package com.sun.deploy.security;

import com.sun.deploy.config.Config;
import com.sun.deploy.resources.ResourceManager;
import com.sun.deploy.trace.Trace;
import com.sun.deploy.trace.TraceLevel;
import java.io.File;
import java.io.FileInputStream;
import java.io.FilePermission;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Properties;

/* loaded from: input_file:com/sun/deploy/security/BlacklistedCerts.class */
public class BlacklistedCerts {
    private static final String ALGORITHM_KEY = "Algorithm";
    private static final AccessControlContext ACC_FILE_INSTANCE;
    private static Properties props = null;
    private static String algorithm = null;
    private static final File blacklistCertsFile = new File(Config.getDynamicBlacklistCertsFile());

    public static void check(X509Certificate x509Certificate) throws CertificateException {
        if (Config.getBooleanProperty(Config.SEC_USE_BLACKLIST_CHECK_KEY)) {
            if (props == null) {
                load();
            }
            if (algorithm == null) {
                return;
            }
            if (props.containsKey(CertUtils.getCertificateFingerPrint(algorithm, x509Certificate))) {
                String string = ResourceManager.getString("blacklisted.certificate");
                Trace.println(string, TraceLevel.SECURITY);
                throw new CertificateException(string);
            }
        }
    }

    private static void load() {
        props = new Properties();
        try {
            if (Boolean.TRUE.equals((Boolean) AccessController.doPrivileged(new PrivilegedExceptionAction<Boolean>() { // from class: com.sun.deploy.security.BlacklistedCerts.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Boolean run() throws Exception {
                    Boolean bool = Boolean.FALSE;
                    if (BlacklistedCerts.blacklistCertsFile.exists()) {
                        FileInputStream fileInputStream = null;
                        try {
                            try {
                                fileInputStream = new FileInputStream(BlacklistedCerts.blacklistCertsFile);
                                BlacklistedCerts.props.load(fileInputStream);
                                bool = Boolean.TRUE;
                                if (fileInputStream != null) {
                                    try {
                                        fileInputStream.close();
                                    } catch (Exception e) {
                                        Trace.ignored(e);
                                    }
                                }
                            } catch (Throwable th) {
                                if (fileInputStream != null) {
                                    try {
                                        fileInputStream.close();
                                    } catch (Exception e2) {
                                        Trace.ignored(e2);
                                    }
                                }
                                throw th;
                            }
                        } catch (Exception e3) {
                            Trace.ignored(e3);
                            if (fileInputStream != null) {
                                try {
                                    fileInputStream.close();
                                } catch (Exception e4) {
                                    Trace.ignored(e4);
                                }
                            }
                        }
                    }
                    return bool;
                }
            }, ACC_FILE_INSTANCE))) {
                Trace.println("Loaded blacklisted.certs file: " + blacklistCertsFile, TraceLevel.SECURITY);
            } else {
                Trace.println("Could not load blacklisted.certs file", TraceLevel.SECURITY);
            }
        } catch (PrivilegedActionException e) {
            e.printStackTrace();
        }
        algorithm = props.getProperty(ALGORITHM_KEY);
        if (algorithm == null) {
            Trace.println("blacklisted.certs file contains no Algorithm property.", TraceLevel.SECURITY);
        }
    }

    static {
        Permissions permissions = new Permissions();
        permissions.add(new FilePermission("<<ALL FILES>>", "read"));
        ACC_FILE_INSTANCE = new AccessControlContext(new ProtectionDomain[]{new ProtectionDomain(null, permissions)});
    }
}
