package iaik.security.ssl;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Hashtable;

/* loaded from: input_file:119465-07/SUNWamsci/reloc/SUNWam/lib/iaik_ssl.jar:iaik/security/ssl/ChainVerifier.class */
public class ChainVerifier {
    protected boolean checkServerName;
    protected Hashtable cachedCerts;
    protected boolean nullTrusted;
    protected Hashtable trustedCerts;
    private static final boolean a = false;

    protected boolean verifyServer(X509Certificate[] x509CertificateArr, SSLTransport sSLTransport) {
        String remotePeerName;
        String[] tLSServerName;
        if (!this.checkServerName || (remotePeerName = sSLTransport.getRemotePeerName()) == null || (tLSServerName = SecurityProvider.getSecurityProvider().getTLSServerName(x509CertificateArr[0])) == null) {
            return true;
        }
        if (tLSServerName.length == 0) {
            sSLTransport.a("ChainVerifier: certificate does not contain a server name!");
            return false;
        }
        String lowerCase = remotePeerName.toLowerCase();
        for (String str : tLSServerName) {
            String lowerCase2 = str.toLowerCase();
            if (lowerCase2.startsWith("*")) {
                String substring = lowerCase2.substring(1);
                if (substring.length() == 0 || lowerCase.endsWith(substring)) {
                    return true;
                }
            } else if (lowerCase.equals(lowerCase2)) {
                return true;
            }
        }
        sSLTransport.a(new StringBuffer("ChainVerifier: name mismatch: ").append(tLSServerName[0]).append(" != ").append(lowerCase).toString());
        return false;
    }

    protected boolean verifyClient(X509Certificate[] x509CertificateArr, SSLTransport sSLTransport) {
        return true;
    }

    public boolean verifyChain(X509Certificate[] x509CertificateArr, SSLTransport sSLTransport) {
        if (x509CertificateArr == null) {
            sSLTransport.a(new StringBuffer("ChainVerifier: Empty peer certificate chain, ").append(this.nullTrusted ? "OK" : "NOT OK").toString());
            return this.nullTrusted;
        }
        if (sSLTransport.getUseClientMode()) {
            if (!verifyServer(x509CertificateArr, sSLTransport)) {
                return false;
            }
        } else if (!verifyClient(x509CertificateArr, sSLTransport)) {
            return false;
        }
        try {
            int length = x509CertificateArr.length;
            for (int i = 0; i < length - 1; i++) {
                if (verifyCertificate(x509CertificateArr[i], x509CertificateArr[i + 1])) {
                    cacheCertificates(x509CertificateArr, 0, i);
                    a(sSLTransport);
                    return true;
                }
            }
            X509Certificate x509Certificate = x509CertificateArr[length - 1];
            if (!x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                X509Certificate issuerCertificate = getIssuerCertificate(x509Certificate);
                if (verifyCertificate(x509Certificate, issuerCertificate)) {
                    cacheCertificates(x509CertificateArr, 0, length - 1);
                    a(sSLTransport);
                    return true;
                }
                if (issuerCertificate != null && isTrustedCertificate(issuerCertificate)) {
                    cacheCertificates(x509CertificateArr, 0, length - 1);
                    a(sSLTransport);
                    return true;
                }
            } else if (verifyCertificate(x509Certificate, x509Certificate)) {
                cacheCertificates(x509CertificateArr, 0, length - 1);
                a(sSLTransport);
                return true;
            }
            if (size() == 0) {
                sSLTransport.a("ChainVerifier: No trusted certificate found, OK anyway.");
                return true;
            }
            sSLTransport.a("ChainVerifier: No trusted certificate found, rejected.");
            return false;
        } catch (Exception e) {
            sSLTransport.a(new StringBuffer("ChainVerifier: Error verifying certificate chain: ").append(e).toString());
            return false;
        }
    }

    protected boolean verifyCertificate(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws Exception {
        x509Certificate.checkValidity();
        if (isCachedCertificate(x509Certificate) || isTrustedCertificate(x509Certificate)) {
            return true;
        }
        if (x509Certificate2 == null) {
            return false;
        }
        x509Certificate.verify(x509Certificate2.getPublicKey());
        return false;
    }

    public int size() {
        return this.trustedCerts.size();
    }

    public void setCheckServerName(boolean z) {
        this.checkServerName = z;
    }

    public void removeTrustedCertificate(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            this.nullTrusted = false;
        } else {
            this.trustedCerts.remove(x509Certificate.getSubjectDN());
            clearCachedCertificates();
        }
    }

    protected boolean isTrustedCertificate(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return this.nullTrusted;
        }
        X509Certificate x509Certificate2 = (X509Certificate) this.trustedCerts.get(x509Certificate.getSubjectDN());
        if (x509Certificate2 == null) {
            return false;
        }
        return x509Certificate.equals(x509Certificate2);
    }

    protected boolean isCachedCertificate(X509Certificate x509Certificate) {
        return this.cachedCerts.containsKey(x509Certificate);
    }

    public Principal[] getTrustedPrincipalsArray() {
        int size = size();
        Enumeration trustedPrincipals = getTrustedPrincipals();
        if (size <= 0 || trustedPrincipals == null) {
            return new Principal[0];
        }
        Principal[] principalArr = new Principal[size];
        int i = 0;
        while (i < size && trustedPrincipals.hasMoreElements()) {
            int i2 = i;
            i++;
            principalArr[i2] = (Principal) trustedPrincipals.nextElement();
        }
        return principalArr;
    }

    public Enumeration getTrustedPrincipals() {
        return this.trustedCerts.keys();
    }

    protected X509Certificate getIssuerCertificate(X509Certificate x509Certificate) {
        return (X509Certificate) this.trustedCerts.get(x509Certificate.getIssuerDN());
    }

    public boolean getCheckServerName() {
        return this.checkServerName;
    }

    private static void a(SSLTransport sSLTransport) {
        sSLTransport.a("ChainVerifier: Found a trusted certificate, returning true");
    }

    public void clearTrustedCertificates() {
        this.trustedCerts.clear();
        clearCachedCertificates();
    }

    protected void clearCachedCertificates() {
        this.cachedCerts.clear();
    }

    protected void cacheCertificates(X509Certificate[] x509CertificateArr, int i, int i2) {
        for (int i3 = i; i3 <= i2; i3++) {
            cacheCertificate(x509CertificateArr[i3]);
        }
    }

    protected void cacheCertificate(X509Certificate x509Certificate) {
        if (this.cachedCerts.size() >= 64) {
            clearCachedCertificates();
        }
        this.cachedCerts.put(x509Certificate, x509Certificate);
    }

    public void addTrustedCertificate(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            this.nullTrusted = true;
        } else {
            this.trustedCerts.put(x509Certificate.getSubjectDN(), x509Certificate);
        }
    }

    protected ChainVerifier(int i) {
    }

    public ChainVerifier() {
        this.trustedCerts = new Hashtable();
        this.nullTrusted = false;
        this.cachedCerts = new Hashtable();
        this.checkServerName = false;
    }
}
