package com.sun.deploy.security;

import com.sun.deploy.config.Config;
import com.sun.deploy.model.Resource;
import com.sun.deploy.model.ResourceProvider;
import com.sun.deploy.panel.AndOrRadioPropertyGroup;
import com.sun.deploy.security.ruleset.DeploymentRuleSet;
import com.sun.deploy.trace.Trace;
import com.sun.deploy.trace.TraceLevel;
import com.sun.deploy.ui.AppInfo;
import com.sun.deploy.uitoolkit.ToolkitStore;
import com.sun.deploy.xml.XMLNode;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashMap;
import java.util.jar.Attributes;
import java.util.jar.JarFile;

/* loaded from: input_file:com/sun/deploy/security/DeployManifestChecker.class */
public class DeployManifestChecker {
    private static final String PERMISSIONS_ATTR = "Permissions";
    private static final String CODEBASE_ATTR = "Codebase";
    private static final String NAME_ATTR = "Application-Name";
    private static final String LIBRARY_CODEBASE_ATTR = "Application-Library-Allowable-Codebase";
    private static final String SANDBOX_VALUE = "sandbox";
    private static final String ALLPERMS_VALUE = "all-permissions";
    private static final String ENTRY_POINT = "Entry-Point";
    private static final String JARJNLP_SUFFIX = ".jarjnlp";
    private static final String JAR_SUFFIX = ".jar";

    /* loaded from: input_file:com/sun/deploy/security/DeployManifestChecker$CodebaseCheckState.class */
    public final class CodebaseCheckState {
        public static final int NO_MATCH = 1;
        public static final int STRICT_MATCH = 2;
        public static final int MATCH_BY_WILDCARD = 4;
        private final DeployManifestChecker this$0;

        public CodebaseCheckState(DeployManifestChecker deployManifestChecker) {
            this.this$0 = deployManifestChecker;
        }
    }

    private DeployManifestChecker() {
    }

    public static void verify(DeploymentRuleSet deploymentRuleSet, URL url, boolean z, AppInfo appInfo) {
        Resource cachedResource = ResourceProvider.get().getCachedResource(url, (String) ToolkitStore.get().getAppContext().get(new StringBuffer().append(Config.APPCONTEXT_KEY_PREFIX).append(url).toString()));
        if (cachedResource == null || !cachedResource.isJarFile()) {
            return;
        }
        try {
            verify(deploymentRuleSet, url, cachedResource.getJarFile().getManifest().getMainAttributes(), z, appInfo);
        } catch (IOException e) {
            Trace.ignored(e);
            throw new SecurityException("unexpected exception when trying to access manifest attributes");
        }
    }

    public static void verifyMainJar(DeploymentRuleSet deploymentRuleSet, URL url, boolean z, AppInfo appInfo) {
        Resource cachedResource = ResourceProvider.get().getCachedResource(url, (String) ToolkitStore.get().getAppContext().get(new StringBuffer().append(Config.APPCONTEXT_KEY_PREFIX).append(url).toString()));
        if (cachedResource == null || !cachedResource.isJarFile()) {
            return;
        }
        try {
            verifyMainJar(deploymentRuleSet, url, cachedResource.getJarFile().getManifest().getMainAttributes(), z, appInfo);
        } catch (IOException e) {
            Trace.ignored(e);
            throw new SecurityException("unexpected exception when trying to access manifest attributes");
        }
    }

    static void verifyMainJar(DeploymentRuleSet deploymentRuleSet, URL url, Attributes attributes, boolean z, AppInfo appInfo) {
        if (attributes.getValue(PERMISSIONS_ATTR) == null) {
            if (deploymentRuleSet.isPermissionsManifestRequired()) {
                throw new SecurityException(new StringBuffer().append("Missing required Permissions manifest attribute in main jar: ").append(url).toString());
            }
            Trace.println(new StringBuffer().append("Missing Permissions manifest attribute in main jar: ").append(url).toString());
        }
    }

    public static int getPermissionRequestType(URL url, String str) {
        Resource cachedResource = ResourceProvider.get().getCachedResource(url, str);
        if (cachedResource == null || !cachedResource.isJarFile()) {
            return 0;
        }
        try {
            String value = cachedResource.getJarFile().getManifest().getMainAttributes().getValue(PERMISSIONS_ATTR);
            if (value == null) {
                return 0;
            }
            if (value.equals(SANDBOX_VALUE)) {
                return 1;
            }
            return value.equals(ALLPERMS_VALUE) ? 2 : 0;
        } catch (IOException e) {
            Trace.ignored(e);
            return 0;
        }
    }

    static void verify(DeploymentRuleSet deploymentRuleSet, URL url, Attributes attributes, boolean z, AppInfo appInfo) {
        if (appInfo != null && !appInfo.hasSignedJNLP()) {
            String value = attributes.getValue(NAME_ATTR);
            if (value == null) {
                value = attributes.getValue(Attributes.Name.MAIN_CLASS);
            }
            appInfo.setTitle(value);
        }
        String value2 = attributes.getValue(PERMISSIONS_ATTR);
        if (appInfo != null) {
            appInfo.setPermissionAttr(value2 != null);
        }
        if (SANDBOX_VALUE.equals(value2)) {
            if (z) {
                throw new SecurityException(new StringBuffer().append("JAR manifest requested to run in sandbox only: ").append(url).toString());
            }
        } else if (ALLPERMS_VALUE.equals(value2)) {
            if (!z) {
                throw new SecurityException(new StringBuffer().append("JAR manifest requested to run in all-permissons only: ").append(url).toString());
            }
        } else if (value2 != null) {
            throw new SecurityException(new StringBuffer().append("Invalid Permissions value: ").append(value2).toString());
        }
        String value3 = attributes.getValue(CODEBASE_ATTR);
        if (value3 == null) {
            Trace.println(new StringBuffer().append("Missing Codebase manifest attribute for: ").append(url).toString(), TraceLevel.SECURITY);
        } else if (!verifyCodebase(url, value3, false)) {
            throw new SecurityException(new StringBuffer().append("JAR manifest codebase mismatch for ").append(url).toString());
        }
        if (attributes.getValue(LIBRARY_CODEBASE_ATTR) == null) {
            Trace.println(new StringBuffer().append("Missing Application-Library-Allowable-Codebase manifest attribute for: ").append(url).toString(), TraceLevel.SECURITY);
        } else if (!verifyApplicationLibraryAllowableCodebase(url, appInfo)) {
            throw new SecurityException(new StringBuffer().append("JAR manifest application-library-allowable-codebase  mismatch for ").append(url).toString());
        }
    }

    public static String verifyMainClass(String str, Attributes attributes) {
        if (str == null) {
            str = attributes.getValue(Attributes.Name.MAIN_CLASS);
        }
        String value = attributes.getValue(ENTRY_POINT);
        if (value == null) {
            return str;
        }
        String[] split = value.split("\\s");
        HashMap hashMap = new HashMap();
        for (String str2 : split) {
            hashMap.put(str2.trim(), AndOrRadioPropertyGroup.TRUE);
        }
        if (str == null || hashMap.get(str) != null) {
            return str;
        }
        throw new SecurityException(new StringBuffer().append(str).append(" class is not mentioned in the Entry point list").toString());
    }

    public static boolean verifyCodebase(URL url, String str, boolean z) {
        int verifyCodebaseEx = verifyCodebaseEx(url, str, z);
        return verifyCodebaseEx == 4 || verifyCodebaseEx == 2;
    }

    public static int verifyCodebaseEx(URL url, String str, boolean z) {
        String str2;
        int parseInt;
        String host = url.getHost();
        String protocol = url.getProtocol();
        int defaultPort = url.getDefaultPort();
        int port = url.getPort();
        boolean z2 = false;
        String[] split = str.split("\\s");
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        for (int i = 0; i < split.length; i++) {
            String str3 = null;
            try {
                URL url2 = new URL(split[i]);
                str2 = url2.getHost();
                str3 = url2.getProtocol();
                parseInt = url2.getPort();
            } catch (MalformedURLException e) {
                str2 = split[i];
                int indexOf = str2.indexOf(":");
                if (indexOf == -1) {
                    parseInt = -1;
                } else {
                    str2 = split[i].substring(0, indexOf);
                    parseInt = Integer.parseInt(split[i].substring(indexOf + 1));
                }
            }
            if (parseInt == -1) {
                z5 = true;
            } else if (parseInt == port) {
                z5 = true;
            } else if (parseInt == defaultPort && port == -1) {
                z5 = true;
            }
            if (str3 == null) {
                z3 = true;
            } else if (str3.equals(protocol)) {
                z3 = true;
            }
            if (str2.equals(XMLNode.WILDCARD)) {
                z4 = true;
                z2 = true;
            } else if (str2.indexOf(XMLNode.WILDCARD) != -1) {
                if (!str2.startsWith("*.")) {
                    throw new SecurityException(new StringBuffer().append("Invalid Codebase value: ").append(split[i]).toString());
                }
                String substring = str2.substring(2);
                if (host.endsWith(substring)) {
                    z4 = true;
                    if (substring.indexOf(46) == -1) {
                        z2 = true;
                    }
                }
            } else if (str2.equals(host)) {
                z4 = true;
            }
            if (z3 && z4 && z5) {
                if (z && "http".equals(url.getProtocol()) && !"http".equals(str3)) {
                    Trace.println("Javascript from a non secure page is accessing privileged code. Consider using HTTPS protocol when using Javascript -> Java liveconnect calls.", TraceLevel.SECURITY);
                }
                return z2 ? 4 : 2;
            }
            z4 = false;
            z3 = false;
            z5 = false;
        }
        return 1;
    }

    public static boolean verifyApplicationLibraryAllowableCodebase(URL url, AppInfo appInfo) {
        if (url.toString().endsWith(JARJNLP_SUFFIX)) {
            String url2 = url.toString();
            try {
                url = new URL(new StringBuffer().append(url2.substring(0, url2.length() - JARJNLP_SUFFIX.length())).append(JAR_SUFFIX).toString());
            } catch (MalformedURLException e) {
                Trace.ignored(e);
                return false;
            }
        }
        Resource cachedResource = ResourceProvider.get().getCachedResource(url, (String) ToolkitStore.get().getAppContext().get(new StringBuffer().append(Config.APPCONTEXT_KEY_PREFIX).append(url).toString()));
        if (cachedResource == null || !cachedResource.isJarFile()) {
            return true;
        }
        boolean z = false;
        try {
            String value = cachedResource.getJarFile().getManifest().getMainAttributes().getValue(LIBRARY_CODEBASE_ATTR);
            if (value == null) {
                Trace.println(new StringBuffer().append("Missing Application-Library-Allowable-Codebase manifest attribute for: ").append(url).toString(), TraceLevel.SECURITY);
            }
            if (value != null && value.trim().length() > 0) {
                for (URL url3 : appInfo.getMultiHostUrls()) {
                    z = verifyCodebase(url3, value, false);
                    if (!z) {
                        break;
                    }
                }
            }
        } catch (IOException e2) {
            Trace.ignored(e2);
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void printWarningsIfRequired(URL url, AppInfo appInfo) {
        Resource cachedResource = ResourceProvider.get().getCachedResource(url, (String) ToolkitStore.get().getAppContext().get(new StringBuffer().append(Config.APPCONTEXT_KEY_PREFIX).append(url).toString()));
        if (cachedResource == null || !cachedResource.isJarFile()) {
            return;
        }
        JarFile jarFile = cachedResource.getJarFile();
        if (appInfo == null || appInfo.hasSignedJNLP()) {
            return;
        }
        try {
            if (jarFile.getManifest().getMainAttributes().getValue(NAME_ATTR) == null) {
                Trace.println(new StringBuffer().append("Missing Application-Name manifest attribute for: ").append(url).toString());
            }
        } catch (IOException e) {
            Trace.ignored(e);
        }
    }
}
