package weblogic.security.utils;

import java.net.InetAddress;
import javax.net.ssl.SSLSocket;
import weblogic.kernel.Kernel;
import weblogic.logging.Loggable;
import weblogic.security.SSL.CertPathTrustManager;
import weblogic.security.SSL.TrustManager;
import weblogic.security.SecurityLogger;

/* loaded from: input_file:weblogic/security/utils/SSLTrustValidator.class */
public class SSLTrustValidator implements SSLTruster {
    private boolean peerCertsRequired = false;
    private boolean overrideAllowed = true;
    private TrustManager trustManager = null;
    private byte[][] rootCAFingerPrints = (byte[][]) null;
    private String proxyHostName = null;
    private String urlHostName = null;

    public SSLTrustValidator() {
        if (Kernel.isServer()) {
            setTrustManager(new CertPathTrustManager());
        }
    }

    public void setTrustManager(TrustManager trustManager) {
        this.trustManager = trustManager;
    }

    public void setRootCAFingerPrints(byte[][] bArr) {
        this.rootCAFingerPrints = bArr;
    }

    public void setPeerCertsRequired(boolean z) {
        this.peerCertsRequired = z;
    }

    public boolean isPeerCertsRequired() {
        return this.peerCertsRequired;
    }

    public void setAllowOverride(boolean z) {
        this.overrideAllowed = z;
    }

    public void setProxyMapping(String str, String str2) {
        this.urlHostName = str2;
        this.proxyHostName = str;
    }

    /* JADX WARN: Code restructure failed: missing block: B:26:0x009a, code lost:
    
        r10 = r10 & (-21);
     */
    /* JADX WARN: Code restructure failed: missing block: B:27:0x00a3, code lost:
    
        if (r0 == false) goto L27;
     */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x00a6, code lost:
    
        weblogic.security.utils.SSLSetup.info("Untrusted cert now trusted by legacy check");
     */
    @Override // weblogic.security.utils.SSLTruster
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public int validationCallback(java.security.cert.X509Certificate[] r5, int r6, javax.net.ssl.SSLSocket r7, java.security.cert.X509Certificate[] r8) {
        /*
            Method dump skipped, instructions count: 407
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: weblogic.security.utils.SSLTrustValidator.validationCallback(java.security.cert.X509Certificate[], int, javax.net.ssl.SSLSocket, java.security.cert.X509Certificate[]):int");
    }

    private String getTrustManagerClassName() {
        if (this.trustManager != null) {
            return this.trustManager.getClass().getName();
        }
        return null;
    }

    private String getPeerName(SSLSocket sSLSocket) {
        InetAddress inetAddress;
        String peerName = SSLSetup.getPeerName(sSLSocket);
        if (this.proxyHostName != null && this.urlHostName != null && (inetAddress = sSLSocket.getInetAddress()) != null && (this.proxyHostName.equals(inetAddress.getHostName()) || this.proxyHostName.equals(inetAddress.getHostAddress()))) {
            peerName = peerName + " --> " + this.urlHostName;
        }
        return peerName;
    }

    private void logValidationError(int i, SSLSocket sSLSocket) {
        if (SSLSetup.logSSLRejections()) {
            String peerName = getPeerName(sSLSocket);
            Loggable[] loggableArr = new Loggable[5];
            int i2 = 0;
            if ((i & 1) != 0) {
                i2 = 0 + 1;
                loggableArr[0] = SecurityLogger.logHandshakeCertInvalidErrorLoggable(peerName);
            }
            if ((i & 2) != 0) {
                int i3 = i2;
                i2++;
                loggableArr[i3] = SecurityLogger.logHandshakeCertExpiredErrorLoggable(peerName);
            }
            if ((i & 4) != 0) {
                int i4 = i2;
                i2++;
                loggableArr[i4] = SSLSetup.isFatClient() ? SecurityLogger.logFatClientHandshakeCertIncompleteErrorLoggable(peerName) : SecurityLogger.logHandshakeCertIncompleteErrorLoggable(peerName);
            }
            if ((i & 16) != 0) {
                int i5 = i2;
                i2++;
                loggableArr[i5] = SSLSetup.isFatClient() ? SecurityLogger.logFatClientHandshakeCertUntrustedErrorLoggable(peerName) : SecurityLogger.logHandshakeCertUntrustedErrorLoggable(peerName);
            }
            if ((i & 32) != 0) {
                int i6 = i2;
                i2++;
                loggableArr[i6] = SSLSetup.isFatClient() ? SecurityLogger.logFatClientHandshakeCertValidationErrorLoggable(peerName, getTrustManagerClassName()) : SecurityLogger.logHandshakeCertValidationErrorLoggable(peerName, getTrustManagerClassName());
            }
            if (i2 > 0) {
                StringBuffer stringBuffer = sSLSocket != null ? new StringBuffer() : null;
                for (int i7 = 0; i7 < i2; i7++) {
                    loggableArr[i7].log();
                    if (sSLSocket != null) {
                        if (i7 > 0) {
                            stringBuffer.append(", ");
                        }
                        stringBuffer.append(loggableArr[i7].getMessage());
                    }
                }
                if (sSLSocket != null) {
                    SSLSetup.setFailureDetails(sSLSocket.getSession(), stringBuffer.toString());
                }
            }
        }
        if (SSLSetup.isDebugEnabled()) {
            SSLSetup.info("Validation error = " + i);
            if ((i & 1) != 0) {
                SSLSetup.info("Certificate chain is invalid");
            }
            if ((i & 2) != 0) {
                SSLSetup.info("Expired certificate");
            }
            if ((i & 4) != 0) {
                SSLSetup.info("Certificate chain is incomplete");
            }
            if ((i & 16) != 0) {
                SSLSetup.info("Certificate chain is untrusted");
            }
            if ((i & 32) != 0) {
                SSLSetup.info("Certificate chain was not validated by the custom trust manager even though built-in SSL validated it.");
            }
        }
    }
}
