package com.sun.deploy.security.ruleset;

import com.sun.deploy.cache.Cache;
import com.sun.deploy.config.Config;
import com.sun.deploy.resources.ResourceManager;
import com.sun.deploy.security.BlockedException;
import com.sun.deploy.security.TrustDecider;
import com.sun.deploy.security.ValidationState;
import com.sun.deploy.trace.Trace;
import com.sun.deploy.trace.TraceLevel;
import com.sun.deploy.util.SessionProperties;
import com.sun.deploy.util.SessionState;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;

/* loaded from: input_file:com/sun/deploy/security/ruleset/DeploymentRuleSet.class */
public abstract class DeploymentRuleSet {
    public static final String XML_FILENAME = "ruleset.xml";
    private static Rule[] rules;
    private static DeploymentRuleSet defaultRule = null;
    private static DeploymentRuleSet exceptionRule = null;
    private static boolean isInitialized = false;
    private static Exception initializationException = null;
    protected static final String FILENAME = "drs.properties";
    private static SessionProperties sessionProps = new SessionProperties(FILENAME);
    private static HashMap drsMap;

    public abstract boolean isCaSignedNever();

    public abstract boolean isSelfSignedNever();

    public abstract boolean isSSVModeNever();

    public abstract boolean isRunLocalAppletsNever();

    public abstract boolean isRunUntrustedNever();

    public abstract boolean isRunUntrustedMultiClick();

    public abstract boolean isSSVModeMultiClick();

    public abstract boolean isRevocationCheckBestEffort();

    public abstract boolean isExpiredBlocked();

    public abstract boolean isPermissionsManifestRequired();

    public abstract boolean isAskGrantShowSet();

    public abstract boolean isAskGrantSelfSignedSet();

    public abstract boolean isRuleRun();

    public abstract boolean isRuleBlock();

    public abstract String getVersionString();

    public abstract String getBlockString();

    public abstract Exception getException();

    public abstract boolean allowInsecureProperties();

    public abstract boolean isLiveConnectAllowedUnchecked();

    public static DeploymentRuleSet getDefault() {
        if (defaultRule == null) {
            defaultRule = new DefaultRule();
        }
        return defaultRule;
    }

    private static DeploymentRuleSet getExceptionRule() {
        if (exceptionRule == null) {
            exceptionRule = new ExceptionRule();
        }
        return exceptionRule;
    }

    private static DeploymentRuleSet getDefaultOrException(RuleId ruleId) {
        try {
            if (ruleId.isException()) {
                Trace.println(new StringBuffer().append("Exception List entry exists for: ").append(ruleId.location).append("\nno DRS rule applies, returning ").append("Exception Rule").toString(), TraceLevel.RULESET);
                return getExceptionRule();
            }
            Trace.println("no rule applies, returning Default Rule", TraceLevel.RULESET);
            return getDefault();
        } catch (BlockedException e) {
            return new BlockRule(e.getMessage(), e);
        }
    }

    public static DeploymentRuleSet findDRS(RuleId ruleId) {
        DeploymentRuleSet deploymentRuleSet = (DeploymentRuleSet) drsMap.get(ruleId);
        if (deploymentRuleSet == null) {
            deploymentRuleSet = getDRS(ruleId);
            drsMap.put(ruleId, deploymentRuleSet);
        }
        return deploymentRuleSet;
    }

    private static DeploymentRuleSet getDRS(RuleId ruleId) {
        Trace.println(new StringBuffer().append("finding Deployment Rule Set for ").append(ruleId).toString(), TraceLevel.RULESET);
        initialize();
        if (initializationException != null) {
            Trace.println(new StringBuffer().append("Exception parsing deployment rule set ").append(initializationException).toString(), TraceLevel.RULESET);
            Trace.ignored(initializationException);
            String string = ResourceManager.getString("deployment.blocked.ruleset.exception");
            if (initializationException instanceof BlockedException) {
                string = initializationException.getMessage();
            }
            return new BlockRule(string, initializationException);
        }
        for (int i = 0; i < rules.length; i++) {
            if (rules[i].getId().contains(ruleId)) {
                Trace.println(new StringBuffer().append("found matching id, using rule: ").append(rules[i]).toString(), TraceLevel.RULESET);
                RuleAction action = rules[i].getAction();
                return action.isRun() ? new RunRule(action.getVersionString(), action.getBlockedMessage()) : action.isBlock() ? new BlockRule(action.getBlockedMessage(), null) : getDefaultOrException(ruleId);
            }
        }
        return getDefaultOrException(ruleId);
    }

    public static synchronized void initialize() {
        if (isInitialized) {
            return;
        }
        rules = new Rule[0];
        File dRSFile = Config.getDRSFile();
        if (dRSFile != null && dRSFile.exists()) {
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction(dRSFile) { // from class: com.sun.deploy.security.ruleset.DeploymentRuleSet.1
                    private final File val$rulesetJar;

                    {
                        this.val$rulesetJar = dRSFile;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        DeploymentRuleSet.verifyRuleSetFile(this.val$rulesetJar);
                        JarFile jarFile = new JarFile(this.val$rulesetJar, false);
                        JarEntry jarEntry = jarFile.getJarEntry(DeploymentRuleSet.XML_FILENAME);
                        if (jarEntry == null) {
                            return null;
                        }
                        Rule[] unused = DeploymentRuleSet.rules = new RuleSetParser().parse(jarFile.getInputStream(jarEntry), (int) jarEntry.getSize());
                        return null;
                    }
                });
            } catch (PrivilegedActionException e) {
                initializationException = e.getException();
            } catch (Exception e2) {
                initializationException = e2;
            }
        }
        isInitialized = true;
    }

    public static boolean isRuleSetFileExists() {
        File dRSFile = Config.getDRSFile();
        return dRSFile != null && dRSFile.exists();
    }

    public static boolean installRuleSetFile(File file) {
        File dRSFile = Config.getDRSFile();
        try {
            Cache.copyFile(file, dRSFile);
            return true;
        } catch (Throwable th) {
            Trace.println(new StringBuffer().append("could not copy Deployment Rule Set file from ").append(file).append(" to ").append(dRSFile).toString(), TraceLevel.RULESET);
            return true;
        }
    }

    public static void verifyRuleSetFile(File file) {
        JarFile jarFile;
        JarEntry jarEntry;
        String str = null;
        Throwable th = null;
        if (file.toString().equals(sessionProps.getProperty("drs.verified"))) {
            Trace.println(new StringBuffer().append("The file: ").append(file).append(" was verified before relaunch.").toString(), TraceLevel.RULESET);
            return;
        }
        if (!Config.isJavaVersionAtLeast16()) {
            Trace.println("Deployment Rule Set verification skipped - not running JDK6 or later", TraceLevel.RULESET);
            return;
        }
        try {
            jarFile = new JarFile(file);
            jarEntry = jarFile.getJarEntry(XML_FILENAME);
        } catch (IOException e) {
            str = "deployment.cannot.validate.exception";
            th = e;
        }
        if (jarEntry == null) {
            throw new BlockedException(ResourceManager.getMessage("deployment.invalid.ruleset"), null);
        }
        try {
            InputStream inputStream = jarFile.getInputStream(jarEntry);
            byte[] bArr = new byte[1024];
            for (int length = bArr.length; length != -1; length = inputStream.read(bArr, 0, bArr.length)) {
            }
            inputStream.close();
        } catch (IOException e2) {
            Trace.ignored(e2);
        }
        ValidationState jarValidationState = TrustDecider.getJarValidationState(new CodeSource(file.toURI().toURL(), jarEntry.getCodeSigners()), null, null);
        if (jarValidationState.trustDecision == 0) {
            str = "deployment.cannot.validate";
        } else if (jarValidationState.certValidity != 0) {
            str = "deployment.cannot.validate";
        } else if (!jarValidationState.rootCAValid) {
            str = "deployment.cannot.validate.selfsigned";
        } else if (!jarValidationState.timeValid) {
            str = "deployment.cannot.validate.expired";
            th = jarValidationState.certExpiredException != null ? jarValidationState.certExpiredException : jarValidationState.certNotYetValidException;
        }
        if (str != null) {
            throw new BlockedException(ResourceManager.getMessage(str), th);
        }
        Trace.println(new StringBuffer().append("verification succeeded for signed Deployment Rule Set file ").append(file).toString(), TraceLevel.RULESET);
        sessionProps.setProperty("drs.verified", file.toString());
    }

    public String toString() {
        return "DeploymentRuleSet: generic";
    }

    static {
        SessionState.register(sessionProps);
        drsMap = new HashMap();
    }
}
