package IceSSL;

import Ice.Communicator;
import Ice.PluginInitializationException;
import Ice.Properties;
import IceInternal.Network;
import IceSSL.RFC2253;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/mas-api-3.1.jar:IceSSL/TrustManager.class */
public class TrustManager {
    private Communicator _communicator;
    private int _traceLevel;
    private List<List<RFC2253.RDNPair>> _all;
    private List<List<RFC2253.RDNPair>> _client;
    private List<List<RFC2253.RDNPair>> _allServer;
    private Map<String, List<List<RFC2253.RDNPair>>> _server = new HashMap();
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TrustManager(Communicator communicator) {
        if (!$assertionsDisabled && communicator == null) {
            throw new AssertionError();
        }
        this._communicator = communicator;
        Properties properties = communicator.getProperties();
        this._traceLevel = properties.getPropertyAsInt("IceSSL.Trace.Security");
        String str = null;
        try {
            this._all = parse(properties.getProperty("IceSSL.TrustOnly"));
            this._client = parse(properties.getProperty("IceSSL.TrustOnly.Client"));
            str = "IceSSL.TrustOnly.Server";
            this._allServer = parse(properties.getProperty(str));
            for (Map.Entry<String, String> entry : properties.getPropertiesForPrefix("IceSSL.TrustOnly.Server.").entrySet()) {
                str = entry.getKey();
                this._server.put(str.substring("IceSSL.TrustOnly.Server.".length()), parse(entry.getValue()));
            }
        } catch (RFC2253.ParseException e) {
            PluginInitializationException pluginInitializationException = new PluginInitializationException();
            pluginInitializationException.reason = "IceSSL: invalid property " + str + ":\n" + e.reason;
            throw pluginInitializationException;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean verify(ConnectionInfo connectionInfo) {
        List<List<RFC2253.RDNPair>> list;
        LinkedList<List<List<RFC2253.RDNPair>>> linkedList = new LinkedList();
        if (!this._all.isEmpty()) {
            linkedList.add(this._all);
        }
        if (connectionInfo.incoming) {
            if (!this._allServer.isEmpty()) {
                linkedList.add(this._allServer);
            }
            if (connectionInfo.adapterName.length() > 0 && (list = this._server.get(connectionInfo.adapterName)) != null) {
                linkedList.add(list);
            }
        } else if (!this._client.isEmpty()) {
            linkedList.add(this._client);
        }
        if (linkedList.isEmpty()) {
            return true;
        }
        if (connectionInfo.certs == null || connectionInfo.certs.length <= 0) {
            return false;
        }
        String name = ((X509Certificate) connectionInfo.certs[0]).getSubjectX500Principal().getName("RFC2253");
        if (!$assertionsDisabled && name == null) {
            throw new AssertionError();
        }
        try {
            if (this._traceLevel > 0) {
                if (connectionInfo.incoming) {
                    this._communicator.getLogger().trace("Security", "trust manager evaluating client:\nsubject = " + name + "\nadapter = " + connectionInfo.adapterName + "\nlocal addr = " + Network.addrToString(connectionInfo.localAddr) + "\nremote addr = " + Network.addrToString(connectionInfo.remoteAddr));
                } else {
                    this._communicator.getLogger().trace("Security", "trust manager evaluating server:\nsubject = " + name + "\nlocal addr = " + Network.addrToString(connectionInfo.localAddr) + "\nremote addr = " + Network.addrToString(connectionInfo.remoteAddr));
                }
            }
            List<RFC2253.RDNPair> parseStrict = RFC2253.parseStrict(name);
            for (List<List<RFC2253.RDNPair>> list2 : linkedList) {
                if (this._traceLevel > 1) {
                    String str = "trust manager matching PDNs:\n";
                    Iterator<List<RFC2253.RDNPair>> it = list2.iterator();
                    boolean z = false;
                    while (it.hasNext()) {
                        if (z) {
                            str = str + ';';
                        }
                        z = true;
                        boolean z2 = false;
                        for (RFC2253.RDNPair rDNPair : it.next()) {
                            if (z2) {
                                str = str + ',';
                            }
                            z2 = true;
                            str = ((str + rDNPair.key) + '=') + rDNPair.value;
                        }
                    }
                    this._communicator.getLogger().trace("Security", str);
                }
                if (match(list2, parseStrict)) {
                    return true;
                }
            }
            return false;
        } catch (RFC2253.ParseException e) {
            this._communicator.getLogger().warning("IceSSL: unable to parse certificate DN `" + name + "'\nreason: " + e.reason);
            return false;
        }
    }

    private boolean match(List<List<RFC2253.RDNPair>> list, List<RFC2253.RDNPair> list2) {
        Iterator<List<RFC2253.RDNPair>> it = list.iterator();
        while (it.hasNext()) {
            if (matchRDNs(it.next(), list2)) {
                return true;
            }
        }
        return false;
    }

    private boolean matchRDNs(List<RFC2253.RDNPair> list, List<RFC2253.RDNPair> list2) {
        for (RFC2253.RDNPair rDNPair : list) {
            boolean z = false;
            for (RFC2253.RDNPair rDNPair2 : list2) {
                if (rDNPair.key.equals(rDNPair2.key)) {
                    z = true;
                    if (!rDNPair.value.equals(rDNPair2.value)) {
                        return false;
                    }
                }
            }
            if (!z) {
                return false;
            }
        }
        return true;
    }

    List<List<RFC2253.RDNPair>> parse(String str) throws RFC2253.ParseException {
        List<List<RFC2253.RDNPair>> parse = RFC2253.parse(str);
        LinkedList linkedList = new LinkedList();
        for (List<RFC2253.RDNPair> list : parse) {
            String str2 = new String();
            boolean z = true;
            for (RFC2253.RDNPair rDNPair : list) {
                if (!z) {
                    str2 = str2 + ",";
                }
                z = false;
                str2 = ((str2 + rDNPair.key) + "=") + rDNPair.value;
            }
            linkedList.add(RFC2253.parseStrict(new X500Principal(str2).getName("RFC2253")));
        }
        return linkedList;
    }

    static {
        $assertionsDisabled = !TrustManager.class.desiredAssertionStatus();
    }
}
