package com.sun.deploy.util;

import com.sun.deploy.config.Config;
import com.sun.deploy.trace.Trace;
import com.sun.deploy.trace.TraceLevel;
import java.io.BufferedReader;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StreamTokenizer;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.NoSuchElementException;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.Manifest;
import sun.security.util.BitArray;

/* loaded from: input_file:com/sun/deploy/util/BlackList.class */
public final class BlackList {
    private static final String DIGEST_MANIFEST = "-DIGEST-MANIFEST";
    private static final String CACHE_VERSION = "v2";
    private static final int BITLEN = 65536;
    private static final int WORDLEN = 2;
    private static final int NEED_CREATE = 0;
    private static final int NEED_LOAD = 1;
    private static final int IN_MEMORY = 2;
    private List<File> rawBlacklistFiles;
    private Cache cachedBlacklistFile;
    private SmartBitArray cache;
    private long lastModified;
    private boolean isEmpty;
    private int state;
    private static BlackList INSTANCE = null;
    private static final String[] stateStrings = {"NEED_CREATE", "NEED_LOAD", "IN_MEMORY"};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sun/deploy/util/BlackList$Cache.class */
    public static class Cache {
        File file = new File(Config.getSecurityCacheDir(), "blacklist.cache");
        int signature;

        Cache(int i) {
            this.signature = i;
            FileInputStream fileInputStream = null;
            boolean z = false;
            try {
                fileInputStream = new FileInputStream(this.file);
                z = new DataInputStream(fileInputStream).readInt() != i ? true : z;
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        Trace.println("blacklist: Cannot close " + this.file, TraceLevel.SECURITY);
                    }
                }
            } catch (IOException e2) {
                z = true;
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e3) {
                        Trace.println("blacklist: Cannot close " + this.file, TraceLevel.SECURITY);
                    }
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e4) {
                        Trace.println("blacklist: Cannot close " + this.file, TraceLevel.SECURITY);
                        throw th;
                    }
                }
                throw th;
            }
            if (z) {
                Trace.println("blacklist: Reconstruct cache", TraceLevel.SECURITY);
                this.file.delete();
            }
        }

        long lastModified() {
            return this.file.lastModified();
        }

        boolean exists() {
            return this.file.exists();
        }

        void delete() {
            this.file.delete();
        }

        SmartBitArray loadCache() throws IOException {
            Trace.println("blacklist: loadCache", TraceLevel.SECURITY);
            byte[] bArr = new byte[8192];
            FileInputStream fileInputStream = null;
            try {
                fileInputStream = new FileInputStream(this.file);
                fileInputStream.read(bArr, 0, 4);
                fileInputStream.read(bArr);
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                return new SmartBitArray(65536, bArr);
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        }

        void save(SmartBitArray smartBitArray) {
            Trace.println("blacklist: save cache to " + this.file, TraceLevel.SECURITY);
            FileOutputStream fileOutputStream = null;
            try {
                try {
                    new File(Config.getSecurityCacheDir()).mkdir();
                    fileOutputStream = new FileOutputStream(this.file);
                    new DataOutputStream(fileOutputStream).writeInt(this.signature);
                    fileOutputStream.write(smartBitArray.toByteArray());
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (IOException e) {
                        }
                    }
                } catch (IOException e2) {
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (IOException e3) {
                            Trace.println("blacklist: Cannot close " + this.file, TraceLevel.SECURITY);
                        }
                        fileOutputStream = null;
                    }
                    this.file.delete();
                    Trace.println("blacklist: Cannot save cache", TraceLevel.SECURITY);
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (IOException e4) {
                        }
                    }
                }
            } catch (Throwable th) {
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e5) {
                    }
                }
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sun/deploy/util/BlackList$SmartBitArray.class */
    public static class SmartBitArray extends BitArray {
        private boolean isEmpty;

        SmartBitArray(int i) {
            super(i);
            this.isEmpty = true;
        }

        SmartBitArray(int i, byte[] bArr) {
            super(i, bArr);
            this.isEmpty = true;
            this.isEmpty = false;
        }

        public void set(int i, boolean z) throws ArrayIndexOutOfBoundsException {
            super.set(i, z);
            this.isEmpty = false;
        }

        boolean isEmpty() {
            return this.isEmpty;
        }
    }

    private static BlackList createDefaultInstance() {
        BlackList blackList = null;
        if (Config.getBooleanProperty(Config.SEC_USE_BLACKLIST_CHECK_KEY)) {
            Trace.msgSecurityPrintln("downloadengine.check.blacklist.enabled");
            blackList = new BlackList(false);
        }
        if (blackList == null) {
            blackList = new BlackList(true);
        }
        return blackList;
    }

    public static synchronized BlackList getInstance() {
        if (INSTANCE == null) {
            INSTANCE = createDefaultInstance();
        }
        return INSTANCE;
    }

    static String getCachePath() {
        return getInstance().cachedBlacklistFile.file.getPath();
    }

    private BlackList(boolean z) {
        this.isEmpty = z;
        if (z) {
            this.lastModified = 0L;
        } else {
            String dynamicBlacklistFile = Config.getDynamicBlacklistFile();
            String systemBlacklistFile = Config.getSystemBlacklistFile();
            String userBlacklistFile = Config.getUserBlacklistFile();
            this.rawBlacklistFiles = new ArrayList();
            this.rawBlacklistFiles.add(new File(dynamicBlacklistFile));
            this.rawBlacklistFiles.add(new File(systemBlacklistFile));
            this.rawBlacklistFiles.add(new File(userBlacklistFile));
            StringBuilder sb = new StringBuilder();
            sb.append(CACHE_VERSION).append('|');
            boolean z2 = false;
            for (File file : this.rawBlacklistFiles) {
                sb.append(file.getPath()).append('|');
                long lastModified = file.lastModified();
                if (lastModified != 0) {
                    z2 = true;
                }
                sb.append(lastModified).append('|');
            }
            if (!z2) {
                this.isEmpty = true;
                this.lastModified = 0L;
                Trace.println("blacklist: no raw file", TraceLevel.SECURITY);
                return;
            } else {
                this.cachedBlacklistFile = new Cache(sb.toString().hashCode());
                if (this.cachedBlacklistFile.exists()) {
                    this.state = 1;
                    this.lastModified = this.cachedBlacklistFile.lastModified();
                } else {
                    this.state = 0;
                    this.lastModified = new Date().getTime();
                }
            }
        }
        Trace.println("blacklist: created: " + stateStrings[this.state] + ", lastModified: " + this.lastModified, TraceLevel.SECURITY);
    }

    public synchronized boolean contains(String str, String str2) {
        if (this.isEmpty) {
            return false;
        }
        Trace.println("blacklist: check contains " + str2 + ", state now " + stateStrings[this.state], TraceLevel.SECURITY);
        if (this.state == 0) {
            return checkInRaw(str, str2, true);
        }
        try {
            if (this.state == 1) {
                this.cache = this.cachedBlacklistFile.loadCache();
                this.state = 2;
            }
            boolean checkInCache = checkInCache(str2);
            Trace.println("blacklist: " + (checkInCache ? "" : "not ") + " found in cache", TraceLevel.SECURITY);
            if (checkInCache) {
                return checkInRaw(str, str2, false);
            }
            return false;
        } catch (IOException e) {
            return checkInRaw(str, str2, true);
        }
    }

    public static boolean updateCache() {
        BlackList blackList = getInstance();
        if (blackList.state != 0) {
            return false;
        }
        synchronized (blackList) {
            blackList.checkInRaw(null, null, true);
        }
        return true;
    }

    private boolean checkInCache(String str) {
        byte[] debase64 = debase64(str);
        if (debase64.length == 0) {
            return false;
        }
        for (int i = 0; i + 2 <= debase64.length; i += 2) {
            int i2 = 0;
            for (int i3 = 0; i3 < 2; i3++) {
                i2 = (i2 << 8) | (debase64[i + i3] & 255);
            }
            if (!this.cache.get(i2)) {
                return false;
            }
        }
        return true;
    }

    private boolean checkInRaw(String str, String str2, boolean z) {
        if (z) {
            this.cache = new SmartBitArray(65536);
        }
        boolean z2 = false;
        for (File file : this.rawBlacklistFiles) {
            if (z2) {
                checkInOneRaw(file, null, null, true);
                Trace.println("blacklist: read raw " + file, TraceLevel.SECURITY);
            } else {
                z2 = checkInOneRaw(file, str, str2, z);
                Trace.println("blacklist: check raw " + file + ", " + z2, TraceLevel.SECURITY);
            }
            if (z2 && !z) {
                return true;
            }
        }
        if (z) {
            saveCache();
        }
        return z2;
    }

    private void saveCache() {
        if (this.cache.isEmpty()) {
            this.isEmpty = true;
            Trace.println("blacklist: raw files are all empty", TraceLevel.SECURITY);
            this.cachedBlacklistFile.delete();
        } else {
            this.cachedBlacklistFile.save(this.cache);
        }
        this.state = 2;
    }

    private boolean checkInOneRaw(final File file, String str, String str2, boolean z) {
        boolean z2;
        if (!file.exists()) {
            return false;
        }
        BufferedReader bufferedReader = null;
        z2 = false;
        try {
            try {
                try {
                    BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader((FileInputStream) AccessController.doPrivileged(new PrivilegedExceptionAction<FileInputStream>() { // from class: com.sun.deploy.util.BlackList.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedExceptionAction
                        public FileInputStream run() throws Exception {
                            return new FileInputStream(file);
                        }
                    })));
                    StreamTokenizer streamTokenizer = new StreamTokenizer(bufferedReader2);
                    setupTokenizer(streamTokenizer);
                    while (true) {
                        int nextToken = streamTokenizer.nextToken();
                        if (nextToken == -1) {
                            if (bufferedReader2 != null) {
                                try {
                                    bufferedReader2.close();
                                } catch (IOException e) {
                                    Trace.println("blacklist: Cannot close reader for " + file, TraceLevel.SECURITY);
                                }
                            }
                        } else if (nextToken != 10) {
                            if (nextToken != -3) {
                                throw new IOException("Unexpected token: " + streamTokenizer);
                            }
                            String str3 = streamTokenizer.sval;
                            if (!str3.toUpperCase(Locale.ENGLISH).endsWith(DIGEST_MANIFEST)) {
                                throw new IOException("Unknown attribute `" + str3 + "', line " + streamTokenizer.lineno());
                            }
                            String str4 = streamTokenizer.sval;
                            parseColon(streamTokenizer);
                            streamTokenizer.wordChars(61, 61);
                            if (streamTokenizer.nextToken() != -3) {
                                throw new IOException("Unexpected value: " + streamTokenizer);
                            }
                            streamTokenizer.ordinaryChar(61);
                            String str5 = streamTokenizer.sval;
                            if (str5 == null) {
                                throw new IOException("hash must be specified");
                            }
                            if (str5.equals(str2) && str4.equalsIgnoreCase(str)) {
                                z2 = true;
                                if (!z) {
                                    if (bufferedReader2 != null) {
                                        try {
                                            bufferedReader2.close();
                                        } catch (IOException e2) {
                                            Trace.println("blacklist: Cannot close reader for " + file, TraceLevel.SECURITY);
                                        }
                                    }
                                    return true;
                                }
                            }
                            if (z) {
                                encode(str5);
                            }
                        }
                    }
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (IOException e3) {
                            Trace.println("blacklist: Cannot close reader for " + file, TraceLevel.SECURITY);
                        }
                    }
                    throw th;
                }
            } catch (IOException e4) {
                Trace.println("blacklist: " + e4, TraceLevel.SECURITY);
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e5) {
                        Trace.println("blacklist: Cannot close reader for " + file, TraceLevel.SECURITY);
                    }
                }
            }
        } catch (PrivilegedActionException e6) {
            Trace.println("blacklist: PrivilegedActionException: " + e6, TraceLevel.SECURITY);
            if (0 != 0) {
                try {
                    bufferedReader.close();
                } catch (IOException e7) {
                    Trace.println("blacklist: Cannot close reader for " + file, TraceLevel.SECURITY);
                }
            }
        }
        return z2;
    }

    private void encode(String str) {
        byte[] debase64 = debase64(str);
        for (int i = 0; i + 2 <= debase64.length; i += 2) {
            int i2 = 0;
            for (int i3 = 0; i3 < 2; i3++) {
                i2 = (i2 << 8) | (debase64[i + i3] & 255);
            }
            this.cache.set(i2, true);
        }
    }

    private static byte[] debase64(String str) {
        try {
            return Base64Wrapper.decodeFromString(str);
        } catch (IOException e) {
            Trace.println("blacklist: Cannot decode " + str, TraceLevel.SECURITY);
            return new byte[0];
        }
    }

    public boolean isEmpty() {
        return this.isEmpty;
    }

    private void setupTokenizer(StreamTokenizer streamTokenizer) {
        streamTokenizer.resetSyntax();
        streamTokenizer.wordChars(97, 122);
        streamTokenizer.wordChars(65, 90);
        streamTokenizer.wordChars(48, 57);
        streamTokenizer.wordChars(46, 46);
        streamTokenizer.wordChars(45, 45);
        streamTokenizer.wordChars(95, 95);
        streamTokenizer.wordChars(43, 43);
        streamTokenizer.wordChars(47, 47);
        streamTokenizer.whitespaceChars(0, 32);
        streamTokenizer.commentChar(35);
        streamTokenizer.eolIsSignificant(true);
    }

    private void parseColon(StreamTokenizer streamTokenizer) throws IOException {
        if (streamTokenizer.nextToken() != 58) {
            throw new IOException("Expected ':', read " + streamTokenizer);
        }
    }

    private static Attributes readAttributes(JarFile jarFile, JarEntry jarEntry) throws IOException {
        final InputStream inputStream;
        if (jarFile.getJarEntry(jarEntry.getName()) == null || (inputStream = jarFile.getInputStream(jarEntry)) == null) {
            return null;
        }
        try {
            Attributes attributes = (Attributes) AccessController.doPrivileged(new PrivilegedExceptionAction<Attributes>() { // from class: com.sun.deploy.util.BlackList.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Attributes run() throws Exception {
                    return new Manifest(inputStream).getMainAttributes();
                }
            });
            inputStream.close();
            return attributes;
        } catch (PrivilegedActionException e) {
            inputStream.close();
            return null;
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    public boolean checkJarEntry(JarFile jarFile, JarEntry jarEntry) throws IOException, GeneralSecurityException {
        Attributes readAttributes;
        if (isEmpty() || jarEntry == null) {
            return true;
        }
        if (!jarEntry.getName().toUpperCase(Locale.ENGLISH).endsWith(".SF") || (readAttributes = readAttributes(jarFile, jarEntry)) == null) {
            return false;
        }
        Iterator<Object> it = readAttributes.keySet().iterator();
        while (it.hasNext()) {
            String obj = it.next().toString();
            if (obj.toUpperCase(Locale.ENGLISH).endsWith(DIGEST_MANIFEST) && INSTANCE.contains(obj, readAttributes.getValue(new Attributes.Name(obj)))) {
                Trace.msgSecurityPrintln("downloadengine.check.blacklist.found", new Object[]{jarFile.getName()});
                throw new GeneralSecurityException("blacklisted entry!");
            }
        }
        Trace.msgSecurityPrintln("downloadengine.check.blacklist.notfound");
        return false;
    }

    public boolean checkJarFile(JarFile jarFile) throws IOException {
        if (isEmpty()) {
            Trace.msgSecurityPrintln("downloadengine.check.blacklist.notexist");
            return false;
        }
        List<Object> manifestDigests = getManifestDigests(jarFile);
        if (manifestDigests != null && manifestDigests.size() > 0) {
            try {
                Iterator<Object> it = manifestDigests.iterator();
                while (it.hasNext()) {
                    if (INSTANCE.contains((String) it.next(), (String) it.next())) {
                        Trace.msgSecurityPrintln("downloadengine.check.blacklist.found", new Object[]{jarFile.getName()});
                        return true;
                    }
                }
                return false;
            } catch (NoSuchElementException e) {
            }
        }
        Enumeration<JarEntry> entries = jarFile.entries();
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            String upperCase = nextElement.getName().toUpperCase(Locale.ENGLISH);
            if (upperCase.startsWith("META-INF/") || upperCase.startsWith("/META-INF/")) {
                try {
                    if (checkJarEntry(jarFile, nextElement)) {
                        return false;
                    }
                } catch (GeneralSecurityException e2) {
                    return true;
                }
            }
        }
        Trace.msgSecurityPrintln("downloadengine.check.blacklist.notsigned");
        return false;
    }

    public boolean hasBeenModifiedSince(long j) {
        long j2 = this.lastModified;
        Trace.println("blacklist: hasBeenModifiedSince " + j + " (we have " + j + ")", TraceLevel.SECURITY);
        return this.lastModified >= j;
    }

    private static List<Object> getManifestDigests(JarFile jarFile) {
        try {
            return DeployJavaUtilJarAccess.instance().getManifestDigests(jarFile);
        } catch (NoClassDefFoundError e) {
            return null;
        } catch (NoSuchMethodError e2) {
            return null;
        }
    }
}
