package com.iplanet.idar.objectmodel.bean;

import com.iplanet.idar.common.IDARConstants;
import com.iplanet.idar.task.ImportConfigurationLdif;
import com.netscape.management.client.util.Debug;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.StringTokenizer;
import netscape.ldap.LDAPAttribute;
import netscape.ldap.LDAPAttributeSet;
import netscape.ldap.LDAPConnection;
import netscape.ldap.LDAPDN;
import netscape.ldap.LDAPEntry;
import netscape.ldap.LDAPException;
import netscape.ldap.LDAPModificationSet;
import netscape.ldap.LDAPSearchResults;

/* loaded from: input_file:116373-18/SUNWdpsg/reloc/usr/sadm/mps/admin/v5.2/java/jars/dps524.jar:com/iplanet/idar/objectmodel/bean/EncryptionConfigData.class */
public class EncryptionConfigData {
    private boolean securityIsDomestic;
    public static final String NS_CERT_FILE = "nsCertfile";
    public static final String NS_KEY_FILE = "nsKeyfile";
    public static final String NS_SSL3_CIPHERS = "nsSSL3Ciphers";
    public static final String NS_SSL3 = "nsSSL3";
    public static final String NS_SSL2_CIPHERS = "nsSSL2Ciphers";
    public static final String NS_SSL2 = "nsSSL2";
    public static final String NS_SERVER_SECURITY = "nsServerSecurity";
    public static final String IDAR_CONFIG_DN = "cn=configuration,";
    public static final String IDAR_ENCRYPTION_CONFIG_DN = "cn=encryption, cn=configuration,";
    public static final String NS_SSL3_SESSION_TIMEOUT = "nsSSL3SessionTimeout";
    public static final String NS_SSL_SESSION_TIMEOUT = "nsSSLSessionTimeout";
    public static final String NS_SSL_CLIENT_AUTH = "nsSSLClientAuth";
    public static final String NS_SSL_TIMEOUT = "nsSSLTimeout";
    private static final String SSL3 = "ssl3";
    private static final String TLS = "tls";
    public static final String NS_ENCRYPTION_MODULE = "nsEncryptionModule";
    public static final String NS_SSL_ACTIVATION = "nsSSLActivation";
    public static final String NS_SSL_TOKEN = "nsSSLToken";
    public static final String NS_SSL_PERSONALITY_SSL = "nsSSLPersonalitySSL";
    public static final String CIPHER_PREFS = "+fortezza,+fortezza_null,+fortezza_rc4_128_sha,+rsa_3des_sha,+rsa_des_sha,+rsa_fips_3des_sha,+rsa_fips_des_sha,-rsa_null_md5,+rsa_rc2_40_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc4_des40_sha,+rsa_rc4_128_sha";
    public static final String CIPHER_PREFS_TLS = "+tls_rsa_export1024_with_des_cbc_sha,+tls_rsa_export1024_with_rc4_56_sha";
    public static final String CIPHER_PREFS_SSL_V2 = "+rc4,+rc4export,+rc2,+rc2export,+des,+desede3";
    private boolean sslServerOn = false;
    private Hashtable cipherSetupTable = new Hashtable(5);
    private String cipherPrefs = CIPHER_PREFS;
    private String cipherPrefsSslV2 = CIPHER_PREFS_SSL_V2;
    private String cipherPrefsTLS = CIPHER_PREFS_TLS;
    private boolean ssl3On = false;
    private boolean ssl2On = false;
    private boolean error = false;
    private boolean dirty = false;

    public void readFromDirectory(LDAPConnection lDAPConnection, String str) throws LDAPException {
        try {
            Debug.println(7, "EncryptionConfigData.readFromDirectory()");
            String stringBuffer = new StringBuffer().append(IDAR_ENCRYPTION_CONFIG_DN).append(str).toString();
            String stringBuffer2 = new StringBuffer().append(IDAR_CONFIG_DN).append(str).toString();
            LDAPEntry read = lDAPConnection.read(stringBuffer2);
            LDAPEntry read2 = lDAPConnection.read(stringBuffer);
            LDAPSearchResults search = lDAPConnection.search(stringBuffer, 1, "objectclass=nsEncryptionModule", (String[]) null, false);
            Debug.println(9, "EncryptionConfigData.readFromDirectory(): **************************************************");
            if (read != null) {
                Debug.println(9, new StringBuffer().append("EncryptionConfigData.readFromDirectory: configuration dn[").append(stringBuffer2).append("] exists. Now reading...").toString());
                setSslServerOn(getAttrValue(read, NS_SERVER_SECURITY).equalsIgnoreCase("on"));
                if (read2 != null) {
                    setSsl3On(getAttrValue(read2, NS_SSL3).equalsIgnoreCase("on"));
                    setSsl2On(getAttrValue(read2, NS_SSL2).equalsIgnoreCase("on"));
                    String attrValue = getAttrValue(read2, NS_SSL3_CIPHERS);
                    setCipherPrefs(getCipherPrefsByType(SSL3, attrValue));
                    setCipherPrefsTLS(getCipherPrefsByType(TLS, attrValue));
                    setCipherPrefsSslV2(getAttrValue(read2, NS_SSL2_CIPHERS));
                } else {
                    Debug.println(0, "EncryptionConfigData.readFromDirectory: encryptionEntry is null");
                }
                if (search != null) {
                    while (search.hasMoreElements()) {
                        Debug.println(9, new StringBuffer().append("EncryptionConfigData.readFromDirectory: encryption dn[").append(stringBuffer).append("] exists. Now reading...").toString());
                        LDAPEntry lDAPEntry = (LDAPEntry) search.nextElement();
                        CipherSetup cipherSetup = new CipherSetup();
                        String dn = lDAPEntry.getDN();
                        cipherSetup.setFamily(dn.substring(dn.indexOf(61) + 1, dn.indexOf(44)));
                        String attrValue2 = getAttrValue(lDAPEntry, NS_SSL_ACTIVATION);
                        Debug.println(7, new StringBuffer().append("EncryptionConfigData.readFromDirectory: nsSslActivation=").append(attrValue2).toString());
                        cipherSetup.setEnabled(attrValue2.equalsIgnoreCase("on"));
                        cipherSetup.setSelectedDevice(getAttrValue(lDAPEntry, NS_SSL_TOKEN));
                        cipherSetup.setSelectedCertificate(getAttrValue(lDAPEntry, NS_SSL_PERSONALITY_SSL));
                        if (cipherSetup == null || cipherSetup.getFamily() == null) {
                            Debug.println(0, "EncryptionConfigData.readFromDirectory: ERROR: null cipher setup or family");
                        } else {
                            if (this.cipherSetupTable.put(cipherSetup.getFamily(), cipherSetup) != null) {
                                Debug.println(0, "EncryptionConfigData.readFromDirectory: cipher conflict ignored");
                            }
                            Debug.println(new StringBuffer().append("EncryptionConfigData.readFromDirectory: read prefs for ").append(cipherSetup.getFamily()).toString());
                        }
                        cipherSetup.endInitialization();
                        Debug.println(9, new StringBuffer().append("EncryptionConfigData.readFromDirectory() Successfully read cipher prefs for dn:").append(dn).toString());
                        Debug.println(9, cipherSetup.toString());
                    }
                } else {
                    Debug.println("EncryptionConfigData.readFromDirectory: encryptionEntry is null");
                }
            } else {
                Debug.println(0, new StringBuffer().append("EncryptionConfigData.readFromDirectory: cannot seem to read ldap entry: ").append(stringBuffer2).toString());
            }
            this.error = false;
            this.dirty = false;
        } catch (LDAPException e) {
            if (e.getLDAPResultCode() != 32) {
                this.error = true;
                throw e;
            }
            this.sslServerOn = false;
            this.error = false;
        }
    }

    public void writeToDirectory(LDAPConnection lDAPConnection, String str) throws LDAPException {
        try {
            Debug.println(0, new StringBuffer().append("EncryptionConfigData.writeToDirectory: writing to directory for server= ").append(str).toString());
            String stringBuffer = new StringBuffer().append(IDAR_CONFIG_DN).append(str).toString();
            LDAPAttributeSet lDAPAttributeSet = new LDAPAttributeSet();
            lDAPAttributeSet.add(new LDAPAttribute("objectclass", new String[]{ImportConfigurationLdif.TOP, "nsConfig", "nsAdminObject"}));
            lDAPAttributeSet.add(new LDAPAttribute(NS_SERVER_SECURITY, this.sslServerOn ? "on" : "off"));
            addOrModifyLDAPEntry(lDAPConnection, new LDAPEntry(stringBuffer, lDAPAttributeSet));
            String stringBuffer2 = new StringBuffer().append(IDAR_ENCRYPTION_CONFIG_DN).append(str).toString();
            LDAPAttributeSet lDAPAttributeSet2 = new LDAPAttributeSet();
            lDAPAttributeSet2.add(new LDAPAttribute("objectclass", new String[]{ImportConfigurationLdif.TOP, "nsEncryptionConfig"}));
            String str2 = LDAPDN.explodeDN(str, true)[0];
            lDAPAttributeSet2.add(new LDAPAttribute(NS_CERT_FILE, new StringBuffer().append("alias/").append(str2.toLowerCase()).append("-cert7.db").toString()));
            lDAPAttributeSet2.add(new LDAPAttribute(NS_KEY_FILE, new StringBuffer().append("alias/").append(str2.toLowerCase()).append("-key3.db").toString()));
            String str3 = this.sslServerOn ? "on" : "off";
            lDAPAttributeSet2.add(new LDAPAttribute(NS_SSL3, str3));
            lDAPAttributeSet2.add(new LDAPAttribute(NS_SSL3_CIPHERS, new StringBuffer().append(this.cipherPrefs).append(",").append(this.cipherPrefsTLS).toString()));
            lDAPAttributeSet2.add(new LDAPAttribute(NS_SSL2, str3));
            lDAPAttributeSet2.add(new LDAPAttribute(NS_SSL2_CIPHERS, this.cipherPrefsSslV2));
            addOrModifyLDAPEntry(lDAPConnection, new LDAPEntry(stringBuffer2, lDAPAttributeSet2));
            Enumeration keys = this.cipherSetupTable.keys();
            while (keys.hasMoreElements()) {
                CipherSetup cipherSetup = (CipherSetup) this.cipherSetupTable.get(keys.nextElement());
                LDAPAttributeSet lDAPAttributeSet3 = new LDAPAttributeSet();
                if (cipherSetup.getSelectedDevice().length() >= 1) {
                    lDAPAttributeSet3.add(new LDAPAttribute(NS_SSL_TOKEN, cipherSetup.getSelectedDevice()));
                }
                if (cipherSetup.getSelectedCertificate().length() >= 1) {
                    lDAPAttributeSet3.add(new LDAPAttribute(NS_SSL_PERSONALITY_SSL, cipherSetup.getSelectedCertificate()));
                }
                lDAPAttributeSet3.add(new LDAPAttribute(NS_SSL_ACTIVATION, (cipherSetup.isEnabled() && this.sslServerOn) ? "on" : "off"));
                lDAPAttributeSet3.add(new LDAPAttribute("objectclass", new String[]{ImportConfigurationLdif.TOP, NS_ENCRYPTION_MODULE}));
                String stringBuffer3 = new StringBuffer().append("cn=").append(cipherSetup.getFamily()).append(",").append(IDAR_ENCRYPTION_CONFIG_DN).append(str).toString();
                LDAPEntry lDAPEntry = new LDAPEntry(stringBuffer3, lDAPAttributeSet3);
                Debug.println(new StringBuffer().append("EncryptionConfigData.writeToDirectory entry=").append(lDAPEntry).toString());
                addOrModifyLDAPEntry(lDAPConnection, lDAPEntry);
                Debug.println(0, new StringBuffer().append("EncryptionConfigData.writeToDirectory() Successfully wrote the following cipher prefs for dn: ").append(stringBuffer3).toString());
                Debug.println(0, cipherSetup.toString());
            }
            this.error = false;
            this.dirty = false;
        } catch (LDAPException e) {
            Debug.println(new StringBuffer().append("EncryptionConfigData.writeToDirectory: ERROR - Unable to write to directory :").append(e.toString()).toString());
            this.error = true;
            throw e;
        }
    }

    static void addOrModifyLDAPEntry(LDAPConnection lDAPConnection, LDAPEntry lDAPEntry) throws LDAPException {
        try {
            lDAPConnection.add(lDAPEntry);
        } catch (LDAPException e) {
            if (e.getLDAPResultCode() != 68) {
                Debug.println(0, new StringBuffer().append("EncryptionPanel.addOrModifyEntry: exception for ").append(lDAPEntry).toString());
                throw e;
            }
            Debug.println(new StringBuffer().append("EncryptionConfigData.addOrModifyLDAPEntry: modify entry that already exist. entry=").append(lDAPEntry.toString()).toString());
            LDAPModificationSet lDAPModificationSet = new LDAPModificationSet();
            Enumeration attributes = lDAPEntry.getAttributeSet().getAttributes();
            while (attributes.hasMoreElements()) {
                lDAPModificationSet.add(2, (LDAPAttribute) attributes.nextElement());
            }
            lDAPConnection.modify(lDAPEntry.getDN(), lDAPModificationSet);
        }
    }

    public boolean initializationError() {
        return this.error;
    }

    public static String getAttrValue(LDAPEntry lDAPEntry, String str) {
        LDAPAttribute attribute;
        if (lDAPEntry == null || (attribute = lDAPEntry.getAttribute(str)) == null) {
            return IDARConstants.DEFAULT_BIND_NAME;
        }
        Enumeration stringValues = attribute.getStringValues();
        return stringValues.hasMoreElements() ? (String) stringValues.nextElement() : IDARConstants.DEFAULT_BIND_NAME;
    }

    public boolean isSecurityIsDomestic() {
        return this.securityIsDomestic;
    }

    public void setSecurityIsDomestic(boolean z) {
        if (this.securityIsDomestic != z) {
            this.securityIsDomestic = z;
            this.dirty = true;
        }
    }

    public CipherSetup findOrCreateCipherSetup(String str) {
        Debug.println(7, "EncryptionConfigData.findOrCreateCipherSetup");
        CipherSetup cipherSetup = (CipherSetup) this.cipherSetupTable.get(str);
        if (cipherSetup == null) {
            cipherSetup = new CipherSetup();
            cipherSetup.setFamily(str);
            this.cipherSetupTable.put(cipherSetup.getFamily(), cipherSetup);
        }
        return cipherSetup;
    }

    public CipherSetup getCipher(String str) {
        return (CipherSetup) this.cipherSetupTable.get(str);
    }

    public boolean isCipherFamilyEnabled() {
        boolean z;
        Enumeration keys = this.cipherSetupTable.keys();
        boolean z2 = false;
        while (true) {
            z = z2;
            if (!keys.hasMoreElements() || z) {
                break;
            }
            z2 = ((CipherSetup) this.cipherSetupTable.get(keys.nextElement())).isEnabled();
        }
        return z;
    }

    public boolean areCipherFamiliesComplete() {
        Debug.println(5, "EncryptionConfigData.areCipherFamiliesComplete()");
        Enumeration keys = this.cipherSetupTable.keys();
        boolean z = true;
        Debug.println(5, "EncryptionConfigData.areCipherFamiliesComplete(): Checking modules...");
        while (keys.hasMoreElements() && z) {
            CipherSetup cipherSetup = (CipherSetup) this.cipherSetupTable.get(keys.nextElement());
            Debug.println(9, new StringBuffer().append("EncryptionConfigData.areCipherFamiliesComplete():  Family Name= ").append(cipherSetup.getFamily()).append(IDARConstants.NEW_LINE).toString());
            Debug.println(9, new StringBuffer().append("EncryptionConfigData.areCipherFamiliesComplete():  Enabled= ").append(cipherSetup.isEnabled()).append(IDARConstants.NEW_LINE).toString());
            Debug.println(9, new StringBuffer().append("EncryptionConfigData.areCipherFamiliesComplete():  hasDevice= ").append(cipherSetup.hasSelectedDevice()).append(IDARConstants.NEW_LINE).toString());
            Debug.println(9, new StringBuffer().append("EncryptionConfigData.areCipherFamiliesComplete():  hasCertificate= ").append(cipherSetup.hasSelectedCertificate()).append(IDARConstants.NEW_LINE).toString());
            if (cipherSetup.isEnabled()) {
                z = cipherSetup.hasSelectedDevice() && cipherSetup.hasSelectedCertificate();
            }
            Debug.println(9, new StringBuffer().append("EncryptionConfigData.areCipherFamiliesComplete()=").append(z).toString());
        }
        return z;
    }

    public boolean areCipherFamiliesCompleteAndEnabled() {
        Debug.println(5, "EncryptionConfigData.areCipherFamiliesCompleteAndEnabled()");
        Enumeration keys = this.cipherSetupTable.keys();
        boolean z = false;
        Debug.println(5, "EncryptionConfigData.areCipherFamiliesCompleteAndEnabled(): Checking modules...");
        while (keys.hasMoreElements() && !z) {
            CipherSetup cipherSetup = (CipherSetup) this.cipherSetupTable.get(keys.nextElement());
            Debug.println(9, new StringBuffer().append("EncryptionConfigData.areCipherFamiliesCompleteAndEnabled():  Family Name= ").append(cipherSetup.getFamily()).append(IDARConstants.NEW_LINE).toString());
            Debug.println(9, new StringBuffer().append("EncryptionConfigData.areCipherFamiliesCompleteAndEnabled():  Enabled= ").append(cipherSetup.isEnabled()).append(IDARConstants.NEW_LINE).toString());
            Debug.println(9, new StringBuffer().append("EncryptionConfigData.areCipherFamiliesCompleteAndEnabled():  hasDevice= ").append(cipherSetup.hasSelectedDevice()).append(IDARConstants.NEW_LINE).toString());
            Debug.println(9, new StringBuffer().append("EncryptionConfigData.areCipherFamiliesCompleteAndEnabled():  hasCertificate= ").append(cipherSetup.hasSelectedCertificate()).append(IDARConstants.NEW_LINE).toString());
            if (cipherSetup.isEnabled()) {
                z = cipherSetup.hasSelectedDevice() && cipherSetup.hasSelectedCertificate();
            }
            Debug.println(9, new StringBuffer().append("EncryptionConfigData.areCipherFamiliesCompleteAndEnabled()=").append(z).toString());
        }
        return z;
    }

    public boolean isSslServerOn() {
        Debug.println(5, new StringBuffer().append("EncryptionConfigData.isSslServerOn: ").append(this.sslServerOn).toString());
        return this.sslServerOn;
    }

    public void setSslServerOn(boolean z) {
        Debug.println(new StringBuffer().append("EncryptionConfigData.setSslServerOn: ").append(z).toString());
        if (this.sslServerOn != z) {
            this.sslServerOn = z;
            this.dirty = true;
        }
    }

    public boolean isSsl3On() {
        return this.ssl3On;
    }

    public void setSsl3On(boolean z) {
        if (this.ssl3On != z) {
            this.ssl3On = z;
            this.dirty = true;
        }
    }

    public boolean isSsl2On() {
        return this.ssl2On;
    }

    public void setSsl2On(boolean z) {
        if (this.ssl2On != z) {
            this.ssl2On = z;
            this.dirty = true;
        }
    }

    private String getCipherPrefsByType(String str, String str2) {
        StringTokenizer stringTokenizer = new StringTokenizer(str2, ",");
        StringBuffer stringBuffer = new StringBuffer();
        StringBuffer stringBuffer2 = new StringBuffer();
        String str3 = IDARConstants.DEFAULT_BIND_NAME;
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.startsWith(TLS, 1)) {
                stringBuffer.append(",");
                stringBuffer.append(nextToken);
            } else {
                stringBuffer2.append(",");
                stringBuffer2.append(nextToken);
            }
        }
        if (str.equals(SSL3)) {
            str3 = stringBuffer2.toString().substring(1);
        } else if (str.equals(TLS)) {
            str3 = stringBuffer.toString().substring(1);
        }
        return str3;
    }

    public String getCipherPrefs() {
        return this.cipherPrefs;
    }

    public void setCipherPrefs(String str) {
        Debug.println(9, new StringBuffer().append("EncryptionConfigData.setCipherPrefs(").append(str).append(")").toString());
        if ((this.cipherPrefs != null && !this.cipherPrefs.equals(str)) || (this.cipherPrefs == null && str != null)) {
            this.cipherPrefs = str;
            this.dirty = true;
        }
        Debug.println(9, new StringBuffer().append("EncryptionConfigData.setCipherPrefs dirty = ").append(this.dirty).toString());
    }

    public String getCipherPrefsSslV2() {
        return this.cipherPrefsSslV2;
    }

    public void setCipherPrefsSslV2(String str) {
        Debug.println(9, new StringBuffer().append("EncryptionConfigData.setCipherPrefsSsl2(").append(str).append(")").toString());
        if ((this.cipherPrefsSslV2 == null || this.cipherPrefsSslV2.equals(str)) && (this.cipherPrefsSslV2 != null || str == null)) {
            return;
        }
        this.cipherPrefsSslV2 = str;
        this.dirty = true;
    }

    public String getCipherPrefsTLS() {
        return this.cipherPrefsTLS;
    }

    public void setCipherPrefsTLS(String str) {
        Debug.println(9, new StringBuffer().append("EncryptionConfigData.setCipherPrefsTLS(").append(str).append(")").toString());
        if ((this.cipherPrefsTLS != null && !this.cipherPrefsTLS.equals(str)) || (this.cipherPrefsTLS == null && str != null)) {
            this.cipherPrefsTLS = str;
            this.dirty = true;
        }
        Debug.println(6, new StringBuffer().append("EncryptionConfigData.setCipherPrefsTLS dirty = ").append(this.dirty).toString());
    }

    public boolean isDirty() {
        Debug.println(6, new StringBuffer().append("EncryptionConfigData.isDirty: this.dirty = ").append(this.dirty).toString());
        return this.dirty;
    }
}
