public static void reset() {
rootStore = RootCertStore.getCertStore();
sslRootStore = SSLRootCertStore.getCertStore();
permanentStore = DeploySSLCertStore.getCertStore();
sessionStore = new SessionCertStore("x509Extended7");
deniedStore = new DeniedCertStore();
alwaysShow = Config.getBooleanProperty("deployment.security.https.warning.show");
mismatchShow = Config.getBooleanProperty("deployment.security.jsse.hostmismatch.warning");
if (Config.getBooleanProperty("deployment.security.browser.keystore.use")) {
Service localService = ServiceManager.getService();
browserSSLRootStore = localService.getBrowserSSLRootCertStore();
isBrowserSSLRootStoreLoaded = false;
}
}
public synchronized void checkClientTrusted(
X509Certificate[] paramArrayOfX509Certificate, String paramString, Socket paramSocket)
throws CertificateException {
SSLSocket localSSLSocket = (SSLSocket) paramSocket;
SSLSession localSSLSession = localSSLSocket.getHandshakeSession();
String str1 = localSSLSocket.getSSLParameters().getEndpointIdentificationAlgorithm();
String str2 = localSSLSession.getPeerHost();
if ((str1 != null) && (!isSupportedAlgorithm(str1))) return;
boolean bool = false;
int i = 0;
if (this.trustManager == null)
throw new IllegalStateException("TrustManager should not be null");
int j = -1;
try {
rootStore.load();
sslRootStore.load();
permanentStore.load();
sessionStore.load();
deniedStore.load();
if ((browserSSLRootStore != null) && (!isBrowserSSLRootStoreLoaded)) {
browserSSLRootStore.load();
isBrowserSSLRootStoreLoaded = true;
}
if (deniedStore.contains(paramArrayOfX509Certificate[0]))
throw new CertificateException("Certificate has been denied");
if (!alwaysShow)
try {
this.trustManager.checkClientTrusted(
paramArrayOfX509Certificate, paramString, localSSLSocket);
return;
} catch (CertificateException localCertificateException1) {
}
if (sessionStore.contains(paramArrayOfX509Certificate[0])) return;
if (permanentStore.contains(paramArrayOfX509Certificate[0])) return;
if ((paramArrayOfX509Certificate != null) && (paramArrayOfX509Certificate.length > 0)) {
k = paramArrayOfX509Certificate.length - 1;
if ((!rootStore.verify(paramArrayOfX509Certificate[k]))
&& (!sslRootStore.verify(paramArrayOfX509Certificate[k]))
&& ((browserSSLRootStore == null)
|| (!browserSSLRootStore.verify(paramArrayOfX509Certificate[k])))) bool = true;
}
for (int k = 0; k < paramArrayOfX509Certificate.length; k++)
try {
paramArrayOfX509Certificate[k].checkValidity();
} catch (CertificateExpiredException localCertificateExpiredException) {
i = -1;
} catch (CertificateNotYetValidException localCertificateNotYetValidException) {
i = 1;
}
if (!Trace.isAutomationEnabled()) {
k =
(alwaysShow)
|| (bool)
|| (i != 0)
|| ((mismatchShow)
&& (!CertUtils.checkWildcardDomainList(
str2, CertUtils.getServername(paramArrayOfX509Certificate[0]))))
? 1
: 0;
if (k != 0) {
Trace.msgSecurityPrintln("x509trustmgr.check.invalidcert");
URL localURL = null;
try {
localURL =
new URL("https", localSSLSession.getPeerHost(), localSSLSession.getPeerPort(), "");
} catch (Exception localException) {
}
j =
TrustDeciderDialog.showDialog(
paramArrayOfX509Certificate,
localURL,
0,
paramArrayOfX509Certificate.length,
bool,
i,
null,
new AppInfo(),
true,
str2);
} else {
j = 0;
}
} else {
Trace.msgSecurityPrintln("x509trustmgr.automation.ignoreclientcert");
j = 0;
}
if (j == 0) {
sessionStore.add(paramArrayOfX509Certificate[0]);
sessionStore.save();
} else if (j == 2) {
CertStore localCertStore = DeploySSLCertStore.getUserCertStore();
localCertStore.load(true);
if (localCertStore.add(paramArrayOfX509Certificate[0])) localCertStore.save();
} else {
deniedStore.add(paramArrayOfX509Certificate[0]);
deniedStore.save();
}
} catch (CertificateException localCertificateException2) {
throw localCertificateException2;
} catch (Throwable localThrowable) {
localThrowable.printStackTrace();
}
if ((j != 0) && (j != 2)) throw new CertificateException("Java couldn't trust Client");
}
