package com.sun.deploy.security;

import com.sun.applet2.preloader.Preloader;
import com.sun.deploy.cache.Cache;
import com.sun.deploy.config.Config;
import com.sun.deploy.model.LocalApplicationProperties;
import com.sun.deploy.model.ResourceProvider;
import com.sun.deploy.resources.ResourceManager;
import com.sun.deploy.security.ValidationState;
import com.sun.deploy.security.ruleset.DeploymentRuleSet;
import com.sun.deploy.trace.Trace;
import com.sun.deploy.trace.TraceLevel;
import com.sun.deploy.ui.AppInfo;
import com.sun.deploy.uitoolkit.ToolkitStore;
import com.sun.deploy.uitoolkit.ui.UIFactory;
import com.sun.deploy.util.SecurityBaseline;
import com.sun.deploy.util.SessionProperties;
import com.sun.deploy.util.SessionState;
import com.sun.deploy.util.URLUtil;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.SocketPermission;
import java.net.URL;
import java.net.URLPermission;
import java.security.CodeSource;
import java.security.PermissionCollection;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLException;

/* loaded from: input_file:com/sun/deploy/security/SandboxSecurity.class */
public class SandboxSecurity {
    private static final String SESSION_VALUE_TRUE = "true";
    private static final String SESSION_VALUE_FALSE = "false";
    private static final String SESSION_VALUE_INPROGRESS = "in-progress";
    private static final String LOOSE_RESOURCE_KEY_SUFIX = ".loose.resource";
    private static final Set verifiedHttpsConnection;
    private static Object lock;
    private static Object blockLock;
    private static String blockKey;
    private static String masthead;
    private static String runKey;
    private static String cancel;
    private static String securityInfoDescription;
    private static String securityInfoCanel;
    private static String securityInfoTrusted;
    private static String securityRisk;
    protected static final String FILENAME = "sandbox.properties";
    private static SessionProperties sessionProps = new SessionProperties(FILENAME);

    public static void addConnectPermission(PermissionCollection permissionCollection, URL url) {
        String protocol = url.getProtocol();
        String host = url.getHost();
        int port = URLUtil.getPort(url);
        if (!"https".equalsIgnoreCase(protocol) || verifyHttpsConnection(url)) {
            if (!Config.isJavaVersionAtLeast18()) {
                permissionCollection.add(new SocketPermission(host, "connect,accept"));
            } else {
                permissionCollection.add(new URLPermission(protocol + "://" + host + ":" + port + "/-"));
                permissionCollection.add(new URLPermission(protocol + "://" + host + ":" + port));
            }
        }
    }

    private static boolean verifyHttpsConnection(URL url) {
        String str = "https://" + url.getHost() + ":" + URLUtil.getPort(url);
        synchronized (lock) {
            if (verifiedHttpsConnection.contains(str)) {
                return true;
            }
            try {
                ((HttpURLConnection) url.openConnection()).getResponseCode();
                synchronized (lock) {
                    verifiedHttpsConnection.add(str);
                }
                return true;
            } catch (SSLException e) {
                Trace.ignored(e);
                return false;
            } catch (IOException e2) {
                Trace.ignored(e2);
                return false;
            }
        }
    }

    public static void resetAcceptedVersion(LocalApplicationProperties localApplicationProperties, AppInfo appInfo) {
        if (localApplicationProperties != null) {
            DecisionTime.reset(localApplicationProperties);
            String locString = TrustDecider.getLocString(localApplicationProperties.getLocation(), appInfo);
            if (locString != null) {
                sessionProps.remove(locString);
                sessionProps.remove(locString + LOOSE_RESOURCE_KEY_SUFIX);
            }
        }
    }

    public static void isPermissionGranted(CodeSource codeSource, AppInfo appInfo, DeploymentRuleSet deploymentRuleSet, Preloader preloader) {
        isPermissionGranted(codeSource, appInfo, deploymentRuleSet, preloader, false);
    }

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException
        */
    public static void isPermissionGranted(java.security.CodeSource r7, com.sun.deploy.ui.AppInfo r8, com.sun.deploy.security.ruleset.DeploymentRuleSet r9, com.sun.applet2.preloader.Preloader r10, boolean r11) {
        /*
            Method dump skipped, instructions count: 218
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.deploy.security.SandboxSecurity.isPermissionGranted(java.security.CodeSource, com.sun.deploy.ui.AppInfo, com.sun.deploy.security.ruleset.DeploymentRuleSet, com.sun.applet2.preloader.Preloader, boolean):void");
    }

    private static void checkSignedSandboxSecurity(CodeSource codeSource, AppInfo appInfo, DeploymentRuleSet deploymentRuleSet, Preloader preloader) {
        String str = null;
        try {
            TrustDecider.grabDeployLock();
            ValidationState validationState = new ValidationState(ValidationState.TYPE.SANDBOX_PERMISSIONS);
            X509Certificate[] x509CertificateArr = null;
            X509Certificate x509Certificate = null;
            Certificate[] certificates = codeSource.getCertificates();
            try {
                TrustDecider.ensureBasicStoresLoaded();
                Iterator it = TrustDecider.breakDownMultiSignerChains(certificates).iterator();
                if (it.hasNext()) {
                    x509CertificateArr = (X509Certificate[]) ((List) it.next()).toArray(new X509Certificate[0]);
                    while (deploymentRuleSet.skipThisCertArray(x509CertificateArr) && it.hasNext()) {
                        x509CertificateArr = (X509Certificate[]) ((List) it.next()).toArray(new X509Certificate[0]);
                    }
                    try {
                        x509Certificate = x509CertificateArr[0];
                        validationState = TrustDecider.getValidationState(x509CertificateArr, codeSource, 0, ValidationState.TYPE.SANDBOX_PERMISSIONS, deploymentRuleSet.isRevocationCheckBestEffort(), deploymentRuleSet.isRuleRun(), appInfo, deploymentRuleSet, false);
                        LocalApplicationProperties localApplicationProperties = Cache.getLocalApplicationProperties(appInfo.getLapURL());
                        if (localApplicationProperties != null) {
                            localApplicationProperties.storeMainPublisherAndTitle(validationState.getPublisher(), appInfo.getDisplayTitle());
                        }
                        boolean z = validationState.rootCAValid;
                        if (validationState.trustDecision == 0) {
                            TrustDecider.notifyOnUserDeclined(preloader, codeSource.getLocation() != null ? codeSource.getLocation().toString() : null);
                        } else if (z) {
                            if (deploymentRuleSet.isCaSignedNever()) {
                                str = "deployment.run.sandbox.signed.never.text";
                            }
                        } else if (deploymentRuleSet.isSelfSignedNever()) {
                            str = "deployment.run.sandbox.selfsigned.never.text";
                        } else if (SecurityBaseline.isExpired() && deploymentRuleSet.isSSVModeNever()) {
                            str = "deployment.ssv2.mode.never.text";
                        }
                        if (str == null && !validationState.timeValid && deploymentRuleSet.isExpiredBlocked()) {
                            str = "deployment.block.expired.text";
                        }
                        if (str == null && !z && isLocalApp(appInfo)) {
                            if (deploymentRuleSet.isRunLocalAppletsNever()) {
                                str = "deployment.local.applet.never.text";
                            }
                        }
                    } catch (Exception e) {
                        BadCertificateDialog.showDialog(codeSource, appInfo, e);
                        throw new SecurityException(e.getMessage(), e);
                    }
                }
                if (str != null) {
                    BlockedDialog.show(appInfo, null, str, null, codeSource, deploymentRuleSet);
                }
                if (validationState.trustDecision == 0) {
                    throw new UserDeclinedException("user declined to run signed sandbox app");
                }
                try {
                    TrustDecider.checkMainJarManifest(deploymentRuleSet, codeSource.getLocation(), appInfo, false);
                    if (deploymentRuleSet.isRuleRun()) {
                        validationState.trustDecision = 1L;
                        checkRunRuleMessage(deploymentRuleSet, codeSource.getLocation(), appInfo, x509Certificate);
                    }
                } catch (SecurityException e2) {
                    BlockedDialog.show(appInfo, null, "deployment.blocked.permissions", e2, codeSource, deploymentRuleSet);
                }
                if (validationState.trustDecision == 2) {
                    if (DecisionTime.withinTime(codeSource.getLocation(), appInfo, x509Certificate, LocalApplicationProperties.SASIGNED_KEY)) {
                        validationState.trustDecision = 1L;
                        return;
                    }
                    int showSandboxDialog = showSandboxDialog(codeSource.getLocation(), appInfo, deploymentRuleSet, x509CertificateArr, !validationState.timeValid, !validationState.rootCAValid, validationState.revStatusUnknown);
                    TrustDecider.recordSandboxAnswer(x509CertificateArr, codeSource, validationState, preloader, showSandboxDialog, appInfo);
                    if (showSandboxDialog == 0) {
                        DecisionTime.setTime(codeSource.getLocation(), appInfo, x509Certificate, LocalApplicationProperties.SASIGNED_KEY);
                    }
                }
            } catch (Exception e3) {
                BadCertificateDialog.showDialog(codeSource, appInfo, e3);
                throw new SecurityException(e3.getMessage(), e3);
            }
        } catch (InterruptedException e4) {
            Trace.ignored(e4);
            BlockedDialog.show(appInfo, null, "deployment.run.sandbox.signed.error", e4, codeSource, deploymentRuleSet);
        } finally {
            TrustDecider.releaseDeployLock();
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:49:0x00f1, code lost:
    
        com.sun.deploy.security.SandboxSecurity.sessionProps.remove(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:51:0x00de, code lost:
    
        throw r14;
     */
    /* JADX WARN: Removed duplicated region for block: B:36:0x0100 A[Catch: all -> 0x011f, TryCatch #1 {, blocks: (B:9:0x0019, B:13:0x005b, B:15:0x0069, B:19:0x0077, B:21:0x008b, B:23:0x0095, B:24:0x009e, B:25:0x009f, B:27:0x00aa, B:29:0x00b0, B:30:0x00df, B:32:0x00f1, B:36:0x0100, B:38:0x011b, B:41:0x010e, B:42:0x00b9, B:44:0x00c0, B:45:0x00ca, B:47:0x00df, B:49:0x00f1, B:51:0x00de, B:52:0x0081, B:53:0x008a, B:55:0x0067), top: B:8:0x0019, inners: #0 }] */
    /* JADX WARN: Removed duplicated region for block: B:41:0x010e A[Catch: all -> 0x011f, TryCatch #1 {, blocks: (B:9:0x0019, B:13:0x005b, B:15:0x0069, B:19:0x0077, B:21:0x008b, B:23:0x0095, B:24:0x009e, B:25:0x009f, B:27:0x00aa, B:29:0x00b0, B:30:0x00df, B:32:0x00f1, B:36:0x0100, B:38:0x011b, B:41:0x010e, B:42:0x00b9, B:44:0x00c0, B:45:0x00ca, B:47:0x00df, B:49:0x00f1, B:51:0x00de, B:52:0x0081, B:53:0x008a, B:55:0x0067), top: B:8:0x0019, inners: #0 }] */
    /* JADX WARN: Removed duplicated region for block: B:46:0x00fa A[REMOVE] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void checkUnsignedSandboxSecurity(com.sun.deploy.ui.AppInfo r5, java.security.CodeSource r6, com.sun.deploy.security.ruleset.DeploymentRuleSet r7, boolean r8) {
        /*
            Method dump skipped, instructions count: 296
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.deploy.security.SandboxSecurity.checkUnsignedSandboxSecurity(com.sun.deploy.ui.AppInfo, java.security.CodeSource, com.sun.deploy.security.ruleset.DeploymentRuleSet, boolean):void");
    }

    private static void checkRunUntrusted(AppInfo appInfo, CodeSource codeSource, DeploymentRuleSet deploymentRuleSet, boolean z) {
        if (deploymentRuleSet.isRunUntrustedNever() && !z) {
            BlockedDialog.show(appInfo, null, "deployment.run.untrusted.never.text", deploymentRuleSet.getException(), null, deploymentRuleSet);
        }
        if (DecisionTime.withinTime(codeSource.getLocation(), appInfo, null, LocalApplicationProperties.UNSIGNED_KEY)) {
            return;
        }
        showUntrustedDialog(appInfo, deploymentRuleSet, z, false);
        DecisionTime.setTime(codeSource.getLocation(), appInfo, null, LocalApplicationProperties.UNSIGNED_KEY);
    }

    private static void checkRunExpired(AppInfo appInfo, DeploymentRuleSet deploymentRuleSet, boolean z) {
        if (deploymentRuleSet.isSSVModeNever() && !z) {
            BlockedDialog.show(appInfo, null, "deployment.ssv2.mode.never.text", deploymentRuleSet.getException(), null, deploymentRuleSet);
        }
        showUntrustedDialog(appInfo, deploymentRuleSet, z, true);
    }

    private static void checkRunLocal(AppInfo appInfo, CodeSource codeSource, DeploymentRuleSet deploymentRuleSet, boolean z) {
        if (deploymentRuleSet.isRunLocalAppletsNever()) {
            BlockedDialog.show(appInfo, null, "deployment.local.applet.never.text", deploymentRuleSet.getException(), null, deploymentRuleSet);
        }
        if (deploymentRuleSet.isRunUntrustedNever() && !z) {
            BlockedDialog.show(appInfo, null, "deployment.run.untrusted.never.text", deploymentRuleSet.getException(), null, deploymentRuleSet);
        }
        if (DecisionTime.withinTime(codeSource.getLocation(), appInfo, null, LocalApplicationProperties.UNSIGNED_KEY)) {
            return;
        }
        showUntrustedDialog(appInfo, deploymentRuleSet, z, false);
        DecisionTime.setTime(codeSource.getLocation(), appInfo, null, LocalApplicationProperties.UNSIGNED_KEY);
    }

    private static boolean isLocalApp(AppInfo appInfo) {
        URL from = appInfo.getFrom();
        return from != null && from.getProtocol().equals("file");
    }

    private static LocalApplicationProperties getLap(AppInfo appInfo) {
        return Cache.getLocalApplicationProperties(appInfo.getLapURL());
    }

    public static boolean showUntrustedDialog(AppInfo appInfo, DeploymentRuleSet deploymentRuleSet, boolean z, boolean z2) {
        String str = appInfo.isMultiHost() ? "deployment.ssv.location.multihost" : "deployment.ssv.location";
        String str2 = "deployment.ssv.prompt";
        String str3 = null;
        String str4 = null;
        if (deploymentRuleSet.isRunUntrustedMultiClick()) {
            str3 = "deployment.ssv.multi.prompt";
            str4 = "deployment.ssv.multi.text";
        }
        String str5 = null;
        String str6 = ("deployment.ssv." + (z2 ? "expired." : "") + (isLocalApp(appInfo) ? "localapp." : "")) + (z ? "res" : "main");
        if (z2) {
            str2 = "deployment.ssv.update.prompt";
            str5 = null;
        }
        if (z) {
            str2 = str2 + ".res";
        }
        LocalApplicationProperties localApplicationProperties = ResourceProvider.get().getLocalApplicationProperties(appInfo.getLapURL(), null, true);
        if (localApplicationProperties != null) {
            localApplicationProperties.storeMainPublisherAndTitle(null, null);
        }
        int showSSV3Dialog = ToolkitStore.getUI().showSSV3Dialog(null, appInfo, 2, "deployment.ssv.title", "deployment.ssv.masthead", str6, str, str2, str3, str4, "deployment.ssv.run", str5, "deployment.ssv.cancel", null, null);
        if (showSSV3Dialog == 2) {
            return true;
        }
        if (showSSV3Dialog == 0) {
            return false;
        }
        sessionProps.setProperty(TrustDecider.getLocString(appInfo.getLapURL(), appInfo) + (z ? LOOSE_RESOURCE_KEY_SUFIX : ""), "false");
        throw new UserDeclinedException("User declined to run unsigned sandbox content");
    }

    public static void showBlockedDialog(AppInfo appInfo, String str, String str2, Exception exc, CodeSource codeSource) {
        String str3 = null;
        String string = ResourceManager.getString("deployment.blocked.masthead");
        if (str != null) {
            str3 = str;
            string = ResourceManager.getString("deployment.blocked.ruleset.masthead");
        } else if (str2 != null) {
            str3 = ResourceManager.getString(str2);
        }
        Trace.println(str3, TraceLevel.BASIC);
        synchronized (blockLock) {
            String string2 = ResourceManager.getString("deployment.blocked.title");
            if (str3 == null) {
                str3 = ResourceManager.getString("deployment.blocked.text");
            }
            String string3 = ResourceManager.getString("common.ok_btn");
            String string4 = ResourceManager.getString("common.detail.button");
            URL lapURL = appInfo.getLapURL();
            String url = lapURL == null ? null : lapURL.toString();
            if (url == null || !url.equals(blockKey)) {
                appInfo.setVendor(null);
                ToolkitStore.getUI().showPublisherInfo(null, appInfo, string2, string, str3, string3, string4, null);
            }
            blockKey = url;
        }
        throw new BlockedException(str3, exc, codeSource, appInfo);
    }

    private static String getMessage(String str) {
        return ResourceManager.getMessage(str);
    }

    private static int showSandboxDialog(URL url, AppInfo appInfo, DeploymentRuleSet deploymentRuleSet, X509Certificate[] x509CertificateArr, boolean z, boolean z2, boolean z3) {
        ArrayList arrayList = null;
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(securityInfoDescription);
        arrayList2.add(securityInfoCanel);
        String extractSubjectAliasName = CertUtils.extractSubjectAliasName(x509CertificateArr[0]);
        if (z2) {
            arrayList = new ArrayList();
            arrayList.add(securityRisk);
            String message = getMessage("security.dialog.notverified.subject");
            arrayList2.add(getMessage("security.info.publisher.unknown").replaceAll(message, message.toUpperCase()));
            arrayList2.add(getMessage("sandbox.security.info.selfsigned.state"));
            extractSubjectAliasName = message.toUpperCase();
        } else if (z) {
            arrayList = new ArrayList();
            arrayList.add(combineMessage(securityRisk, getMessage("sandbox.security.dialog.expired.signed.label")));
            arrayList2.add(securityInfoTrusted);
            arrayList2.add(getMessage("sandbox.security.info.expired.state"));
        } else if (z3) {
            arrayList = new ArrayList();
            arrayList.add(combineMessage(securityRisk, getMessage("sandbox.security.info.selfsigned.revocation.unknown")));
            arrayList2.add(securityInfoTrusted);
            arrayList2.add(getMessage("sandbox.security.info.revocation.unsure.state"));
        } else {
            arrayList2.add(securityInfoTrusted);
            arrayList2.add(getMessage("sandbox.security.info.trusted.state"));
        }
        if (arrayList != null) {
            arrayList.addAll(arrayList2);
        }
        String message2 = arrayList == null ? getMessage("security.dialog.valid.caption") : getMessage("security.dialog.caption");
        boolean z4 = false;
        boolean z5 = false;
        if (!z2 && !z3) {
            if (!appInfo.isMultiHost()) {
                z4 = true;
            } else if (DeployManifestChecker.verifyApplicationLibraryAllowableCodebase(url, appInfo)) {
                z4 = true;
                z5 = true;
            }
        }
        DeployManifestChecker.printWarningsIfRequired(url, appInfo);
        return ToolkitStore.getUI().showSandboxSecurityDialog(z5 ? AppInfo.createSingleHostAppInfo(appInfo) : new AppInfo(appInfo), message2, masthead, extractSubjectAliasName, url, z4, false, runKey, cancel, arrayList != null ? (String[]) arrayList.toArray(new String[arrayList.size()]) : null, arrayList == null ? (String[]) arrayList2.toArray(new String[arrayList2.size()]) : null, true, x509CertificateArr, 0, x509CertificateArr.length, z2 || z || z3, z2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void checkRunRuleMessage(DeploymentRuleSet deploymentRuleSet, URL url, AppInfo appInfo, X509Certificate x509Certificate) {
        String message = deploymentRuleSet.getMessage();
        if (message == null || message.length() <= 0 || DecisionTime.withinTime(url, appInfo, x509Certificate, LocalApplicationProperties.RUNRULE_KEY)) {
            return;
        }
        UIFactory ui = ToolkitStore.getUI();
        ToolkitStore.getUI();
        ui.showMessageDialog(null, appInfo, 1, getMessage("runrule.message.title"), getMessage("runrule.message.masthead"), message, null, getMessage("common.ok_btn"), null, null, null);
        DecisionTime.setTime(url, appInfo, x509Certificate, LocalApplicationProperties.RUNRULE_KEY);
    }

    private static String combineMessage(String str, String str2) {
        return str + "\n\n" + str2;
    }

    static {
        SessionState.register(sessionProps);
        verifiedHttpsConnection = new HashSet();
        lock = new Object();
        blockLock = new Object();
        blockKey = null;
        masthead = getMessage("deployment.ssv.masthead");
        runKey = "deployment.ssv.run";
        cancel = getMessage("deployment.ssv.cancel");
        securityInfoDescription = getMessage("sandbox.security.info.description");
        securityInfoCanel = getMessage("sandbox.security.info.cancel");
        securityInfoTrusted = getMessage("sandbox.security.info.trusted");
        securityRisk = getMessage("sandbox.security.info.risk");
    }
}
