package IceSSL;

import Ice.Communicator;
import Ice.PluginInitializationException;
import Ice.Properties;
import IceSSL.RFC2253;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.security.auth.x500.X500Principal;

/* compiled from: Proguard */
/* loaded from: classes.dex */
class TrustManager {
    static final /* synthetic */ boolean $assertionsDisabled;
    private Communicator _communicator;
    private int _traceLevel;
    private List<List<RFC2253.RDNPair>> _rejectAll = new LinkedList();
    private List<List<RFC2253.RDNPair>> _rejectClient = new LinkedList();
    private List<List<RFC2253.RDNPair>> _rejectAllServer = new LinkedList();
    private Map<String, List<List<RFC2253.RDNPair>>> _rejectServer = new HashMap();
    private List<List<RFC2253.RDNPair>> _acceptAll = new LinkedList();
    private List<List<RFC2253.RDNPair>> _acceptClient = new LinkedList();
    private List<List<RFC2253.RDNPair>> _acceptAllServer = new LinkedList();
    private Map<String, List<List<RFC2253.RDNPair>>> _acceptServer = new HashMap();

    static {
        $assertionsDisabled = !TrustManager.class.desiredAssertionStatus();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TrustManager(Communicator communicator) {
        if (!$assertionsDisabled && communicator == null) {
            throw new AssertionError();
        }
        this._communicator = communicator;
        Properties properties = communicator.getProperties();
        this._traceLevel = properties.getPropertyAsInt("IceSSL.Trace.Security");
        String str = null;
        try {
            parse(properties.getProperty("IceSSL.TrustOnly"), this._rejectAll, this._acceptAll);
            parse(properties.getProperty("IceSSL.TrustOnly.Client"), this._rejectClient, this._acceptClient);
            str = "IceSSL.TrustOnly.Server";
            parse(properties.getProperty("IceSSL.TrustOnly.Server"), this._rejectAllServer, this._acceptAllServer);
            String str2 = "IceSSL.TrustOnly.Server.";
            Iterator<Map.Entry<String, String>> it = properties.getPropertiesForPrefix("IceSSL.TrustOnly.Server.").entrySet().iterator();
            while (true) {
                try {
                    str2 = str;
                    if (!it.hasNext()) {
                        return;
                    }
                    Map.Entry<String, String> next = it.next();
                    str = next.getKey();
                    str2 = str.substring("IceSSL.TrustOnly.Server.".length());
                    LinkedList linkedList = new LinkedList();
                    LinkedList linkedList2 = new LinkedList();
                    parse(next.getValue(), linkedList, linkedList2);
                    if (!linkedList.isEmpty()) {
                        this._rejectServer.put(str2, linkedList);
                    }
                    if (!linkedList2.isEmpty()) {
                        this._acceptServer.put(str2, linkedList2);
                    }
                } catch (RFC2253.ParseException e) {
                    e = e;
                    str = str2;
                    PluginInitializationException pluginInitializationException = new PluginInitializationException();
                    pluginInitializationException.reason = "IceSSL: invalid property " + str + ":\n" + e.reason;
                    throw pluginInitializationException;
                }
            }
        } catch (RFC2253.ParseException e2) {
            e = e2;
        }
    }

    private boolean match(List<List<RFC2253.RDNPair>> list, List<RFC2253.RDNPair> list2) {
        Iterator<List<RFC2253.RDNPair>> it = list.iterator();
        while (it.hasNext()) {
            if (matchRDNs(it.next(), list2)) {
                return true;
            }
        }
        return false;
    }

    private boolean matchRDNs(List<RFC2253.RDNPair> list, List<RFC2253.RDNPair> list2) {
        boolean z;
        for (RFC2253.RDNPair rDNPair : list) {
            boolean z2 = false;
            for (RFC2253.RDNPair rDNPair2 : list2) {
                if (!rDNPair.key.equals(rDNPair2.key)) {
                    z = z2;
                } else {
                    if (!rDNPair.value.equals(rDNPair2.value)) {
                        return false;
                    }
                    z = true;
                }
                z2 = z;
            }
            if (!z2) {
                return false;
            }
        }
        return true;
    }

    private static void stringify(List<List<RFC2253.RDNPair>> list, StringBuilder sb) {
        boolean z = false;
        for (List<RFC2253.RDNPair> list2 : list) {
            if (z) {
                sb.append(';');
            }
            boolean z2 = false;
            for (RFC2253.RDNPair rDNPair : list2) {
                if (z2) {
                    sb.append(',');
                }
                sb.append(rDNPair.key);
                sb.append('=');
                sb.append(rDNPair.value);
                z2 = true;
            }
            z = true;
        }
    }

    void parse(String str, List<List<RFC2253.RDNPair>> list, List<List<RFC2253.RDNPair>> list2) {
        for (RFC2253.RDNEntry rDNEntry : RFC2253.parse(str)) {
            StringBuilder sb = new StringBuilder();
            boolean z = true;
            for (RFC2253.RDNPair rDNPair : rDNEntry.rdn) {
                if (!z) {
                    sb.append(",");
                }
                z = false;
                sb.append(rDNPair.key);
                sb.append("=");
                sb.append(rDNPair.value);
            }
            String name = new X500Principal(sb.toString()).getName("RFC2253");
            if (rDNEntry.negate) {
                list.add(RFC2253.parseStrict(name));
            } else {
                list2.add(RFC2253.parseStrict(name));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean verify(NativeConnectionInfo nativeConnectionInfo) {
        List<List<RFC2253.RDNPair>> list;
        List<List<RFC2253.RDNPair>> list2;
        LinkedList<List<List<RFC2253.RDNPair>>> linkedList = new LinkedList();
        LinkedList<List<List<RFC2253.RDNPair>>> linkedList2 = new LinkedList();
        if (!this._rejectAll.isEmpty()) {
            linkedList.add(this._rejectAll);
        }
        if (nativeConnectionInfo.incoming) {
            if (!this._rejectAllServer.isEmpty()) {
                linkedList.add(this._rejectAllServer);
            }
            if (nativeConnectionInfo.adapterName.length() > 0 && (list2 = this._rejectServer.get(nativeConnectionInfo.adapterName)) != null) {
                linkedList.add(list2);
            }
        } else if (!this._rejectClient.isEmpty()) {
            linkedList.add(this._rejectClient);
        }
        if (!this._acceptAll.isEmpty()) {
            linkedList2.add(this._acceptAll);
        }
        if (nativeConnectionInfo.incoming) {
            if (!this._acceptAllServer.isEmpty()) {
                linkedList2.add(this._acceptAllServer);
            }
            if (nativeConnectionInfo.adapterName.length() > 0 && (list = this._acceptServer.get(nativeConnectionInfo.adapterName)) != null) {
                linkedList2.add(list);
            }
        } else if (!this._acceptClient.isEmpty()) {
            linkedList2.add(this._acceptClient);
        }
        if (linkedList.isEmpty() && linkedList2.isEmpty()) {
            return true;
        }
        if (nativeConnectionInfo.nativeCerts == null || nativeConnectionInfo.nativeCerts.length <= 0) {
            return false;
        }
        String name = ((X509Certificate) nativeConnectionInfo.nativeCerts[0]).getSubjectX500Principal().getName("RFC2253");
        if (!$assertionsDisabled && name == null) {
            throw new AssertionError();
        }
        try {
            if (this._traceLevel > 0) {
                if (nativeConnectionInfo.incoming) {
                    this._communicator.getLogger().trace("Security", "trust manager evaluating client:\nsubject = " + name + "\nadapter = " + nativeConnectionInfo.adapterName + "\nlocal addr = " + nativeConnectionInfo.localAddress + ":" + nativeConnectionInfo.localPort + "\nremote addr = " + nativeConnectionInfo.remoteAddress + ":" + nativeConnectionInfo.remotePort);
                } else {
                    this._communicator.getLogger().trace("Security", "trust manager evaluating server:\nsubject = " + name + "\nlocal addr = " + nativeConnectionInfo.localAddress + ":" + nativeConnectionInfo.localPort + "\nremote addr = " + nativeConnectionInfo.remoteAddress + ":" + nativeConnectionInfo.remotePort);
                }
            }
            List<RFC2253.RDNPair> parseStrict = RFC2253.parseStrict(name);
            for (List<List<RFC2253.RDNPair>> list3 : linkedList) {
                if (this._traceLevel > 1) {
                    StringBuilder sb = new StringBuilder("trust manager rejecting PDNs:\n");
                    stringify(list3, sb);
                    this._communicator.getLogger().trace("Security", sb.toString());
                }
                if (match(list3, parseStrict)) {
                    return false;
                }
            }
            for (List<List<RFC2253.RDNPair>> list4 : linkedList2) {
                if (this._traceLevel > 1) {
                    StringBuilder sb2 = new StringBuilder("trust manager accepting PDNs:\n");
                    stringify(list4, sb2);
                    this._communicator.getLogger().trace("Security", sb2.toString());
                }
                if (match(list4, parseStrict)) {
                    return true;
                }
            }
        } catch (RFC2253.ParseException e) {
            this._communicator.getLogger().warning("IceSSL: unable to parse certificate DN `" + name + "'\nreason: " + e.reason);
        }
        return linkedList2.isEmpty();
    }
}
