package com.sun.deploy.util;

import com.sun.deploy.Environment;
import com.sun.deploy.config.BuiltInProperties;
import com.sun.deploy.config.ClientConfig;
import com.sun.deploy.config.Config;
import com.sun.deploy.config.DefaultConfig;
import com.sun.deploy.config.JREInfo;
import com.sun.deploy.config.Platform;
import com.sun.deploy.resources.ResourceManager;
import com.sun.deploy.security.TrustDecider;
import com.sun.deploy.security.ValidationState;
import com.sun.deploy.trace.Trace;
import com.sun.deploy.trace.TraceLevel;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.security.AccessController;
import java.security.CodeSigner;
import java.security.CodeSource;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;

/* loaded from: input_file:com/sun/deploy/util/SecurityBaseline.class */
public class SecurityBaseline {
    private static String baseline_131 = BuiltInProperties.getProperty(BuiltInProperties.BASELINE_VERSION_131_KEY);
    private static String baseline_142 = BuiltInProperties.getProperty(BuiltInProperties.BASELINE_VERSION_142_KEY);
    private static String baseline_150 = BuiltInProperties.getProperty(BuiltInProperties.BASELINE_VERSION_150_KEY);
    private static String baseline_160 = BuiltInProperties.getProperty(BuiltInProperties.BASELINE_VERSION_160_KEY);
    private static String baseline_170 = BuiltInProperties.getProperty(BuiltInProperties.BASELINE_VERSION_170_KEY);
    private static String baseline_180 = BuiltInProperties.getProperty(BuiltInProperties.BASELINE_VERSION_180_KEY);
    private static String baseline_190 = BuiltInProperties.getProperty(BuiltInProperties.BASELINE_VERSION_190_KEY);
    private static volatile boolean baselines_initialized = false;
    private static final boolean DEBUG = Config.getBooleanProperty(Config.BASELINE_DEBUG_KEY);
    private static final long UPDATE_INTERVAL;
    private static final long THREAD_SLEEP_INTERVAL;
    private static final String BASELINE_FILENAME = "baseline.versions";
    private static final String SECURITY_PACK_FILENAME = "securitypack.jar";
    private static final String DYNAMIC_BLACKLIST_FILENAME = "blacklist.dynamic";
    private static final String BLACKLIST_CERT_FILENAME = "blacklisted.certs";
    private static final String UPDATE_TIMESTAMP = "update.securitypack.timestamp";
    private static final File securityDir;
    private static final File securityPackFile;
    private static final File baselineFile;
    private static final File blacklistFile;
    private static final File blacklistCertsFile;
    private static final File updateTimestampFile;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/sun/deploy/util/SecurityBaseline$UpdateCheckStatus.class */
    public enum UpdateCheckStatus {
        NEW_UPDATE_DOWNLOADED,
        UPDATE_NOT_REQUIRED,
        UPDATE_CHECK_FAILED,
        UPDATE_CHECK_SKIPPED
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sun/deploy/util/SecurityBaseline$UpdateThread.class */
    public static class UpdateThread extends Thread {
        UpdateThread(Runnable runnable) {
            super(runnable);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void initialize_baselines() {
        if (!baselines_initialized && baselineFile.exists()) {
            BufferedReader bufferedReader = null;
            try {
                try {
                    long currentTimeMillis = System.currentTimeMillis();
                    bufferedReader = new BufferedReader(new FileReader(baselineFile));
                    boolean z = false;
                    while (!z) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            z = true;
                        } else if (readLine.startsWith("9.")) {
                            baseline_190 = readLine;
                            Platform.get().cacheSecurityBaseline("9.0", baseline_190);
                        } else if (readLine.startsWith("1.8")) {
                            baseline_180 = readLine;
                            Platform.get().cacheSecurityBaseline("1.8.0", baseline_180);
                        } else if (readLine.startsWith("1.7")) {
                            baseline_170 = readLine;
                            Platform.get().cacheSecurityBaseline("1.7.0", baseline_170);
                        } else if (readLine.startsWith("1.6")) {
                            baseline_160 = readLine;
                            Platform.get().cacheSecurityBaseline("1.6.0", baseline_160);
                        } else if (readLine.startsWith("1.5")) {
                            baseline_150 = readLine;
                            Platform.get().cacheSecurityBaseline("1.5.0", baseline_150);
                        } else if (readLine.startsWith("1.4.2")) {
                            baseline_142 = readLine;
                            Platform.get().cacheSecurityBaseline("1.4.2", baseline_142);
                        } else if (readLine.startsWith("1.3.1")) {
                            baseline_131 = readLine;
                            Platform.get().cacheSecurityBaseline("1.3.1", baseline_131);
                        }
                    }
                    if (DEBUG) {
                        Trace.println("It took " + (System.currentTimeMillis() - currentTimeMillis) + " Ms. to read baseline file", TraceLevel.BASIC);
                    }
                    if (bufferedReader != null) {
                        try {
                            bufferedReader.close();
                        } catch (IOException e) {
                            Trace.ignored(e);
                        }
                    }
                } catch (Exception e2) {
                    Trace.ignored(e2);
                    if (bufferedReader != null) {
                        try {
                            bufferedReader.close();
                        } catch (IOException e3) {
                            Trace.ignored(e3);
                        }
                    }
                }
            } catch (Throwable th) {
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e4) {
                        Trace.ignored(e4);
                        throw th;
                    }
                }
                throw th;
            }
        }
        baselines_initialized = true;
    }

    public static String getBaselineVersion(String str) {
        if (!baselines_initialized) {
            initialize_baselines();
        }
        String property = str.startsWith("9") ? baseline_190 : str.startsWith("1.8") ? baseline_180 : str.startsWith("1.7") ? baseline_170 : str.startsWith("1.6") ? baseline_160 : str.startsWith("1.5") ? baseline_150 : str.startsWith("1.4.2") ? baseline_142 : str.startsWith("1.3.1") ? baseline_131 : BuiltInProperties.getProperty(BuiltInProperties.CURRENT_VERSION_KEY);
        if (DEBUG) {
            Trace.println("for requested version: " + str + "baseline version is: " + property, TraceLevel.SECURITY);
        }
        return property;
    }

    public static boolean satisfiesSecurityBaseline(String str) {
        if (!Config.isExpirationCheckEnabled()) {
            return true;
        }
        VersionID versionID = new VersionID(str);
        return versionID.isGreaterThanOrEqual(new VersionID(getBaselineVersion(str))) || versionID.equals(JREInfo.getLatestVersion(true));
    }

    public static boolean satisfiesBaselineStrictly(String str) {
        String baselineVersion = getBaselineVersion(str);
        if (!Config.isExpirationCheckEnabled()) {
            return true;
        }
        String replace = str.replace(".ea", "-ea");
        int indexOf = replace.indexOf("-");
        String substring = indexOf > 0 ? replace.substring(0, indexOf) : replace;
        int indexOf2 = substring.indexOf("+");
        boolean isGreaterThanOrEqual = new VersionID(indexOf2 > 0 ? substring.substring(0, indexOf2) : substring).isGreaterThanOrEqual(new VersionID(baselineVersion));
        if (DEBUG) {
            Trace.println("strictly satisfied=" + isGreaterThanOrEqual + "  for version: " + replace + "  baseline is: " + getBaselineVersion(replace));
        }
        return isGreaterThanOrEqual;
    }

    public static String getDeployVersion() {
        return BuiltInProperties.getProperty(BuiltInProperties.DEPLOY_VERSION_KEY);
    }

    public static String getCurrentVersion() {
        return BuiltInProperties.getProperty(BuiltInProperties.CURRENT_VERSION_KEY);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static synchronized void checkForUpdates(boolean z) {
        UpdateThread updateThread = new UpdateThread(new Runnable() { // from class: com.sun.deploy.util.SecurityBaseline.1
            @Override // java.lang.Runnable
            public void run() {
                UpdateCheckStatus checkForUpdate = SecurityBaseline.checkForUpdate(Config.getStringProperty(Config.BASELINE_URL_KEY), SecurityBaseline.securityPackFile);
                if (checkForUpdate == UpdateCheckStatus.NEW_UPDATE_DOWNLOADED) {
                    SecurityBaseline.verifyJar(SecurityBaseline.securityPackFile);
                    SecurityBaseline.extractManifests();
                    boolean unused = SecurityBaseline.baselines_initialized = false;
                    SecurityBaseline.initialize_baselines();
                    if (SecurityBaseline.isExpired()) {
                        Config config = Config.get();
                        if (config instanceof ClientConfig) {
                            ((ClientConfig) config).storeConfig();
                        }
                    }
                }
                if (checkForUpdate == UpdateCheckStatus.UPDATE_CHECK_FAILED || checkForUpdate == UpdateCheckStatus.UPDATE_CHECK_SKIPPED) {
                    return;
                }
                SecurityBaseline.setLastChecked(new Date().getTime());
            }
        });
        updateThread.setDaemon(!z);
        updateThread.start();
        try {
            updateThread.join();
        } catch (InterruptedException e) {
            Trace.ignored(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void extractManifests() {
        JarFile jarFile = null;
        try {
            try {
                jarFile = JarUtil.createJarFile(securityPackFile, false);
                extractManifest(jarFile, BASELINE_FILENAME, baselineFile);
                extractManifest(jarFile, BLACKLIST_CERT_FILENAME, blacklistCertsFile);
                extractManifest(jarFile, DYNAMIC_BLACKLIST_FILENAME, blacklistFile);
                if (jarFile != null) {
                    try {
                        jarFile.close();
                    } catch (IOException e) {
                        Trace.ignored(e);
                    }
                }
            } catch (IOException e2) {
                String str = "Manifest extractions failed for signed security pack file " + securityPackFile;
                Trace.println(str, TraceLevel.SECURITY);
                throw new SecurityException(str, e2);
            }
        } catch (Throwable th) {
            if (jarFile != null) {
                try {
                    jarFile.close();
                } catch (IOException e3) {
                    Trace.ignored(e3);
                }
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void verifyJar(File file) {
        HashSet hashSet = new HashSet();
        JarFile jarFile = null;
        String[] strArr = {BASELINE_FILENAME, BLACKLIST_CERT_FILENAME, DYNAMIC_BLACKLIST_FILENAME};
        String str = null;
        Throwable th = null;
        try {
            JarFile createJarFile = JarUtil.createJarFile(file, true);
            for (String str2 : strArr) {
                InputStream inputStream = null;
                try {
                    JarEntry jarEntry = createJarFile.getJarEntry(str2);
                    if (jarEntry == null) {
                        String str3 = "Verification failed for signed security pack file " + file + ", missing entry " + str2;
                        Trace.println(str3, TraceLevel.SECURITY);
                        throw new SecurityException(str3, null);
                    }
                    InputStream inputStream2 = createJarFile.getInputStream(jarEntry);
                    do {
                    } while (inputStream2.read(new byte[1024]) != -1);
                    if (jarEntry.getCodeSigners() != null) {
                        for (CodeSigner codeSigner : jarEntry.getCodeSigners()) {
                            hashSet.add(codeSigner);
                        }
                    }
                    if (inputStream2 != null) {
                        try {
                            inputStream2.close();
                        } catch (IOException e) {
                            Trace.ignored(e);
                        }
                    }
                } catch (Throwable th2) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (IOException e2) {
                            Trace.ignored(e2);
                        }
                    }
                    throw th2;
                }
            }
            ValidationState jarValidationState = TrustDecider.getJarValidationState(new CodeSource(file.toURI().toURL(), (CodeSigner[]) new ArrayList(hashSet).toArray(new CodeSigner[hashSet.size()])), null, null);
            if (jarValidationState.trustDecision == 0) {
                str = "deployment.securitypack.cannot.validate";
            } else if (jarValidationState.certValidity != 0) {
                str = "deployment.securitypack.cannot.validate";
            } else if (!jarValidationState.rootCAValid) {
                str = "deployment.securitypack.cannot.validate.selfsigned";
            } else if (!jarValidationState.timeValid) {
                str = "deployment.securitypack.cannot.validate.expired";
                th = jarValidationState.certExpiredException != null ? jarValidationState.certExpiredException : jarValidationState.certNotYetValidException;
            }
            if (createJarFile != null) {
                try {
                    createJarFile.close();
                } catch (IOException e3) {
                    Trace.ignored(e3);
                }
            }
        } catch (IOException e4) {
            str = "deployment.securitypack.cannot.validate.exception";
            th = e4;
            if (0 != 0) {
                try {
                    jarFile.close();
                } catch (IOException e5) {
                    Trace.ignored(e5);
                }
            }
        } catch (Throwable th3) {
            if (0 != 0) {
                try {
                    jarFile.close();
                } catch (IOException e6) {
                    Trace.ignored(e6);
                }
            }
            throw th3;
        }
        if (str != null) {
            Trace.println("Verification failed for signed security pack file " + file, TraceLevel.SECURITY);
            throw new SecurityException(ResourceManager.getString(str), th);
        }
        Trace.println("Verification succeeded for signed security pack file " + file, TraceLevel.SECURITY);
    }

    private static void extractManifest(JarFile jarFile, String str, File file) {
        InputStream inputStream = null;
        FileOutputStream fileOutputStream = null;
        try {
            try {
                JarEntry jarEntry = jarFile.getJarEntry(str);
                if (jarEntry == null) {
                    String str2 = "Missing  entry " + str;
                    Trace.println(str2, TraceLevel.SECURITY);
                    throw new SecurityException(str2, null);
                }
                if (file.exists() && file.isDirectory()) {
                    SystemUtils.deleteRecursive(file);
                }
                InputStream inputStream2 = jarFile.getInputStream(jarEntry);
                FileOutputStream fileOutputStream2 = new FileOutputStream(file);
                byte[] bArr = new byte[1024];
                while (true) {
                    int read = inputStream2.read(bArr);
                    if (read == -1) {
                        break;
                    } else {
                        fileOutputStream2.write(bArr, 0, read);
                    }
                }
                if (fileOutputStream2 != null) {
                    try {
                        fileOutputStream2.close();
                    } catch (IOException e) {
                        Trace.ignored(e);
                    }
                }
                if (inputStream2 != null) {
                    try {
                        inputStream2.close();
                    } catch (IOException e2) {
                        Trace.ignored(e2);
                    }
                }
            } catch (IOException e3) {
                String str3 = "Failed to extract " + str;
                Trace.println(str3, TraceLevel.SECURITY);
                throw new SecurityException(str3, e3);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    fileOutputStream.close();
                } catch (IOException e4) {
                    Trace.ignored(e4);
                }
            }
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e5) {
                    Trace.ignored(e5);
                }
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static UpdateCheckStatus checkForUpdate(final String str, final File file) {
        return Platform.get().isScreenLocked() ? UpdateCheckStatus.UPDATE_CHECK_SKIPPED : (UpdateCheckStatus) AccessController.doPrivileged(new PrivilegedAction<UpdateCheckStatus>() { // from class: com.sun.deploy.util.SecurityBaseline.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public UpdateCheckStatus run() {
                UpdateCheckStatus updateCheckStatus = UpdateCheckStatus.UPDATE_NOT_REQUIRED;
                if (str != null && str.length() > 0) {
                    long j = 0;
                    long j2 = 0;
                    if (file.exists()) {
                        j = file.lastModified();
                    }
                    InputStream inputStream = null;
                    FileOutputStream fileOutputStream = null;
                    try {
                        try {
                            Trace.println("Checking for update at: " + str, TraceLevel.NETWORK);
                            URLConnection openConnection = new URL(str).openConnection();
                            openConnection.setUseCaches(false);
                            j2 = openConnection.getLastModified();
                            if (j2 >= j) {
                                Trace.println("Updating file at: " + file + " from url: " + str, TraceLevel.NETWORK);
                                inputStream = openConnection.getInputStream();
                                fileOutputStream = new FileOutputStream(file);
                                byte[] bArr = new byte[8192];
                                while (true) {
                                    int read = inputStream.read(bArr);
                                    if (read == -1) {
                                        break;
                                    }
                                    fileOutputStream.write(bArr, 0, read);
                                }
                                updateCheckStatus = UpdateCheckStatus.NEW_UPDATE_DOWNLOADED;
                            }
                            if (fileOutputStream != null) {
                                try {
                                    fileOutputStream.close();
                                } catch (Exception e) {
                                    Trace.ignored(e);
                                }
                                if (j2 > 0) {
                                    file.setLastModified(j2);
                                }
                            }
                            if (inputStream != null) {
                                try {
                                    inputStream.close();
                                } catch (Exception e2) {
                                    Trace.ignored(e2);
                                }
                            }
                        } catch (Exception e3) {
                            updateCheckStatus = UpdateCheckStatus.UPDATE_CHECK_FAILED;
                            Trace.ignored(e3);
                            if (fileOutputStream != null) {
                                try {
                                    fileOutputStream.close();
                                } catch (Exception e4) {
                                    Trace.ignored(e4);
                                }
                                if (j2 > 0) {
                                    file.setLastModified(j2);
                                }
                            }
                            if (inputStream != null) {
                                try {
                                    inputStream.close();
                                } catch (Exception e5) {
                                    Trace.ignored(e5);
                                }
                            }
                        }
                    } catch (Throwable th) {
                        if (fileOutputStream != null) {
                            try {
                                fileOutputStream.close();
                            } catch (Exception e6) {
                                Trace.ignored(e6);
                            }
                            if (j2 > 0) {
                                file.setLastModified(j2);
                            }
                        }
                        if (inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (Exception e7) {
                                Trace.ignored(e7);
                            }
                        }
                        throw th;
                    }
                }
                return updateCheckStatus;
            }
        });
    }

    private static long getLastChecked() {
        if (updateTimestampFile.exists()) {
            return updateTimestampFile.lastModified();
        }
        return 0L;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void setLastChecked(long j) {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(updateTimestampFile);
            fileOutputStream.write(46);
            fileOutputStream.close();
        } catch (IOException e) {
        }
    }

    private static void backgroundUpdate() {
        if (Platform.get().isNativeSandbox()) {
            return;
        }
        UpdateThread updateThread = new UpdateThread(new Runnable() { // from class: com.sun.deploy.util.SecurityBaseline.3
            @Override // java.lang.Runnable
            public void run() {
                long time = new Date().getTime();
                if (time > SecurityBaseline.access$700() + SecurityBaseline.UPDATE_INTERVAL) {
                    try {
                        Thread.sleep(SecurityBaseline.THREAD_SLEEP_INTERVAL);
                        SecurityBaseline.checkForUpdates(false);
                    } catch (Exception e) {
                        Trace.ignored(e);
                    }
                }
                if (SecurityBaseline.DEBUG) {
                    Trace.println("Baseline/Blacklist thread exiting time: " + (new Date().getTime() - time), TraceLevel.BASIC);
                }
            }
        });
        updateThread.setDaemon(true);
        updateThread.start();
    }

    public static void forceBaselineUpdate() {
        checkForUpdates(true);
        initialize_baselines();
    }

    public static boolean isExpired() {
        if (!Config.isExpirationCheckEnabled()) {
            return false;
        }
        Boolean bool = (Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: com.sun.deploy.util.SecurityBaseline.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Boolean run() {
                if (Environment.getenv(Environment.JRE_NOTEXPIRED) != null) {
                    return Boolean.FALSE;
                }
                if (Environment.getenv(Environment.JRE_EXPIRED) != null) {
                    return Boolean.TRUE;
                }
                return null;
            }
        });
        return bool != null ? bool.booleanValue() : new Date(BuiltInProperties.getExpirationTime()).before(new Date()) || !satisfiesBaselineStrictly(JREInfo.getLatest());
    }

    public static boolean isUpdateThread() {
        return Thread.currentThread() instanceof UpdateThread;
    }

    static /* synthetic */ long access$700() {
        return getLastChecked();
    }

    static {
        UPDATE_INTERVAL = DEBUG ? 10000 : 86400000;
        THREAD_SLEEP_INTERVAL = DEBUG ? 1000 : 30000;
        securityDir = new File(Config.getLocalOrRoamingUserHome(), "security");
        securityPackFile = new File(securityDir, SECURITY_PACK_FILENAME);
        baselineFile = new File(securityDir, BASELINE_FILENAME);
        blacklistFile = new File(Config.getDynamicBlacklistFile());
        blacklistCertsFile = new File(Config.getDynamicBlacklistCertsFile());
        updateTimestampFile = new File(securityDir, UPDATE_TIMESTAMP);
        if (Config.get() instanceof DefaultConfig) {
            Trace.ignored(new RuntimeException("Default config is used for security baseline initialization."));
        }
        securityDir.mkdirs();
        backgroundUpdate();
    }
}
