";
                } else if (selectedItem == this.DSML_CLIENT_VALUES[this.ONLY_CERT]) {
                    str6 = "clientCertOnly";
                } else if (selectedItem == this.DSML_CLIENT_VALUES[this.CLIENT_CERT]) {
                    str6 = "clientCertFirst";
                } else if (selectedItem == this.DSML_CLIENT_VALUES[this.ANONYMOUS]) {
                    str6 = "clientCertOnly";
                } else {
                    Thread.dumpStack();
                }
                lDAPModificationSet3.add(2, new LDAPAttribute("ds-hdsml-clientauthmethod", str6));
                str3 = "cn=DSMLv2-SOAP-HTTP,cn=frontends,cn=plugins,cn=config";
                lDAPConnection.modify(str3, lDAPModificationSet3);
                z = true;
            }
            boolean z2 = false;
            LDAPConnection lDAPConnection2 = getConsoleInfo().getLDAPConnection();
            try {
                if (this._enableSSL) {
                    if (this._isSSLInConsoleDirty && !this._isCancelled) {
                        lDAPConnection2.modify(currentDN, new LDAPModification(2, new LDAPAttribute("nsserversecurity", this._cbSSLInConsole.isSelected() ? "on" : "off")));
                        z = true;
                    }
                } else if (this._saveSSLInConsole && !this._isCancelled) {
                    lDAPConnection2.modify(currentDN, new LDAPModification(2, new LDAPAttribute("nsserversecurity", "off")));
                    z = true;
                    z2 = true;
                }
                if (this._enableSSL) {
                    this._framework.getServerObject().setSecurityState(DSAdmin.SECURITY_ENABLE);
                } else {
                    this._framework.getServerObject().setSecurityState(DSAdmin.SECURITY_DISABLE);
                }
                this._warnings.clear();
                if (this._enableSSL && this._isEncryptionPanelDirty) {
                    try {
                        this._warnings.add(ConfigBasePanel._resource.getString("encryptionpanel", "nonsslportworking-msg", new String[]{Integer.toString(lDAPConnection.getPort())}));
                        String[] strArr = {"nsslapd-port", "nsslapd-secureport"};
                        LDAPEntry read = lDAPConnection.read("cn=config", strArr);
                        int parseInt = Integer.parseInt(getValue(read, strArr[0]).trim());
                        int parseInt2 = Integer.parseInt(getValue(read, strArr[1]).trim());
                        if (parseInt2 <= 0) {
                            this._warnings.add(ConfigBasePanel._resource.getString("encryptionpanel", "sslport-not-configured-msg"));
                        } else if (!DSUtil.isNT(getConsoleInfo()) && parseInt >= 1024 && parseInt2 < 1024) {
                            this._warnings.add(ConfigBasePanel._resource.getString("encryptionpanel", "confirm-sslport-msg", new String[]{Integer.toString(parseInt2)}));
                        }
                    } catch (NumberFormatException e) {
                        Thread.dumpStack();
                    } catch (LDAPException e2) {
                    }
                }
                if (z2) {
                    this._warnings.add(ConfigBasePanel._resource.getString("encryptionpanel", "sslinconsole-disabled-msg"));
                }
                if (!this._isCancelled && z) {
                    resetCallback();
                }
                this._needsRestartServer = z;
                this._isCancelled = false;
            } catch (LDAPException e3) {
                throw new ConfigPanelException(ConfigBasePanel._resource.getString("encryptionpanel", "updating-topologyserver-error-title"), ConfigBasePanel._resource.getString("encryptionpanel", "updating-topologyserver-error-msg", new String[]{DSUtil.getLDAPErrorMessage(e3)}));
            }
        } catch (LDAPException e4) {
            throw new ConfigPanelException(ConfigBasePanel._resource.getString("encryptionpanel", "updating-server-error-title"), ConfigBasePanel._resource.getString("encryptionpanel", "updating-server-error-msg", new String[]{str3, DSUtil.getLDAPErrorMessage(e4)}));
        }
    }

    @Override // com.netscape.admin.dirserv.config.ConfigBasePanel, com.netscape.admin.dirserv.config.IConfigPanel
    public void cancelCallback() {
        this._isCancelled = true;
    }

    @Override // com.netscape.admin.dirserv.config.ConfigBasePanel, com.netscape.admin.dirserv.config.IConfigPanel
    public boolean needsConfirmation() {
        if (this._suffixesWithEncryptedAttributes == null) {
            this._suffixesWithEncryptedAttributes = new ArrayList();
        }
        this._suffixesWithEncryptedAttributes.clear();
        if (!this._enableSSL && this._isEncryptionPanelDirty) {
            DatabaseConfig databaseConfig = this._framework.getServerObject().getDatabaseConfig();
            try {
                LDAPSearchResults search = getServerInfo().getLDAPConnection().search(DSUtil.LDBM_CONFIG_BASE_DN, 2, "objectclass=dsAttributeEncryption", new String[]{"dn"}, false);
                while (search.hasMoreElements()) {
                    String str = new DN(search.next().getDN()).getParent().getParent().explodeDN(true)[0];
                    ListIterator listIterator = databaseConfig.getDatabases().listIterator();
                    boolean z = false;
                    while (listIterator.hasNext() && !z) {
                        Database database = (Database) listIterator.next();
                        if (database.getName().equalsIgnoreCase(str)) {
                            z = true;
                            Suffix suffix = database.getSuffix();
                            if (suffix != null) {
                                this._suffixesWithEncryptedAttributes.add(suffix.getName());
                            }
                        }
                    }
                }
            } catch (LDAPException e) {
            }
        }
        return this._suffixesWithEncryptedAttributes.size() > 0;
    }

    @Override // com.netscape.admin.dirserv.config.ConfigBasePanel, com.netscape.admin.dirserv.config.IConfigPanel
    public boolean askForConfirmation() {
        int showConfirmationDialog;
        if (this._suffixesWithEncryptedAttributes.size() == 1) {
            showConfirmationDialog = DSUtil.showConfirmationDialog((Component) this._framework, "confirm-disablesslwithencryptedattributes-onesuffix", new String[]{(String) this._suffixesWithEncryptedAttributes.get(0)}, "encryptionpanel", ConfigBasePanel._resource);
        } else {
            String str = (String) this._suffixesWithEncryptedAttributes.get(0);
            for (int i = 1; i < this._suffixesWithEncryptedAttributes.size(); i++) {
                str = new StringBuffer().append(str).append("; ").append(this._suffixesWithEncryptedAttributes.get(i)).toString();
            }
            showConfirmationDialog = DSUtil.showConfirmationDialog((Component) this._framework, "confirm-disablesslwithencryptedattributes-severalsuffixes", new String[]{str}, "encryptionpanel", ConfigBasePanel._resource);
        }
        return showConfirmationDialog == 0;
    }

    @Override // com.netscape.admin.dirserv.config.ConfigBasePanel, com.netscape.admin.dirserv.config.IConfigPanel
    public boolean hasWarningMessage() {
        return this._warnings.size() > 0;
    }

    @Override // com.netscape.admin.dirserv.config.ConfigBasePanel, com.netscape.admin.dirserv.config.IConfigPanel
    public void displayWarningMessage() {
        ListIterator listIterator = this._warnings.listIterator();
        String str = (String) listIterator.next();
        while (true) {
            String str2 = str;
            if (!listIterator.hasNext()) {
                DSUtil.showInformationDialog(this._framework, "general-warning", new String[]{str2}, "encryptionpanel", ConfigBasePanel._resource);
                return;
            }
            str = new StringBuffer().append(str2).append("\n").append((String) listIterator.next()).toString();
        }
    }

    @Override // com.netscape.admin.dirserv.config.ConfigBasePanel, com.netscape.admin.dirserv.config.IConfigPanel
    public boolean needsRestartServer() {
        return this._needsRestartServer;
    }

    public void actionPerformed(ActionEvent actionEvent) {
        Object source = actionEvent.getSource();
        if (source == this._cbSSLInConsole) {
            this._isSSLInConsoleDirty = this._saveSSLInConsole != this._cbSSLInConsole.isSelected();
            BlankPanel.setChangeState(this._cbSSLInConsole, this._isSSLInConsoleDirty ? 2 : 1);
            fireValidDirtyChange();
            return;
        }
        if (source != this._rbNoClientAuth && source != this._rbAllowClientAuth && source != this._rbRequireClientAuth) {
            if (source == this._comboDSMLClientAuth) {
                String str = "";
                Object selectedItem = this._comboDSMLClientAuth.getSelectedItem();
                if (selectedItem != null) {
                    if (selectedItem == this.DSML_CLIENT_VALUES[this.HTTP_BASIC_ONLY]) {
                        str = this._rbNoClientAuth.isSelected() ? (this._saveDSMLClientAuth.equalsIgnoreCase("httpBasicOnly") || this._saveDSMLClientAuth.equalsIgnoreCase("clientCertFirst")) ? this._saveDSMLClientAuth : "httpBasicOnly" : "httpBasicOnly";
                    } else if (selectedItem == this.DSML_CLIENT_VALUES[this.CLIENT_CERT_FIRST]) {
                        str = "clientCertFirst";
                    } else if (selectedItem == this.DSML_CLIENT_VALUES[this.ONLY_CERT]) {
                        str = "clientCertOnly";
                    } else if (selectedItem == this.DSML_CLIENT_VALUES[this.CLIENT_CERT]) {
                        str = (this._saveDSMLClientAuth.equalsIgnoreCase("clientCertOnly") || this._saveDSMLClientAuth.equalsIgnoreCase("clientCertFirst")) ? this._saveDSMLClientAuth : "clientCertFirst";
                    } else if (selectedItem == this.DSML_CLIENT_VALUES[this.ANONYMOUS]) {
                        str = "clientCertOnly";
                    } else {
                        Thread.dumpStack();
                    }
                }
                this._isDSMLClientAuthDirty = !this._saveDSMLClientAuth.equalsIgnoreCase(str);
                BlankPanel.setChangeState(this._lDSMLClientAuth, this._isDSMLClientAuthDirty ? 2 : 1);
                fireValidDirtyChange();
                return;
            }
            return;
        }
        boolean isSelected = this._rbRequireClientAuth.isSelected();
        this._cbSSLInConsole.setEnabled(!isSelected);
        if (isSelected && this._cbSSLInConsole.isSelected()) {
            this._cbSSLInConsole.setSelected(false);
            this._isSSLInConsoleDirty = this._saveSSLInConsole != this._cbSSLInConsole.isSelected();
            BlankPanel.setChangeState(this._cbSSLInConsole, this._isSSLInConsoleDirty ? 2 : 1);
            DSUtil.showInformationDialog(this, "nosslinconsolepossible", (String[]) null, "encryptionpanel", ConfigBasePanel._resource);
        }
        String str2 = "";
        if (this._rbNoClientAuth.isSelected()) {
            str2 = "off";
        } else if (this._rbAllowClientAuth.isSelected()) {
            str2 = "allowed";
        } else if (this._rbRequireClientAuth.isSelected()) {
            str2 = "required";
        }
        this._isClientAuthDirty = !this._saveClientAuth.equalsIgnoreCase(str2);
        BlankPanel.setChangeState(this._rbNoClientAuth, this._isClientAuthDirty ? 2 : 1);
        BlankPanel.setChangeState(this._rbAllowClientAuth, this._isClientAuthDirty ? 2 : 1);
        BlankPanel.setChangeState(this._rbRequireClientAuth, this._isClientAuthDirty ? 2 : 1);
        updateDSMLCombo();
        fireValidDirtyChange();
    }

    public void showCipherPreferenceDialog(String str) {
        CipherPreferenceDialog cipherPreferenceDialog = new CipherPreferenceDialog(this._framework, (String) null, CIPHER_SSL3_OFF, CIPHER_TLS_OFF);
        cipherPreferenceDialog.setCipherEnabled("V3", this._cipherPrefs);
        cipherPreferenceDialog.setCipherEnabled("TLS", this._cipherPrefs);
        cipherPreferenceDialog.showModal();
        if (cipherPreferenceDialog.isCancel()) {
            return;
        }
        this._cipherPrefs = new StringBuffer().append(cipherPreferenceDialog.getCipherPreference("V3")).append(DSSchemaHelper.ALIAS_DELIMITER).append(cipherPreferenceDialog.getCipherPreference("TLS")).toString();
        this._isEncryptionPanelDirty = true;
        fireValidDirtyChange();
    }

    public void cipherFamilyEnabledChanged(String str, boolean z) {
        findOrCreateCipherSetup(str).enabled = z;
        this._isEncryptionPanelDirty = true;
        fireValidDirtyChange();
    }

    public String getSelectedCertificate(String str) {
        CipherSetup cipherSetup = (CipherSetup) this._htCipherSetup.get(str);
        if (cipherSetup == null) {
            return null;
        }
        return cipherSetup.selectedCertificate;
    }

    public void selectedCertificateChanged(String str, String str2) {
        findOrCreateCipherSetup(str).selectedCertificate = str2;
        this._isEncryptionPanelDirty = true;
        fireValidDirtyChange();
    }

    public String getSelectedDevice(String str) {
        CipherSetup cipherSetup = (CipherSetup) this._htCipherSetup.get(str);
        if (cipherSetup == null) {
            return null;
        }
        return cipherSetup.selectedDevice;
    }

    public void selectedDeviceChanged(String str, String str2) {
        findOrCreateCipherSetup(str).selectedDevice = str2;
        this._isEncryptionPanelDirty = true;
        fireValidDirtyChange();
    }

    public void setSecurityIsDomestic(boolean z) {
    }

    public boolean isSecurityEnabled() {
        return this._enableSSL;
    }

    public boolean isCipherFamilyEnabled(String str) {
        CipherSetup cipherSetup = (CipherSetup) this._htCipherSetup.get(str);
        return cipherSetup != null && cipherSetup.enabled;
    }

    public void securityEnabledChanged(boolean z) {
        this._enableSSL = z;
        this._isEncryptionPanelDirty = true;
        this._rbNoClientAuth.setEnabled(this._enableSSL);
        this._rbAllowClientAuth.setEnabled(this._enableSSL);
        this._rbRequireClientAuth.setEnabled(this._enableSSL);
        this._cbSSLInConsole.setEnabled(this._enableSSL && !this._rbRequireClientAuth.isSelected());
        this._lDSMLClientAuth.setEnabled(this._enableSSL);
        this._comboDSMLClientAuth.setEnabled(this._enableSSL);
        fireValidDirtyChange();
    }

    @Override // com.netscape.admin.dirserv.IDSAdminEventListener
    public void processDSAdminEvent(DSAdminEvent dSAdminEvent) {
        if (this._isInitialized) {
            new Thread(new Runnable(this) { // from class: com.netscape.admin.dirserv.config.ConfigEncryptionPanel.8
                private final ConfigEncryptionPanel this$0;

                {
                    this.this$0 = this;
                }

                @Override // java.lang.Runnable
                public void run() {
                    if (this.this$0._isRefreshing) {
                        return;
                    }
                    this.this$0.showComponent(this.this$0.REFRESH_LABEL, true);
                    this.this$0.resetCallback();
                }
            }).start();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void createContentPanel() {
        this._contentPanel = new JPanel(new GridBagLayout());
        this._encrypt = new EncryptionPanel(getConsoleInfo(), (String) getServerInfo().get("SIE"), this);
        hackToSelectCertificate();
        this._encryptParent = new JPanel(new GridLayout());
        this._encryptParent.add("Center", this._encrypt);
        this._rbNoClientAuth = UIFactory.makeJRadioButton(this, "encryptionpanel", "rbnoclientauth", false, ConfigBasePanel._resource);
        this._rbAllowClientAuth = UIFactory.makeJRadioButton(this, "encryptionpanel", "rballowclientauth", false, ConfigBasePanel._resource);
        this._rbRequireClientAuth = UIFactory.makeJRadioButton(this, "encryptionpanel", "rbrequireclientauth", false, ConfigBasePanel._resource);
        ButtonGroup buttonGroup = new ButtonGroup();
        buttonGroup.add(this._rbNoClientAuth);
        buttonGroup.add(this._rbAllowClientAuth);
        buttonGroup.add(this._rbRequireClientAuth);
        if (this._saveClientAuth.equalsIgnoreCase("off")) {
            this._rbNoClientAuth.setSelected(true);
        } else if (this._saveClientAuth.equalsIgnoreCase("allowed")) {
            this._rbAllowClientAuth.setSelected(true);
        } else if (this._saveClientAuth.equalsIgnoreCase("required")) {
            this._rbRequireClientAuth.setSelected(true);
        } else {
            Thread.dumpStack();
        }
        this._cbSSLInConsole = UIFactory.makeJCheckBox(this, "encryptionpanel", "cbsslinconsole", false, ConfigBasePanel._resource);
        this._cbSSLInConsole.setSelected(this._saveSSLInConsole);
        this._lDSMLClientAuth = UIFactory.makeJLabel("encryptionpanel", "ldsmlclientauth", ConfigBasePanel._resource);
        this._comboDSMLClientAuth = new JComboBox(this.DSML_CLIENT_VALUES);
        this._comboDSMLClientAuth.addActionListener(this);
        this._lDSMLClientAuth.setLabelFor(this._comboDSMLClientAuth);
        if (this._saveDSMLClientAuth.equalsIgnoreCase("httpBasicOnly")) {
            this._comboDSMLClientAuth.setSelectedItem(this.DSML_CLIENT_VALUES[this.HTTP_BASIC_ONLY]);
        } else if (this._saveDSMLClientAuth.equalsIgnoreCase("clientCertFirst")) {
            if (this._rbNoClientAuth.isSelected()) {
                this._comboDSMLClientAuth.setSelectedItem(this.DSML_CLIENT_VALUES[this.HTTP_BASIC_ONLY]);
            } else if (this._rbRequireClientAuth.isSelected()) {
                this._comboDSMLClientAuth.setSelectedItem(this.DSML_CLIENT_VALUES[this.CLIENT_CERT]);
            } else {
                this._comboDSMLClientAuth.setSelectedItem(this.DSML_CLIENT_VALUES[this.CLIENT_CERT_FIRST]);
            }
        } else if (this._saveDSMLClientAuth.equalsIgnoreCase("clientCertOnly")) {
            if (this._rbNoClientAuth.isSelected()) {
                this._comboDSMLClientAuth.setSelectedItem(this.DSML_CLIENT_VALUES[this.ANONYMOUS]);
            } else if (this._rbRequireClientAuth.isSelected()) {
                this._comboDSMLClientAuth.setSelectedItem(this.DSML_CLIENT_VALUES[this.CLIENT_CERT]);
            } else {
                this._comboDSMLClientAuth.setSelectedItem(this.DSML_CLIENT_VALUES[this.ONLY_CERT]);
            }
        }
        updateDSMLCombo();
        GroupPanel groupPanel = new GroupPanel(ConfigBasePanel._resource.getString("encryptionpanel", "clientauthpanel-title"));
        GridBagConstraints gridBagConstraints = new GridBagConstraints();
        gridBagConstraints.insets = new Insets(UIFactory.getComponentSpace(), UIFactory.getComponentSpace(), 0, UIFactory.getComponentSpace());
        gridBagConstraints.fill = 1;
        gridBagConstraints.gridwidth = 0;
        gridBagConstraints.anchor = 18;
        gridBagConstraints.weightx = 1.0d;
        gridBagConstraints.insets.left += 2;
        gridBagConstraints.insets.right += 2;
        this._contentPanel.add(this._encryptParent, gridBagConstraints);
        gridBagConstraints.insets.left = UIFactory.getComponentSpace();
        gridBagConstraints.insets.right = UIFactory.getComponentSpace();
        gridBagConstraints.gridwidth = 0;
        this._contentPanel.add(groupPanel, gridBagConstraints);
        gridBagConstraints.weighty = 1.0d;
        this._contentPanel.add(Box.createVerticalGlue(), gridBagConstraints);
        gridBagConstraints.insets.top = 0;
        gridBagConstraints.weightx = 1.0d;
        gridBagConstraints.weighty = 0.0d;
        gridBagConstraints.fill = 0;
        gridBagConstraints.anchor = 17;
        gridBagConstraints.gridwidth = 0;
        groupPanel.add(this._rbNoClientAuth, gridBagConstraints);
        groupPanel.add(this._rbAllowClientAuth, gridBagConstraints);
        groupPanel.add(this._rbRequireClientAuth, gridBagConstraints);
        groupPanel.add(this._cbSSLInConsole, gridBagConstraints);
        gridBagConstraints.gridwidth = -1;
        gridBagConstraints.weightx = 0.0d;
        groupPanel.add(this._lDSMLClientAuth, gridBagConstraints);
        gridBagConstraints.gridwidth = 0;
        gridBagConstraints.weightx = 1.0d;
        gridBagConstraints.fill = 2;
        gridBagConstraints.insets.left = 0;
        groupPanel.add(this._comboDSMLClientAuth, gridBagConstraints);
        this._rbNoClientAuth.setEnabled(this._enableSSL);
        this._rbAllowClientAuth.setEnabled(this._enableSSL);
        this._rbRequireClientAuth.setEnabled(this._enableSSL);
        this._cbSSLInConsole.setEnabled(this._enableSSL && !this._rbRequireClientAuth.isSelected());
        this._lDSMLClientAuth.setEnabled(this._enableSSL);
        this._comboDSMLClientAuth.setEnabled(this._enableSSL);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void readDataFromServer() throws LDAPException {
        this._htCipherSetup.clear();
        ConsoleInfo serverInfo = getServerInfo();
        ConsoleInfo consoleInfo = getConsoleInfo();
        LDAPConnection lDAPConnection = serverInfo.getLDAPConnection();
        LDAPConnection lDAPConnection2 = consoleInfo.getLDAPConnection();
        String currentDN = consoleInfo.getCurrentDN();
        String[] strArr = {"nsserversecurity"};
        this._saveSSLInConsole = getValue(lDAPConnection2.read(currentDN, strArr), strArr[0]).equals("on");
        String[] strArr2 = {"nsslapd-security"};
        this._enableSSL = getValue(lDAPConnection.read("cn=config", strArr2), strArr2[0]).equals("on");
        LDAPEntry read = lDAPConnection.read("cn=encryption, cn=config");
        this._saveClientAuth = getValue(read, "nssslclientauth");
        this._cipherPrefs = DSUtil.getAttrValue(read, "nsssl3ciphers");
        this._saveDSMLClientAuth = DSUtil.getAttrValue(lDAPConnection.read("cn=DSMLv2-SOAP-HTTP,cn=frontends,cn=plugins,cn=config", new String[]{"ds-hdsml-clientauthmethod"}), "ds-hdsml-clientauthmethod");
        if (this._saveDSMLClientAuth.equals("")) {
            this._saveDSMLClientAuth = "clientCertFirst";
        }
        if (this._cipherPrefs.length() == 0) {
            this._cipherPrefs = CIPHER_PREFS;
        }
        LDAPSearchResults search = lDAPConnection.search("cn=encryption, cn=config", 1, "objectclass=*", (String[]) null, false);
        while (search.hasMoreElements()) {
            LDAPEntry next = search.next();
            CipherSetup cipherSetup = new CipherSetup();
            String dn = next.getDN();
            cipherSetup.family = dn.substring(dn.indexOf(61) + 1, dn.indexOf(44));
            cipherSetup.enabled = getValue(next, "nssslactivation").equalsIgnoreCase("on");
            cipherSetup.selectedDevice = DSUtil.getAttrValue(next, "nsssltoken");
            cipherSetup.selectedCertificate = DSUtil.getAttrValue(next, "nssslpersonalityssl");
            this._htCipherSetup.put(cipherSetup.family, cipherSetup);
        }
    }

    private CipherSetup findOrCreateCipherSetup(String str) {
        CipherSetup cipherSetup = (CipherSetup) this._htCipherSetup.get(str);
        if (cipherSetup == null) {
            cipherSetup = new CipherSetup();
            cipherSetup.family = str;
            this._htCipherSetup.put(cipherSetup.family, cipherSetup);
        }
        return cipherSetup;
    }

    private void fireValidDirtyChange() {
        if (this._isInitialized) {
            if (this._isSSLInConsoleDirty || this._isClientAuthDirty || this._isDSMLClientAuthDirty || this._isEncryptionPanelDirty) {
                setDirtyFlag();
            } else {
                clearDirtyFlag();
            }
        }
    }

    private void addOrModifyLDAPEntry(LDAPConnection lDAPConnection, LDAPEntry lDAPEntry) throws LDAPException {
        try {
            lDAPConnection.add(lDAPEntry);
        } catch (LDAPException e) {
            if (e.getLDAPResultCode() != 68) {
                throw e;
            }
            LDAPModificationSet lDAPModificationSet = new LDAPModificationSet();
            Enumeration attributes = lDAPEntry.getAttributeSet().getAttributes();
            while (attributes.hasMoreElements()) {
                lDAPModificationSet.add(2, (LDAPAttribute) attributes.nextElement());
            }
            lDAPConnection.modify(lDAPEntry.getDN(), lDAPModificationSet);
        }
    }

    private void updateDSMLCombo() {
        Object selectedItem = this._comboDSMLClientAuth.getSelectedItem();
        this._comboDSMLClientAuth.removeAllItems();
        if (this._rbNoClientAuth.isSelected()) {
            this._comboDSMLClientAuth.addItem(this.DSML_CLIENT_VALUES[this.HTTP_BASIC_ONLY]);
            this._comboDSMLClientAuth.addItem(this.DSML_CLIENT_VALUES[this.ANONYMOUS]);
        } else if (this._rbRequireClientAuth.isSelected()) {
            this._comboDSMLClientAuth.addItem(this.DSML_CLIENT_VALUES[this.HTTP_BASIC_ONLY]);
            this._comboDSMLClientAuth.addItem(this.DSML_CLIENT_VALUES[this.CLIENT_CERT]);
        } else {
            this._comboDSMLClientAuth.addItem(this.DSML_CLIENT_VALUES[this.HTTP_BASIC_ONLY]);
            this._comboDSMLClientAuth.addItem(this.DSML_CLIENT_VALUES[this.CLIENT_CERT_FIRST]);
            this._comboDSMLClientAuth.addItem(this.DSML_CLIENT_VALUES[this.ONLY_CERT]);
        }
        this._comboDSMLClientAuth.setSelectedItem(selectedItem);
    }

    private void hackToSelectCertificate() {
        try {
            Component[] components = this._encrypt.getComponents();
            for (int i = 0; i < components.length; i++) {
                if (components[i] instanceof JPanel) {
                    hackPane((JPanel) components[i]);
                }
            }
        } catch (NullPointerException e) {
        }
    }

    private void hackPane(JPanel jPanel) {
        JComboBox[] jComboBoxArr = new JComboBox[2];
        getComboBoxes(jPanel.getComponents(), jComboBoxArr);
        if (jComboBoxArr[0].isEnabled() || jComboBoxArr[1].getItemCount() != 0) {
            return;
        }
        jComboBoxArr[0].setSelectedItem(jComboBoxArr[0].getSelectedItem());
        if (jComboBoxArr[1].getSelectedItem() != null) {
            jComboBoxArr[1].setSelectedItem(jComboBoxArr[1].getSelectedItem());
        }
    }

    private void getComboBoxes(Component[] componentArr, JComboBox[] jComboBoxArr) {
        for (int i = 0; i < componentArr.length; i++) {
            if (jComboBoxArr[0] != null && jComboBoxArr[1] != null) {
                return;
            }
            if (componentArr[i] instanceof JComboBox) {
                if (jComboBoxArr[0] == null) {
                    jComboBoxArr[0] = (JComboBox) componentArr[i];
                } else {
                    jComboBoxArr[1] = (JComboBox) componentArr[i];
                }
            } else if (componentArr[i] instanceof Container) {
                getComboBoxes(((Container) componentArr[i]).getComponents(), jComboBoxArr);
            }
        }
    }
}
