package com.sun.enterprise.security.provider;

import com.sun.appserv.management.util.misc.StringUtil;
import com.sun.enterprise.admin.servermgmt.pe.PEFileLayout;
import com.sun.enterprise.security.provider.PolicyParser;
import com.sun.faces.RIConstants;
import com.sun.security.auth.PrincipalComparator;
import java.awt.AWTPermission;
import java.io.File;
import java.io.FilePermission;
import java.io.IOException;
import java.io.InputStreamReader;
import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.NetPermission;
import java.net.SocketPermission;
import java.net.URI;
import java.net.URL;
import java.security.AccessController;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Identity;
import java.security.IdentityScope;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.Security;
import java.security.UnresolvedPermission;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import java.util.PropertyPermission;
import java.util.Random;
import java.util.StringTokenizer;
import java.util.WeakHashMap;
import java.util.concurrent.atomic.AtomicReference;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import org.apache.derby.iapi.sql.compile.TypeCompiler;
import org.apache.derby.impl.services.locks.Timeout;
import org.apache.felix.framework.util.FelixConstants;
import sun.net.www.ParseUtil;
import sun.security.provider.IdentityDatabase;
import sun.security.provider.SystemIdentity;
import sun.security.provider.SystemSigner;
import sun.security.util.Debug;
import sun.security.util.PropertyExpander;
import sun.security.util.ResourcesMgr;
import sun.security.util.SecurityConstants;

/* loaded from: input_file:glassfish-embedded-all-3.0-nx.jar:com/sun/enterprise/security/provider/PolicyFile.class */
public class PolicyFile extends Policy {
    private static final String NONE = "NONE";
    private static final String P11KEYSTORE = "PKCS11";
    private static final String SELF = "${{self}}";
    private static final String X500PRINCIPAL = "javax.security.auth.x500.X500Principal";
    private static final String POLICY = "java.security.policy";
    private static final String SECURITY_MANAGER = "java.security.manager";
    private static final String POLICY_URL = "policy.url.";
    private static final String AUTH_POLICY = "java.security.auth.policy";
    private static final String AUTH_POLICY_URL = "auth.policy.url.";
    private static final int DEFAULT_CACHE_SIZE = 1;
    private AtomicReference<PolicyInfo> policyInfo = new AtomicReference<>();
    private boolean constructed = false;
    private boolean expandProperties = true;
    private boolean ignoreIdentityScope = false;
    private boolean allowSystemProperties = true;
    private boolean notUtf8 = false;
    private URL url;
    private static final Debug debug = Debug.getInstance(PEFileLayout.POLICY_DIR);
    private static IdentityScope scope = null;
    private static final Class[] PARAMS0 = new Class[0];
    private static final Class[] PARAMS1 = {String.class};
    private static final Class[] PARAMS2 = {String.class, String.class};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:glassfish-embedded-all-3.0-nx.jar:com/sun/enterprise/security/provider/PolicyFile$PolicyEntry.class */
    public static class PolicyEntry {
        private final CodeSource codesource;
        final List<Permission> permissions;
        private final List<PolicyParser.PrincipalEntry> principals;

        PolicyEntry(CodeSource codeSource, List<PolicyParser.PrincipalEntry> list) {
            this.codesource = codeSource;
            this.permissions = new ArrayList();
            this.principals = list;
        }

        PolicyEntry(CodeSource codeSource) {
            this(codeSource, null);
        }

        List<PolicyParser.PrincipalEntry> getPrincipals() {
            return this.principals;
        }

        void add(Permission permission) {
            this.permissions.add(permission);
        }

        CodeSource getCodeSource() {
            return this.codesource;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append(ResourcesMgr.getString("("));
            sb.append(getCodeSource());
            sb.append(Timeout.newline);
            for (int i = 0; i < this.permissions.size(); i++) {
                Permission permission = this.permissions.get(i);
                sb.append(ResourcesMgr.getString(" "));
                sb.append(ResourcesMgr.getString(" "));
                sb.append(permission);
                sb.append(ResourcesMgr.getString(Timeout.newline));
            }
            sb.append(ResourcesMgr.getString(")"));
            sb.append(ResourcesMgr.getString(Timeout.newline));
            return sb.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:glassfish-embedded-all-3.0-nx.jar:com/sun/enterprise/security/provider/PolicyFile$PolicyInfo.class */
    public static class PolicyInfo {
        private static final boolean verbose = false;
        final List<PolicyEntry> policyEntries = new ArrayList();
        final List<PolicyEntry> identityPolicyEntries = Collections.synchronizedList(new ArrayList(2));
        final Map aliasMapping = Collections.synchronizedMap(new HashMap(11));
        private final Map<ProtectionDomain, PermissionCollection>[] pdMapping;
        private Random random;

        PolicyInfo(int i) {
            this.pdMapping = new Map[i];
            for (int i2 = 0; i2 < i; i2++) {
                this.pdMapping[i2] = Collections.synchronizedMap(new WeakHashMap());
            }
            if (i > 1) {
                this.random = new Random();
            }
        }

        Map<ProtectionDomain, PermissionCollection> getPdMapping() {
            if (this.pdMapping.length == 1) {
                return this.pdMapping[0];
            }
            return this.pdMapping[Math.abs(this.random.nextInt() % this.pdMapping.length)];
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:glassfish-embedded-all-3.0-nx.jar:com/sun/enterprise/security/provider/PolicyFile$SelfPermission.class */
    public static class SelfPermission extends Permission {
        private static final long serialVersionUID = -8315562579967246806L;
        private String type;
        private String name;
        private String actions;
        private Certificate[] certs;

        public SelfPermission(String str, String str2, String str3, Certificate[] certificateArr) {
            super(str);
            if (str == null) {
                throw new NullPointerException(ResourcesMgr.getString("type can't be null"));
            }
            this.type = str;
            this.name = str2;
            this.actions = str3;
            if (certificateArr != null) {
                int i = 0;
                while (true) {
                    if (i >= certificateArr.length) {
                        break;
                    }
                    if (!(certificateArr[i] instanceof X509Certificate)) {
                        this.certs = (Certificate[]) certificateArr.clone();
                        break;
                    }
                    i++;
                }
                if (this.certs == null) {
                    int i2 = 0;
                    int i3 = 0;
                    while (i2 < certificateArr.length) {
                        i3++;
                        while (i2 + 1 < certificateArr.length && ((X509Certificate) certificateArr[i2]).getIssuerDN().equals(((X509Certificate) certificateArr[i2 + 1]).getSubjectDN())) {
                            i2++;
                        }
                        i2++;
                    }
                    if (i3 == certificateArr.length) {
                        this.certs = (Certificate[]) certificateArr.clone();
                    }
                    if (this.certs == null) {
                        ArrayList arrayList = new ArrayList();
                        int i4 = 0;
                        while (i4 < certificateArr.length) {
                            arrayList.add(certificateArr[i4]);
                            while (i4 + 1 < certificateArr.length && ((X509Certificate) certificateArr[i4]).getIssuerDN().equals(((X509Certificate) certificateArr[i4 + 1]).getSubjectDN())) {
                                i4++;
                            }
                            i4++;
                        }
                        this.certs = new Certificate[arrayList.size()];
                        arrayList.toArray(this.certs);
                    }
                }
            }
        }

        @Override // java.security.Permission
        public boolean implies(Permission permission) {
            return false;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof SelfPermission)) {
                return false;
            }
            SelfPermission selfPermission = (SelfPermission) obj;
            if (!this.type.equals(selfPermission.type) || !this.name.equals(selfPermission.name) || !this.actions.equals(selfPermission.actions) || this.certs.length != selfPermission.certs.length) {
                return false;
            }
            for (int i = 0; i < this.certs.length; i++) {
                boolean z = false;
                int i2 = 0;
                while (true) {
                    if (i2 >= selfPermission.certs.length) {
                        break;
                    }
                    if (this.certs[i].equals(selfPermission.certs[i2])) {
                        z = true;
                        break;
                    }
                    i2++;
                }
                if (!z) {
                    return false;
                }
            }
            for (int i3 = 0; i3 < selfPermission.certs.length; i3++) {
                boolean z2 = false;
                int i4 = 0;
                while (true) {
                    if (i4 >= this.certs.length) {
                        break;
                    }
                    if (selfPermission.certs[i3].equals(this.certs[i4])) {
                        z2 = true;
                        break;
                    }
                    i4++;
                }
                if (!z2) {
                    return false;
                }
            }
            return true;
        }

        public int hashCode() {
            int hashCode = this.type.hashCode();
            if (this.name != null) {
                hashCode ^= this.name.hashCode();
            }
            if (this.actions != null) {
                hashCode ^= this.actions.hashCode();
            }
            return hashCode;
        }

        @Override // java.security.Permission
        public String getActions() {
            return "";
        }

        public String getSelfType() {
            return this.type;
        }

        public String getSelfName() {
            return this.name;
        }

        public String getSelfActions() {
            return this.actions;
        }

        public Certificate[] getCerts() {
            return this.certs;
        }

        public String toString() {
            return "(SelfPermission " + this.type + " " + this.name + " " + this.actions + ")";
        }
    }

    public PolicyFile() {
        init((URL) null);
    }

    public PolicyFile(URL url) {
        this.url = url;
        init(url);
    }

    private void init(URL url) {
        int i;
        String str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: com.sun.enterprise.security.provider.PolicyFile.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public String run() {
                PolicyFile.this.expandProperties = "true".equalsIgnoreCase(Security.getProperty("policy.expandProperties"));
                PolicyFile.this.ignoreIdentityScope = "true".equalsIgnoreCase(Security.getProperty("policy.ignoreIdentityScope"));
                PolicyFile.this.allowSystemProperties = "true".equalsIgnoreCase(Security.getProperty("policy.allowSystemProperty"));
                PolicyFile.this.notUtf8 = "false".equalsIgnoreCase(System.getProperty("sun.security.policy.utf8"));
                return System.getProperty("sun.security.policy.numcaches");
            }
        });
        if (str != null) {
            try {
                i = Integer.parseInt(str);
            } catch (NumberFormatException e) {
                i = 1;
            }
        } else {
            i = 1;
        }
        PolicyInfo policyInfo = new PolicyInfo(i);
        initPolicyFile(policyInfo, url);
        this.policyInfo.set(policyInfo);
    }

    private void initPolicyFile(final PolicyInfo policyInfo, final URL url) {
        if (url != null) {
            if (debug != null) {
                debug.println("reading " + url);
            }
            AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: com.sun.enterprise.security.provider.PolicyFile.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Void run() {
                    if (PolicyFile.this.init(url, policyInfo)) {
                        return null;
                    }
                    PolicyFile.this.initStaticPolicy(policyInfo);
                    return null;
                }
            });
        } else {
            if (!initPolicyFile(POLICY, POLICY_URL, policyInfo)) {
                initStaticPolicy(policyInfo);
            }
            initPolicyFile(AUTH_POLICY, AUTH_POLICY_URL, policyInfo);
        }
    }

    private boolean initPolicyFile(final String str, final String str2, final PolicyInfo policyInfo) {
        return ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: com.sun.enterprise.security.provider.PolicyFile.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Boolean run() {
                boolean z = false;
                if (PolicyFile.this.allowSystemProperties) {
                    String property = System.getProperty(str);
                    if (property != null) {
                        boolean z2 = false;
                        if (property.startsWith(FelixConstants.ATTRIBUTE_SEPARATOR)) {
                            z2 = true;
                            property = property.substring(1);
                        }
                        try {
                            String expand = PropertyExpander.expand(property);
                            File file = new File(expand);
                            URL fileToEncodedURL = file.exists() ? ParseUtil.fileToEncodedURL(new File(file.getCanonicalPath())) : new URL(expand);
                            if (PolicyFile.debug != null) {
                                PolicyFile.debug.println("reading " + fileToEncodedURL);
                            }
                            if (PolicyFile.this.init(fileToEncodedURL, policyInfo)) {
                                z = true;
                            }
                        } catch (Exception e) {
                            if (PolicyFile.debug != null) {
                                PolicyFile.debug.println("caught exception: " + e);
                            }
                        }
                        if (z2) {
                            if (PolicyFile.debug != null) {
                                PolicyFile.debug.println("overriding other policies!");
                            }
                            return Boolean.valueOf(z);
                        }
                    }
                }
                int i = 1;
                while (true) {
                    String property2 = Security.getProperty(str2 + i);
                    if (property2 == null) {
                        return Boolean.valueOf(z);
                    }
                    try {
                        String replace = PropertyExpander.expand(property2).replace(File.separatorChar, '/');
                        URL url = (property2.startsWith("file:${java.home}/") || property2.startsWith("file:${user.home}/")) ? new File(replace.substring(5)).toURI().toURL() : new URI(replace).toURL();
                        if (PolicyFile.debug != null) {
                            PolicyFile.debug.println("reading " + url);
                        }
                        if (PolicyFile.this.init(url, policyInfo)) {
                            z = true;
                        }
                    } catch (Exception e2) {
                        if (PolicyFile.debug != null) {
                            PolicyFile.debug.println("error reading policy " + e2);
                            e2.printStackTrace();
                        }
                    }
                    i++;
                }
            }
        })).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean init(URL url, PolicyInfo policyInfo) {
        boolean z = false;
        PolicyParser policyParser = new PolicyParser(this.expandProperties);
        InputStreamReader inputStreamReader = null;
        try {
            try {
                inputStreamReader = this.notUtf8 ? new InputStreamReader(PolicyUtil.getInputStream(url)) : new InputStreamReader(PolicyUtil.getInputStream(url), "UTF-8");
                policyParser.read(inputStreamReader);
                KeyStore keyStore = null;
                try {
                    keyStore = PolicyUtil.getKeyStore(url, policyParser.getKeyStoreUrl(), policyParser.getKeyStoreType(), policyParser.getKeyStoreProvider(), policyParser.getStorePassURL(), debug);
                } catch (Exception e) {
                    if (debug != null) {
                        e.printStackTrace();
                    }
                }
                Enumeration grantElements = policyParser.grantElements();
                while (grantElements.hasMoreElements()) {
                    addGrantEntry((PolicyParser.GrantEntry) grantElements.nextElement(), keyStore, policyInfo);
                }
                if (inputStreamReader != null) {
                    try {
                        inputStreamReader.close();
                        z = true;
                    } catch (IOException e2) {
                    }
                } else {
                    z = true;
                }
            } catch (PolicyParser.ParsingException e3) {
                System.err.println(new MessageFormat(ResourcesMgr.getString("java.security.policy: error parsing policy:\n\tmessage")).format(new Object[]{url, e3.getLocalizedMessage()}));
                if (debug != null) {
                    e3.printStackTrace();
                }
                if (inputStreamReader != null) {
                    try {
                        inputStreamReader.close();
                        z = true;
                    } catch (IOException e4) {
                    }
                } else {
                    z = true;
                }
            } catch (Exception e5) {
                if (debug != null) {
                    debug.println("error parsing " + url);
                    debug.println(e5.toString());
                    e5.printStackTrace();
                }
                if (inputStreamReader != null) {
                    try {
                        inputStreamReader.close();
                        z = true;
                    } catch (IOException e6) {
                    }
                } else {
                    z = true;
                }
            }
            return z;
        } catch (Throwable th) {
            if (inputStreamReader != null) {
                try {
                    inputStreamReader.close();
                } catch (IOException e7) {
                }
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initStaticPolicy(final PolicyInfo policyInfo) {
        AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: com.sun.enterprise.security.provider.PolicyFile.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                PolicyEntry policyEntry = new PolicyEntry(new CodeSource((URL) null, (Certificate[]) null));
                policyEntry.add(SecurityConstants.LOCAL_LISTEN_PERMISSION);
                policyEntry.add(new PropertyPermission("java.version", "read"));
                policyEntry.add(new PropertyPermission("java.vendor", "read"));
                policyEntry.add(new PropertyPermission("java.vendor.url", "read"));
                policyEntry.add(new PropertyPermission("java.class.version", "read"));
                policyEntry.add(new PropertyPermission("os.name", "read"));
                policyEntry.add(new PropertyPermission("os.version", "read"));
                policyEntry.add(new PropertyPermission("os.arch", "read"));
                policyEntry.add(new PropertyPermission("file.separator", "read"));
                policyEntry.add(new PropertyPermission("path.separator", "read"));
                policyEntry.add(new PropertyPermission("line.separator", "read"));
                policyEntry.add(new PropertyPermission("java.specification.version", "read"));
                policyEntry.add(new PropertyPermission("java.specification.vendor", "read"));
                policyEntry.add(new PropertyPermission("java.specification.name", "read"));
                policyEntry.add(new PropertyPermission("java.vm.specification.version", "read"));
                policyEntry.add(new PropertyPermission("java.vm.specification.vendor", "read"));
                policyEntry.add(new PropertyPermission("java.vm.specification.name", "read"));
                policyEntry.add(new PropertyPermission("java.vm.version", "read"));
                policyEntry.add(new PropertyPermission("java.vm.vendor", "read"));
                policyEntry.add(new PropertyPermission("java.vm.name", "read"));
                policyInfo.policyEntries.add(policyEntry);
                String[] parseExtDirs = PolicyParser.parseExtDirs("${{java.ext.dirs}}", 0);
                if (parseExtDirs == null || parseExtDirs.length <= 0) {
                    return null;
                }
                for (String str : parseExtDirs) {
                    try {
                        PolicyEntry policyEntry2 = new PolicyEntry(PolicyFile.this.canonicalizeCodebase(new CodeSource(new URL(str), (Certificate[]) null), false));
                        policyEntry2.add(SecurityConstants.ALL_PERMISSION);
                        policyInfo.policyEntries.add(policyEntry2);
                    } catch (Exception e) {
                    }
                }
                return null;
            }
        });
    }

    private CodeSource getCodeSource(PolicyParser.GrantEntry grantEntry, KeyStore keyStore, PolicyInfo policyInfo) throws MalformedURLException {
        Certificate[] certificateArr = null;
        if (grantEntry.signedBy != null) {
            certificateArr = getCertificates(keyStore, grantEntry.signedBy, policyInfo);
            if (certificateArr == null) {
                if (debug == null) {
                    return null;
                }
                debug.println("  -- No certs for alias '" + grantEntry.signedBy + "' - ignoring entry");
                return null;
            }
        }
        return canonicalizeCodebase(new CodeSource(grantEntry.codeBase != null ? new URL(grantEntry.codeBase) : null, certificateArr), false);
    }

    private void addGrantEntry(PolicyParser.GrantEntry grantEntry, KeyStore keyStore, PolicyInfo policyInfo) {
        CodeSource codeSource;
        Permission policyFile;
        if (debug != null) {
            debug.println("Adding policy entry: ");
            debug.println("  signedBy " + grantEntry.signedBy);
            debug.println("  codeBase " + grantEntry.codeBase);
            if (grantEntry.principals != null && grantEntry.principals.size() > 0) {
                ListIterator listIterator = grantEntry.principals.listIterator();
                while (listIterator.hasNext()) {
                    debug.println("  " + ((PolicyParser.PrincipalEntry) listIterator.next()).toString());
                }
            }
        }
        try {
            codeSource = getCodeSource(grantEntry, keyStore, policyInfo);
        } catch (Exception e) {
            System.err.println(new MessageFormat(ResourcesMgr.getString("java.security.policy: error adding Entry:\n\tmessage")).format(new Object[]{e.toString()}));
        }
        if (codeSource != null && replacePrincipals(grantEntry.principals, keyStore)) {
            PolicyEntry policyEntry = new PolicyEntry(codeSource, grantEntry.principals);
            Enumeration permissionElements = grantEntry.permissionElements();
            while (permissionElements.hasMoreElements()) {
                PolicyParser.PermissionEntry permissionEntry = (PolicyParser.PermissionEntry) permissionElements.nextElement();
                try {
                    try {
                        try {
                            expandPermissionName(permissionEntry, keyStore);
                            if (permissionEntry.permission.equals("javax.security.auth.PrivateCredentialPermission") && permissionEntry.name.endsWith(" self")) {
                                permissionEntry.name = permissionEntry.name.substring(0, permissionEntry.name.indexOf("self")) + SELF;
                            }
                            if (permissionEntry.name == null || permissionEntry.name.indexOf(SELF) == -1) {
                                policyFile = getInstance(permissionEntry.permission, permissionEntry.name, permissionEntry.action);
                            } else {
                                policyFile = new SelfPermission(permissionEntry.permission, permissionEntry.name, permissionEntry.action, permissionEntry.signedBy != null ? getCertificates(keyStore, permissionEntry.signedBy, policyInfo) : null);
                            }
                            policyEntry.add(policyFile);
                            if (debug != null) {
                                debug.println("  " + policyFile);
                            }
                        } catch (Exception e2) {
                            System.err.println(new MessageFormat(ResourcesMgr.getString("java.security.policy: error adding Permission, perm:\n\tmessage")).format(new Object[]{permissionEntry.permission, e2.toString()}));
                        }
                    } catch (ClassNotFoundException e3) {
                        Certificate[] certificates = permissionEntry.signedBy != null ? getCertificates(keyStore, permissionEntry.signedBy, policyInfo) : null;
                        if (certificates != null || permissionEntry.signedBy == null) {
                            UnresolvedPermission unresolvedPermission = new UnresolvedPermission(permissionEntry.permission, permissionEntry.name, permissionEntry.action, certificates);
                            policyEntry.add(unresolvedPermission);
                            if (debug != null) {
                                debug.println("  " + unresolvedPermission);
                            }
                        }
                    }
                } catch (InvocationTargetException e4) {
                    System.err.println(new MessageFormat(ResourcesMgr.getString("java.security.policy: error adding Permission, perm:\n\tmessage")).format(new Object[]{permissionEntry.permission, e4.getTargetException().toString()}));
                }
            }
            policyInfo.policyEntries.add(policyEntry);
            if (debug != null) {
                debug.println();
            }
        }
    }

    private static final Permission getInstance(String str, String str2, String str3) throws ClassNotFoundException, InstantiationException, IllegalAccessException, NoSuchMethodException, InvocationTargetException {
        Class<?> cls = Class.forName(str);
        Permission knownInstance = getKnownInstance(cls, str2, str3);
        if (knownInstance != null) {
            return knownInstance;
        }
        if (str2 == null && str3 == null) {
            try {
                return (Permission) cls.getConstructor(PARAMS0).newInstance(new Object[0]);
            } catch (NoSuchMethodException e) {
                try {
                    return (Permission) cls.getConstructor(PARAMS1).newInstance(str2);
                } catch (NoSuchMethodException e2) {
                    return (Permission) cls.getConstructor(PARAMS2).newInstance(str2, str3);
                }
            }
        }
        if (str2 == null || str3 != null) {
            return (Permission) cls.getConstructor(PARAMS2).newInstance(str2, str3);
        }
        try {
            return (Permission) cls.getConstructor(PARAMS1).newInstance(str2);
        } catch (NoSuchMethodException e3) {
            return (Permission) cls.getConstructor(PARAMS2).newInstance(str2, str3);
        }
    }

    private static final Permission getKnownInstance(Class cls, String str, String str2) {
        if (cls.equals(FilePermission.class)) {
            return new FilePermission(str, str2);
        }
        if (cls.equals(SocketPermission.class)) {
            return new SocketPermission(str, str2);
        }
        if (cls.equals(RuntimePermission.class)) {
            return new RuntimePermission(str, str2);
        }
        if (cls.equals(PropertyPermission.class)) {
            return new PropertyPermission(str, str2);
        }
        if (cls.equals(NetPermission.class)) {
            return new NetPermission(str, str2);
        }
        if (cls.equals(AllPermission.class)) {
            return SecurityConstants.ALL_PERMISSION;
        }
        if (cls.equals(AWTPermission.class)) {
            return new AWTPermission(str, str2);
        }
        return null;
    }

    private Certificate[] getCertificates(KeyStore keyStore, String str, PolicyInfo policyInfo) {
        Certificate certificate;
        ArrayList arrayList = null;
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        int i = 0;
        while (stringTokenizer.hasMoreTokens()) {
            String trim = stringTokenizer.nextToken().trim();
            i++;
            synchronized (policyInfo.aliasMapping) {
                certificate = (Certificate) policyInfo.aliasMapping.get(trim);
                if (certificate == null && keyStore != null) {
                    try {
                        certificate = keyStore.getCertificate(trim);
                    } catch (KeyStoreException e) {
                    }
                    if (certificate != null) {
                        policyInfo.aliasMapping.put(trim, certificate);
                        policyInfo.aliasMapping.put(certificate, trim);
                    }
                }
            }
            if (certificate != null) {
                if (arrayList == null) {
                    arrayList = new ArrayList();
                }
                arrayList.add(certificate);
            }
        }
        if (arrayList == null || i != arrayList.size()) {
            return null;
        }
        Certificate[] certificateArr = new Certificate[arrayList.size()];
        arrayList.toArray(certificateArr);
        return certificateArr;
    }

    @Override // java.security.Policy
    public void refresh() {
        init(this.url);
    }

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        Map<ProtectionDomain, PermissionCollection> pdMapping = this.policyInfo.get().getPdMapping();
        PermissionCollection permissionCollection = pdMapping.get(protectionDomain);
        if (permissionCollection != null) {
            return permissionCollection.implies(permission);
        }
        PermissionCollection permissions = getPermissions(protectionDomain);
        if (permissions == null) {
            return false;
        }
        pdMapping.put(protectionDomain, permissions);
        return permissions.implies(permission);
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        Permissions permissions = new Permissions();
        if (protectionDomain == null) {
            return permissions;
        }
        getPermissions(permissions, protectionDomain);
        PermissionCollection permissions2 = protectionDomain.getPermissions();
        if (permissions2 != null) {
            synchronized (permissions2) {
                Enumeration<Permission> elements = permissions2.elements();
                while (elements.hasMoreElements()) {
                    permissions.add(elements.nextElement());
                }
            }
        }
        return permissions;
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        return getPermissions(new Permissions(), codeSource);
    }

    private PermissionCollection getPermissions(Permissions permissions, ProtectionDomain protectionDomain) {
        if (debug != null) {
            debug.println("getPermissions:\n\t" + printPD(protectionDomain));
        }
        final CodeSource codeSource = protectionDomain.getCodeSource();
        return codeSource == null ? permissions : getPermissions(permissions, (CodeSource) AccessController.doPrivileged(new PrivilegedAction<CodeSource>() { // from class: com.sun.enterprise.security.provider.PolicyFile.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public CodeSource run() {
                return PolicyFile.this.canonicalizeCodebase(codeSource, true);
            }
        }), protectionDomain.getPrincipals());
    }

    private PermissionCollection getPermissions(Permissions permissions, final CodeSource codeSource) {
        return getPermissions(permissions, (CodeSource) AccessController.doPrivileged(new PrivilegedAction<CodeSource>() { // from class: com.sun.enterprise.security.provider.PolicyFile.6
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public CodeSource run() {
                return PolicyFile.this.canonicalizeCodebase(codeSource, true);
            }
        }), null);
    }

    private Permissions getPermissions(Permissions permissions, CodeSource codeSource, Principal[] principalArr) {
        Certificate[] certificates;
        PolicyInfo policyInfo = this.policyInfo.get();
        Iterator<PolicyEntry> it = policyInfo.policyEntries.iterator();
        while (it.hasNext()) {
            addPermissions(permissions, codeSource, principalArr, it.next());
        }
        synchronized (policyInfo.identityPolicyEntries) {
            Iterator<PolicyEntry> it2 = policyInfo.identityPolicyEntries.iterator();
            while (it2.hasNext()) {
                addPermissions(permissions, codeSource, principalArr, it2.next());
            }
        }
        if (!this.ignoreIdentityScope && (certificates = codeSource.getCertificates()) != null) {
            for (int i = 0; i < certificates.length; i++) {
                if (policyInfo.aliasMapping.get(certificates[i]) == null && checkForTrustedIdentity(certificates[i], policyInfo)) {
                    permissions.add(SecurityConstants.ALL_PERMISSION);
                }
            }
        }
        return permissions;
    }

    private void addPermissions(Permissions permissions, final CodeSource codeSource, Principal[] principalArr, final PolicyEntry policyEntry) {
        if (debug != null) {
            debug.println("evaluate codesources:\n\tPolicy CodeSource: " + policyEntry.getCodeSource() + Timeout.newline + "\tActive CodeSource: " + codeSource);
        }
        if (!((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: com.sun.enterprise.security.provider.PolicyFile.7
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Boolean run() {
                return Boolean.valueOf(policyEntry.getCodeSource().implies(codeSource));
            }
        })).booleanValue()) {
            if (debug != null) {
                debug.println("evaluation (codesource) failed");
                return;
            }
            return;
        }
        List<PolicyParser.PrincipalEntry> principals = policyEntry.getPrincipals();
        if (debug != null) {
            ArrayList arrayList = new ArrayList();
            if (principalArr != null) {
                for (int i = 0; i < principalArr.length; i++) {
                    arrayList.add(new PolicyParser.PrincipalEntry(principalArr[i].getClass().getName(), principalArr[i].getName()));
                }
            }
            debug.println("evaluate principals:\n\tPolicy Principals: " + principals + Timeout.newline + "\tActive Principals: " + arrayList);
        }
        if (principals == null || principals.size() == 0) {
            addPerms(permissions, principalArr, policyEntry);
            if (debug != null) {
                debug.println("evaluation (codesource/principals) passed");
                return;
            }
            return;
        }
        if (principalArr == null || principalArr.length == 0) {
            if (debug != null) {
                debug.println("evaluation (principals) failed");
                return;
            }
            return;
        }
        for (int i2 = 0; i2 < principals.size(); i2++) {
            PolicyParser.PrincipalEntry principalEntry = principals.get(i2);
            try {
                Class<?> cls = Class.forName(principalEntry.principalClass, true, Thread.currentThread().getContextClassLoader());
                if (PrincipalComparator.class.isAssignableFrom(cls)) {
                    PrincipalComparator principalComparator = (PrincipalComparator) cls.getConstructor(PARAMS1).newInstance(principalEntry.principalName);
                    if (debug != null) {
                        debug.println("found PrincipalComparator " + principalComparator.getClass().getName());
                    }
                    HashSet hashSet = new HashSet(principalArr.length);
                    for (Principal principal : principalArr) {
                        hashSet.add(principal);
                    }
                    if (!principalComparator.implies(new Subject(true, hashSet, Collections.EMPTY_SET, Collections.EMPTY_SET))) {
                        if (debug != null) {
                            debug.println("evaluation (principal comparator) failed");
                            return;
                        }
                        return;
                    }
                } else if (!checkEntryPs(principalArr, principalEntry)) {
                    if (debug != null) {
                        debug.println("evaluation (principals) failed");
                        return;
                    }
                    return;
                }
            } catch (Exception e) {
                if (debug != null) {
                    e.printStackTrace();
                }
                if (!checkEntryPs(principalArr, principalEntry)) {
                    if (debug != null) {
                        debug.println("evaluation (principals) failed");
                        return;
                    }
                    return;
                }
            }
        }
        if (debug != null) {
            debug.println("evaluation (codesource/principals) passed");
        }
        addPerms(permissions, principalArr, policyEntry);
    }

    private void addPerms(Permissions permissions, Principal[] principalArr, PolicyEntry policyEntry) {
        for (int i = 0; i < policyEntry.permissions.size(); i++) {
            Permission permission = policyEntry.permissions.get(i);
            if (debug != null) {
                debug.println("  granting " + permission);
            }
            if (permission instanceof SelfPermission) {
                expandSelf((SelfPermission) permission, policyEntry.getPrincipals(), principalArr, permissions);
            } else {
                permissions.add(permission);
            }
        }
    }

    private boolean checkEntryPs(Principal[] principalArr, PolicyParser.PrincipalEntry principalEntry) {
        for (int i = 0; i < principalArr.length; i++) {
            if ((principalEntry.principalClass.equals(PolicyParser.PrincipalEntry.WILDCARD_CLASS) || principalEntry.principalClass.equals(principalArr[i].getClass().getName())) && (principalEntry.principalName.equals(PolicyParser.PrincipalEntry.WILDCARD_NAME) || principalEntry.principalName.equals(principalArr[i].getName()))) {
                return true;
            }
        }
        return false;
    }

    private void expandSelf(SelfPermission selfPermission, List<PolicyParser.PrincipalEntry> list, Principal[] principalArr, Permissions permissions) {
        if (list == null || list.size() == 0) {
            if (debug != null) {
                debug.println("Ignoring permission " + selfPermission.getSelfType() + " with target name (" + selfPermission.getSelfName() + ").  No Principal(s) specified in the grant clause.  SELF-based target names are only valid in the context of a Principal-based grant entry.");
                return;
            }
            return;
        }
        int i = 0;
        StringBuilder sb = new StringBuilder();
        while (true) {
            int indexOf = selfPermission.getSelfName().indexOf(SELF, i);
            if (indexOf == -1) {
                break;
            }
            sb.append(selfPermission.getSelfName().substring(i, indexOf));
            ListIterator<PolicyParser.PrincipalEntry> listIterator = list.listIterator();
            while (listIterator.hasNext()) {
                String[][] principalInfo = getPrincipalInfo(listIterator.next(), principalArr);
                for (int i2 = 0; i2 < principalInfo.length; i2++) {
                    if (i2 != 0) {
                        sb.append(", ");
                    }
                    sb.append(principalInfo[i2][0] + " " + StringUtil.QUOTE + principalInfo[i2][1] + StringUtil.QUOTE);
                }
                if (listIterator.hasNext()) {
                    sb.append(", ");
                }
            }
            i = indexOf + SELF.length();
        }
        sb.append(selfPermission.getSelfName().substring(i));
        if (debug != null) {
            debug.println("  expanded:\n\t" + selfPermission.getSelfName() + "\n  into:\n\t" + sb.toString());
        }
        try {
            permissions.add(getInstance(selfPermission.getSelfType(), sb.toString(), selfPermission.getSelfActions()));
        } catch (ClassNotFoundException e) {
            Class<?> cls = null;
            synchronized (permissions) {
                Enumeration<Permission> elements = permissions.elements();
                while (true) {
                    if (!elements.hasMoreElements()) {
                        break;
                    }
                    Permission nextElement = elements.nextElement();
                    if (nextElement.getClass().getName().equals(selfPermission.getSelfType())) {
                        cls = nextElement.getClass();
                        break;
                    }
                }
                if (cls == null) {
                    permissions.add(new UnresolvedPermission(selfPermission.getSelfType(), sb.toString(), selfPermission.getSelfActions(), selfPermission.getCerts()));
                    return;
                }
                try {
                    if (selfPermission.getSelfActions() == null) {
                        try {
                            permissions.add((Permission) cls.getConstructor(PARAMS1).newInstance(sb.toString()));
                        } catch (NoSuchMethodException e2) {
                            permissions.add((Permission) cls.getConstructor(PARAMS2).newInstance(sb.toString(), selfPermission.getSelfActions()));
                        }
                    } else {
                        permissions.add((Permission) cls.getConstructor(PARAMS2).newInstance(sb.toString(), selfPermission.getSelfActions()));
                    }
                } catch (Exception e3) {
                    if (debug != null) {
                        debug.println("self entry expansion  instantiation failed: " + e3.toString());
                    }
                }
            }
        } catch (Exception e4) {
            if (debug != null) {
                debug.println(e4.toString());
            }
        }
    }

    private String[][] getPrincipalInfo(PolicyParser.PrincipalEntry principalEntry, Principal[] principalArr) {
        if (!principalEntry.principalClass.equals(PolicyParser.PrincipalEntry.WILDCARD_CLASS) && !principalEntry.principalName.equals(PolicyParser.PrincipalEntry.WILDCARD_NAME)) {
            String[][] strArr = new String[1][2];
            strArr[0][0] = principalEntry.principalClass;
            strArr[0][1] = principalEntry.principalName;
            return strArr;
        }
        if (principalEntry.principalClass.equals(PolicyParser.PrincipalEntry.WILDCARD_CLASS) || !principalEntry.principalName.equals(PolicyParser.PrincipalEntry.WILDCARD_NAME)) {
            String[][] strArr2 = new String[principalArr.length][2];
            for (int i = 0; i < principalArr.length; i++) {
                strArr2[i][0] = principalArr[i].getClass().getName();
                strArr2[i][1] = principalArr[i].getName();
            }
            return strArr2;
        }
        ArrayList<Principal> arrayList = new ArrayList();
        for (int i2 = 0; i2 < principalArr.length; i2++) {
            if (principalEntry.principalClass.equals(principalArr[i2].getClass().getName())) {
                arrayList.add(principalArr[i2]);
            }
        }
        String[][] strArr3 = new String[arrayList.size()][2];
        int i3 = 0;
        for (Principal principal : arrayList) {
            strArr3[i3][0] = principal.getClass().getName();
            strArr3[i3][1] = principal.getName();
            i3++;
        }
        return strArr3;
    }

    protected Certificate[] getSignerCertificates(CodeSource codeSource) {
        Certificate[] certificates = codeSource.getCertificates();
        if (certificates == null) {
            return null;
        }
        for (Certificate certificate : certificates) {
            if (!(certificate instanceof X509Certificate)) {
                return codeSource.getCertificates();
            }
        }
        int i = 0;
        int i2 = 0;
        while (i < certificates.length) {
            i2++;
            while (i + 1 < certificates.length && ((X509Certificate) certificates[i]).getIssuerDN().equals(((X509Certificate) certificates[i + 1]).getSubjectDN())) {
                i++;
            }
            i++;
        }
        if (i2 == certificates.length) {
            return certificates;
        }
        ArrayList arrayList = new ArrayList();
        int i3 = 0;
        while (i3 < certificates.length) {
            arrayList.add(certificates[i3]);
            while (i3 + 1 < certificates.length && ((X509Certificate) certificates[i3]).getIssuerDN().equals(((X509Certificate) certificates[i3 + 1]).getSubjectDN())) {
                i3++;
            }
            i3++;
        }
        Certificate[] certificateArr = new Certificate[arrayList.size()];
        arrayList.toArray(certificateArr);
        return certificateArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public CodeSource canonicalizeCodebase(CodeSource codeSource, boolean z) {
        String str = null;
        CodeSource codeSource2 = codeSource;
        URL location = codeSource.getLocation();
        if (location != null && location.getProtocol().equals("file")) {
            String host = location.getHost();
            if (host == null || host.equals("") || host.equals(RIConstants.SAVESTATE_FIELD_DELIMITER) || host.equalsIgnoreCase("localhost")) {
                str = ParseUtil.decode(location.getFile().replace('/', File.separatorChar));
            }
        }
        if (str != null) {
            try {
                URL fileToEncodedURL = ParseUtil.fileToEncodedURL(new File(canonPath(str)));
                codeSource2 = z ? new CodeSource(fileToEncodedURL, getSignerCertificates(codeSource)) : new CodeSource(fileToEncodedURL, codeSource.getCertificates());
            } catch (IOException e) {
                if (z) {
                    codeSource2 = new CodeSource(codeSource.getLocation(), getSignerCertificates(codeSource));
                }
            }
        } else if (z) {
            codeSource2 = new CodeSource(codeSource.getLocation(), getSignerCertificates(codeSource));
        }
        return codeSource2;
    }

    public static String canonPath(String str) throws IOException {
        if (!str.endsWith("*")) {
            return new File(str).getCanonicalPath();
        }
        String canonicalPath = new File(str.substring(0, str.length() - 1) + TypeCompiler.MINUS_OP).getCanonicalPath();
        return canonicalPath.substring(0, canonicalPath.length() - 1) + "*";
    }

    private String printPD(ProtectionDomain protectionDomain) {
        Principal[] principals = protectionDomain.getPrincipals();
        String str = "<no principals>";
        if (principals != null && principals.length > 0) {
            StringBuilder sb = new StringBuilder("(principals ");
            for (int i = 0; i < principals.length; i++) {
                sb.append(principals[i].getClass().getName() + " \"" + principals[i].getName() + StringUtil.QUOTE);
                if (i < principals.length - 1) {
                    sb.append(", ");
                } else {
                    sb.append(")");
                }
            }
            str = sb.toString();
        }
        return "PD CodeSource: " + protectionDomain.getCodeSource() + "\n\tPD ClassLoader: " + protectionDomain.getClassLoader() + "\n\tPD Principals: " + str;
    }

    private boolean replacePrincipals(List<PolicyParser.PrincipalEntry> list, KeyStore keyStore) {
        if (list == null || list.size() == 0 || keyStore == null) {
            return true;
        }
        ListIterator<PolicyParser.PrincipalEntry> listIterator = list.listIterator();
        while (listIterator.hasNext()) {
            PolicyParser.PrincipalEntry next = listIterator.next();
            if (next.principalClass.equals(PolicyParser.REPLACE_NAME)) {
                String dn = getDN(next.principalName, keyStore);
                if (dn == null) {
                    return false;
                }
                if (debug != null) {
                    debug.println("  Replacing \"" + next.principalName + "\" with " + X500PRINCIPAL + "/\"" + dn + StringUtil.QUOTE);
                }
                next.principalClass = X500PRINCIPAL;
                next.principalName = dn;
            }
        }
        return true;
    }

    /* JADX WARN: Code restructure failed: missing block: B:39:0x0185, code lost:
    
        r0.append(r8.name.substring(r10));
     */
    /* JADX WARN: Code restructure failed: missing block: B:40:0x0196, code lost:
    
        if (com.sun.enterprise.security.provider.PolicyFile.debug == null) goto L36;
     */
    /* JADX WARN: Code restructure failed: missing block: B:41:0x0199, code lost:
    
        com.sun.enterprise.security.provider.PolicyFile.debug.println("  Permission name expanded from:\n\t" + r8.name + "\nto\n\t" + r0.toString());
     */
    /* JADX WARN: Code restructure failed: missing block: B:42:0x01c4, code lost:
    
        r8.name = r0.toString();
     */
    /* JADX WARN: Code restructure failed: missing block: B:43:0x01cd, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void expandPermissionName(com.sun.enterprise.security.provider.PolicyParser.PermissionEntry r8, java.security.KeyStore r9) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 462
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.enterprise.security.provider.PolicyFile.expandPermissionName(com.sun.enterprise.security.provider.PolicyParser$PermissionEntry, java.security.KeyStore):void");
    }

    private String getDN(String str, KeyStore keyStore) {
        try {
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate != null && (certificate instanceof X509Certificate)) {
                return new X500Principal(((X509Certificate) certificate).getSubjectX500Principal().toString()).getName();
            }
            if (debug == null) {
                return null;
            }
            debug.println("  -- No certificate for '" + str + "' - ignoring entry");
            return null;
        } catch (Exception e) {
            if (debug == null) {
                return null;
            }
            debug.println("  Error retrieving certificate for '" + str + "': " + e.toString());
            return null;
        }
    }

    private boolean checkForTrustedIdentity(final Certificate certificate, PolicyInfo policyInfo) {
        if (certificate == null || this.ignoreIdentityScope) {
            return false;
        }
        synchronized (PolicyFile.class) {
            if (scope == null) {
                IdentityScope systemScope = IdentityScope.getSystemScope();
                if (systemScope instanceof IdentityDatabase) {
                    scope = systemScope;
                }
            }
        }
        if (scope == null) {
            this.ignoreIdentityScope = true;
            return false;
        }
        final Identity identity = (Identity) AccessController.doPrivileged(new PrivilegedAction<Identity>() { // from class: com.sun.enterprise.security.provider.PolicyFile.8
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Identity run() {
                return PolicyFile.scope.getIdentity(certificate.getPublicKey());
            }
        });
        if (!isTrusted(identity)) {
            return false;
        }
        if (debug != null) {
            debug.println("Adding policy entry for trusted Identity: ");
            AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: com.sun.enterprise.security.provider.PolicyFile.9
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Void run() {
                    PolicyFile.debug.println("  identity = " + identity);
                    return null;
                }
            });
            debug.println("");
        }
        PolicyEntry policyEntry = new PolicyEntry(new CodeSource((URL) null, new Certificate[]{certificate}));
        policyEntry.add(SecurityConstants.ALL_PERMISSION);
        policyInfo.identityPolicyEntries.add(policyEntry);
        policyInfo.aliasMapping.put(certificate, identity.getName());
        return true;
    }

    private static boolean isTrusted(Identity identity) {
        return identity instanceof SystemIdentity ? ((SystemIdentity) identity).isTrusted() : (identity instanceof SystemSigner) && ((SystemSigner) identity).isTrusted();
    }
}
