package sun.security.provider;

import com.itextpdf.text.Annotation;
import com.sun.security.auth.PrincipalComparator;
import fr.opensagres.xdocreport.core.utils.HttpHeaderUtils;
import java.awt.AWTPermission;
import java.io.File;
import java.io.FilePermission;
import java.io.IOException;
import java.io.InputStreamReader;
import java.lang.reflect.Array;
import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.NetPermission;
import java.net.SocketPermission;
import java.net.URL;
import java.security.AccessController;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Identity;
import java.security.IdentityScope;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.Security;
import java.security.UnresolvedPermission;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import java.util.PropertyPermission;
import java.util.Random;
import java.util.StringTokenizer;
import java.util.WeakHashMap;
import java.util.concurrent.atomic.AtomicReference;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import sun.net.www.ParseUtil;
import sun.security.krb5.PrincipalName;
import sun.security.provider.PolicyParser;
import sun.security.util.Debug;
import sun.security.util.PolicyUtil;
import sun.security.util.ResourcesMgr;
import sun.security.util.SecurityConstants;

/* loaded from: classes7.dex */
public class PolicyFile extends Policy {
    private static final String AUTH_POLICY = "java.security.auth.policy";
    private static final String AUTH_POLICY_URL = "auth.policy.url.";
    private static final int DEFAULT_CACHE_SIZE = 1;
    private static final String NONE = "NONE";
    private static final String P11KEYSTORE = "PKCS11";
    private static final String POLICY = "java.security.policy";
    private static final String POLICY_URL = "policy.url.";
    private static final String SECURITY_MANAGER = "java.security.manager";
    private static final String SELF = "${{self}}";
    private static final String X500PRINCIPAL = "javax.security.auth.x500.X500Principal";
    private URL url;
    private static final Debug debug = Debug.getInstance("policy");
    private static IdentityScope scope = null;
    private static final Class[] PARAMS0 = new Class[0];
    private static final Class[] PARAMS1 = {String.class};
    private static final Class[] PARAMS2 = {String.class, String.class};
    private AtomicReference<PolicyInfo> policyInfo = new AtomicReference<>();
    private boolean constructed = false;
    private boolean expandProperties = true;
    private boolean ignoreIdentityScope = false;
    private boolean allowSystemProperties = true;
    private boolean notUtf8 = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes7.dex */
    public static class PolicyEntry {
        private final CodeSource codesource;
        final List permissions;
        private final List principals;

        PolicyEntry(CodeSource codeSource) {
            this(codeSource, null);
        }

        PolicyEntry(CodeSource codeSource, List list) {
            this.codesource = codeSource;
            this.permissions = new ArrayList();
            this.principals = list;
        }

        void add(Permission permission) {
            this.permissions.add(permission);
        }

        CodeSource getCodeSource() {
            return this.codesource;
        }

        List getPrincipals() {
            return this.principals;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append(ResourcesMgr.getString("("));
            sb.append((Object) getCodeSource());
            sb.append("\n");
            for (int i = 0; i < this.permissions.size(); i++) {
                Permission permission = (Permission) this.permissions.get(i);
                sb.append(ResourcesMgr.getString(" "));
                sb.append(ResourcesMgr.getString(" "));
                sb.append((Object) permission);
                sb.append(ResourcesMgr.getString("\n"));
            }
            sb.append(ResourcesMgr.getString(")"));
            sb.append(ResourcesMgr.getString("\n"));
            return sb.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes7.dex */
    public static class PolicyInfo {
        private static final boolean verbose = false;
        private final Map<ProtectionDomain, PermissionCollection>[] pdMapping;
        private Random random;
        final List<PolicyEntry> policyEntries = new ArrayList();
        final List<PolicyEntry> identityPolicyEntries = Collections.synchronizedList(new ArrayList(2));
        final Map aliasMapping = Collections.synchronizedMap(new HashMap(11));

        PolicyInfo(int i) {
            this.pdMapping = new Map[i];
            for (int i2 = 0; i2 < i; i2++) {
                this.pdMapping[i2] = Collections.synchronizedMap(new WeakHashMap());
            }
            if (i > 1) {
                this.random = new Random();
            }
        }

        Map<ProtectionDomain, PermissionCollection> getPdMapping() {
            Map<ProtectionDomain, PermissionCollection>[] mapArr = this.pdMapping;
            if (mapArr.length == 1) {
                return mapArr[0];
            }
            return this.pdMapping[Math.abs(this.random.nextInt() % this.pdMapping.length)];
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes7.dex */
    public static class SelfPermission extends Permission {
        private static final long serialVersionUID = -8315562579967246806L;
        private String actions;
        private Certificate[] certs;
        private String name;
        private String type;

        public SelfPermission(String str, String str2, String str3, Certificate[] certificateArr) {
            super(str);
            int i;
            int i2;
            if (str == null) {
                throw new NullPointerException(ResourcesMgr.getString("type can't be null"));
            }
            this.type = str;
            this.name = str2;
            this.actions = str3;
            if (certificateArr != null) {
                int i3 = 0;
                int i4 = 0;
                while (true) {
                    if (i4 >= certificateArr.length) {
                        break;
                    }
                    if (!(certificateArr[i4] instanceof X509Certificate)) {
                        this.certs = (Certificate[]) certificateArr.clone();
                        break;
                    }
                    i4++;
                }
                if (this.certs == null) {
                    int i5 = 0;
                    int i6 = 0;
                    while (i5 < certificateArr.length) {
                        i6++;
                        while (true) {
                            i2 = i5 + 1;
                            if (i2 < certificateArr.length && ((X509Certificate) certificateArr[i5]).getIssuerDN().equals(((X509Certificate) certificateArr[i2]).getSubjectDN())) {
                                i5 = i2;
                            }
                        }
                        i5 = i2;
                    }
                    if (i6 == certificateArr.length) {
                        this.certs = (Certificate[]) certificateArr.clone();
                    }
                    if (this.certs == null) {
                        ArrayList arrayList = new ArrayList();
                        while (i3 < certificateArr.length) {
                            arrayList.add(certificateArr[i3]);
                            while (true) {
                                i = i3 + 1;
                                if (i < certificateArr.length && ((X509Certificate) certificateArr[i3]).getIssuerDN().equals(((X509Certificate) certificateArr[i]).getSubjectDN())) {
                                    i3 = i;
                                }
                            }
                            i3 = i;
                        }
                        Certificate[] certificateArr2 = new Certificate[arrayList.size()];
                        this.certs = certificateArr2;
                        arrayList.toArray(certificateArr2);
                    }
                }
            }
        }

        @Override // java.security.Permission
        public boolean equals(Object obj) {
            boolean z;
            boolean z2;
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof SelfPermission)) {
                return false;
            }
            SelfPermission selfPermission = (SelfPermission) obj;
            if (!this.type.equals(selfPermission.type) || !this.name.equals(selfPermission.name) || !this.actions.equals(selfPermission.actions) || this.certs.length != selfPermission.certs.length) {
                return false;
            }
            for (int i = 0; i < this.certs.length; i++) {
                int i2 = 0;
                while (true) {
                    Certificate[] certificateArr = selfPermission.certs;
                    if (i2 >= certificateArr.length) {
                        z2 = false;
                        break;
                    }
                    if (this.certs[i].equals(certificateArr[i2])) {
                        z2 = true;
                        break;
                    }
                    i2++;
                }
                if (!z2) {
                    return false;
                }
            }
            for (int i3 = 0; i3 < selfPermission.certs.length; i3++) {
                int i4 = 0;
                while (true) {
                    Certificate[] certificateArr2 = this.certs;
                    if (i4 >= certificateArr2.length) {
                        z = false;
                        break;
                    }
                    if (selfPermission.certs[i3].equals(certificateArr2[i4])) {
                        z = true;
                        break;
                    }
                    i4++;
                }
                if (!z) {
                    return false;
                }
            }
            return true;
        }

        @Override // java.security.Permission
        public String getActions() {
            return "";
        }

        public Certificate[] getCerts() {
            return this.certs;
        }

        public String getSelfActions() {
            return this.actions;
        }

        public String getSelfName() {
            return this.name;
        }

        public String getSelfType() {
            return this.type;
        }

        @Override // java.security.Permission
        public int hashCode() {
            int hashCode = this.type.hashCode();
            String str = this.name;
            if (str != null) {
                hashCode ^= str.hashCode();
            }
            String str2 = this.actions;
            return str2 != null ? hashCode ^ str2.hashCode() : hashCode;
        }

        @Override // java.security.Permission
        public boolean implies(Permission permission) {
            return false;
        }

        @Override // java.security.Permission
        public String toString() {
            return "(SelfPermission " + this.type + " " + this.name + " " + this.actions + ")";
        }
    }

    public PolicyFile() {
        init((URL) null);
    }

    public PolicyFile(URL url) {
        this.url = url;
        init(url);
    }

    public PolicyFile(boolean z) {
        if (!z) {
            init((URL) null);
            return;
        }
        PolicyInfo policyInfo = new PolicyInfo(1);
        initStaticPolicy(policyInfo);
        this.policyInfo.set(policyInfo);
    }

    private void addGrantEntry(PolicyParser.GrantEntry grantEntry, KeyStore keyStore, PolicyInfo policyInfo) {
        CodeSource codeSource;
        Permission policyFile;
        Debug debug2 = debug;
        if (debug2 != null) {
            debug2.println("Adding policy entry: ");
            debug2.println("  signedBy " + grantEntry.signedBy);
            debug2.println("  codeBase " + grantEntry.codeBase);
            if (grantEntry.principals != null && grantEntry.principals.size() > 0) {
                Iterator listIterator = grantEntry.principals.listIterator();
                while (listIterator.getHasNext()) {
                    PolicyParser.PrincipalEntry principalEntry = (PolicyParser.PrincipalEntry) listIterator.next();
                    debug.println("  " + principalEntry.toString());
                }
            }
        }
        try {
            codeSource = getCodeSource(grantEntry, keyStore, policyInfo);
        } catch (Exception e) {
            System.err.println(new MessageFormat(ResourcesMgr.getString("java.security.policy: error adding Entry:\n\tmessage")).format(new Object[]{e.toString()}));
        }
        if (codeSource != null && replacePrincipals(grantEntry.principals, keyStore)) {
            PolicyEntry policyEntry = new PolicyEntry(codeSource, grantEntry.principals);
            Enumeration permissionElements = grantEntry.permissionElements();
            while (permissionElements.hasMoreElements()) {
                PolicyParser.PermissionEntry permissionEntry = (PolicyParser.PermissionEntry) permissionElements.nextElement();
                try {
                    try {
                        expandPermissionName(permissionEntry, keyStore);
                        if (permissionEntry.permission.equals("javax.security.auth.PrivateCredentialPermission") && permissionEntry.name.endsWith(" self")) {
                            permissionEntry.name = permissionEntry.name.substring(0, permissionEntry.name.indexOf("self")) + SELF;
                        }
                        if (permissionEntry.name == null || permissionEntry.name.indexOf(SELF) == -1) {
                            policyFile = getInstance(permissionEntry.permission, permissionEntry.name, permissionEntry.action);
                        } else {
                            policyFile = new SelfPermission(permissionEntry.permission, permissionEntry.name, permissionEntry.action, permissionEntry.signedBy != null ? getCertificates(keyStore, permissionEntry.signedBy, policyInfo) : null);
                        }
                        policyEntry.add(policyFile);
                        Debug debug3 = debug;
                        if (debug3 != null) {
                            debug3.println("  " + ((Object) policyFile));
                        }
                    } catch (ClassNotFoundException unused) {
                        Certificate[] certificates = permissionEntry.signedBy != null ? getCertificates(keyStore, permissionEntry.signedBy, policyInfo) : null;
                        if (certificates != null || permissionEntry.signedBy == null) {
                            UnresolvedPermission unresolvedPermission = new UnresolvedPermission(permissionEntry.permission, permissionEntry.name, permissionEntry.action, certificates);
                            policyEntry.add(unresolvedPermission);
                            Debug debug4 = debug;
                            if (debug4 != null) {
                                debug4.println("  " + ((Object) unresolvedPermission));
                            }
                        }
                    }
                } catch (InvocationTargetException e2) {
                    System.err.println(new MessageFormat(ResourcesMgr.getString("java.security.policy: error adding Permission, perm:\n\tmessage")).format(new Object[]{permissionEntry.permission, e2.getTargetException().toString()}));
                } catch (Exception e3) {
                    System.err.println(new MessageFormat(ResourcesMgr.getString("java.security.policy: error adding Permission, perm:\n\tmessage")).format(new Object[]{permissionEntry.permission, e3.toString()}));
                }
            }
            policyInfo.policyEntries.add(policyEntry);
            Debug debug5 = debug;
            if (debug5 != null) {
                debug5.println();
            }
        }
    }

    private void addPermissions(Permissions permissions, final CodeSource codeSource, Principal[] principalArr, final PolicyEntry policyEntry) {
        Debug debug2 = debug;
        if (debug2 != null) {
            debug2.println("evaluate codesources:\n\tPolicy CodeSource: " + ((Object) policyEntry.getCodeSource()) + "\n\tActive CodeSource: " + ((Object) codeSource));
        }
        if (!((Boolean) AccessController.doPrivileged(new PrivilegedAction() { // from class: sun.security.provider.PolicyFile.8
            @Override // java.security.PrivilegedAction
            public Object run() {
                return new Boolean(policyEntry.getCodeSource().implies(codeSource));
            }
        })).booleanValue()) {
            if (debug2 != null) {
                debug2.println("evaluation (codesource) failed");
                return;
            }
            return;
        }
        List principals = policyEntry.getPrincipals();
        if (debug2 != null) {
            ArrayList arrayList = new ArrayList();
            if (principalArr != null) {
                for (int i = 0; i < principalArr.length; i++) {
                    arrayList.add(new PolicyParser.PrincipalEntry(principalArr[i].getClass().getName(), principalArr[i].getName()));
                }
            }
            debug.println("evaluate principals:\n\tPolicy Principals: " + ((Object) principals) + "\n\tActive Principals: " + ((Object) arrayList));
        }
        if (principals == null || principals.size() == 0) {
            addPerms(permissions, principalArr, policyEntry);
            Debug debug3 = debug;
            if (debug3 != null) {
                debug3.println("evaluation (codesource/principals) passed");
                return;
            }
            return;
        }
        if (principalArr == null || principalArr.length == 0) {
            Debug debug4 = debug;
            if (debug4 != null) {
                debug4.println("evaluation (principals) failed");
                return;
            }
            return;
        }
        for (int i2 = 0; i2 < principals.size(); i2++) {
            PolicyParser.PrincipalEntry principalEntry = (PolicyParser.PrincipalEntry) principals.get(i2);
            try {
                Class<?> cls = Class.forName(principalEntry.principalClass, true, Thread.currentThread().getContextClassLoader());
                if (PrincipalComparator.class.isAssignableFrom(cls)) {
                    PrincipalComparator principalComparator = (PrincipalComparator) cls.getConstructor(PARAMS1).newInstance(principalEntry.principalName);
                    Debug debug5 = debug;
                    if (debug5 != null) {
                        debug5.println("found PrincipalComparator " + principalComparator.getClass().getName());
                    }
                    HashSet hashSet = new HashSet(principalArr.length);
                    for (Principal principal : principalArr) {
                        hashSet.add(principal);
                    }
                    if (!principalComparator.implies(new Subject(true, hashSet, Collections.EMPTY_SET, Collections.EMPTY_SET))) {
                        Debug debug6 = debug;
                        if (debug6 != null) {
                            debug6.println("evaluation (principal comparator) failed");
                            return;
                        }
                        return;
                    }
                } else if (!checkEntryPs(principalArr, principalEntry)) {
                    Debug debug7 = debug;
                    if (debug7 != null) {
                        debug7.println("evaluation (principals) failed");
                        return;
                    }
                    return;
                }
            } catch (Exception e) {
                Debug debug8 = debug;
                if (debug8 != null) {
                    e.printStackTrace();
                }
                if (!checkEntryPs(principalArr, principalEntry)) {
                    if (debug8 != null) {
                        debug8.println("evaluation (principals) failed");
                        return;
                    }
                    return;
                }
            }
        }
        Debug debug9 = debug;
        if (debug9 != null) {
            debug9.println("evaluation (codesource/principals) passed");
        }
        addPerms(permissions, principalArr, policyEntry);
    }

    private void addPerms(Permissions permissions, Principal[] principalArr, PolicyEntry policyEntry) {
        for (int i = 0; i < policyEntry.permissions.size(); i++) {
            Permission permission = (Permission) policyEntry.permissions.get(i);
            Debug debug2 = debug;
            if (debug2 != null) {
                debug2.println("  granting " + ((Object) permission));
            }
            if (permission instanceof SelfPermission) {
                expandSelf((SelfPermission) permission, policyEntry.getPrincipals(), principalArr, permissions);
            } else {
                permissions.add(permission);
            }
        }
    }

    public static String canonPath(String str) throws IOException {
        if (!str.endsWith("*")) {
            return new File(str).getCanonicalPath();
        }
        String canonicalPath = new File(str.substring(0, str.length() - 1) + "-").getCanonicalPath();
        return canonicalPath.substring(0, canonicalPath.length() + (-1)) + "*";
    }

    /* JADX INFO: Access modifiers changed from: private */
    public CodeSource canonicalizeCodebase(CodeSource codeSource, boolean z) {
        Permission permission;
        CodeSource codeSource2;
        URL location = codeSource.getLocation();
        String str = null;
        if (location != null) {
            try {
                permission = location.openConnection().getPermission();
            } catch (IOException unused) {
                permission = null;
            }
            if (permission instanceof FilePermission) {
                str = permission.getName();
            } else if (permission == null && location.getProtocol().equals(Annotation.FILE)) {
                str = ParseUtil.decode(location.getFile().replace(PrincipalName.NAME_COMPONENT_SEPARATOR, File.separatorChar));
            }
        }
        if (str != null) {
            try {
                URL fileToEncodedURL = ParseUtil.fileToEncodedURL(new File(canonPath(str)));
                return z ? new CodeSource(fileToEncodedURL, getSignerCertificates(codeSource)) : new CodeSource(fileToEncodedURL, codeSource.getCertificates());
            } catch (IOException unused2) {
                if (!z) {
                    return codeSource;
                }
                codeSource2 = new CodeSource(codeSource.getLocation(), getSignerCertificates(codeSource));
            }
        } else {
            if (!z) {
                return codeSource;
            }
            codeSource2 = new CodeSource(codeSource.getLocation(), getSignerCertificates(codeSource));
        }
        return codeSource2;
    }

    private boolean checkEntryPs(Principal[] principalArr, PolicyParser.PrincipalEntry principalEntry) {
        for (int i = 0; i < principalArr.length; i++) {
            if ((principalEntry.principalClass.equals(PolicyParser.PrincipalEntry.WILDCARD_CLASS) || principalEntry.principalClass.equals(principalArr[i].getClass().getName())) && (principalEntry.principalName.equals(PolicyParser.PrincipalEntry.WILDCARD_NAME) || principalEntry.principalName.equals(principalArr[i].getName()))) {
                return true;
            }
        }
        return false;
    }

    private boolean checkForTrustedIdentity(final Certificate certificate, PolicyInfo policyInfo) {
        if (certificate == null || this.ignoreIdentityScope) {
            return false;
        }
        synchronized (PolicyFile.class) {
            if (scope == null) {
                IdentityScope systemScope = IdentityScope.getSystemScope();
                if (systemScope instanceof IdentityDatabase) {
                    scope = systemScope;
                }
            }
        }
        if (scope == null) {
            this.ignoreIdentityScope = true;
            return false;
        }
        final Identity identity = (Identity) AccessController.doPrivileged(new PrivilegedAction() { // from class: sun.security.provider.PolicyFile.9
            @Override // java.security.PrivilegedAction
            public Object run() {
                return PolicyFile.scope.getIdentity(certificate.getPublicKey());
            }
        });
        if (!isTrusted(identity)) {
            return false;
        }
        Debug debug2 = debug;
        if (debug2 != null) {
            debug2.println("Adding policy entry for trusted Identity: ");
            AccessController.doPrivileged(new PrivilegedAction() { // from class: sun.security.provider.PolicyFile.10
                @Override // java.security.PrivilegedAction
                public Object run() {
                    PolicyFile.debug.println("  identity = " + ((Object) identity));
                    return null;
                }
            });
            debug2.println("");
        }
        PolicyEntry policyEntry = new PolicyEntry(new CodeSource((URL) null, new Certificate[]{certificate}));
        policyEntry.add(SecurityConstants.ALL_PERMISSION);
        policyInfo.identityPolicyEntries.add(policyEntry);
        policyInfo.aliasMapping.put(certificate, identity.getName());
        return true;
    }

    private void expandPermissionName(PolicyParser.PermissionEntry permissionEntry, KeyStore keyStore) throws Exception {
        int indexOf;
        if (permissionEntry.name == null || permissionEntry.name.indexOf("${{", 0) == -1) {
            return;
        }
        StringBuilder sb = new StringBuilder();
        int i = 0;
        while (true) {
            int indexOf2 = permissionEntry.name.indexOf("${{", i);
            if (indexOf2 == -1 || (indexOf = permissionEntry.name.indexOf("}}", indexOf2)) < 1) {
                break;
            }
            sb.append(permissionEntry.name.substring(i, indexOf2));
            String substring = permissionEntry.name.substring(indexOf2 + 3, indexOf);
            int indexOf3 = substring.indexOf(":");
            String substring2 = indexOf3 != -1 ? substring.substring(0, indexOf3) : substring;
            if (substring2.equalsIgnoreCase("self")) {
                int i2 = indexOf + 2;
                sb.append(permissionEntry.name.substring(indexOf2, i2));
                i = i2;
            } else {
                if (!substring2.equalsIgnoreCase("alias")) {
                    throw new Exception(new MessageFormat(ResourcesMgr.getString("substitution value, prefix, unsupported")).format(new Object[]{substring2}));
                }
                if (indexOf3 == -1) {
                    throw new Exception(new MessageFormat(ResourcesMgr.getString("alias name not provided (pe.name)")).format(new Object[]{permissionEntry.name}));
                }
                int i3 = indexOf3 + 1;
                String dn = getDN(substring.substring(i3), keyStore);
                if (dn == null) {
                    throw new Exception(new MessageFormat(ResourcesMgr.getString("unable to perform substitution on alias, suffix")).format(new Object[]{substring.substring(i3)}));
                }
                sb.append("javax.security.auth.x500.X500Principal \"" + dn + HttpHeaderUtils.ATTACHMENT_FILENAME_END);
                i = indexOf + 2;
            }
        }
        sb.append(permissionEntry.name.substring(i));
        Debug debug2 = debug;
        if (debug2 != null) {
            debug2.println("  Permission name expanded from:\n\t" + permissionEntry.name + "\nto\n\t" + sb.toString());
        }
        permissionEntry.name = sb.toString();
    }

    private void expandSelf(SelfPermission selfPermission, List list, Principal[] principalArr, Permissions permissions) {
        if (list == null || list.size() == 0) {
            Debug debug2 = debug;
            if (debug2 != null) {
                debug2.println("Ignoring permission " + selfPermission.getSelfType() + " with target name (" + selfPermission.getSelfName() + ").  No Principal(s) specified in the grant clause.  SELF-based target names are only valid in the context of a Principal-based grant entry.");
                return;
            }
            return;
        }
        StringBuilder sb = new StringBuilder();
        int i = 0;
        while (true) {
            int indexOf = selfPermission.getSelfName().indexOf(SELF, i);
            if (indexOf == -1) {
                break;
            }
            sb.append(selfPermission.getSelfName().substring(i, indexOf));
            ListIterator listIterator = list.listIterator();
            while (listIterator.getHasNext()) {
                String[][] principalInfo = getPrincipalInfo((PolicyParser.PrincipalEntry) listIterator.next(), principalArr);
                for (int i2 = 0; i2 < principalInfo.length; i2++) {
                    if (i2 != 0) {
                        sb.append(", ");
                    }
                    sb.append(principalInfo[i2][0] + " " + HttpHeaderUtils.ATTACHMENT_FILENAME_END + principalInfo[i2][1] + HttpHeaderUtils.ATTACHMENT_FILENAME_END);
                }
                if (listIterator.getHasNext()) {
                    sb.append(", ");
                }
            }
            i = indexOf + 9;
        }
        sb.append(selfPermission.getSelfName().substring(i));
        Debug debug3 = debug;
        if (debug3 != null) {
            debug3.println("  expanded:\n\t" + selfPermission.getSelfName() + "\n  into:\n\t" + sb.toString());
        }
        try {
            permissions.add(getInstance(selfPermission.getSelfType(), sb.toString(), selfPermission.getSelfActions()));
        } catch (ClassNotFoundException unused) {
            Class<?> cls = null;
            synchronized (permissions) {
                Enumeration<Permission> elements = permissions.elements();
                while (true) {
                    if (!elements.hasMoreElements()) {
                        break;
                    }
                    Permission nextElement = elements.nextElement();
                    if (nextElement.getClass().getName().equals(selfPermission.getSelfType())) {
                        cls = nextElement.getClass();
                        break;
                    }
                }
                if (cls == null) {
                    permissions.add(new UnresolvedPermission(selfPermission.getSelfType(), sb.toString(), selfPermission.getSelfActions(), selfPermission.getCerts()));
                    return;
                }
                try {
                    if (selfPermission.getSelfActions() == null) {
                        try {
                            permissions.add((Permission) cls.getConstructor(PARAMS1).newInstance(sb.toString()));
                        } catch (NoSuchMethodException unused2) {
                            permissions.add((Permission) cls.getConstructor(PARAMS2).newInstance(sb.toString(), selfPermission.getSelfActions()));
                        }
                    } else {
                        permissions.add((Permission) cls.getConstructor(PARAMS2).newInstance(sb.toString(), selfPermission.getSelfActions()));
                    }
                } catch (Exception e) {
                    Debug debug4 = debug;
                    if (debug4 != null) {
                        debug4.println("self entry expansion  instantiation failed: " + e.toString());
                    }
                }
            }
        } catch (Exception e2) {
            Debug debug5 = debug;
            if (debug5 != null) {
                debug5.println(e2.toString());
            }
        }
    }

    private Certificate[] getCertificates(KeyStore keyStore, String str, PolicyInfo policyInfo) {
        Certificate certificate;
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        int i = 0;
        ArrayList arrayList = null;
        while (stringTokenizer.hasMoreTokens()) {
            String trim = stringTokenizer.nextToken().trim();
            i++;
            synchronized (policyInfo.aliasMapping) {
                certificate = (Certificate) policyInfo.aliasMapping.get(trim);
                if (certificate == null && keyStore != null) {
                    try {
                        certificate = keyStore.getCertificate(trim);
                    } catch (KeyStoreException unused) {
                    }
                    if (certificate != null) {
                        policyInfo.aliasMapping.put(trim, certificate);
                        policyInfo.aliasMapping.put(certificate, trim);
                    }
                }
            }
            if (certificate != null) {
                if (arrayList == null) {
                    arrayList = new ArrayList();
                }
                arrayList.add(certificate);
            }
        }
        if (arrayList == null || i != arrayList.size()) {
            return null;
        }
        Certificate[] certificateArr = new Certificate[arrayList.size()];
        arrayList.toArray(certificateArr);
        return certificateArr;
    }

    private CodeSource getCodeSource(PolicyParser.GrantEntry grantEntry, KeyStore keyStore, PolicyInfo policyInfo) throws MalformedURLException {
        Certificate[] certificateArr;
        if (grantEntry.signedBy != null) {
            certificateArr = getCertificates(keyStore, grantEntry.signedBy, policyInfo);
            if (certificateArr == null) {
                Debug debug2 = debug;
                if (debug2 != null) {
                    debug2.println("  -- No certs for alias '" + grantEntry.signedBy + "' - ignoring entry");
                }
                return null;
            }
        } else {
            certificateArr = null;
        }
        return canonicalizeCodebase(new CodeSource(grantEntry.codeBase != null ? new URL(grantEntry.codeBase) : null, certificateArr), false);
    }

    private String getDN(String str, KeyStore keyStore) {
        try {
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate != null && (certificate instanceof X509Certificate)) {
                return new X500Principal(((X509Certificate) certificate).getSubjectX500Principal().toString()).getName();
            }
            Debug debug2 = debug;
            if (debug2 != null) {
                debug2.println("  -- No certificate for '" + str + "' - ignoring entry");
            }
            return null;
        } catch (Exception e) {
            if (debug != null) {
                debug.println("  Error retrieving certificate for '" + str + "': " + e.toString());
            }
            return null;
        }
    }

    private static final Permission getInstance(String str, String str2, String str3) throws ClassNotFoundException, InstantiationException, IllegalAccessException, NoSuchMethodException, InvocationTargetException {
        Class<?> cls = Class.forName(str);
        Permission knownInstance = getKnownInstance(cls, str2, str3);
        if (knownInstance != null) {
            return knownInstance;
        }
        if (str2 == null && str3 == null) {
            try {
                try {
                    return (Permission) cls.getConstructor(PARAMS0).newInstance(new Object[0]);
                } catch (NoSuchMethodException unused) {
                    return (Permission) cls.getConstructor(PARAMS1).newInstance(str2);
                }
            } catch (NoSuchMethodException unused2) {
                return (Permission) cls.getConstructor(PARAMS2).newInstance(str2, str3);
            }
        }
        if (str2 == null || str3 != null) {
            return (Permission) cls.getConstructor(PARAMS2).newInstance(str2, str3);
        }
        try {
            return (Permission) cls.getConstructor(PARAMS1).newInstance(str2);
        } catch (NoSuchMethodException unused3) {
            return (Permission) cls.getConstructor(PARAMS2).newInstance(str2, str3);
        }
    }

    private static final Permission getKnownInstance(Class cls, String str, String str2) {
        if (cls.equals(FilePermission.class)) {
            return new FilePermission(str, str2);
        }
        if (cls.equals(SocketPermission.class)) {
            return new SocketPermission(str, str2);
        }
        if (cls.equals(RuntimePermission.class)) {
            return new RuntimePermission(str, str2);
        }
        if (cls.equals(PropertyPermission.class)) {
            return new PropertyPermission(str, str2);
        }
        if (cls.equals(NetPermission.class)) {
            return new NetPermission(str, str2);
        }
        if (cls.equals(AllPermission.class)) {
            return SecurityConstants.ALL_PERMISSION;
        }
        if (cls.equals(AWTPermission.class)) {
            return new AWTPermission(str, str2);
        }
        return null;
    }

    private PermissionCollection getPermissions(Permissions permissions, final CodeSource codeSource) {
        return getPermissions(permissions, (CodeSource) AccessController.doPrivileged(new PrivilegedAction() { // from class: sun.security.provider.PolicyFile.7
            @Override // java.security.PrivilegedAction
            public Object run() {
                return PolicyFile.this.canonicalizeCodebase(codeSource, true);
            }
        }), null);
    }

    private PermissionCollection getPermissions(Permissions permissions, final ProtectionDomain protectionDomain) {
        if (debug != null) {
            AccessController.doPrivileged(new PrivilegedAction() { // from class: sun.security.provider.PolicyFile.5
                @Override // java.security.PrivilegedAction
                public Object run() {
                    PolicyFile.debug.println("getPermissions:\n\t" + PolicyFile.this.printPD(protectionDomain));
                    return null;
                }
            });
        }
        final CodeSource codeSource = protectionDomain.getCodeSource();
        return codeSource == null ? permissions : getPermissions(permissions, (CodeSource) AccessController.doPrivileged(new PrivilegedAction() { // from class: sun.security.provider.PolicyFile.6
            @Override // java.security.PrivilegedAction
            public Object run() {
                return PolicyFile.this.canonicalizeCodebase(codeSource, true);
            }
        }), protectionDomain.getPrincipals());
    }

    private Permissions getPermissions(Permissions permissions, CodeSource codeSource, Principal[] principalArr) {
        Certificate[] certificates;
        PolicyInfo policyInfo = this.policyInfo.get();
        Iterator<PolicyEntry> it = policyInfo.policyEntries.iterator();
        while (it.getHasNext()) {
            addPermissions(permissions, codeSource, principalArr, it.next());
        }
        synchronized (policyInfo.identityPolicyEntries) {
            Iterator<PolicyEntry> it2 = policyInfo.identityPolicyEntries.iterator();
            while (it2.getHasNext()) {
                addPermissions(permissions, codeSource, principalArr, it2.next());
            }
        }
        if (!this.ignoreIdentityScope && (certificates = codeSource.getCertificates()) != null) {
            for (int i = 0; i < certificates.length; i++) {
                if (policyInfo.aliasMapping.get(certificates[i]) == null && checkForTrustedIdentity(certificates[i], policyInfo)) {
                    permissions.add(SecurityConstants.ALL_PERMISSION);
                }
            }
        }
        return permissions;
    }

    private String[][] getPrincipalInfo(PolicyParser.PrincipalEntry principalEntry, Principal[] principalArr) {
        if (!principalEntry.principalClass.equals(PolicyParser.PrincipalEntry.WILDCARD_CLASS) && !principalEntry.principalName.equals(PolicyParser.PrincipalEntry.WILDCARD_NAME)) {
            String[][] strArr = (String[][]) Array.newInstance((Class<?>) String.class, 1, 2);
            strArr[0][0] = principalEntry.principalClass;
            strArr[0][1] = principalEntry.principalName;
            return strArr;
        }
        if (principalEntry.principalClass.equals(PolicyParser.PrincipalEntry.WILDCARD_CLASS) || !principalEntry.principalName.equals(PolicyParser.PrincipalEntry.WILDCARD_NAME)) {
            String[][] strArr2 = (String[][]) Array.newInstance((Class<?>) String.class, principalArr.length, 2);
            for (int i = 0; i < principalArr.length; i++) {
                strArr2[i][0] = principalArr[i].getClass().getName();
                strArr2[i][1] = principalArr[i].getName();
            }
            return strArr2;
        }
        ArrayList<Principal> arrayList = new ArrayList();
        for (int i2 = 0; i2 < principalArr.length; i2++) {
            if (principalEntry.principalClass.equals(principalArr[i2].getClass().getName())) {
                arrayList.add(principalArr[i2]);
            }
        }
        String[][] strArr3 = (String[][]) Array.newInstance((Class<?>) String.class, arrayList.size(), 2);
        int i3 = 0;
        for (Principal principal : arrayList) {
            strArr3[i3][0] = principal.getClass().getName();
            strArr3[i3][1] = principal.getName();
            i3++;
        }
        return strArr3;
    }

    private void init(URL url) {
        String str = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: sun.security.provider.PolicyFile.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                PolicyFile.this.expandProperties = "true".equalsIgnoreCase(Security.getProperty("policy.expandProperties"));
                PolicyFile.this.ignoreIdentityScope = "true".equalsIgnoreCase(Security.getProperty("policy.ignoreIdentityScope"));
                PolicyFile.this.allowSystemProperties = "true".equalsIgnoreCase(Security.getProperty("policy.allowSystemProperty"));
                PolicyFile.this.notUtf8 = "false".equalsIgnoreCase(System.getProperty("sun.security.policy.utf8"));
                return System.getProperty("sun.security.policy.numcaches");
            }
        });
        int i = 1;
        if (str != null) {
            try {
                i = Integer.parseInt(str);
            } catch (NumberFormatException unused) {
            }
        }
        PolicyInfo policyInfo = new PolicyInfo(i);
        initPolicyFile(policyInfo, url);
        this.policyInfo.set(policyInfo);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean init(URL url, PolicyInfo policyInfo) {
        PolicyParser policyParser = new PolicyParser(this.expandProperties);
        try {
            try {
                InputStreamReader inputStreamReader = this.notUtf8 ? new InputStreamReader(PolicyUtil.getInputStream(url)) : new InputStreamReader(PolicyUtil.getInputStream(url), "UTF-8");
                policyParser.read(inputStreamReader);
                inputStreamReader.close();
                KeyStore keyStore = null;
                try {
                    keyStore = PolicyUtil.getKeyStore(url, policyParser.getKeyStoreUrl(), policyParser.getKeyStoreType(), policyParser.getKeyStoreProvider(), policyParser.getStorePassURL(), debug);
                } catch (Exception e) {
                    if (debug != null) {
                        e.printStackTrace();
                    }
                }
                Enumeration grantElements = policyParser.grantElements();
                while (grantElements.hasMoreElements()) {
                    addGrantEntry((PolicyParser.GrantEntry) grantElements.nextElement(), keyStore, policyInfo);
                }
                return true;
            } catch (Exception e2) {
                Debug debug2 = debug;
                if (debug2 != null) {
                    debug2.println("error parsing " + ((Object) url));
                    debug2.println(e2.toString());
                    e2.printStackTrace();
                }
                return false;
            }
        } catch (PolicyParser.ParsingException e3) {
            System.err.println(new MessageFormat(ResourcesMgr.getString("java.security.policy: error parsing policy:\n\tmessage")).format(new Object[]{url, e3.getLocalizedMessage()}));
            if (debug != null) {
                e3.printStackTrace();
            }
            return false;
        }
    }

    private void initPolicyFile(final PolicyInfo policyInfo, final URL url) {
        if (url == null) {
            if (!initPolicyFile(POLICY, POLICY_URL, policyInfo)) {
                initStaticPolicy(policyInfo);
            }
            initPolicyFile(AUTH_POLICY, AUTH_POLICY_URL, policyInfo);
            return;
        }
        Debug debug2 = debug;
        if (debug2 != null) {
            debug2.println("reading " + ((Object) url));
        }
        AccessController.doPrivileged(new PrivilegedAction() { // from class: sun.security.provider.PolicyFile.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                if (PolicyFile.this.init(url, policyInfo)) {
                    return null;
                }
                PolicyFile.this.initStaticPolicy(policyInfo);
                return null;
            }
        });
    }

    private boolean initPolicyFile(final String str, final String str2, final PolicyInfo policyInfo) {
        return ((Boolean) AccessController.doPrivileged(new PrivilegedAction() { // from class: sun.security.provider.PolicyFile.3
            /* JADX WARN: Removed duplicated region for block: B:43:0x00f8 A[Catch: Exception -> 0x011a, TryCatch #1 {Exception -> 0x011a, blocks: (B:35:0x00b9, B:37:0x00cd, B:40:0x00d6, B:41:0x00f2, B:43:0x00f8, B:44:0x010e, B:50:0x00e0), top: B:34:0x00b9 }] */
            /* JADX WARN: Removed duplicated region for block: B:46:0x0118  */
            /* JADX WARN: Removed duplicated region for block: B:49:0x013c A[SYNTHETIC] */
            @Override // java.security.PrivilegedAction
            /*
                Code decompiled incorrectly, please refer to instructions dump.
                To view partially-correct add '--show-bad-code' argument
            */
            public java.lang.Object run() {
                /*
                    Method dump skipped, instructions count: 325
                    To view this dump add '--comments-level debug' option
                */
                throw new UnsupportedOperationException("Method not decompiled: sun.security.provider.PolicyFile.AnonymousClass3.run():java.lang.Object");
            }
        })).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initStaticPolicy(final PolicyInfo policyInfo) {
        AccessController.doPrivileged(new PrivilegedAction() { // from class: sun.security.provider.PolicyFile.4
            @Override // java.security.PrivilegedAction
            public Object run() {
                PolicyEntry policyEntry = new PolicyEntry(new CodeSource((URL) null, (Certificate[]) null));
                policyEntry.add(SecurityConstants.LOCAL_LISTEN_PERMISSION);
                policyEntry.add(new PropertyPermission("java.version", "read"));
                policyEntry.add(new PropertyPermission("java.vendor", "read"));
                policyEntry.add(new PropertyPermission("java.vendor.url", "read"));
                policyEntry.add(new PropertyPermission("java.class.version", "read"));
                policyEntry.add(new PropertyPermission("os.name", "read"));
                policyEntry.add(new PropertyPermission("os.version", "read"));
                policyEntry.add(new PropertyPermission("os.arch", "read"));
                policyEntry.add(new PropertyPermission("file.separator", "read"));
                policyEntry.add(new PropertyPermission("path.separator", "read"));
                policyEntry.add(new PropertyPermission("line.separator", "read"));
                policyEntry.add(new PropertyPermission("java.specification.version", "read"));
                policyEntry.add(new PropertyPermission("java.specification.vendor", "read"));
                policyEntry.add(new PropertyPermission("java.specification.name", "read"));
                policyEntry.add(new PropertyPermission("java.vm.specification.version", "read"));
                policyEntry.add(new PropertyPermission("java.vm.specification.vendor", "read"));
                policyEntry.add(new PropertyPermission("java.vm.specification.name", "read"));
                policyEntry.add(new PropertyPermission("java.vm.version", "read"));
                policyEntry.add(new PropertyPermission("java.vm.vendor", "read"));
                policyEntry.add(new PropertyPermission("java.vm.name", "read"));
                policyInfo.policyEntries.add(policyEntry);
                String[] parseExtDirs = PolicyParser.parseExtDirs("${{java.ext.dirs}}", 0);
                if (parseExtDirs != null && parseExtDirs.length > 0) {
                    for (String str : parseExtDirs) {
                        try {
                            PolicyEntry policyEntry2 = new PolicyEntry(PolicyFile.this.canonicalizeCodebase(new CodeSource(new URL(str), (Certificate[]) null), false));
                            policyEntry2.add(SecurityConstants.ALL_PERMISSION);
                            policyInfo.policyEntries.add(policyEntry2);
                        } catch (Exception unused) {
                        }
                    }
                }
                return null;
            }
        });
    }

    private static boolean isTrusted(Identity identity) {
        return identity instanceof SystemIdentity ? ((SystemIdentity) identity).isTrusted() : (identity instanceof SystemSigner) && ((SystemSigner) identity).isTrusted();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String printPD(ProtectionDomain protectionDomain) {
        String str;
        Principal[] principals = protectionDomain.getPrincipals();
        if (principals == null || principals.length <= 0) {
            str = "<no principals>";
        } else {
            StringBuilder sb = new StringBuilder("(principals ");
            for (int i = 0; i < principals.length; i++) {
                sb.append(principals[i].getClass().getName() + " \"" + principals[i].getName() + HttpHeaderUtils.ATTACHMENT_FILENAME_END);
                if (i < principals.length - 1) {
                    sb.append(", ");
                } else {
                    sb.append(")");
                }
            }
            str = sb.toString();
        }
        return "PD CodeSource: " + ((Object) protectionDomain.getCodeSource()) + "\n\tPD ClassLoader: " + ((Object) protectionDomain.getClassLoader()) + "\n\tPD Principals: " + str;
    }

    private boolean replacePrincipals(List list, KeyStore keyStore) {
        if (list != null && list.size() != 0 && keyStore != null) {
            ListIterator listIterator = list.listIterator();
            while (listIterator.getHasNext()) {
                PolicyParser.PrincipalEntry principalEntry = (PolicyParser.PrincipalEntry) listIterator.next();
                if (principalEntry.principalClass.equals(PolicyParser.REPLACE_NAME)) {
                    String dn = getDN(principalEntry.principalName, keyStore);
                    if (dn == null) {
                        return false;
                    }
                    Debug debug2 = debug;
                    if (debug2 != null) {
                        debug2.println("  Replacing \"" + principalEntry.principalName + "\" with javax.security.auth.x500.X500Principal/\"" + dn + HttpHeaderUtils.ATTACHMENT_FILENAME_END);
                    }
                    principalEntry.principalClass = "javax.security.auth.x500.X500Principal";
                    principalEntry.principalName = dn;
                }
            }
        }
        return true;
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        return getPermissions(new Permissions(), codeSource);
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        Permissions permissions = new Permissions();
        if (protectionDomain == null) {
            return permissions;
        }
        getPermissions(permissions, protectionDomain);
        PermissionCollection permissions2 = protectionDomain.getPermissions();
        if (permissions2 != null) {
            synchronized (permissions2) {
                Enumeration<Permission> elements = permissions2.elements();
                while (elements.hasMoreElements()) {
                    permissions.add(elements.nextElement());
                }
            }
        }
        return permissions;
    }

    protected Certificate[] getSignerCertificates(CodeSource codeSource) {
        int i;
        int i2;
        Certificate[] certificates = codeSource.getCertificates();
        if (certificates == null) {
            return null;
        }
        int i3 = 0;
        for (Certificate certificate : certificates) {
            if (!(certificate instanceof X509Certificate)) {
                return codeSource.getCertificates();
            }
        }
        int i4 = 0;
        int i5 = 0;
        while (i4 < certificates.length) {
            i5++;
            while (true) {
                i2 = i4 + 1;
                if (i2 < certificates.length && ((X509Certificate) certificates[i4]).getIssuerDN().equals(((X509Certificate) certificates[i2]).getSubjectDN())) {
                    i4 = i2;
                }
            }
            i4 = i2;
        }
        if (i5 == certificates.length) {
            return certificates;
        }
        ArrayList arrayList = new ArrayList();
        while (i3 < certificates.length) {
            arrayList.add(certificates[i3]);
            while (true) {
                i = i3 + 1;
                if (i < certificates.length && ((X509Certificate) certificates[i3]).getIssuerDN().equals(((X509Certificate) certificates[i]).getSubjectDN())) {
                    i3 = i;
                }
            }
            i3 = i;
        }
        Certificate[] certificateArr = new Certificate[arrayList.size()];
        arrayList.toArray(certificateArr);
        return certificateArr;
    }

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        Map<ProtectionDomain, PermissionCollection> pdMapping = this.policyInfo.get().getPdMapping();
        PermissionCollection permissionCollection = pdMapping.get(protectionDomain);
        if (permissionCollection != null) {
            return permissionCollection.implies(permission);
        }
        PermissionCollection permissions = getPermissions(protectionDomain);
        if (permissions == null) {
            return false;
        }
        pdMapping.put(protectionDomain, permissions);
        return permissions.implies(permission);
    }

    @Override // java.security.Policy
    public void refresh() {
        init(this.url);
    }
}
