package com.iplanet.services.comm.https;

import com.iplanet.am.util.SystemProperties;
import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.StringTokenizer;
import org.mozilla.jss.crypto.X509Certificate;
import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
import sun.security.x509.CertificateExtensions;
import sun.security.x509.GeneralName;
import sun.security.x509.GeneralNames;
import sun.security.x509.SubjectAlternativeNameExtension;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

/* JADX WARN: Classes with same name are omitted:
  input_file:120955-02/SUNWamclnt/reloc/SUNWam/lib/amclientsdk.jar:com/iplanet/services/comm/https/ApprovalCallback.class
 */
/* loaded from: input_file:120955-02/SUNWamsdk/reloc/SUNWam/lib/am_sdk.jar:com/iplanet/services/comm/https/ApprovalCallback.class */
public class ApprovalCallback implements SSLCertificateApprovalCallback {
    private String reqHost;
    public static boolean trustAllServerCerts;
    public static boolean checkSubjectAltName;
    public static boolean resolveIPAddress;
    private static final String NEW_METHOD_NAME = "iterator";
    private static final String OLD_METHOD_NAME = "elements";
    static Class class$sun$security$x509$GeneralNames;
    private static ApprovalCallback theInstance = null;
    public static HashSet sslTrustHosts = new HashSet();
    private static Class[] argTypes = new Class[0];
    private static Object[] params = new Object[0];
    private static Method method = null;

    private static Method getMethod() throws NoSuchMethodException {
        Class cls;
        Class cls2;
        if (method == null) {
            String str = NEW_METHOD_NAME;
            if (class$sun$security$x509$GeneralNames == null) {
                cls = class$("sun.security.x509.GeneralNames");
                class$sun$security$x509$GeneralNames = cls;
            } else {
                cls = class$sun$security$x509$GeneralNames;
            }
            Method[] declaredMethods = cls.getDeclaredMethods();
            int i = 0;
            while (true) {
                if (i >= declaredMethods.length) {
                    break;
                }
                if (declaredMethods[i].getName().equals(OLD_METHOD_NAME)) {
                    str = OLD_METHOD_NAME;
                    break;
                }
                i++;
            }
            if (class$sun$security$x509$GeneralNames == null) {
                cls2 = class$("sun.security.x509.GeneralNames");
                class$sun$security$x509$GeneralNames = cls2;
            } else {
                cls2 = class$sun$security$x509$GeneralNames;
            }
            method = cls2.getMethod(str, argTypes);
        }
        return method;
    }

    private ApprovalCallback() {
        this.reqHost = null;
    }

    public ApprovalCallback(String str) {
        this.reqHost = null;
        if (str != null) {
            this.reqHost = str.toLowerCase();
        }
    }

    public static ApprovalCallback getInstance() {
        if (theInstance == null) {
            theInstance = new ApprovalCallback();
        }
        return theInstance;
    }

    public boolean approve(X509Certificate x509Certificate, SSLCertificateApprovalCallback.ValidityStatus validityStatus) {
        Enumeration reasons = validityStatus.getReasons();
        if (trustAllServerCerts) {
            return true;
        }
        if (this.reqHost == null && !reasons.hasMoreElements()) {
            return true;
        }
        boolean z = true;
        while (z && reasons.hasMoreElements()) {
            int reason = ((SSLCertificateApprovalCallback.ValidityItem) reasons.nextElement()).getReason();
            if (JSSDebug.debug.messageEnabled()) {
                JSSDebug.debug.message(new StringBuffer().append("ApprovalCallback: reason ").append(reason).toString());
            }
            if (reason != -12276) {
                z = false;
            } else {
                String str = null;
                try {
                    str = new X500Name(x509Certificate.getSubjectDN().getName()).getCommonName();
                } catch (Exception e) {
                    if (JSSDebug.debug.messageEnabled()) {
                        JSSDebug.debug.message("ApprovalCallback:", e);
                    }
                }
                if (str == null) {
                    return false;
                }
                if (!sslTrustHosts.isEmpty()) {
                    if (JSSDebug.debug.messageEnabled()) {
                        JSSDebug.debug.message(new StringBuffer().append("ApprovalCallback: server cert CN : ").append(str).toString());
                    }
                    if (sslTrustHosts.contains(str.toLowerCase())) {
                        return true;
                    }
                }
                if (resolveIPAddress) {
                    try {
                        z = InetAddress.getByName(str).getHostAddress().equals(InetAddress.getByName(this.reqHost).getHostAddress());
                    } catch (UnknownHostException e2) {
                        if (JSSDebug.debug.messageEnabled()) {
                            JSSDebug.debug.message("ApprovalCallback:", e2);
                        }
                        z = false;
                    }
                } else {
                    z = false;
                }
                if (!z && checkSubjectAltName) {
                    try {
                        SubjectAlternativeNameExtension subjectAlternativeNameExtension = (SubjectAlternativeNameExtension) ((CertificateExtensions) new X509CertInfo(new X509CertImpl(x509Certificate.getEncoded()).getTBSCertificate()).get("extensions")).get("SubjectAlternativeName");
                        if (subjectAlternativeNameExtension != null) {
                            GeneralNames generalNames = (GeneralNames) subjectAlternativeNameExtension.get("subject_name");
                            Method method2 = getMethod();
                            if (method2.getName().equals(OLD_METHOD_NAME)) {
                                Enumeration enumeration = (Enumeration) method2.invoke(generalNames, params);
                                while (!z && enumeration.hasMoreElements()) {
                                    z = compareHosts((GeneralName) enumeration.nextElement());
                                }
                            } else {
                                Iterator it = (Iterator) method2.invoke(generalNames, params);
                                while (!z && it.hasNext()) {
                                    z = compareHosts((GeneralName) it.next());
                                }
                            }
                        }
                    } catch (Exception e3) {
                        return false;
                    }
                }
            }
        }
        return z;
    }

    private boolean compareHosts(GeneralName generalName) {
        try {
            if (generalName.getType() != 2) {
                return false;
            }
            String generalName2 = generalName.toString();
            return InetAddress.getByName(generalName2.substring(generalName2.indexOf(58) + 1).trim()).equals(InetAddress.getByName(this.reqHost));
        } catch (UnknownHostException e) {
            if (!JSSDebug.debug.messageEnabled()) {
                return false;
            }
            JSSDebug.debug.message(e.toString());
            return false;
        }
    }

    private static void getSSLTrustHosts(String str) {
        if (JSSDebug.debug.messageEnabled()) {
            JSSDebug.debug.message(new StringBuffer().append("ApprovalCallback  SSLTrustHostList = ").append(str).toString());
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        sslTrustHosts.clear();
        while (stringTokenizer.hasMoreTokens()) {
            sslTrustHosts.add(stringTokenizer.nextToken().trim().toLowerCase());
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        trustAllServerCerts = false;
        checkSubjectAltName = false;
        resolveIPAddress = false;
        String str = SystemProperties.get("com.iplanet.am.jssproxy.trustAllServerCerts");
        trustAllServerCerts = str != null && str.equalsIgnoreCase("true");
        String str2 = SystemProperties.get("com.iplanet.am.jssproxy.checkSubjectAltName");
        checkSubjectAltName = str2 != null && str2.equalsIgnoreCase("true");
        String str3 = SystemProperties.get("com.iplanet.am.jssproxy.resolveIPAddress");
        resolveIPAddress = str3 != null && str3.equalsIgnoreCase("true");
        String str4 = SystemProperties.get("com.iplanet.am.jssproxy.SSLTrustHostList", null);
        if (str4 != null) {
            getSSLTrustHosts(str4);
        }
        if (JSSDebug.debug.messageEnabled()) {
            JSSDebug.debug.message(new StringBuffer().append("ApprovalCallback trustAllServerCerts = ").append(trustAllServerCerts).toString());
            JSSDebug.debug.message(new StringBuffer().append("ApprovalCallback checkSubjectAltName = ").append(checkSubjectAltName).toString());
            JSSDebug.debug.message(new StringBuffer().append("ApprovalCallback resolveIPAddress = ").append(resolveIPAddress).toString());
            JSSDebug.debug.message(new StringBuffer().append("ApprovalCallback  SSLTrustHostList = ").append(sslTrustHosts.toString()).toString());
        }
    }
}
