package com.sun.deploy.net;

import com.sun.deploy.config.Config;
import com.sun.deploy.trace.Trace;
import com.sun.deploy.xml.XMLNode;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.SocketPermission;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLPermission;
import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.ReentrantLock;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.SAXNotRecognizedException;
import org.xml.sax.SAXNotSupportedException;
import org.xml.sax.helpers.DefaultHandler;
import sun.net.www.protocol.http.HttpURLConnection;

/* loaded from: input_file:com/sun/deploy/net/CrossDomainXML.class */
public class CrossDomainXML {
    static final String ALT_XDOMAIN_FILES = "jnlp.altCrossDomainXMLFiles";
    public static final int CHECK_RESOLVE = -1;
    public static final int CHECK_SET_HOST = -2;
    public static final int CHECK_SUBPATH = -3;
    public static final int CHECK_CONNECT = -4;
    private static final AccessControlContext noPermissionACC = new AccessControlContext(new ProtectionDomain[]{new ProtectionDomain(null, null)});
    private static final AccessControlContext onlyConnectACC;
    private static final ReentrantLock lock;
    private static final int NO_ACCESS = 0;
    private static final int URL_CONNECTIONS = 1;
    private static final int SOCKET_CONNECTIONS = 2;
    private static final Map<String, Integer> domains;
    private static final Map<String, List<URL>> allowedURLs;
    private static List<URL> alternateURLs;
    private static String POLICY_FILE_PATH;
    private static final String DTD_DOWNLOAD = "http://apache.org/xml/features/nonvalidating/load-external-dtd";
    private static final String DTD_VALIDATION = "http://xml.org/sax/features/validation";
    private static final String EXTERNAL_ENTITIES = "http://xml.org/sax/features/external-general-entities";
    private static final String EXTERNAL_PARAMETERS = "http://xml.org/sax/features/external-parameter-entities";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sun/deploy/net/CrossDomainXML$Handler.class */
    public static class Handler extends DefaultHandler {
        private static final int INITIAL = 0;
        private static final int IN_CROSS_DOMAIN_POLICY = 1;
        private static final int ALLOWED = 2;
        private static final int DENIED = 3;
        private static final int UNKNOWN = 4;
        private int depth;
        private int state;
        private int result;

        private Handler() {
            this.depth = 0;
            this.state = 0;
            this.result = 4;
        }

        @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
        public void startElement(String str, String str2, String str3, Attributes attributes) throws SAXException {
            this.depth++;
            switch (this.state) {
                case 0:
                    if (this.depth == 1 && str3.equals("cross-domain-policy")) {
                        this.state = 1;
                        return;
                    }
                    return;
                case 1:
                    if (this.depth != 2) {
                        return;
                    }
                    if (str3.equals("allow-access-from")) {
                        if (attributes.getValue("domain").equals(XMLNode.WILDCARD) && this.result == 4) {
                            this.result = 2;
                            return;
                        } else {
                            this.result = 3;
                            return;
                        }
                    }
                    if (!str3.equals("site-control")) {
                        this.state = 0;
                        return;
                    }
                    String value = attributes.getValue("permitted-cross-domain-policies");
                    if (value == null || value.equals("none")) {
                        this.result = 3;
                        return;
                    } else {
                        if (value.equals("master-only") || value.equals("by-content-type") || value.equals("by-ftp-filename") || value.equals("all")) {
                            return;
                        }
                        this.result = 3;
                        return;
                    }
                default:
                    return;
            }
        }

        @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
        public void endElement(String str, String str2, String str3) throws SAXException {
            this.depth--;
        }

        public boolean isAllowed() {
            return this.result == 2;
        }
    }

    private CrossDomainXML() {
    }

    private static boolean isProcessed(String str, int i) {
        return domains.containsKey(getDomainID(str, i));
    }

    private static boolean hasURLLevelAccess(String str, int i) {
        Integer num = domains.get(getDomainID(str, i));
        return (num == null || num.intValue() == 0) ? false : true;
    }

    private static boolean hasSocketLevelAccess(String str, int i) {
        Integer num = domains.get(getDomainID(str, i));
        return num != null && num.intValue() == 2;
    }

    private static void allowNoAccess(String str, int i) {
        addAccess(str, i, 0);
    }

    private static void allowURLLevelAccess(String str, int i) {
        addAccess(str, i, 1);
    }

    private static void allowSocketLevelAccess(String str, int i) {
        addAccess(str, i, 2);
    }

    private static String getDomainID(String str, int i) {
        String lowerCase = str.toLowerCase();
        if (!lowerCase.startsWith("[") && lowerCase.indexOf(58) != -1) {
            lowerCase = "[" + lowerCase + "]";
        }
        return lowerCase + ":" + i;
    }

    private static void addAccess(String str, int i, Integer num) {
        String domainID = getDomainID(str, i);
        doAddAccess(domainID, num);
        InetAddress inetAddress = null;
        try {
            inetAddress = InetAddress.getByName(str);
        } catch (AccessControlException e) {
        } catch (Throwable th) {
            Trace.ignored(th);
            if (th instanceof ThreadDeath) {
                throw ((ThreadDeath) th);
            }
        }
        if (inetAddress != null) {
            String domainID2 = getDomainID(inetAddress.getHostAddress(), i);
            if (domainID.equals(domainID2)) {
                return;
            }
            doAddAccess(domainID2, num);
        }
    }

    private static void doAddAccess(String str, Integer num) {
        Integer num2 = domains.get(str);
        if (num2 == null || num2.intValue() < num.intValue()) {
            domains.put(str, num);
        }
    }

    private static URL getMasterPolicyFileURL(String str, String str2, int i) throws MalformedURLException {
        return new URL(str, str2, i, POLICY_FILE_PATH);
    }

    public static boolean check(Class<?>[] clsArr, URL url, String str, int i, boolean z) {
        boolean z2;
        ThreadDeath threadDeath;
        try {
            lock.lock();
            try {
                if (quickFullCheck(clsArr, url, str, i, z)) {
                    lock.unlock();
                    return true;
                }
                boolean z3 = false;
                ArrayList<URL> arrayList = new ArrayList();
                String protocol = url != null ? url.getProtocol() : "http";
                if (!isProcessed(str, i)) {
                    arrayList.add(getMasterPolicyFileURL(protocol, str, i));
                }
                for (URL url2 : getAlternatePolicyFilesURLs()) {
                    int port = url2.getPort();
                    if (port == -1) {
                        port = url2.getDefaultPort();
                    }
                    if (protocol.equalsIgnoreCase(url2.getProtocol()) && str.equalsIgnoreCase(url2.getHost()) && i == port) {
                        arrayList.add(url2);
                    }
                }
                for (URL url3 : arrayList) {
                    if (check(url3)) {
                        if (url3.getPath().equals("/crossdomain.xml")) {
                            allowSocketLevelAccess(str, i);
                        } else {
                            allowURLLevelAccess(str, i);
                        }
                        String domainID = getDomainID(str, i);
                        List<URL> list = allowedURLs.get(domainID);
                        if (list == null) {
                            ArrayList arrayList2 = new ArrayList();
                            arrayList2.add(url3);
                            allowedURLs.put(domainID, arrayList2);
                        } else {
                            list.add(url3);
                        }
                        z3 = true;
                    } else {
                        allowNoAccess(str, i);
                    }
                }
                if (z3 && quickFullCheck(clsArr, url, str, i, z)) {
                    lock.unlock();
                    return true;
                }
                lock.unlock();
                return false;
            } catch (Throwable th) {
                lock.unlock();
                throw th;
            }
        } finally {
            if (z2) {
            }
        }
    }

    private static boolean quickFullCheck(Class<?>[] clsArr, URL url, String str, int i, boolean z) {
        if (quickCheck(clsArr, str, i)) {
            return true;
        }
        if (z || !hasURLLevelAccess(str, i) || !checkContext(clsArr, HttpURLConnection.class)) {
            return false;
        }
        if (url != null) {
            return checkSubpath(url, allowedURLs.get(getDomainID(str, i)));
        }
        return true;
    }

    public static boolean quickCheck(Class<?>[] clsArr, String str, int i) {
        if (i == -1 && checkContext(clsArr, Socket.class)) {
            return true;
        }
        lock.lock();
        try {
            if (hasSocketLevelAccess(str, i)) {
                lock.unlock();
                return true;
            }
            lock.unlock();
            return false;
        } catch (Throwable th) {
            lock.unlock();
            throw th;
        }
    }

    private static boolean checkContext(Class<?>[] clsArr, Class<?> cls) {
        for (int i = 0; i < clsArr.length; i++) {
            if (clsArr[i].getClassLoader() != null) {
                if (i > 0) {
                    return false;
                }
            } else if (cls.isAssignableFrom(clsArr[i])) {
                return true;
            }
        }
        return false;
    }

    private static boolean checkSubpath(URL url, List<URL> list) {
        String path = url.getPath();
        if (path == "") {
            path = "/";
        }
        Iterator<URL> it = list.iterator();
        while (it.hasNext()) {
            String path2 = it.next().getPath();
            if (path2 == "") {
                path2 = "/";
            }
            int lastIndexOf = path2.lastIndexOf(47);
            if (lastIndexOf != -1) {
                if (path.startsWith(path2.substring(0, lastIndexOf + 1))) {
                    return true;
                }
            }
        }
        return false;
    }

    private static List<URL> getAlternatePolicyFilesURLs() {
        boolean z;
        ThreadDeath threadDeath;
        if (alternateURLs == null) {
            alternateURLs = new ArrayList();
            try {
                String str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: com.sun.deploy.net.CrossDomainXML.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public String run() {
                        return System.getProperty(CrossDomainXML.ALT_XDOMAIN_FILES);
                    }
                });
                if (str != null) {
                    for (String str2 : str.split(",")) {
                        if (str2 != null) {
                            try {
                                URL url = new URL(str2);
                                if ("http".equalsIgnoreCase(url.getProtocol()) || "https".equalsIgnoreCase(url.getProtocol())) {
                                    alternateURLs.add(url);
                                }
                            } catch (MalformedURLException e) {
                            }
                        }
                    }
                }
            } finally {
                if (z) {
                }
            }
        }
        return alternateURLs;
    }

    private static boolean check(URL url) {
        try {
            final Handler handler = new Handler();
            try {
                URLConnection openConnection = url.openConnection();
                int holdCount = lock.getHoldCount();
                for (int i = 0; i < holdCount; i++) {
                    try {
                        lock.unlock();
                    } catch (IllegalMonitorStateException e) {
                    }
                }
                try {
                    privilegedConnect(openConnection);
                    for (int i2 = 0; i2 < holdCount; i2++) {
                        lock.lock();
                    }
                    final SAXParser parser = getParser();
                    final BufferedInputStream bufferedInputStream = new BufferedInputStream(openConnection.getInputStream());
                    try {
                        AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() { // from class: com.sun.deploy.net.CrossDomainXML.2
                            /* JADX WARN: Can't rename method to resolve collision */
                            @Override // java.security.PrivilegedExceptionAction
                            public Void run() throws SAXException, IOException {
                                parser.parse(bufferedInputStream, handler);
                                return null;
                            }
                        }, noPermissionACC);
                        if (bufferedInputStream != null) {
                            bufferedInputStream.close();
                        }
                    } catch (Throwable th) {
                        if (bufferedInputStream != null) {
                            bufferedInputStream.close();
                        }
                        throw th;
                    }
                } catch (Throwable th2) {
                    for (int i3 = 0; i3 < holdCount; i3++) {
                        lock.lock();
                    }
                    throw th2;
                }
            } catch (FileNotFoundException e2) {
            } catch (NoSuchMethodError e3) {
                if (Trace.isEnabled()) {
                    Trace.msgNetPrintln("CrossDomainXML: cannot parse crossdomain.xml. You may be running in a JRE older than version 6.0");
                }
            }
            return handler.isAllowed();
        } catch (Exception e4) {
            Trace.ignoredException(e4);
            return false;
        } catch (Throwable th3) {
            if (!Trace.isEnabled()) {
                return false;
            }
            th3.printStackTrace();
            return false;
        }
    }

    private static void privilegedConnect(final URLConnection uRLConnection) throws IOException {
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() { // from class: com.sun.deploy.net.CrossDomainXML.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws IOException {
                    uRLConnection.connect();
                    return null;
                }
            }, onlyConnectACC);
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            if (!(exception instanceof IOException)) {
                throw new Error(e);
            }
            throw ((IOException) exception);
        }
    }

    static SAXParser getParser() throws SAXNotRecognizedException, ParserConfigurationException, SAXNotSupportedException, SAXException {
        SAXParserFactory newInstance = SAXParserFactory.newInstance("com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl", null);
        newInstance.setFeature(DTD_DOWNLOAD, false);
        newInstance.setFeature(DTD_VALIDATION, false);
        newInstance.setFeature(EXTERNAL_ENTITIES, false);
        newInstance.setFeature(EXTERNAL_PARAMETERS, false);
        return newInstance.newSAXParser();
    }

    static void resetForUnitTests() {
        domains.clear();
        allowedURLs.clear();
        alternateURLs = null;
    }

    private static boolean checkFile(final String str) {
        try {
            final Handler handler = new Handler();
            AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() { // from class: com.sun.deploy.net.CrossDomainXML.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    try {
                        CrossDomainXML.getParser().parse(new File(str), handler);
                        return null;
                    } catch (FileNotFoundException e) {
                        return null;
                    } catch (NoSuchMethodError e2) {
                        if (!Trace.isEnabled()) {
                            return null;
                        }
                        Trace.msgNetPrintln("CrossDomainXML: cannot parse crossdomain.xml. You may be running in a JRE older than version 6.0");
                        return null;
                    }
                }
            });
            return handler.isAllowed();
        } catch (Exception e) {
            Trace.ignoredException(e);
            return false;
        } catch (Throwable th) {
            if (!Trace.isEnabled()) {
                return false;
            }
            th.printStackTrace();
            return false;
        }
    }

    public static void main(String[] strArr) {
        for (String str : strArr) {
            System.out.println(str + ": " + (check(new Class[0], null, str, -1, false) ? "Allowed" : "Denied"));
        }
    }

    static {
        Permissions permissions = new Permissions();
        permissions.add(new SocketPermission(XMLNode.WILDCARD, "connect"));
        if (Config.isJavaVersionAtLeast18()) {
            permissions.add(new URLPermission("http:*", "*:*"));
            permissions.add(new URLPermission("https:*", "*:*"));
        }
        permissions.add(new RuntimePermission("modifyThread"));
        permissions.add(new RuntimePermission("modifyThreadGroup"));
        onlyConnectACC = new AccessControlContext(new ProtectionDomain[]{new ProtectionDomain(null, permissions)});
        lock = new ReentrantLock();
        domains = new HashMap();
        allowedURLs = new HashMap();
        POLICY_FILE_PATH = "/crossdomain.xml";
    }
}
