package ice.ssl;

import ice.cert.CertificateExpiredException;
import ice.cert.CertificateNotYetValidException;
import ice.cert.X500Name;
import ice.cert.X509Certificate;
import ice.debug.Debug;
import java.net.InetAddress;
import java.security.PrivateKey;
import java.util.Enumeration;
import java.util.Vector;

/* JADX WARN: Classes with same name are omitted:
  input_file:ice/ssl/CertificateManager.class
 */
/* compiled from: OEAB */
/* loaded from: input_file:Disk1/InstData/Resource1.zip:uninstallerCustomCode.jar:ice/ssl/CertificateManager.class */
public class CertificateManager implements CertificateCallback {
    public static CertificateManager theInstance = null;
    static final int CERT_REJECT = 0;
    static final int CERT_SESSIONACCEPT = 1;
    static final int CERT_ALWAYSACCEPT = 2;
    private ServerCertificateList OEAB = new ServerCertificateList();
    private ServerCertificateList Z = new ServerCertificateList();
    private ClientCertificateList addElement = new ClientCertificateList();
    private ClientCertificateList checkValidity = new ClientCertificateList();

    public static void setCertificateManager(CertificateManager certificateManager) {
        theInstance = certificateManager;
    }

    public static CertificateManager getCertificateManager() {
        return theInstance;
    }

    public CertificateErrorInfo[] getErrorInfo(X509Certificate[] x509CertificateArr, SSLSocket sSLSocket) {
        X509Certificate x509Certificate;
        boolean z = true;
        Vector vector = new Vector();
        try {
            x509CertificateArr[0].checkValidity();
        } catch (CertificateExpiredException e) {
            vector.addElement(new CertificateErrorInfo(4, "Certificate is expired\n", null, null));
            z = false;
        } catch (CertificateNotYetValidException e2) {
            vector.addElement(new CertificateErrorInfo(5, "Certificate is not yet valid\n", null, null));
            z = false;
        }
        String targetHostName = sSLSocket.getTargetHostName();
        InetAddress inetAddress = null;
        try {
            inetAddress = InetAddress.getByName(targetHostName);
            targetHostName = inetAddress.getHostName();
        } catch (Exception e3) {
        }
        String lowerCase = ((X500Name) x509CertificateArr[0].getSubjectDN()).getElement("CN").toLowerCase();
        String lowerCase2 = targetHostName.toLowerCase();
        if (!lowerCase.startsWith("*.")) {
            InetAddress[] inetAddressArr = new InetAddress[0];
            try {
                inetAddressArr = InetAddress.getAllByName(lowerCase);
                lowerCase = InetAddress.getByName(lowerCase).getHostName().toLowerCase();
            } catch (Exception e4) {
            }
            boolean z2 = false;
            int i = 0;
            while (true) {
                if (i >= inetAddressArr.length) {
                    break;
                }
                if (inetAddressArr[i].equals(inetAddress)) {
                    z2 = true;
                    break;
                }
                i++;
            }
            if (lowerCase.equals(lowerCase2)) {
                z2 = true;
            }
            if (!z2) {
                vector.addElement(new CertificateErrorInfo(3, "Certificate is not issued for this host\n", null, null));
                z = false;
            }
        } else if (!lowerCase2.endsWith(lowerCase.substring(2))) {
            vector.addElement(new CertificateErrorInfo(3, "Certificate is not issued for this host\n", null, null));
            z = false;
        }
        for (int i2 = 1; i2 < x509CertificateArr.length - 1; i2++) {
            if (!x509CertificateArr[i2 - 1].getIssuerDN().equals(x509CertificateArr[i2].getSubjectDN())) {
                vector.addElement(new CertificateErrorInfo(1, "Issuer and subject dont match in chain \n", null, null));
            }
            try {
                x509CertificateArr[i2 - 1].verify(x509CertificateArr[i2].getPublicKey());
            } catch (Exception e5) {
                vector.addElement(new CertificateErrorInfo(1, "Signature chain is incorrect\n", null, null));
            }
            if (x509CertificateArr[i2].getBasicConstraints() < i2) {
                vector.addElement(new CertificateErrorInfo(1, "Basic constraints are violated\n", null, null));
            }
        }
        Enumeration list = this.OEAB.getList();
        while (true) {
            x509Certificate = null;
            if (!list.hasMoreElements()) {
                break;
            }
            x509Certificate = (X509Certificate) list.nextElement();
            if (x509Certificate.getSubjectDN().equals(x509CertificateArr[x509CertificateArr.length - 1].getIssuerDN())) {
                try {
                    x509CertificateArr[x509CertificateArr.length - 1].verify(x509Certificate.getPublicKey());
                    break;
                } catch (Exception e6) {
                    if (Debug.ex) {
                        Debug.ex(e6);
                    }
                }
            }
        }
        if (x509Certificate == null) {
            z = false;
            vector.addElement(new CertificateErrorInfo(1, "Certificate is not trusted \n", null, null));
        }
        CertificateErrorInfo[] certificateErrorInfoArr = new CertificateErrorInfo[vector.size()];
        if (z) {
            return null;
        }
        Enumeration elements = vector.elements();
        for (int i3 = 0; i3 < vector.size(); i3++) {
            certificateErrorInfoArr[i3] = (CertificateErrorInfo) elements.nextElement();
        }
        return certificateErrorInfoArr;
    }

    private boolean OEAB(X509Certificate[] x509CertificateArr) {
        Enumeration list = this.Z.getList();
        X509Certificate x509Certificate = x509CertificateArr[0];
        while (list.hasMoreElements()) {
            if (x509Certificate.getSubject().equals(((X509Certificate) list.nextElement()).getSubject())) {
                return true;
            }
        }
        return false;
    }

    @Override // ice.ssl.CertificateCallback
    public boolean acceptCertificate(X509Certificate[] x509CertificateArr, SSLSocket sSLSocket) {
        return getErrorInfo(x509CertificateArr, sSLSocket) == null || OEAB(x509CertificateArr);
    }

    @Override // ice.ssl.CertificateCallback
    public X509Certificate[] selectName(X500Name[] x500NameArr) {
        X509Certificate[] Z = Z(x500NameArr, this.checkValidity);
        if (Z.length <= 0) {
            return null;
        }
        return Z;
    }

    @Override // ice.ssl.CertificateCallback
    public PrivateKey supplyPrivateKey(X509Certificate x509Certificate) {
        return this.checkValidity.getPrivateKey(x509Certificate);
    }

    public void setCAList(ServerCertificateList serverCertificateList) {
        this.OEAB = serverCertificateList;
    }

    public ServerCertificateList getCAList() {
        return this.OEAB;
    }

    public void setTrustedSites(ServerCertificateList serverCertificateList) {
        this.Z = serverCertificateList;
    }

    public ServerCertificateList getTrustedSites() {
        return this.Z;
    }

    public void setClientCertificates(ClientCertificateList clientCertificateList) {
        this.addElement = clientCertificateList;
    }

    public ClientCertificateList getClientCertificates() {
        return this.addElement;
    }

    public void setSignList(ClientCertificateList clientCertificateList) {
        this.checkValidity = clientCertificateList;
    }

    public ClientCertificateList getSignList() {
        return this.checkValidity;
    }

    private X509Certificate[] Z(X500Name[] x500NameArr, ClientCertificateList clientCertificateList) {
        clientCertificateList.getList();
        Vector vector = new Vector();
        for (X500Name x500Name : x500NameArr) {
            Enumeration list = clientCertificateList.getList();
            while (list.hasMoreElements()) {
                X509Certificate x509Certificate = (X509Certificate) list.nextElement();
                if (x509Certificate != null && x500Name.equals(x509Certificate.getIssuerDN())) {
                    vector.addElement(x509Certificate);
                }
            }
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[vector.size()];
        for (int i = 0; i < vector.size(); i++) {
            x509CertificateArr[i] = (X509Certificate) vector.elementAt(i);
        }
        return x509CertificateArr;
    }

    public X509Certificate[] matchIssuers(X500Name[] x500NameArr) {
        if (this.addElement != null) {
            return Z(x500NameArr, this.addElement);
        }
        return null;
    }
}
