package com.sun.deploy.security.ruleset;

import com.sun.deploy.Environment;
import com.sun.deploy.cache.Cache;
import com.sun.deploy.config.Config;
import com.sun.deploy.ref.AppRef;
import com.sun.deploy.ref.CodeInstance;
import com.sun.deploy.ref.CodeRef;
import com.sun.deploy.resources.ResourceManager;
import com.sun.deploy.security.BlockedException;
import com.sun.deploy.security.TrustDecider;
import com.sun.deploy.security.ValidationState;
import com.sun.deploy.trace.Trace;
import com.sun.deploy.trace.TraceLevel;
import com.sun.deploy.util.JarUtil;
import com.sun.deploy.util.SessionProperties;
import com.sun.deploy.util.SessionState;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.AccessController;
import java.security.CodeSigner;
import java.security.CodeSource;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;

/* loaded from: input_file:com/sun/deploy/security/ruleset/DeploymentRuleSet.class */
public abstract class DeploymentRuleSet {
    public static final String XML_FILENAME = "ruleset.xml";
    private static DRSHelper drsHelper;
    private static DeploymentRuleSet defaultRule = null;
    private static DeploymentRuleSet exceptionRule = null;
    private static boolean isInitialized = false;
    private static Exception initializationException = null;
    protected static final String FILENAME = "drs.properties";
    private static SessionProperties sessionProps = new SessionProperties(FILENAME);
    private static HashMap<CodeInstance, DeploymentRuleSet> drsMap;

    public abstract boolean isCaSignedNever();

    public abstract boolean isSelfSignedNever();

    public abstract boolean isSSVModeNever();

    public abstract boolean isRunLocalAppletsNever();

    public abstract boolean isRunUntrustedNever();

    public abstract boolean isRunUntrustedMultiClick();

    public abstract boolean isSSVModeMultiClick();

    public abstract boolean isRevocationCheckBestEffort();

    public abstract boolean isExpiredBlocked();

    public abstract boolean isPermissionsManifestRequired();

    public abstract boolean isAskGrantShowSet();

    public abstract boolean isAskGrantSelfSignedSet();

    public abstract boolean isRuleRun();

    public abstract boolean isRuleBlock();

    public abstract String getVersionString();

    public abstract boolean isVersionForced();

    public abstract String getMessage();

    public abstract Exception getException();

    public abstract boolean isLiveConnectAllowedUnchecked();

    public abstract boolean allowInsecureProperties();

    public abstract boolean allowNativeSandbox();

    public abstract boolean isUnrelatedVmSharingAllowed();

    public abstract String getCustomerString();

    public static DeploymentRuleSet getDefault() {
        if (defaultRule == null) {
            defaultRule = new DefaultRule(null, null);
        }
        return defaultRule;
    }

    public static DeploymentRuleSet getDefault(String str, String str2) {
        return (str == null && str2 == null) ? getDefault() : new DefaultRule(str, str2);
    }

    private static DeploymentRuleSet getExceptionRule() {
        if (exceptionRule == null) {
            exceptionRule = new ExceptionRule(null, null);
        }
        return exceptionRule;
    }

    public static DeploymentRuleSet getExceptionRule(String str, String str2) {
        return (str == null && str2 == null) ? getExceptionRule() : new ExceptionRule(str, str2);
    }

    private static DeploymentRuleSet getDefaultOrException(AppRef appRef, CodeRef codeRef, String str, String str2) {
        try {
            if (RuleId.isException(appRef, codeRef) || Environment.isGlobalException()) {
                Trace.println("Exception List entry exists for: " + String.valueOf(appRef.getLocation()) + "\nno DRS rule applies, returning Exception Rule", TraceLevel.RULESET);
                return getExceptionRule(str, str2);
            }
            DeploymentRuleSet deploymentRuleSet = getDefault(str, str2);
            Trace.println("no exception applies, returning Rule: " + deploymentRuleSet, TraceLevel.RULESET);
            return deploymentRuleSet;
        } catch (BlockedException e) {
            return new BlockRule(e.getMessage(), e, true, str2);
        }
    }

    public static DeploymentRuleSet findDRS(CodeInstance codeInstance) {
        DeploymentRuleSet deploymentRuleSet = drsMap.get(codeInstance);
        if (deploymentRuleSet == null) {
            deploymentRuleSet = getDRS(codeInstance);
            drsMap.put(codeInstance, deploymentRuleSet);
        }
        return deploymentRuleSet;
    }

    private static DeploymentRuleSet getDRS(CodeInstance codeInstance) {
        Rule findRule;
        AppRef appRef = codeInstance.getAppRef();
        CodeRef codeRef = codeInstance.getCodeRef();
        Trace.println("finding Deployment Rule Set for appRef=" + appRef + ", codeRef = " + codeRef, TraceLevel.RULESET);
        initialize();
        if (initializationException != null) {
            Trace.println("Exception parsing deployment rule set " + initializationException, TraceLevel.RULESET);
            Trace.ignored(initializationException);
            String string = ResourceManager.getString("deployment.blocked.ruleset.exception");
            if (initializationException instanceof BlockedException) {
                string = initializationException.getMessage();
            }
            return new BlockRule(string, initializationException, false, null);
        }
        String str = null;
        String str2 = null;
        if (drsHelper != null && (findRule = drsHelper.findRule(appRef, codeRef)) != null) {
            Trace.println("found matching id, using rule: " + findRule, TraceLevel.RULESET);
            RuleAction action = findRule.getAction();
            if (action.isRun()) {
                RuleId id = findRule.getId();
                return new RunRule(action.getVersionString(), action.isVersionForced(), action.getBlockedMessage(), id.getCertHash(), id.getCertAlgorithm(), id.getLocation(), findRule.getCustomerString());
            }
            if (action.isBlock()) {
                return new BlockRule(action.getBlockedMessage(), null, false, findRule.getCustomerString());
            }
            if (action.isDefault()) {
                str = action.getBlockedMessage();
                str2 = findRule.getCustomerString();
            }
        }
        return getDefaultOrException(appRef, codeRef, str, str2);
    }

    public static synchronized void initialize() {
        if (isInitialized) {
            return;
        }
        drsHelper = null;
        final File dRSFile = Config.getDRSFile();
        if (dRSFile != null && dRSFile.exists()) {
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.sun.deploy.security.ruleset.DeploymentRuleSet.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        DeploymentRuleSet.validateDRS(dRSFile);
                        return null;
                    }
                });
            } catch (PrivilegedActionException e) {
                initializationException = e.getException();
            } catch (Exception e2) {
                initializationException = e2;
            }
        }
        isInitialized = true;
    }

    public static boolean isRuleSetFileExists() {
        File dRSFile = Config.getDRSFile();
        return dRSFile != null && dRSFile.exists();
    }

    public static void validateDRS(File file) throws IOException {
        verifyRuleSetFile(file);
        JarFile jarFile = null;
        try {
            JarFile createJarFile = JarUtil.createJarFile(file, false);
            JarEntry jarEntry = createJarFile.getJarEntry(XML_FILENAME);
            if (jarEntry == null) {
                throw new RuleParseException("DeploymentRuleSet.jar is missing ruleset.xml file.", null, RuleParseException.REASON_EXCEPTION, 0);
            }
            drsHelper = new DRSHelper(createJarFile.getInputStream(jarEntry));
            if (createJarFile != null) {
                createJarFile.close();
            }
        } catch (Throwable th) {
            if (0 != 0) {
                jarFile.close();
            }
            throw th;
        }
    }

    public static boolean installRuleSetFile(File file) {
        File dRSFile = Config.getDRSFile();
        try {
            Cache.copyFile(file, dRSFile);
            return true;
        } catch (Throwable th) {
            Trace.println("could not copy Deployment Rule Set file from " + file + " to " + dRSFile, TraceLevel.RULESET);
            return true;
        }
    }

    public static void verifyRuleSetFile(File file) {
        JarFile createJarFile;
        JarEntry jarEntry;
        String str = null;
        Throwable th = null;
        if (file.toString().equals(sessionProps.getProperty("drs.verified"))) {
            Trace.println("The file: " + file + " was verified before relaunch.", TraceLevel.RULESET);
            return;
        }
        JarFile jarFile = null;
        try {
            createJarFile = JarUtil.createJarFile(file, true);
            jarEntry = createJarFile.getJarEntry(XML_FILENAME);
        } catch (IOException e) {
            str = "deployment.cannot.validate.exception";
            th = e;
            if (0 != 0) {
                try {
                    jarFile.close();
                } catch (IOException e2) {
                }
            }
        } catch (Throwable th2) {
            if (0 != 0) {
                try {
                    jarFile.close();
                } catch (IOException e3) {
                }
            }
            throw th2;
        }
        if (jarEntry == null) {
            throw new BlockedException(ResourceManager.getString("deployment.invalid.ruleset"), null);
        }
        try {
            InputStream inputStream = createJarFile.getInputStream(jarEntry);
            byte[] bArr = new byte[1024];
            for (int length = bArr.length; length != -1; length = inputStream.read(bArr, 0, bArr.length)) {
            }
            inputStream.close();
        } catch (IOException e4) {
            Trace.ignored(e4);
        }
        CodeSigner[] codeSigners = jarEntry.getCodeSigners();
        if (codeSigners == null || codeSigners.length == 0) {
            Trace.println("Failed to validate jar \"" + file.getAbsolutePath() + "\", the jar may be signed with a weak algorithm that is now disabled, for example MD2 or MD5. Please turn on \"-Djava.security.debug=jar\" to get more detailed trace or go to http://java.com/jcpsecurity to find more information.", TraceLevel.SECURITY);
        }
        ValidationState jarValidationState = TrustDecider.getJarValidationState(new CodeSource(file.toURI().toURL(), codeSigners), null, null);
        if (jarValidationState.trustDecision == 0) {
            str = "deployment.cannot.validate";
        } else if (!jarValidationState.rootCAValid) {
            str = "deployment.cannot.validate.selfsigned";
        } else if (jarValidationState.certValidity != 0 || !jarValidationState.timeValid) {
            str = "deployment.cannot.validate.expired";
            th = jarValidationState.certExpiredException != null ? jarValidationState.certExpiredException : jarValidationState.certNotYetValidException;
        }
        if (createJarFile != null) {
            try {
                createJarFile.close();
            } catch (IOException e5) {
            }
        }
        if (str != null) {
            throw new BlockedException(ResourceManager.getString(str), th);
        }
        Trace.println("verification succeeded for signed Deployment Rule Set file " + file, TraceLevel.RULESET);
        sessionProps.setProperty("drs.verified", file.toString());
    }

    public String toString() {
        return "DeploymentRuleSet: generic";
    }

    public boolean skipThisCertArray(X509Certificate[] x509CertificateArr) {
        return false;
    }

    public boolean skipMetaInfDirectory() {
        return false;
    }

    static {
        SessionState.register(sessionProps);
        drsMap = new HashMap<>();
    }
}
