package com.sun.javaws.security;

import com.sun.javaws.ConfigProperties;
import com.sun.javaws.LaunchErrorDialog;
import com.sun.javaws.Resources;
import com.sun.javaws.cache.DiskCacheEntry;
import com.sun.javaws.cache.InstallCache;
import com.sun.javaws.debug.Debug;
import com.sun.javaws.debug.Globals;
import com.sun.javaws.exceptions.LaunchDescException;
import com.sun.javaws.exceptions.UnsignedAccessViolationException;
import com.sun.javaws.jnl.JARDesc;
import com.sun.javaws.jnl.LaunchDesc;
import com.sun.jnlp.JNLPClassLoader;
import java.awt.AWTPermission;
import java.io.File;
import java.io.FilePermission;
import java.io.IOException;
import java.net.SocketPermission;
import java.net.URL;
import java.security.AccessControlException;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.PermissionCollection;
import java.security.cert.Certificate;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Properties;
import java.util.PropertyPermission;
import sun.security.util.SecurityConstants;

/* JADX WARN: Classes with same name are omitted:
  input_file:118938-01/J2SE-1.4.2_06/Solaris_Sparc/English/j2sepackage_SunOS_sparc.nbm:netbeans/java_update/solsparc/jre/javaws/javaws.jar:com/sun/javaws/security/AppPolicy.class
  input_file:118938-01/J2SE-1.4.2_06/Solaris_Sparc/Japanese/j2sepackage_SunOS_sparc_main_ja.nbm:netbeans/java_update/solsparc/jre/javaws/javaws.jar:com/sun/javaws/security/AppPolicy.class
 */
/* loaded from: input_file:118938-01/J2SE-1.4.2_06/Solaris_Sparc/Simplified_Chinese/j2sepackage_SunOS_sparc_main_zh_CN.nbm:netbeans/java_update/solsparc/jre/javaws/javaws.jar:com/sun/javaws/security/AppPolicy.class */
public class AppPolicy {
    private String _host;
    private HashSet _sessionCertificates = new HashSet();
    private File _extensionDir;
    private static AppPolicy _instance = null;

    private void setUnrestrictedProps(LaunchDesc launchDesc) {
        if (launchDesc.arePropsSet()) {
            return;
        }
        Properties resourceProperties = launchDesc.getResources().getResourceProperties();
        Enumeration keys = resourceProperties.keys();
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            System.setProperty(str, resourceProperties.getProperty(str));
        }
        launchDesc.setPropsSet(true);
    }

    public static AppPolicy getInstance() {
        return _instance;
    }

    private AppPolicy(String str) {
        this._host = null;
        this._extensionDir = null;
        this._host = str;
        this._extensionDir = new File(new StringBuffer().append(System.getProperty("java.home")).append(File.separator).append("lib").append(File.separator).append("ext").toString());
    }

    private void addAllPermissionsObject(PermissionCollection permissionCollection) {
        if (Globals.TraceSecurity) {
            Debug.println("adding all-permissions object");
        }
        permissionCollection.add(new AllPermission());
    }

    private void addJ2EEApplicationClientPermissionsObject(PermissionCollection permissionCollection) {
        if (Globals.TraceSecurity) {
            Debug.println("Creating J222-application-client-permisisons object");
        }
        permissionCollection.add(new AWTPermission("accessClipboard"));
        permissionCollection.add(new AWTPermission("accessEventQueue"));
        permissionCollection.add(new AWTPermission("showWindowWithoutWarningBanner"));
        permissionCollection.add(new RuntimePermission("exitVM"));
        permissionCollection.add(new RuntimePermission("loadLibrary"));
        permissionCollection.add(new RuntimePermission("queuePrintJob"));
        permissionCollection.add(new SocketPermission("*", "connect"));
        permissionCollection.add(new SocketPermission("localhost:1024-", "accept,listen"));
        permissionCollection.add(new FilePermission("*", SecurityConstants.PROPERTY_RW_ACTION));
        permissionCollection.add(new PropertyPermission("*", "read"));
    }

    private void addSandboxPermissionsObject(PermissionCollection permissionCollection, boolean z) {
        if (Globals.TraceSecurity) {
            Debug.println("Add sandbox permissions");
        }
        permissionCollection.add(new PropertyPermission("java.version", "read"));
        permissionCollection.add(new PropertyPermission("java.vendor", "read"));
        permissionCollection.add(new PropertyPermission("java.vendor.url", "read"));
        permissionCollection.add(new PropertyPermission("java.class.version", "read"));
        permissionCollection.add(new PropertyPermission("os.name", "read"));
        permissionCollection.add(new PropertyPermission("os.arch", "read"));
        permissionCollection.add(new PropertyPermission("os.version", "read"));
        permissionCollection.add(new PropertyPermission("file.separator", "read"));
        permissionCollection.add(new PropertyPermission("path.separator", "read"));
        permissionCollection.add(new PropertyPermission("line.separator", "read"));
        permissionCollection.add(new PropertyPermission("java.specification.version", "read"));
        permissionCollection.add(new PropertyPermission("java.specification.vendor", "read"));
        permissionCollection.add(new PropertyPermission("java.specification.name", "read"));
        permissionCollection.add(new PropertyPermission("java.vm.specification.version", "read"));
        permissionCollection.add(new PropertyPermission("java.vm.specification.vendor", "read"));
        permissionCollection.add(new PropertyPermission("java.vm.specification.name", "read"));
        permissionCollection.add(new PropertyPermission("java.vm.version", "read"));
        permissionCollection.add(new PropertyPermission("java.vm.vendor", "read"));
        permissionCollection.add(new PropertyPermission("java.vm.name", "read"));
        permissionCollection.add(new PropertyPermission("javawebstart.version", "read"));
        permissionCollection.add(new RuntimePermission("exitVM"));
        permissionCollection.add(new RuntimePermission("stopThread"));
        System.setProperty("awt.appletWarning", new StringBuffer().append("Java ").append(z ? "Applet" : "Application").append(" Window").toString());
        permissionCollection.add(new SocketPermission("localhost:1024-", "listen"));
        permissionCollection.add(new SocketPermission(this._host, "connect, accept"));
        permissionCollection.add(new PropertyPermission("jnlp.*", SecurityConstants.PROPERTY_RW_ACTION));
        permissionCollection.add(new PropertyPermission("javaws.*", SecurityConstants.PROPERTY_RW_ACTION));
        Iterator securePropertyKeys = ConfigProperties.getInstance().getSecurePropertyKeys();
        if (securePropertyKeys != null) {
            while (securePropertyKeys.hasNext()) {
                permissionCollection.add(new PropertyPermission((String) securePropertyKeys.next(), SecurityConstants.PROPERTY_RW_ACTION));
            }
        }
    }

    public static AppPolicy createInstance(String str) {
        if (_instance == null) {
            _instance = new AppPolicy(str);
        }
        return _instance;
    }

    public void addPermissions(PermissionCollection permissionCollection, CodeSource codeSource) {
        if (Globals.TraceSecurity) {
            Debug.println(new StringBuffer().append("Permission requested for: ").append(codeSource.getLocation()).toString());
        }
        URL location = codeSource.getLocation();
        Certificate[] certificates = codeSource.getCertificates();
        JARDesc jarDescFromFileURL = JNLPClassLoader.getInstance().getJarDescFromFileURL(location);
        if (jarDescFromFileURL == null) {
            return;
        }
        if (Globals.TraceSecurity) {
            Certificate[] certificateArr = null;
            try {
                DiskCacheEntry cacheEntryFromFile = InstallCache.getDiskCache().getCacheEntryFromFile(new File(location.getFile()));
                if (cacheEntryFromFile != null) {
                    certificateArr = cacheEntryFromFile.getCertificateChain();
                }
            } catch (IOException e) {
                Debug.ignoredException(e);
            }
            if (certificates == null) {
                Debug.println("No certificates in codesource");
            } else {
                Debug.println(new StringBuffer().append("Found certificate chain of length ").append(codeSource.getCertificates().length).append(" in codesource").toString());
            }
            if (certificateArr == null) {
                Debug.println("No certificates in cache");
            } else {
                Debug.println(new StringBuffer().append("Found certificate chain of length ").append(certificates.length).append(" in cache").toString());
            }
            if (certificates != null && codeSource.getCertificates() != null) {
                Debug.jawsAssert(certificates.length == certificateArr.length, "Certificate length must be the same");
                for (int i = 0; i < certificates.length; i++) {
                    if (!certificates[i].equals(certificateArr[i])) {
                        Debug.fatal("Certificate chain does not match");
                    }
                }
            }
        }
        LaunchDesc parent = jarDescFromFileURL.getParent().getParent();
        int securityModel = parent.getSecurityModel();
        if (securityModel == 0 || !grantUnrestrictedAccess(parent, jarDescFromFileURL.getLocation(), certificates)) {
            addSandboxPermissionsObject(permissionCollection, parent.getLaunchType() == 2);
        } else if (securityModel == 1) {
            addAllPermissionsObject(permissionCollection);
        } else {
            addJ2EEApplicationClientPermissionsObject(permissionCollection);
        }
        if (parent.arePropsSet()) {
            return;
        }
        Properties resourceProperties = parent.getResources().getResourceProperties();
        Enumeration keys = resourceProperties.keys();
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            String property = resourceProperties.getProperty(str);
            PropertyPermission propertyPermission = new PropertyPermission(str, "write");
            if (permissionCollection.implies(propertyPermission)) {
                System.setProperty(str, property);
            } else {
                Debug.ignoredException(new AccessControlException(new StringBuffer().append("access denied ").append(propertyPermission).toString(), propertyPermission));
            }
        }
        parent.setPropsSet(true);
    }

    public boolean grantUnrestrictedAccess(LaunchDesc launchDesc, URL url, Certificate[] certificateArr) {
        String title = launchDesc.getInformation().getTitle();
        int launchType = launchDesc.getLaunchType();
        char c = (launchType == 1 || launchType == 2) ? 'A' : 'E';
        URL canonicalHome = launchDesc.getCanonicalHome();
        if (certificateArr == null || certificateArr.length == 0) {
            LaunchErrorDialog.show(null, new UnsignedAccessViolationException(launchDesc, new CodeSource(url, certificateArr).getLocation(), false));
            Debug.shouldNotReachHere();
            return false;
        }
        if (launchDesc.getCertificateChain() != null) {
            if (SigningInfo.equalChains(certificateArr, launchDesc.getCertificateChain())) {
                setUnrestrictedProps(launchDesc);
                return true;
            }
            LaunchErrorDialog.show(null, new LaunchDescException(launchDesc, Resources.getString("launch.error.singlecertviolation"), null));
            Debug.shouldNotReachHere();
            return false;
        }
        if (this._sessionCertificates.contains(certificateArr[0])) {
            launchDesc.setCertificateChain(certificateArr);
            setUnrestrictedProps(launchDesc);
            return true;
        }
        try {
            Certificate[] certificateChain = InstallCache.getDiskCache().getCertificateChain(c, canonicalHome, null);
            if (certificateChain != null && certificateArr[0].equals(certificateChain[0])) {
                this._sessionCertificates.add(certificateArr[0]);
                launchDesc.setCertificateChain(certificateArr);
                setUnrestrictedProps(launchDesc);
                return true;
            }
        } catch (IOException e) {
            Debug.ignoredException(e);
        }
        boolean verifyCertificate = CertificateDialog.verifyCertificate(null, title, KeyStoreManager.makeTrusted(certificateArr), launchType);
        if (verifyCertificate) {
            this._sessionCertificates.add(certificateArr[0]);
            launchDesc.setCertificateChain(certificateArr);
            try {
                InstallCache.getDiskCache().putCertificateChain(c, canonicalHome, null, certificateArr);
            } catch (IOException e2) {
                Debug.ignoredException(e2);
            }
            setUnrestrictedProps(launchDesc);
        }
        return verifyCertificate;
    }
}
