package com.sun.javaws.security;

import com.sun.applet2.preloader.Preloader;
import com.sun.deploy.config.Config;
import com.sun.deploy.model.ResourceProvider;
import com.sun.deploy.resources.ResourceManager;
import com.sun.deploy.security.CachedCertificatesHelper;
import com.sun.deploy.security.SandboxSecurity;
import com.sun.deploy.security.TrustDecider;
import com.sun.deploy.trace.Trace;
import com.sun.deploy.trace.TraceLevel;
import com.sun.javaws.exceptions.ExitException;
import com.sun.javaws.exceptions.JNLPException;
import com.sun.javaws.exceptions.JNLPSigningException;
import com.sun.javaws.exceptions.LaunchDescException;
import com.sun.javaws.exceptions.UnsignedAccessViolationException;
import com.sun.javaws.jnl.ExtensionDesc;
import com.sun.javaws.jnl.JARDesc;
import com.sun.javaws.jnl.LaunchDesc;
import com.sun.javaws.jnl.LaunchDescFactory;
import com.sun.javaws.jnl.ResourceVisitor;
import com.sun.javaws.jnl.ResourcesDesc;
import com.sun.javaws.security.SigningInfo;
import java.io.DataInputStream;
import java.io.IOException;
import java.net.URL;
import java.security.CodeSigner;
import java.security.CodeSource;
import java.security.GeneralSecurityException;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.spi.Configurator;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/jnlp-7.0.jar:com/sun/javaws/security/JNLPSignedResourcesHelper.class
 */
/* loaded from: input_file:mapacho/lib2/javax.jnlp-jnlp__V7.0.jar:com/sun/javaws/security/JNLPSignedResourcesHelper.class */
public class JNLPSignedResourcesHelper {
    static final boolean DEBUG;
    LaunchDesc mainDesc;
    private Thread warmupValidationThread = null;
    private boolean warmupOk = true;
    private static final String SIGNED_JNLP_ENTRY = "JNLP-INF/APPLICATION.JNLP";
    private static final String SIGNED_JNLP_TEMPLATE = "JNLP-INF/APPLICATION_TEMPLATE.JNLP";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/jnlp-7.0.jar:com/sun/javaws/security/JNLPSignedResourcesHelper$WarmupValidator.class
     */
    /* loaded from: input_file:mapacho/lib2/javax.jnlp-jnlp__V7.0.jar:com/sun/javaws/security/JNLPSignedResourcesHelper$WarmupValidator.class */
    public class WarmupValidator implements Runnable {
        private final JNLPSignedResourcesHelper this$0;

        WarmupValidator(JNLPSignedResourcesHelper jNLPSignedResourcesHelper) {
            this.this$0 = jNLPSignedResourcesHelper;
        }

        @Override // java.lang.Runnable
        public void run() {
            if (JNLPSignedResourcesHelper.DEBUG) {
                Trace.println("Staring warmup validation", TraceLevel.SECURITY);
            }
            ArrayList arrayList = new ArrayList();
            this.this$0.addExtensions(arrayList, this.this$0.mainDesc);
            for (int i = 0; i < arrayList.size(); i++) {
                try {
                    processSingleDesc((LaunchDesc) arrayList.get(i));
                } catch (Exception e) {
                    Trace.ignored(e);
                }
            }
        }

        private void processSingleDesc(LaunchDesc launchDesc) throws GeneralSecurityException, IOException {
            CachedCertificatesHelper[] cachedCertificates = launchDesc.getCachedCertificates();
            if (cachedCertificates != null) {
                for (int i = 0; i < cachedCertificates.length; i++) {
                    X509Certificate[] x509CertificateArr = (X509Certificate[]) cachedCertificates[i].getCertPath().getCertificates().toArray(new X509Certificate[0]);
                    TrustDecider.validateChainForWarmup(x509CertificateArr, new CodeSource(launchDesc.getCanonicalHome(), x509CertificateArr), i, launchDesc.getAppInfo(), launchDesc.getMainDeploymentRuleSet(), cachedCertificates[i].isSignedJNLP());
                }
            }
        }
    }

    public JNLPSignedResourcesHelper(LaunchDesc launchDesc) {
        this.mainDesc = null;
        this.mainDesc = launchDesc;
        AppPolicy.createInstance(this.mainDesc.getCanonicalHome().getHost());
    }

    public synchronized void warmup() {
        if (this.warmupOk) {
            this.warmupValidationThread = new Thread(new WarmupValidator(this));
            this.warmupValidationThread.setDaemon(true);
            this.warmupValidationThread.start();
        }
    }

    public void checkSignedLaunchDesc() throws IOException, JNLPException {
        checkSignedLaunchDesc(null, null);
    }

    public void checkSignedLaunchDesc(URL url, URL url2) throws IOException, JNLPException {
        ArrayList arrayList = new ArrayList();
        addExtensions(arrayList, this.mainDesc);
        for (int i = 0; i < arrayList.size(); i++) {
            checkSignedLaunchDescHelper((LaunchDesc) arrayList.get(i), url, url2);
        }
    }

    synchronized void ensureWarmupFinished() {
        if (this.warmupValidationThread != null) {
            try {
                this.warmupValidationThread.join();
            } catch (InterruptedException e) {
                e.printStackTrace();
            }
            this.warmupValidationThread = null;
            this.warmupOk = false;
        }
    }

    public boolean checkSignedResources(Preloader preloader, boolean z) throws IOException, JNLPException, ExitException {
        ensureWarmupFinished();
        boolean z2 = true;
        ArrayList arrayList = new ArrayList();
        addExtensions(arrayList, this.mainDesc);
        for (int i = 0; i < arrayList.size(); i++) {
            z2 = checkSignedResourcesHelper((LaunchDesc) arrayList.get(i), preloader, z) && z2;
        }
        return z2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void addExtensions(ArrayList arrayList, LaunchDesc launchDesc) {
        if (launchDesc == null) {
            return;
        }
        arrayList.add(launchDesc);
        ResourcesDesc resources = launchDesc.getResources();
        if (resources != null) {
            resources.visit(new ResourceVisitor(this, arrayList) { // from class: com.sun.javaws.security.JNLPSignedResourcesHelper.1
                private final ArrayList val$list;
                private final JNLPSignedResourcesHelper this$0;

                {
                    this.this$0 = this;
                    this.val$list = arrayList;
                }

                @Override // com.sun.javaws.jnl.ResourceVisitor
                public void visitExtensionDesc(ExtensionDesc extensionDesc) {
                    if (extensionDesc.isInstaller()) {
                        return;
                    }
                    this.this$0.addExtensions(this.val$list, extensionDesc.getExtensionDesc());
                }
            });
        }
    }

    private void checkSignedLaunchDescHelper(LaunchDesc launchDesc, URL url, URL url2) throws IOException, JNLPException {
        boolean isApplicationDescriptor = launchDesc.isApplicationDescriptor();
        JNLPSigningException jNLPSigningException = null;
        try {
            byte[] signedJNLPFile = getSignedJNLPFile(launchDesc, isApplicationDescriptor, true);
            if (signedJNLPFile != null) {
                try {
                    launchDesc.checkSigningTemplate(signedJNLPFile);
                    if (DEBUG) {
                        Trace.println("Signed JNLP Template matches LaunchDesc", TraceLevel.SECURITY);
                        return;
                    }
                    return;
                } catch (JNLPSigningException e) {
                    if (DEBUG) {
                        Trace.println("Signed JNLP Template fails to match ld", TraceLevel.SECURITY);
                    }
                    jNLPSigningException = e;
                }
            }
            byte[] signedJNLPFile2 = getSignedJNLPFile(launchDesc, isApplicationDescriptor, false);
            if (signedJNLPFile2 == null) {
                if (jNLPSigningException != null) {
                    throw jNLPSigningException;
                }
                if (launchDesc.getCachedCertificates() != null && launchDesc.getCachedCertificates()[0].isSignedJNLP()) {
                    throw new JNLPSigningException(launchDesc, null);
                }
                return;
            }
            LaunchDesc buildDescriptor = LaunchDescFactory.buildDescriptor(signedJNLPFile2, url, url2, launchDesc.getLocation());
            if (Trace.isEnabled(TraceLevel.SECURITY)) {
                Trace.println("Downloaded JNLP file: ", TraceLevel.SECURITY);
                Trace.println(launchDesc.toString(), TraceLevel.SECURITY);
                Trace.println("Signed JNLP file: ", TraceLevel.SECURITY);
                Trace.println(buildDescriptor.toString(), TraceLevel.SECURITY);
            }
            launchDesc.checkSigning(buildDescriptor);
        } catch (LaunchDescException e2) {
            e2.setIsSignedLaunchDesc();
            throw e2;
        } catch (JNLPException e3) {
            throw e3;
        } catch (IOException e4) {
            throw e4;
        }
    }

    private static boolean hasProgressResources(ResourcesDesc resourcesDesc) {
        for (JARDesc jARDesc : resourcesDesc.getLocalJarDescs()) {
            if (jARDesc.isProgressJar()) {
                return true;
            }
        }
        return false;
    }

    private static boolean checkSignedResourcesHelper(LaunchDesc launchDesc, Preloader preloader, boolean z) throws IOException, JNLPException, ExitException {
        boolean z2;
        Long l;
        ResourcesDesc resources = launchDesc.getResources();
        if (resources == null) {
            return true;
        }
        if (z && !hasProgressResources(resources)) {
            return true;
        }
        if (launchDesc.isSecure()) {
            try {
                SandboxSecurity.isPermissionGranted(getMainJarCodeSource(launchDesc), launchDesc.getAppInfo(), launchDesc.getMainDeploymentRuleSet(), preloader);
                return launchDesc.isSecureJVMArgs();
            } catch (SecurityException e) {
                throw new ExitException(e.getMessage(), e, 0);
            }
        }
        JARDesc[] localJarDescs = resources.getLocalJarDescs();
        boolean z3 = true;
        boolean z4 = false;
        boolean z5 = true;
        boolean z6 = true;
        List list = null;
        URL canonicalHome = launchDesc.getCanonicalHome();
        int i = 0;
        URL url = null;
        SigningInfo signingInfo = null;
        Map map = null;
        if (DEBUG) {
            Trace.println(new StringBuffer().append("Validating signatures for ").append(launchDesc.getLocation()).append(StringUtils.SPACE).append(launchDesc.getSourceURL()).toString(), TraceLevel.SECURITY);
        }
        if (launchDesc.getLocation() != null) {
            URL sourceURL = launchDesc.getSourceURL();
            if (sourceURL == null) {
                sourceURL = launchDesc.getLocation();
            }
            signingInfo = new SigningInfo(sourceURL, launchDesc.getVersion());
            map = signingInfo.getTrustedEntries();
            if (DEBUG) {
                Trace.println(new StringBuffer().append("TrustedSet ").append(map != null ? Integer.toString(map.size()) : Configurator.NULL).toString(), TraceLevel.SECURITY);
            }
        }
        SigningInfo[] signingInfoArr = new SigningInfo[localJarDescs.length];
        HashMap hashMap = new HashMap();
        boolean z7 = false;
        if (map == null) {
            z2 = false;
            if (DEBUG) {
                Trace.println(new StringBuffer().append("Empty trusted set for [").append(canonicalHome).append("]").toString(), TraceLevel.SECURITY);
            }
        } else {
            z2 = true;
        }
        for (int i2 = 0; !z7 && i2 < localJarDescs.length; i2++) {
            JARDesc jARDesc = localJarDescs[i2];
            signingInfoArr[i2] = new SigningInfo(jARDesc.getLocation(), jARDesc.getVersion());
            if (DEBUG) {
                Trace.println(new StringBuffer().append("Round 1 (").append(i2).append(" out of ").append(localJarDescs.length).append("):").append(jARDesc.getLocationString()).toString(), TraceLevel.SECURITY);
            }
            if (signingInfoArr[i2].isFileKnownToBeNotCached()) {
                if (DEBUG) {
                    Trace.println(new StringBuffer().append("    Skip: ").append(jARDesc.getLocationString()).toString(), TraceLevel.SECURITY);
                }
                z4 = true;
            } else if (signingInfoArr[i2].isKnownToBeValidated()) {
                long cachedVerificationTimestampt = signingInfoArr[i2].getCachedVerificationTimestampt();
                String locationString = jARDesc.getLocationString();
                if (signingInfoArr[i2].isKnownToBeSigned()) {
                    if (z2 && ((l = (Long) map.get(locationString)) == null || l.longValue() != cachedVerificationTimestampt)) {
                        if (DEBUG) {
                            Trace.println(new StringBuffer().append("Entry [").append(locationString).append(", ").append(l).append("] does not match trusted set. Revert to full validation of JNLP.").toString(), TraceLevel.SECURITY);
                        }
                        z2 = false;
                    }
                    hashMap.put(locationString, new Long(cachedVerificationTimestampt));
                } else {
                    z7 = true;
                    z2 = false;
                }
            } else {
                z7 = true;
                z2 = false;
                if (DEBUG) {
                    Trace.println(new StringBuffer().append("Entry [").append(jARDesc.getLocationString()).append("] is not prevalidated. Revert to full validation of this JAR.").toString(), TraceLevel.SECURITY);
                }
            }
        }
        if (!z2) {
            z6 = false;
            int i3 = 0;
            while (true) {
                if (i3 >= localJarDescs.length || !z5) {
                    break;
                }
                JARDesc jARDesc2 = localJarDescs[i3];
                if (DEBUG) {
                    Trace.println(new StringBuffer().append("Round 2 (").append(i3).append(" out of ").append(localJarDescs.length).append("):").append(jARDesc2.getLocationString()).toString(), TraceLevel.SECURITY);
                }
                if (signingInfoArr[i3] == null) {
                    signingInfoArr[i3] = new SigningInfo(jARDesc2.getLocation(), jARDesc2.getVersion());
                }
                if (signingInfoArr[i3].isFileKnownToBeNotCached()) {
                    if (DEBUG) {
                        Trace.println(new StringBuffer().append("    Skip ").append(jARDesc2.getLocationString()).toString(), TraceLevel.SECURITY);
                    }
                    z4 = true;
                } else {
                    List certificates = signingInfoArr[i3].isKnownToBeValidated() ? signingInfoArr[i3].getCertificates() : signingInfoArr[i3].check();
                    if (signingInfoArr[i3].isJarKnownToBeEmpty()) {
                        continue;
                    } else {
                        z6 = true;
                        if (certificates == null) {
                            z3 = false;
                            url = jARDesc2.getLocation();
                            if (launchDesc.getSecurityModel() != 0) {
                                ResourceProvider.get().markRetired(ResourceProvider.get().getCachedResource(jARDesc2.getLocation(), jARDesc2.getVersion()), true);
                            }
                        } else {
                            if (list == null) {
                                list = certificates;
                            } else {
                                list = SigningInfo.overlapChainLists(certificates, list);
                                if (DEBUG) {
                                    Trace.println(new StringBuffer().append("Have ").append(list == null ? 0 : list.size()).append(" common certificates after processing ").append(jARDesc2.getLocationString()).toString(), TraceLevel.SECURITY);
                                }
                                if (list == null) {
                                    z5 = false;
                                    if (launchDesc.getSecurityModel() != 0) {
                                        ResourceProvider.get().markRetired(ResourceProvider.get().getCachedResource(jARDesc2.getLocation(), jARDesc2.getVersion()), true);
                                    }
                                }
                            }
                            hashMap.put(jARDesc2.getLocationString(), new Long(signingInfoArr[i3].getCachedVerificationTimestampt()));
                            i++;
                        }
                    }
                }
                i3++;
            }
            if (!launchDesc.isSecure()) {
                if (!z3) {
                    throw new UnsignedAccessViolationException(launchDesc, url, true);
                }
                if (!z5) {
                    throw new LaunchDescException(launchDesc, ResourceManager.getString("launch.error.singlecertviolation"), null);
                }
                List normalizeCertificateList = normalizeCertificateList(list);
                if (launchDesc.getCachedCertificates() != null) {
                    for (CachedCertificatesHelper cachedCertificatesHelper : launchDesc.getCachedCertificates()) {
                        checkCachedChain(launchDesc, normalizeCertificateList, cachedCertificatesHelper.getCertPath());
                    }
                }
                if (i > 0) {
                    long grantUnrestrictedAccess = AppPolicy.getInstance().grantUnrestrictedAccess(launchDesc, launchDesc.getMainDeploymentRuleSet(), Config.isJavaVersionAtLeast15() ? new CodeSource(launchDesc.getCanonicalHome(), (CodeSigner[]) list.toArray(new CodeSigner[list.size()])) : new CodeSource(launchDesc.getCanonicalHome(), (Certificate[]) normalizeCertificateList.toArray(new Certificate[normalizeCertificateList.size()])), preloader);
                    if (grantUnrestrictedAccess > 0) {
                        long currentTimeMillis = System.currentTimeMillis();
                        for (int i4 = 0; i4 < signingInfoArr.length; i4++) {
                            signingInfoArr[i4].updateCacheIfNeeded(true, null, currentTimeMillis, grantUnrestrictedAccess);
                            String locationString2 = localJarDescs[i4].getLocationString();
                            if (hashMap.containsKey(locationString2)) {
                                hashMap.put(locationString2, new Long(signingInfoArr[i4].getCachedVerificationTimestampt()));
                            }
                        }
                        if (signingInfo != null) {
                            signingInfo.updateCache(true, hashMap, System.currentTimeMillis(), grantUnrestrictedAccess);
                        }
                    }
                    z2 = true;
                } else {
                    if (signingInfo != null) {
                        signingInfo.updateCache(true, hashMap, System.currentTimeMillis(), Long.MAX_VALUE);
                    }
                    z2 = true;
                }
            }
        }
        if (z2 && !z4 && z6) {
            launchDesc.setTrusted();
        }
        if (DEBUG) {
            Trace.println(new StringBuffer().append("LD - All JAR files signed: ").append(canonicalHome).toString(), TraceLevel.BASIC);
        }
        return z3;
    }

    static byte[] getSignedJNLPFile(LaunchDesc launchDesc, boolean z, boolean z2) throws IOException, JNLPException {
        JARDesc mainJar;
        if (launchDesc.getResources() == null || (mainJar = launchDesc.getResources().getMainJar(z)) == null) {
            return null;
        }
        return getSignedJNLPBits(mainJar.getLocation(), mainJar.getVersion(), z2);
    }

    public static byte[] getSignedJNLPBits(URL url, String str, boolean z) throws IOException {
        String str2 = z ? SIGNED_JNLP_TEMPLATE : SIGNED_JNLP_ENTRY;
        JarFile jarFile = null;
        try {
            jarFile = new JarFile(ResourceProvider.get().getCachedResourceFilePath(url, str), false);
            JarEntry jarEntry = jarFile.getJarEntry(str2);
            if (jarEntry == null) {
                Enumeration<JarEntry> entries = jarFile.entries();
                while (entries.hasMoreElements() && jarEntry == null) {
                    JarEntry nextElement = entries.nextElement();
                    if (nextElement.getName().equalsIgnoreCase(str2)) {
                        jarEntry = nextElement;
                    }
                }
            }
            if (jarEntry == null) {
                if (jarFile != null) {
                    jarFile.close();
                }
                return null;
            }
            byte[] bArr = new byte[(int) jarEntry.getSize()];
            DataInputStream dataInputStream = new DataInputStream(jarFile.getInputStream(jarEntry));
            dataInputStream.readFully(bArr, 0, (int) jarEntry.getSize());
            dataInputStream.close();
            if (jarFile != null) {
                jarFile.close();
            }
            return bArr;
        } catch (Throwable th) {
            if (jarFile != null) {
                jarFile.close();
            }
            throw th;
        }
    }

    static void checkCachedChain(LaunchDesc launchDesc, List list, CertPath certPath) throws LaunchDescException {
        if (list == null) {
            return;
        }
        List<? extends Certificate> certificates = certPath.getCertificates();
        for (int i = 0; i < certificates.size(); i++) {
            if (!list.contains(certificates.get(i))) {
                throw new LaunchDescException(launchDesc, ResourceManager.getString("launch.error.unmatched.embedded.cert"), null);
            }
        }
    }

    static List normalizeCertificateList(List list) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            for (int i = 0; i < list.size(); i++) {
                if (Config.isJavaVersionAtLeast15() && (list.get(i) instanceof CodeSigner)) {
                    CertPath signerCertPath = ((CodeSigner) list.get(i)).getSignerCertPath();
                    if (signerCertPath != null) {
                        arrayList.addAll(signerCertPath.getCertificates());
                    }
                } else if (list.get(i) instanceof SigningInfo.CertChain) {
                    arrayList.addAll(Arrays.asList(((SigningInfo.CertChain) list.get(i)).getCertificates()));
                }
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    private static CodeSource getMainJarCodeSource(LaunchDesc launchDesc) {
        Certificate[] certificateArr = null;
        CodeSigner[] codeSignerArr = null;
        JARDesc mainJar = launchDesc.getResources().getMainJar(true);
        if (mainJar != null) {
            try {
                SigningInfo signingInfo = new SigningInfo(mainJar.getLocation(), mainJar.getVersion());
                if (Config.isJavaVersionAtLeast15()) {
                    List check = signingInfo.check();
                    codeSignerArr = (CodeSigner[]) check.toArray(new CodeSigner[check.size()]);
                } else {
                    List normalizeCertificateList = normalizeCertificateList(signingInfo.check());
                    certificateArr = (Certificate[]) normalizeCertificateList.toArray(new Certificate[normalizeCertificateList.size()]);
                }
            } catch (Exception e) {
                Trace.ignored(e);
            }
        }
        if (Config.isJavaVersionAtLeast15()) {
            return new CodeSource(mainJar != null ? mainJar.getLocation() : launchDesc.getCanonicalHome(), codeSignerArr);
        }
        return new CodeSource(mainJar != null ? mainJar.getLocation() : launchDesc.getCanonicalHome(), certificateArr);
    }

    static {
        DEBUG = Config.getDeployDebug() || Config.getPluginDebug();
    }
}
