package com.sun.portal.util;

import com.sun.portal.cli.cert.JSSUtil;
import com.sun.portal.cli.cert.Password;
import com.sun.portal.cli.cert.SRADecoderException;
import com.sun.portal.log.common.PortalLogger;
import com.sun.portal.rproxy.cert.CertAdminPasswordCallback;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.net.SocketException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.mozilla.jss.CertDatabaseException;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.KeyDatabaseException;
import org.mozilla.jss.crypto.AlreadyInitializedException;
import org.mozilla.jss.crypto.ObjectNotFoundException;
import org.mozilla.jss.crypto.TokenException;
import org.mozilla.jss.ssl.SSLSocket;

/* loaded from: input_file:121913-02/SUNWportal-sracommon/reloc/SUNWportal/lib/gateway.jar:com/sun/portal/util/GWNSSInit.class */
public class GWNSSInit {
    public static String nickname = "server-cert";
    private static Logger logger;
    public static final int[] cipherSuites128BitSSL2;
    public static final int[] cipherSuites128BitSSL3;
    public static final int[] cipherSuites40BitSSL2;
    public static final int[] cipherSuites40BitSSL3;
    public static final int[] cipherSuitesOthersSSL2;
    public static final int[] cipherSuitesOthersSSL3;
    public static final int[] cipherSuitesSSL3Null;
    public static final int[] cipherSuites128BitTLS;
    public static final int[] cipherSuitesOthersTLS;
    private static final int[] cipherSuitesNotSupported;
    static Class class$com$sun$portal$util$GWNSSInit;

    public static void enableAllCiphers() throws SocketException {
        enableCipher(cipherSuites40BitSSL2);
        enableCipher(cipherSuites40BitSSL3);
        enableCipher(cipherSuitesOthersSSL2);
        enableCipher(cipherSuitesOthersSSL3);
        enableCipher(cipherSuites128BitSSL2);
        enableCipher(cipherSuites128BitSSL3);
        enableCipher(cipherSuitesOthersTLS);
        enableCipher(cipherSuites128BitTLS);
        enableCipher(cipherSuitesSSL3Null);
    }

    public static void disableAllCiphers() throws SocketException {
        disableCipher(cipherSuites40BitSSL2);
        disableCipher(cipherSuites40BitSSL3);
        disableCipher(cipherSuitesOthersSSL2);
        disableCipher(cipherSuitesOthersSSL3);
        disableCipher(cipherSuites128BitSSL2);
        disableCipher(cipherSuites128BitSSL3);
        disableCipher(cipherSuitesOthersTLS);
        disableCipher(cipherSuites128BitTLS);
        disableCipher(cipherSuitesSSL3Null);
    }

    public static void enableCipher(int[] iArr) throws SocketException {
        setCipherState(iArr, true);
    }

    public static void disableCipher(int[] iArr) throws SocketException {
        setCipherState(iArr, false);
    }

    private static void setCipherState(int[] iArr, boolean z) throws SocketException {
        for (int i : iArr) {
            SSLSocket.setCipherPreferenceDefault(i, z);
        }
    }

    public static boolean initialize() throws SocketException {
        String property = System.getProperty("gateway.keybase", System.getProperty("SRAP_CONFIG_DIR", "/etc/opt/SUNWportal"));
        logger.log(Level.INFO, "PSSR_CSPU055", new Object[]{property});
        try {
            JSSUtil.setDefaultDecoder(property);
        } catch (SRADecoderException e) {
            logger.log(Level.SEVERE, "PSSR_CSPU056", new Object[]{e.getMessage()});
        }
        String property2 = System.getProperty("gateway.nickname", new StringBuffer().append(System.getProperty("SRAP_CONFIG_DIR", "/etc/opt/SUNWportal")).append(File.separatorChar).append("cert").append(File.separatorChar).append(".nickname").toString());
        logger.log(Level.INFO, "PSSR_CSPU057", new Object[]{property2});
        if (property2 != null) {
            try {
                nickname = new BufferedReader(new InputStreamReader(new FileInputStream(property2))).readLine();
            } catch (Exception e2) {
                logger.log(Level.SEVERE, "PSSR_CSPU058", new Object[]{property2});
            }
        } else {
            logger.severe("PSSR_CSPU059");
        }
        String property3 = System.getProperty("gateway.pass", new StringBuffer().append(System.getProperty("SRAP_CONFIG_DIR", "/etc/opt/SUNWportal")).append(File.separatorChar).append("cert").append(File.separatorChar).append(".jsspass").toString());
        logger.log(Level.INFO, "PSSR_CSPU060", new Object[]{property3});
        if (property3 == null) {
            logger.severe("PSSR_CSPU063");
            return false;
        }
        try {
            Password decryptPassword = JSSUtil.decryptPassword(new BufferedReader(new InputStreamReader(new FileInputStream(property3))).readLine());
            String password = decryptPassword.getPassword();
            if (decryptPassword.isEncrypted()) {
                logger.info("PSSR_CSPU061");
            }
            try {
                CryptoManager.initialize(new CryptoManager.InitializationValues(property));
                CryptoManager.getInstance().setPasswordCallback(new CertAdminPasswordCallback(password));
                checkCertificateValidity();
                logger.info("PSSR_CSPU064");
                disableCipher(cipherSuitesNotSupported);
                enableAllCiphers();
                return true;
            } catch (AlreadyInitializedException e3) {
                logger.warning(new StringBuffer().append("GWNSSInit: CryptoManager already initialized.").append(e3).toString());
                return true;
            } catch (KeyDatabaseException e4) {
                logger.log(Level.SEVERE, "PSSR_CSPU065", e4);
                return false;
            } catch (Exception e5) {
                logger.log(Level.SEVERE, "PSSR_CSPU067", new Object[]{e5.getMessage()});
                return false;
            } catch (CertDatabaseException e6) {
                logger.log(Level.SEVERE, "PSSR_CSPU066", e6);
                return false;
            }
        } catch (Exception e7) {
            logger.log(Level.SEVERE, "PSSR_CSPU062", new Object[]{property3});
            return false;
        }
    }

    private static void checkCertificateValidity() throws ObjectNotFoundException, TokenException, CryptoManager.NotInitializedException, CertificateEncodingException, CertificateException {
        try {
            ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(CryptoManager.getInstance().findCertByNickname(nickname).getEncoded()))).checkValidity();
        } catch (CertificateExpiredException e) {
            logger.log(Level.INFO, "PSSR_CSPU102", new Object[]{nickname});
        } catch (Exception e2) {
            logger.log(Level.INFO, "PSSR_CSPU103", (Throwable) e2);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$sun$portal$util$GWNSSInit == null) {
            cls = class$("com.sun.portal.util.GWNSSInit");
            class$com$sun$portal$util$GWNSSInit = cls;
        } else {
            cls = class$com$sun$portal$util$GWNSSInit;
        }
        logger = PortalLogger.getLogger(cls);
        cipherSuites128BitSSL2 = new int[]{65287, 65283, 65281};
        cipherSuites128BitSSL3 = new int[]{10, 4, 5, 65279};
        cipherSuites40BitSSL2 = new int[]{65284, 65282};
        cipherSuites40BitSSL3 = new int[]{3, 6};
        cipherSuitesOthersSSL2 = new int[]{65286};
        cipherSuitesOthersSSL3 = new int[]{9, 65278};
        cipherSuitesSSL3Null = new int[]{1};
        cipherSuites128BitTLS = new int[0];
        cipherSuitesOthersTLS = new int[]{98, 100};
        cipherSuitesNotSupported = new int[]{102};
    }
}
