package com.sun.deploy.security.ruleset;

import com.sun.deploy.resources.ResourceManager;
import com.sun.deploy.trace.Trace;
import com.sun.deploy.trace.TraceLevel;
import com.sun.deploy.util.GeneralUtil;
import com.sun.deploy.util.VersionID;
import com.sun.deploy.util.VersionString;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParserFactory;
import org.xml.sax.Attributes;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;

/* loaded from: input_file:com/sun/deploy/security/ruleset/RuleSetParser.class */
public class RuleSetParser extends DefaultHandler {
    private List<Rule> ruleList = new ArrayList();
    private String idTitle;
    private String idLocation;
    private String idCertAlgorithm;
    private String idCertHash;
    private String idChecksumAlgorithm;
    private String idChecksumHash;
    private String actionPerms;
    private String actionVersion;
    private boolean actionForced;
    private String actionMessage;
    private String drsVersion;
    private RuleAction actionRule;
    private ArrayList<String> idJnlpChecksum;
    private RuleId idRule;
    private boolean inRuleSet;
    private boolean inRule;
    private boolean inId;
    private boolean inMessage;
    private boolean inAction;
    private String customerStr;
    private String customerRecord;
    private String lastCharacters;
    private static final String DTD_DOWNLOAD = "http://apache.org/xml/features/nonvalidating/load-external-dtd";
    private static final String EXTERNAL_ENTITIES = "http://xml.org/sax/features/external-general-entities";
    private static final String EXTERNAL_PARAMETERS = "http://xml.org/sax/features/external-parameter-entities";

    public Rule[] parse(InputStream inputStream) throws RuleParseException {
        Rule[] ruleArr = new Rule[0];
        SAXParserFactory newInstance = SAXParserFactory.newInstance("com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl", null);
        newInstance.setValidating(false);
        try {
            newInstance.setFeature(DTD_DOWNLOAD, false);
            newInstance.setFeature(EXTERNAL_ENTITIES, false);
            newInstance.setFeature(EXTERNAL_PARAMETERS, false);
        } catch (ParserConfigurationException e) {
            Trace.ignored(e);
        } catch (SAXException e2) {
            Trace.ignored(e2);
        }
        try {
            newInstance.newSAXParser().parse(inputStream, this);
            Rule[] ruleArr2 = (Rule[]) this.ruleList.toArray(new Rule[0]);
            if (this.drsVersion == null) {
                String string = ResourceManager.getString("deployment.blocked.ruleset.spec.version", this.drsVersion);
                Trace.println("Deployment Rule Set parsing error: ruleset version required attribute missing.", TraceLevel.RULESET);
                throw new RuleParseException(string, null, RuleParseException.REASON_INVALID_DRS_VERSION, 0);
            }
            VersionString versionString = new VersionString(this.drsVersion);
            if (!versionString.contains(new VersionID("1.0")) && !versionString.contains(new VersionID("1.1")) && !versionString.contains(new VersionID("1.2")) && !versionString.contains(new VersionID("1.3"))) {
                String string2 = ResourceManager.getString("deployment.blocked.ruleset.spec.version", this.drsVersion);
                Trace.println("Deployment Rule Set parsing error: ruleset version: " + versionString + " not supported.", TraceLevel.RULESET);
                throw new RuleParseException(string2, null, RuleParseException.REASON_INVALID_DRS_VERSION, 0);
            }
            Trace.println("RuleSetParser.parse() returning " + ruleArr2.length + " rules:", TraceLevel.RULESET);
            for (Rule rule : ruleArr2) {
                Trace.println(rule.toString(), TraceLevel.RULESET);
            }
            return ruleArr2;
        } catch (IOException e3) {
            Trace.println("exception parsing ruleset file: " + e3, TraceLevel.RULESET);
            Trace.ignored(e3);
            throw new RuleParseException(ResourceManager.getString("deployment.blocked.ruleset.exception"), e3, RuleParseException.REASON_EXCEPTION, this.ruleList.size());
        } catch (ParserConfigurationException e4) {
            Trace.println("exception parsing ruleset file: " + e4, TraceLevel.RULESET);
            Trace.ignored(e4);
            throw new RuleParseException(ResourceManager.getString("deployment.blocked.ruleset.exception"), e4, RuleParseException.REASON_EXCEPTION, this.ruleList.size());
        } catch (SAXException e5) {
            Trace.println("exception parsing ruleset file: " + e5, TraceLevel.RULESET);
            Trace.ignored(e5);
            throw new RuleParseException(ResourceManager.getString("deployment.blocked.ruleset.exception"), e5, RuleParseException.REASON_EXCEPTION, this.ruleList.size());
        }
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
    public void startElement(String str, String str2, String str3, Attributes attributes) throws SAXException {
        ArrayList arrayList = new ArrayList();
        if (this.customerStr != null) {
            this.customerStr += "<" + str3;
            for (int i = 0; i < attributes.getLength(); i++) {
                this.customerStr += " " + attributes.getQName(i) + "=\"" + attributes.getValue(i) + "\"";
            }
            this.customerStr += ">";
        } else if (str3.equalsIgnoreCase("ruleset")) {
            this.inRuleSet = true;
            this.drsVersion = attributes.getValue("version");
            arrayList.add("version");
            arrayList.add("href");
        } else if (str3.equalsIgnoreCase("rule")) {
            if (!this.inRuleSet) {
                throw new SAXException("element " + str3 + " is invalid outsize of ruleset element.");
            }
            this.inRule = true;
            this.idRule = null;
            this.actionRule = null;
        } else if (str3.equalsIgnoreCase("id")) {
            if (!this.inRule) {
                throw new SAXException("element " + str3 + " is invalid outsize of rule element.");
            }
            this.idLocation = attributes.getValue("location");
            arrayList.add("location");
            this.idTitle = attributes.getValue("title");
            arrayList.add("title");
            this.idCertHash = null;
            this.idCertAlgorithm = null;
            this.idChecksumHash = null;
            this.idChecksumAlgorithm = null;
            this.idJnlpChecksum = new ArrayList<>();
            this.inId = true;
        } else if (str3.equalsIgnoreCase("action")) {
            if (!this.inRule) {
                throw new SAXException("element " + str3 + " is invalid outsize of rule element.");
            }
            this.inAction = true;
            this.actionPerms = attributes.getValue("permission");
            arrayList.add("permission");
            if (this.actionPerms != null && !this.actionPerms.equalsIgnoreCase("run") && !this.actionPerms.equalsIgnoreCase("block") && !this.actionPerms.equalsIgnoreCase("default")) {
                throw new SAXException("value " + this.actionPerms + " is invalid value for permission attribute.");
            }
            this.actionVersion = attributes.getValue("version");
            arrayList.add("version");
            if (!isValidJavaVersion(this.actionVersion)) {
                throw new SAXException("value " + this.actionVersion + " is invalid value for version attribute.");
            }
            boolean equalsIgnoreCase = "true".equalsIgnoreCase(attributes.getValue("force"));
            arrayList.add("force");
            if (!equalsIgnoreCase || this.actionVersion == null) {
                if (equalsIgnoreCase) {
                    Trace.println("WARNING: run rule force set without version");
                }
            } else if (DRSVersionAtLeast11()) {
                this.actionForced = true;
            } else {
                Trace.println("WARNING: run rule version with force=true not used because DRS version is: " + this.drsVersion);
            }
        } else if (str3.equalsIgnoreCase("certificate")) {
            if (!this.inId) {
                throw new SAXException("element " + str3 + " is invalid outsize of id element.");
            }
            this.idCertHash = attributes.getValue("hash");
            arrayList.add("hash");
            if (this.idCertHash == null) {
                throw new SAXException("<certificate> element must have hash attribute.");
            }
            this.idCertHash = this.idCertHash.replaceAll(":", "");
            this.idCertAlgorithm = attributes.getValue("algorithm");
            arrayList.add("algorithm");
        } else if (str3.equalsIgnoreCase("checksum")) {
            if (!this.inId) {
                throw new SAXException("element " + str3 + " is invalid outsize of id element.");
            }
            if (!DRSVersionAtLeast12()) {
                throw new SAXException("element " + str3 + " is invalid in DRS version " + this.drsVersion);
            }
            this.idChecksumHash = attributes.getValue("hash");
            arrayList.add("hash");
            if (this.idChecksumHash == null) {
                throw new SAXException("<checksum> element must have hash attribute.");
            }
            String value = attributes.getValue("algorithm");
            if (value == null || value.equalsIgnoreCase("SHA-256")) {
                this.idChecksumAlgorithm = value;
            } else {
                Trace.println("Warning: Unexpected value \"" + value + "\" for algorithm attribute in element \"" + str3 + "\" found when processing the Deployment Rule Set.");
            }
            arrayList.add("algorithm");
        } else if (str3.equalsIgnoreCase("message")) {
            if (!DRSVersionAtLeast12() && !this.inAction) {
                throw new SAXException("element " + str3 + " is invalid outsize of action element.");
            }
            String value2 = attributes.getValue("locale");
            arrayList.add("locale");
            if (value2 == null || GeneralUtil.matchLocale(value2, Locale.getDefault())) {
                this.inMessage = true;
            }
        } else if (str3.equalsIgnoreCase("jnlp-checksum")) {
            if (!this.inId || this.idLocation == null) {
                throw new SAXException("element " + str3 + " is invalid outsize of location based id element.");
            }
            String value3 = attributes.getValue("hash");
            arrayList.add("hash");
            if (value3 == null || this.idJnlpChecksum == null) {
                throw new SAXException("<jnlp-checksum> element must have hash attribute.");
            }
            this.idJnlpChecksum.add(value3);
        } else if (str3.equalsIgnoreCase("customer")) {
            this.customerStr = getIndent() + "<" + str3;
            for (int i2 = 0; i2 < attributes.getLength(); i2++) {
                this.customerStr += " " + attributes.getQName(i2) + "=\"" + attributes.getValue(i2) + "\"";
            }
            this.customerStr += ">";
        } else {
            Trace.println("Warning: Unexpected element \"" + str3 + "\" found when processing the Deployment Rule Set.  This may cause all applications to be blocked in a future release.");
        }
        if (this.customerStr == null) {
            for (int i3 = 0; i3 < attributes.getLength(); i3++) {
                String qName = attributes.getQName(i3);
                if (!arrayList.contains(qName)) {
                    Trace.println("Warning: Unexpected attribute \"" + qName + "\" for element \"" + str3 + "\" found when processing the Deployment Rule Set.");
                }
            }
        }
    }

    private boolean DRSVersionAtLeast11() {
        return new VersionString("1.1+").contains(this.drsVersion);
    }

    private boolean DRSVersionAtLeast12() {
        return new VersionString("1.2+").contains(this.drsVersion);
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
    public void endElement(String str, String str2, String str3) throws SAXException {
        this.lastCharacters = null;
        if (this.customerStr != null) {
            if (!str3.equalsIgnoreCase("customer")) {
                this.customerStr += "</" + str3 + ">";
                return;
            }
            this.customerStr += "</" + str3 + ">";
            Trace.println(this.customerStr);
            addCustomerRecord(this.customerStr);
            this.customerStr = null;
            return;
        }
        if (str3.equalsIgnoreCase("ruleset")) {
            this.inRuleSet = false;
            return;
        }
        if (str3.equalsIgnoreCase("rule")) {
            if (this.inRule) {
                if (this.idRule == null || this.actionRule == null) {
                    throw new SAXException("<rule> element must have both <id> and <action> sub-elements.");
                }
                validateRule(this.idRule, this.actionRule, this.ruleList.size());
                Rule rule = new Rule(this.idRule, this.actionRule, this.customerRecord);
                this.idRule = null;
                this.actionRule = null;
                this.customerRecord = null;
                this.ruleList.add(rule);
            }
            this.inRule = false;
            return;
        }
        if (!str3.equalsIgnoreCase("id")) {
            if (!str3.equalsIgnoreCase("action")) {
                if (!str3.equalsIgnoreCase("certificate") && str3.equalsIgnoreCase("message")) {
                    this.inMessage = false;
                    return;
                }
                return;
            }
            this.inAction = false;
            this.actionRule = new RuleAction(this.actionPerms, this.actionVersion, this.actionForced, this.actionMessage);
            this.actionPerms = null;
            this.actionVersion = null;
            this.actionMessage = null;
            this.actionForced = false;
            return;
        }
        String[] strArr = null;
        if (this.idJnlpChecksum != null && !this.idJnlpChecksum.isEmpty()) {
            strArr = (String[]) this.idJnlpChecksum.toArray(new String[0]);
        }
        this.idRule = new RuleId(this.idTitle, this.idLocation, this.idCertAlgorithm, this.idCertHash, this.idChecksumAlgorithm, this.idChecksumHash, strArr);
        this.idLocation = null;
        this.idTitle = null;
        this.idCertHash = null;
        this.idCertAlgorithm = null;
        this.idChecksumHash = null;
        this.idChecksumAlgorithm = null;
        this.idJnlpChecksum = null;
        this.inId = false;
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
    public void ignorableWhitespace(char[] cArr, int i, int i2) throws SAXException {
        characters(cArr, i, i2);
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
    public void characters(char[] cArr, int i, int i2) throws SAXException {
        String str = new String(cArr, i, i2);
        if (this.inMessage) {
            this.actionMessage = this.actionMessage == null ? str : this.actionMessage + str;
        } else if (this.customerStr != null) {
            this.customerStr += str;
        } else {
            this.lastCharacters = str;
        }
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.EntityResolver
    public InputSource resolveEntity(String str, String str2) throws IOException, SAXException {
        Trace.println("Warning: entity " + str + ", " + str2 + " ignored while parsing ruleset.xml", TraceLevel.RULESET);
        return new InputSource(new ByteArrayInputStream(new byte[0]));
    }

    private String getIndent() {
        if (this.lastCharacters == null) {
            return "";
        }
        int lastIndexOf = this.lastCharacters.lastIndexOf("\n");
        return (lastIndexOf < 0 || lastIndexOf >= this.lastCharacters.length() - 1) ? this.lastCharacters : this.lastCharacters.substring(lastIndexOf + 1);
    }

    private void validateRule(RuleId ruleId, RuleAction ruleAction, int i) throws RuleParseException {
        boolean z = false;
        int i2 = RuleParseException.REASON_UNKNOWN;
        if (ruleAction.isRun() && ruleId.location == null && ruleId.certHash == null && ruleId.checksumHash == null) {
            Trace.println("Deployment Rule Set invalid rule: run rule must must have either location, certificate, or checksum.", TraceLevel.RULESET);
            z = true;
            i2 = RuleParseException.REASON_INVALID_RUN_RULE;
        }
        if (ruleAction.isDefault() && ruleId.title != null && ruleId.location == null && ruleId.certHash == null && ruleId.checksumHash == null) {
            Trace.println("Deployment Rule Set invalid rule: default rule with title must have either location, certificate, or checksum.", TraceLevel.RULESET);
            z = true;
            i2 = RuleParseException.REASON_INVALID_DEFAULT_RULE;
        }
        if (this.actionRule.isRun() && this.idLocation != null && this.idRule.certHash == null && this.idRule.checksumHash == null && !this.idLocation.startsWith("https")) {
            Trace.println("It is recommended to use https protocol when defining a run rule based solely on location", TraceLevel.RULESET);
        }
        if (!z && ruleId.certHash != null) {
            int length = ruleId.certHash.length();
            String str = ruleId.certHash;
            if (length == 0) {
                Trace.println("Deployment Rule Set invalid rule: certificate hash empty String.", TraceLevel.RULESET);
                z = true;
                i2 = RuleParseException.REASON_INVALID_CERT_HASH;
            } else if ((ruleId.certAlgorithm == null || ruleId.certAlgorithm.equals("SHA-256")) && length != 64) {
                Trace.println("Deployment Rule Set invalid rule: certificate hash for SHA-256 not 64 characters.", TraceLevel.RULESET);
                z = true;
                i2 = RuleParseException.REASON_INVALID_CERT_HASH;
            }
        }
        if (!z && ruleId.checksumHash != null && ruleId.checksumHash.length() == 0) {
            Trace.println("Deployment Rule Set invalid rule: checksum hash empty String.", TraceLevel.RULESET);
            z = true;
            i2 = RuleParseException.REASON_INVALID_CHECKSUM_HASH;
        }
        if (!z && ruleId.jnlpHash != null) {
            for (String str2 : ruleId.jnlpHash) {
                if (str2.length() == 0) {
                    Trace.println("Deployment Rule Set invalid rule: jnlp-checksum hash empty String.", TraceLevel.RULESET);
                    z = true;
                    i2 = RuleParseException.REASON_INVALID_CHECKSUM_HASH;
                }
            }
        }
        if (!z && ruleId.title != null) {
            int length2 = ruleId.title.length();
            if (length2 == 0) {
                Trace.println("Deployment Rule Set invalid rule: title is empty String", TraceLevel.RULESET);
                z = true;
                i2 = RuleParseException.REASON_INVALID_TITLE;
            } else if (length2 > 140) {
                Trace.println("Deployment Rule Set invalid rule: title exceeds 140 characters.", TraceLevel.RULESET);
                z = true;
                i2 = RuleParseException.REASON_INVALID_TITLE;
            }
        }
        if (!z && ruleId.location != null) {
            if (ruleId.location.length() > 256) {
                Trace.println("Deployment Rule Set invalid rule: location exceeds 256 characters.", TraceLevel.RULESET);
                z = true;
                i2 = RuleParseException.REASON_INVALID_LOCATION;
            } else {
                int indexOf = ruleId.location.indexOf("://");
                String substring = indexOf > 0 ? ruleId.location.substring(0, indexOf) : null;
                if (substring != null && !"http".equals(substring) && !"https".equals(substring) && !"file".equals(substring)) {
                    Trace.println("Deployment Rule Set invalid rule: location uses invalid protocol: " + substring, TraceLevel.RULESET);
                    z = true;
                    i2 = RuleParseException.REASON_INVALID_LOCATION;
                }
            }
        }
        if (z) {
            String string = ResourceManager.getString("deployment.blocked.ruleset.invalid.rule");
            Trace.println(string, TraceLevel.RULESET);
            throw new RuleParseException(string, null, i2, i);
        }
    }

    private boolean isValidJavaVersion(String str) {
        char charAt;
        if (str == null || str.equals("SECURE")) {
            return true;
        }
        if (!str.startsWith("SECURE-")) {
            return new VersionString(str) != null;
        }
        String substring = str.substring("SECURE-".length());
        if (substring == null) {
            return false;
        }
        if (substring.equals("9") || substring.startsWith("9.")) {
            return true;
        }
        return substring.length() >= 3 && substring.startsWith("1.") && (charAt = substring.charAt(2)) >= '3' && charAt <= '8';
    }

    private void addCustomerRecord(String str) {
        if (this.customerRecord == null) {
            this.customerRecord = str;
        } else {
            this.customerRecord += "\n" + str;
        }
    }
}
