package com.sun.deploy.security;

import com.sun.deploy.cache.DeployCacheJarAccess;
import com.sun.deploy.cache.DeployCacheJarAccessImpl;
import com.sun.deploy.config.Config;
import com.sun.deploy.resources.ResourceManager;
import com.sun.deploy.security.DeployURLClassPathCallback;
import com.sun.deploy.ui.UIFactory;
import com.sun.deploy.util.Trace;
import com.sun.deploy.util.TraceLevel;
import java.io.IOException;
import java.net.URL;
import java.security.CodeSource;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.jar.Attributes;
import java.util.jar.JarFile;
import java.util.jar.Manifest;

/* loaded from: input_file:com/sun/deploy/security/CPCallbackHandler.class */
public class CPCallbackHandler {
    static CodeSource untrustedCS = new CodeSource((URL) null, (Certificate[]) null);
    private static DeployCacheJarAccess jarAccess = DeployCacheJarAccessImpl.getJarAccess();
    private CPCallbackClassLoaderIf parent;
    private CPCallbackClassLoaderIf child;
    private List childURLs = Collections.synchronizedList(new ArrayList());
    private HashMap assertJars = new HashMap();
    private Map resource2trust = new HashMap();
    private Map package2trust = new HashMap();
    private Map defaultCS = new HashMap();
    private Set trustedCS = new HashSet();
    private DeployURLClassPathCallback pcb = new ParentCallback(this, null);
    private DeployURLClassPathCallback ccb = new ChildCallback(this, null);

    /* renamed from: com.sun.deploy.security.CPCallbackHandler$1, reason: invalid class name */
    /* loaded from: input_file:com/sun/deploy/security/CPCallbackHandler$1.class */
    static class AnonymousClass1 {
    }

    /* loaded from: input_file:com/sun/deploy/security/CPCallbackHandler$ChildCallback.class */
    private class ChildCallback extends DeployURLClassPathCallback {
        private final CPCallbackHandler this$0;

        private ChildCallback(CPCallbackHandler cPCallbackHandler) {
            this.this$0 = cPCallbackHandler;
        }

        @Override // com.sun.deploy.security.DeployURLClassPathCallback
        public DeployURLClassPathCallback.Element openClassPathElement(JarFile jarFile, URL url) throws IOException {
            ChildElement childElement = new ChildElement(this.this$0, jarFile, url);
            if (!this.this$0.childURLs.contains(url)) {
                childElement.skip(true);
                return childElement;
            }
            if (jarFile != null) {
                CPCallbackHandler.jarAccess.setEagerValidation(jarFile, true);
            }
            return childElement;
        }

        @Override // com.sun.deploy.security.DeployURLClassPathCallback
        public DeployURLClassPathCallback.Element openClassPathElement(URL url) throws IOException {
            return openClassPathElement(null, url);
        }

        ChildCallback(CPCallbackHandler cPCallbackHandler, AnonymousClass1 anonymousClass1) {
            this(cPCallbackHandler);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sun/deploy/security/CPCallbackHandler$ChildElement.class */
    public class ChildElement extends DeployURLClassPathCallback.Element {
        boolean skip;
        Boolean trusted;
        CodeSource cs;
        private final CPCallbackHandler this$0;

        ChildElement(CPCallbackHandler cPCallbackHandler, JarFile jarFile, URL url) {
            super(jarFile, url);
            this.this$0 = cPCallbackHandler;
            if (jarFile != null) {
                CodeSource[] codeSources = CPCallbackHandler.jarAccess.getCodeSources(jarFile, url);
                this.cs = codeSources != null ? codeSources[0] : null;
            } else {
                this.cs = cPCallbackHandler.getDefaultCodeSource(url);
            }
            this.trusted = cPCallbackHandler.isTrusted(this.cs);
        }

        @Override // com.sun.deploy.security.DeployURLClassPathCallback.Element
        public void checkResource(String str) {
            CodeSource codeSource;
            Boolean bool;
            Boolean bool2;
            String str2 = null;
            if (str == null || str.endsWith("/")) {
                return;
            }
            if (this.jar != null) {
                codeSource = CPCallbackHandler.jarAccess.getCodeSource(this.jar, this.url, str);
                bool = codeSource == this.cs ? this.trusted : this.this$0.isTrusted(codeSource);
                bool2 = (!bool.booleanValue() && this.trusted.booleanValue() && str.startsWith("META-INF/")) ? Boolean.TRUE : bool;
            } else {
                codeSource = this.cs;
                bool = this.trusted;
                bool2 = bool;
            }
            ((ParentCallback) this.this$0.pcb).check(this.url, bool2.booleanValue());
            if (str.endsWith(".class")) {
                String replace = str.replace('/', '.');
                str2 = this.this$0.getPackage(replace.substring(0, replace.length() - 6));
            }
            if (str2 != null) {
                if (this.this$0.checkPackage(str2, codeSource, bool)) {
                } else {
                    throw new SecurityException(new StringBuffer().append("class \"").append(str.replace('/', '.').substring(0, str.length() - 6)).append("\" does not match trust level of other classes in the same package").toString());
                }
            } else if (!this.this$0.checkResource(str, codeSource, bool)) {
                throw new SecurityException(new StringBuffer().append("resource \"").append(str).append("\" does not match trust level of other resources of the same name").toString());
            }
        }

        void skip(boolean z) {
            this.skip = z;
        }

        @Override // com.sun.deploy.security.DeployURLClassPathCallback.Element
        public boolean skip() {
            return this.skip;
        }
    }

    /* loaded from: input_file:com/sun/deploy/security/CPCallbackHandler$ParentCallback.class */
    private class ParentCallback extends DeployURLClassPathCallback {
        private boolean trustedChild;
        private boolean untrustedChild;
        private boolean trustedOnly;
        private boolean allowMixedTrust;
        private boolean checkMixedTrust;
        private final CPCallbackHandler this$0;

        private ParentCallback(CPCallbackHandler cPCallbackHandler) {
            this.this$0 = cPCallbackHandler;
            if (Config.getMixcodeValue() == 0) {
                this.checkMixedTrust = true;
            }
            if (this.checkMixedTrust || Config.getMixcodeValue() != 1) {
                return;
            }
            this.allowMixedTrust = true;
        }

        @Override // com.sun.deploy.security.DeployURLClassPathCallback
        public synchronized DeployURLClassPathCallback.Element openClassPathElement(JarFile jarFile, URL url) throws IOException {
            CPCallbackHandler.jarAccess.setEagerValidation(jarFile, true);
            return strategy(jarFile, url, CPCallbackHandler.jarAccess.getCodeSources(jarFile, url));
        }

        @Override // com.sun.deploy.security.DeployURLClassPathCallback
        public synchronized DeployURLClassPathCallback.Element openClassPathElement(URL url) throws IOException {
            return strategy(null, url, new CodeSource[]{new CodeSource(url, (Certificate[]) null)});
        }

        private DeployURLClassPathCallback.Element strategy(JarFile jarFile, URL url, CodeSource[] codeSourceArr) {
            String assertTrust;
            boolean z = false;
            boolean z2 = false;
            boolean z3 = this.trustedOnly;
            boolean z4 = this.trustedChild;
            boolean z5 = this.untrustedChild;
            boolean z6 = false;
            boolean z7 = false;
            ParentElement parentElement = new ParentElement(this.this$0, jarFile, url);
            if (jarFile != null) {
                z6 = this.this$0.hasTrustedLibraryAssertion(jarFile);
                z7 = this.this$0.hasTrustedOnlyAssertion(jarFile);
            }
            if (z7) {
                Trace.println(new StringBuffer().append(url).append(" is asserting Trusted-Only").toString(), TraceLevel.SECURITY);
                if (this.untrustedChild) {
                    parentElement.setPendingException(new StringBuffer().append("attempted to open Trusted-Only jar ").append(url).append(" on sandboxed loader").toString());
                    return parentElement;
                }
            }
            CodeSource[] trustedCodeSources = this.this$0.parent.getTrustedCodeSources(codeSourceArr);
            if (trustedCodeSources != null && trustedCodeSources.length > 0) {
                z = true;
                if (trustedCodeSources.length == codeSourceArr.length) {
                    z2 = true;
                } else {
                    boolean z8 = false;
                    for (int length = codeSourceArr.length - 1; length >= 0; length--) {
                        if (codeSourceArr[length].getCertificates() == null) {
                            Enumeration entryNames = CPCallbackHandler.jarAccess.entryNames(jarFile, new CodeSource[]{codeSourceArr[length]});
                            while (true) {
                                if (!entryNames.hasMoreElements()) {
                                    break;
                                }
                                if (!((String) entryNames.nextElement()).startsWith("META-INF/")) {
                                    z8 = true;
                                    break;
                                }
                            }
                            if (z8) {
                                break;
                            }
                        }
                    }
                    z2 = !z8;
                }
                this.this$0.mergeTrustedSources(trustedCodeSources);
            }
            if (z2) {
                if (z6) {
                    if (this.untrustedChild) {
                        parentElement.setPendingException(this.this$0.assertTrust(jarFile, trustedCodeSources));
                        return parentElement;
                    }
                    this.this$0.assertJars.put(jarFile, trustedCodeSources);
                    return parentElement;
                }
                if (z7 && !this.trustedOnly) {
                    Trace.println(new StringBuffer().append(url).append(" is newly asserting Trusted-Only").toString(), TraceLevel.SECURITY);
                    z3 = true;
                }
            } else {
                if (z7) {
                    parentElement.setPendingException(new StringBuffer().append("attempted to open sandboxed jar ").append(url).append(" as Trusted-Only").toString());
                    return parentElement;
                }
                if (z6) {
                    parentElement.setPendingException(new StringBuffer().append("attempted to open sandboxed jar ").append(url).append(" as a Trusted-Library").toString());
                    return parentElement;
                }
            }
            if (z && jarFile != null) {
                z4 = true;
            }
            if (z4 && z5) {
                String checkAllowed = checkAllowed(url, z4 && this.trustedChild);
                if (checkAllowed != null) {
                    parentElement.setPendingException(checkAllowed);
                    return parentElement;
                }
            }
            if (z5) {
                if (!this.this$0.assertJars.isEmpty()) {
                    for (Map.Entry entry : this.this$0.assertJars.entrySet()) {
                        this.this$0.assertTrust((JarFile) entry.getKey(), (CodeSource[]) entry.getValue());
                    }
                    this.this$0.assertJars.clear();
                }
                if (jarFile != null && z && (assertTrust = this.this$0.assertTrust(jarFile, trustedCodeSources)) != null) {
                    parentElement.setPendingException(assertTrust);
                    return parentElement;
                }
            } else if (jarFile != null && z) {
                this.this$0.assertJars.put(jarFile, trustedCodeSources);
            }
            this.this$0.childURLs.add(url);
            this.trustedOnly = z3;
            this.trustedChild = z4;
            this.untrustedChild = z5;
            parentElement.defer(true);
            return parentElement;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized void check(URL url, boolean z) {
            boolean z2 = this.trustedChild;
            boolean z3 = this.untrustedChild;
            if (!z && this.trustedOnly) {
                throw new SecurityException(new StringBuffer().append("Trusted-Only loader attempted to load sandboxed resource from ").append(url).toString());
            }
            if (z) {
                z2 = true;
            } else {
                z3 = true;
            }
            if (z2 && z3) {
                String checkAllowed = checkAllowed(url, z2 && this.trustedChild);
                if (checkAllowed != null) {
                    throw new SecurityException(checkAllowed);
                }
            }
            if (z3 && !this.this$0.assertJars.isEmpty()) {
                for (Map.Entry entry : this.this$0.assertJars.entrySet()) {
                    this.this$0.assertTrust((JarFile) entry.getKey(), (CodeSource[]) entry.getValue());
                }
                this.this$0.assertJars.clear();
            }
            this.trustedChild = z2;
            this.untrustedChild = z3;
        }

        private String checkAllowed(URL url, boolean z) {
            if (this.checkMixedTrust) {
                if (CPCallbackHandler.access$1000() == 1) {
                    this.allowMixedTrust = true;
                }
                this.checkMixedTrust = false;
            }
            if (this.allowMixedTrust) {
                return null;
            }
            return z ? new StringBuffer().append("trusted loader attempted to load sandboxed resource from ").append(url).toString() : new StringBuffer().append("sandboxed loader attempted to load trusted resource from ").append(url).toString();
        }

        ParentCallback(CPCallbackHandler cPCallbackHandler, AnonymousClass1 anonymousClass1) {
            this(cPCallbackHandler);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sun/deploy/security/CPCallbackHandler$ParentElement.class */
    public class ParentElement extends DeployURLClassPathCallback.Element {
        String pendingException;
        boolean defer;
        private final CPCallbackHandler this$0;

        ParentElement(CPCallbackHandler cPCallbackHandler, JarFile jarFile, URL url) {
            super(jarFile, url);
            this.this$0 = cPCallbackHandler;
        }

        @Override // com.sun.deploy.security.DeployURLClassPathCallback.Element
        public void checkResource(String str) {
            if (this.pendingException != null) {
                throw new SecurityException(this.pendingException);
            }
            if (this.jar == null) {
                throw new SecurityException(new StringBuffer().append("invalid class path element ").append(this.url).append(" on Trusted-Library loader").toString());
            }
        }

        void setPendingException(String str) {
            this.pendingException = str;
        }

        void defer(boolean z) {
            this.defer = z;
        }

        @Override // com.sun.deploy.security.DeployURLClassPathCallback.Element
        public boolean defer() {
            return this.defer;
        }

        public String toString() {
            return new StringBuffer().append("defer: ").append(this.defer).append(", pending: ").append(this.pendingException).toString();
        }
    }

    public CPCallbackHandler(CPCallbackClassLoaderIf cPCallbackClassLoaderIf, CPCallbackClassLoaderIf cPCallbackClassLoaderIf2) {
        this.parent = cPCallbackClassLoaderIf;
        this.child = cPCallbackClassLoaderIf2;
    }

    public DeployURLClassPathCallback getParentCallback() {
        return this.pcb;
    }

    public DeployURLClassPathCallback getChildCallback() {
        return this.ccb;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean hasTrustedLibraryAssertion(JarFile jarFile) {
        Attributes mainAttributes;
        try {
            Manifest manifest = jarFile.getManifest();
            if (manifest == null || (mainAttributes = manifest.getMainAttributes()) == null) {
                return false;
            }
            boolean booleanValue = Boolean.valueOf(mainAttributes.getValue(new Attributes.Name("Trusted-Library"))).booleanValue();
            boolean booleanValue2 = Boolean.valueOf(mainAttributes.getValue(new Attributes.Name("X-Trusted-Library"))).booleanValue();
            if (booleanValue2) {
                Trace.println("old X-Trusted-Library assertion in JAR", TraceLevel.SECURITY);
            }
            return booleanValue || booleanValue2;
        } catch (IOException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean hasTrustedOnlyAssertion(JarFile jarFile) {
        Attributes mainAttributes;
        try {
            Manifest manifest = jarFile.getManifest();
            if (manifest == null || (mainAttributes = manifest.getMainAttributes()) == null) {
                return false;
            }
            boolean booleanValue = Boolean.valueOf(mainAttributes.getValue(new Attributes.Name("Trusted-Only"))).booleanValue();
            boolean booleanValue2 = Boolean.valueOf(mainAttributes.getValue(new Attributes.Name("X-Signed-Only"))).booleanValue();
            if (booleanValue2) {
                Trace.println("old X-Signed-Only assertion in JAR", TraceLevel.SECURITY);
            }
            return booleanValue || booleanValue2;
        } catch (IOException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized String assertTrust(JarFile jarFile, CodeSource[] codeSourceArr) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        for (int i = 0; i < codeSourceArr.length; i++) {
            Enumeration entryNames = jarAccess.entryNames(jarFile, new CodeSource[]{codeSourceArr[i]});
            while (entryNames.hasMoreElements()) {
                String str = (String) entryNames.nextElement();
                if (str.endsWith(".class")) {
                    String replace = str.replace('/', '.');
                    hashMap.put(getPackage(replace.substring(0, replace.length() - 6)), codeSourceArr[i]);
                } else if (!str.endsWith("/")) {
                    hashMap2.put(str, codeSourceArr[i]);
                }
            }
        }
        Set entrySet = hashMap.entrySet();
        Set entrySet2 = hashMap2.entrySet();
        Map.Entry[] entryArr = (Map.Entry[]) entrySet.toArray(new Map.Entry[entrySet.size()]);
        Map.Entry[] entryArr2 = (Map.Entry[]) entrySet2.toArray(new Map.Entry[entrySet2.size()]);
        int trust = setTrust(this.resource2trust, entryArr2);
        String stringBuffer = trust != -1 ? new StringBuffer().append("untrusted resource \"").append((String) entryArr2[trust].getKey()).append("\" in class path").toString() : null;
        int trust2 = setTrust(this.package2trust, entryArr);
        if (trust2 != -1) {
            unwindTrust(this.resource2trust, entryArr2);
            stringBuffer = new StringBuffer().append("untrusted class package \"").append((String) entryArr[trust2].getKey()).append("\" in class path").toString();
        }
        return stringBuffer;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getPackage(String str) {
        int lastIndexOf = str.lastIndexOf(46);
        return lastIndexOf == -1 ? "" : str.substring(0, lastIndexOf);
    }

    private int setTrust(Map map, Map.Entry[] entryArr) {
        int i = 0;
        while (i < entryArr.length) {
            CodeSource trust = setTrust(map, (String) entryArr[i].getKey(), (CodeSource) entryArr[i].getValue());
            if (trust != null) {
                CodeSource codeSource = (CodeSource) entryArr[i].getValue();
                if (!trust.equals(codeSource) && isTrusted(trust) != isTrusted(codeSource)) {
                    break;
                }
                entryArr[i] = null;
            }
            i++;
        }
        if (i == entryArr.length) {
            return -1;
        }
        unwindTrust(map, entryArr, i);
        return i;
    }

    private CodeSource setTrust(Map map, String str, CodeSource codeSource) {
        CodeSource codeSource2 = (CodeSource) map.get(str);
        if (codeSource2 != null) {
            return codeSource2;
        }
        map.put(str, codeSource);
        return null;
    }

    private void unwindTrust(Map map, Map.Entry[] entryArr, int i) {
        if (i == 0) {
            return;
        }
        while (true) {
            i--;
            if (i < 0) {
                return;
            }
            if (entryArr[i] != null) {
                map.remove(entryArr[i].getKey());
            }
        }
    }

    private void unwindTrust(Map map, Map.Entry[] entryArr) {
        unwindTrust(map, entryArr, entryArr.length);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized boolean checkPackage(String str, CodeSource codeSource, Boolean bool) {
        CodeSource trust = setTrust(this.package2trust, str, codeSource);
        return trust == null || trust.equals(codeSource) || isTrusted(trust) == bool;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized boolean checkResource(String str, CodeSource codeSource, Boolean bool) {
        CodeSource trust = setTrust(this.resource2trust, str, codeSource);
        return trust == null || trust.equals(codeSource) || isTrusted(trust) == bool;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void mergeTrustedSources(CodeSource[] codeSourceArr) {
        for (CodeSource codeSource : codeSourceArr) {
            this.trustedCS.add(codeSource);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized Boolean isTrusted(CodeSource codeSource) {
        return codeSource == untrustedCS ? Boolean.FALSE : Boolean.valueOf(this.trustedCS.contains(codeSource));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized CodeSource getDefaultCodeSource(URL url) {
        if (this.trustedCS.isEmpty()) {
            return untrustedCS;
        }
        CodeSource codeSource = (CodeSource) this.defaultCS.get(url);
        if (codeSource == null) {
            codeSource = new CodeSource(url, (Certificate[]) null);
            this.defaultCS.put(url, codeSource);
        }
        return codeSource;
    }

    private static int showMixedTrustDialog() {
        return UIFactory.showMixedCodeDialog(null, null, ResourceManager.getString("security.dialog.mixcode.title"), ResourceManager.getString("security.dialog.mixcode.header"), ResourceManager.getString("security.dialog.mixcode.question"), ResourceManager.getString("security.dialog.mixcode.alert"), ResourceManager.getString("security.dialog.mixcode.buttonYes"), ResourceManager.getString("security.dialog.mixcode.buttonNo"), true);
    }

    static int access$1000() {
        return showMixedTrustDialog();
    }
}
