package org.freshcookies.security.policy;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import jodd.util.SystemUtil;
import org.springframework.util.ResourceUtils;

/* loaded from: input_file:WEB-INF/lib/freshcookies-security.jar:org/freshcookies/security/policy/PolicyReader.class */
public class PolicyReader {
    private static final Pattern COMMENTS_PATTERN = Pattern.compile("^\\s*\\/\\/.*$", 8);
    private static final Pattern KEYSTORE_PATTERN = Pattern.compile("^keystore \"(.*?)\";.*$", 2);
    private static final Pattern GRANT_PATTERN = Pattern.compile("grant(.*?) \\{ *(.*?) *\\};");
    private static final Pattern LINEBREAKS_PATTERN = Pattern.compile("[\\n|\\r\\n|\\u0085|\\u2028|\\u2029]", 8);
    private static final String PROP_JAVA_HOME = "java.home";
    private static final String PROP_USER_HOME = "user.home";
    private static final String PROP_JAVA_SECURITY_POLICY = "java.security.policy";
    private static final String REGEX_COMMA_DELIMITER = " *, *";
    private static final String REGEX_SEMICOLON_DELIMITER = " *; *";
    private static final String TOKEN_CODEBASE = "codeBase";
    private static final String TOKEN_PRINCIPAL = "principal";
    private static final String TOKEN_PERMISSION = "permission";
    private static final String TOKEN_SIGNEDBY = "signedBy";
    private static final String DOUBLE_QUOTE = "\"";
    private static final String ONE_SPACE = " ";
    private static final String WHITESPACE = "\\s+";
    private static final int NOT_FOUND = -1;
    private final File policy;
    private final List domains;
    private KeyStore keystore;
    private File keystoreFile;
    private String policyString;
    private final List exceptions;
    private SecurityTokenFactory tokenFactory;
    private boolean validPolicy;
    private final String charset;
    static Class class$org$freshcookies$security$policy$PolicyReader;

    public PolicyReader(File file) throws FileNotFoundException {
        this(file, (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: org.freshcookies.security.policy.PolicyReader.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                return System.getProperty(SystemUtil.FILE_ENCODING);
            }
        }));
    }

    public PolicyReader(File file, String str) throws FileNotFoundException {
        this.keystore = null;
        this.keystoreFile = null;
        this.policyString = null;
        this.exceptions = new ArrayList();
        this.tokenFactory = null;
        this.validPolicy = false;
        this.policy = file;
        this.domains = new ArrayList();
        this.charset = str;
        if (!secureExists(this.policy)) {
            throw new IllegalArgumentException(new StringBuffer().append("File ").append(this.policy).append(" does not exist, or the SecurityManager prohibited access to it.").toString());
        }
        this.tokenFactory = (SecurityTokenFactory) AccessController.doPrivileged(new PrivilegedAction(this) { // from class: org.freshcookies.security.policy.PolicyReader.2
            private final PolicyReader this$0;

            {
                this.this$0 = this;
            }

            @Override // java.security.PrivilegedAction
            public Object run() throws SecurityException {
                return new SecurityTokenFactory(new URL[0]);
            }
        });
    }

    public static String findAlias(KeyStore keyStore, Certificate certificate) {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement) && certificate.equals(keyStore.getCertificate(nextElement))) {
                    return nextElement;
                }
            }
            return null;
        } catch (KeyStoreException e) {
            System.err.println(e.getMessage());
            return null;
        }
    }

    public ProtectionDomain[] getProtectionDomains() {
        return (ProtectionDomain[]) this.domains.toArray(new ProtectionDomain[this.domains.size()]);
    }

    public static PolicyReader[] findPolicies() {
        HashSet hashSet = new HashSet();
        AccessController.doPrivileged(new PrivilegedAction(File.separator, hashSet) { // from class: org.freshcookies.security.policy.PolicyReader.3
            private final String val$fs;
            private final Set val$files;

            {
                this.val$fs = r4;
                this.val$files = hashSet;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                File file = new File(new StringBuffer().append(System.getProperty("java.home")).append(this.val$fs).append("lib").append(this.val$fs).append("security").append(this.val$fs).append("java.policy").toString());
                if (file.exists()) {
                    this.val$files.add(file);
                }
                File file2 = new File(new StringBuffer().append(System.getProperty("user.home")).append(this.val$fs).append(".java.policy").toString());
                if (file2.exists()) {
                    this.val$files.add(file2);
                }
                String property = System.getProperty(PolicyReader.PROP_JAVA_SECURITY_POLICY);
                if (property == null) {
                    return null;
                }
                if (property.startsWith(ResourceUtils.FILE_URL_PREFIX)) {
                    property = property.substring(5);
                }
                if (property.length() <= 0) {
                    return null;
                }
                File file3 = new File(property);
                if (!PolicyReader.secureExists(file3)) {
                    return null;
                }
                this.val$files.add(file3);
                return null;
            }
        });
        ArrayList arrayList = new ArrayList();
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            try {
                arrayList.add(new PolicyReader((File) it2.next()));
            } catch (FileNotFoundException e) {
            }
        }
        return (PolicyReader[]) arrayList.toArray(new PolicyReader[arrayList.size()]);
    }

    public static Certificate getSigner(Class cls) {
        CodeSource codeSource;
        Certificate[] certificates;
        ProtectionDomain protectionDomain = (ProtectionDomain) AccessController.doPrivileged(new PrivilegedAction(cls) { // from class: org.freshcookies.security.policy.PolicyReader.4
            private final Class val$clazz;

            {
                this.val$clazz = cls;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.val$clazz.getProtectionDomain();
            }
        });
        if (protectionDomain == null || (codeSource = protectionDomain.getCodeSource()) == null || (certificates = codeSource.getCertificates()) == null || certificates.length <= 0) {
            return null;
        }
        return certificates[0];
    }

    public static boolean isSigned(Class cls) {
        return getSigner(cls) != null;
    }

    public File getFile() {
        return this.policy;
    }

    public KeyStore getKeyStore() throws IOException {
        if (this.keystore == null) {
            if (this.policyString == null) {
                loadPolicy(this.policy);
            }
            Matcher matcher = KEYSTORE_PATTERN.matcher(this.policyString);
            if (matcher.matches()) {
                String group = matcher.group(1);
                this.keystoreFile = new File(group);
                if (!this.keystoreFile.isAbsolute()) {
                    this.keystoreFile = new File(this.policy.getParentFile(), group);
                    if (!secureExists(this.keystoreFile)) {
                        throw new IOException(new StringBuffer().append("Couldn't find keystore ").append(this.keystoreFile).append(", or the SecurityManager prohibited access to it.").toString());
                    }
                }
            }
            if (this.keystoreFile != null) {
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: org.freshcookies.security.policy.PolicyReader.5
                        private final PolicyReader this$0;

                        {
                            this.this$0 = this;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws IOException {
                            try {
                                FileInputStream fileInputStream = new FileInputStream(this.this$0.keystoreFile);
                                this.this$0.keystore = KeyStore.getInstance(KeyStore.getDefaultType());
                                this.this$0.keystore.load(fileInputStream, null);
                                return null;
                            } catch (SecurityException e) {
                                return new IOException(new StringBuffer().append("Security manager prohibited read access to ").append(this.this$0.keystoreFile.getAbsolutePath()).toString());
                            } catch (KeyStoreException e2) {
                                throw new IOException(e2.getMessage());
                            } catch (NoSuchAlgorithmException e3) {
                                throw new IOException(e3.getMessage());
                            } catch (CertificateException e4) {
                                throw new IOException(e4.getMessage());
                            }
                        }
                    });
                } catch (PrivilegedActionException e) {
                    throw ((IOException) e.getException());
                }
            }
        }
        return this.keystore;
    }

    public void read() throws IOException {
        if (this.policyString == null) {
            loadPolicy(this.policy);
            getKeyStore();
        }
        this.domains.clear();
        Matcher matcher = GRANT_PATTERN.matcher(this.policyString);
        while (matcher.find()) {
            this.domains.add(parseProtectionDomain(matcher.group(1).trim(), matcher.group(2).trim()));
        }
        if (this.exceptions.size() <= 0) {
            this.validPolicy = true;
            return;
        }
        System.err.println("The parser returned these errors:");
        Iterator it2 = this.exceptions.iterator();
        while (it2.hasNext()) {
            System.err.println(((Exception) it2.next()).getMessage());
        }
    }

    public List getMessages() {
        return Collections.unmodifiableList(this.exceptions);
    }

    protected void addMessage(Exception exc) {
        this.exceptions.add(exc);
    }

    protected void loadPolicy(File file) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        try {
            BufferedReader bufferedReader = (BufferedReader) AccessController.doPrivileged(new PrivilegedExceptionAction(this, file) { // from class: org.freshcookies.security.policy.PolicyReader.6
                private final File val$file;
                private final PolicyReader this$0;

                {
                    this.this$0 = this;
                    this.val$file = file;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws SecurityException, UnsupportedEncodingException {
                    try {
                        return new BufferedReader(new InputStreamReader(new FileInputStream(this.val$file), this.this$0.charset));
                    } catch (FileNotFoundException e) {
                        return null;
                    }
                }
            });
            if (bufferedReader == null) {
                throw new IOException(new StringBuffer().append("Could not open policy ").append(file.getAbsolutePath()).append("; it does not exist.").toString());
            }
            while (true) {
                int read = bufferedReader.read();
                if (read == -1) {
                    bufferedReader.close();
                    this.policyString = LINEBREAKS_PATTERN.matcher(COMMENTS_PATTERN.matcher(stringBuffer).replaceAll(" ")).replaceAll(" ").replaceAll(WHITESPACE, " ").trim();
                    return;
                }
                stringBuffer.append((char) read);
            }
        } catch (PrivilegedActionException e) {
            throw new SecurityException(new StringBuffer().append("Could not open policy ").append(file.getAbsolutePath()).append("; access was denied by the SecurityManager.").toString());
        }
    }

    protected ProtectionDomain parseProtectionDomain(String str, String str2) {
        Class cls;
        Principal extractPrincipal;
        URL url = null;
        Certificate[] certificateArr = null;
        ArrayList arrayList = new ArrayList();
        for (String str3 : str.split(REGEX_COMMA_DELIMITER)) {
            String trim = str3.trim();
            if (trim.startsWith(TOKEN_CODEBASE)) {
                url = extractCodeBaseUrl(trim);
            } else if (trim.startsWith(TOKEN_SIGNEDBY)) {
                certificateArr = extractSigningCertificates(trim);
            } else if (trim.startsWith(TOKEN_PRINCIPAL) && (extractPrincipal = extractPrincipal(trim)) != null) {
                arrayList.add(extractPrincipal);
            }
        }
        CodeSource codeSource = new CodeSource(url, certificateArr);
        Principal[] principalArr = (Principal[]) arrayList.toArray(new Principal[arrayList.size()]);
        if (principalArr.length == 0) {
            principalArr = null;
        }
        PermissionCollection extractPermissionCollection = extractPermissionCollection(str2);
        extractPermissionCollection.setReadOnly();
        if (class$org$freshcookies$security$policy$PolicyReader == null) {
            cls = class$("org.freshcookies.security.policy.PolicyReader");
            class$org$freshcookies$security$policy$PolicyReader = cls;
        } else {
            cls = class$org$freshcookies$security$policy$PolicyReader;
        }
        return new ProtectionDomain(codeSource, extractPermissionCollection, cls.getClassLoader(), principalArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean secureExists(File file) throws SecurityException {
        try {
            return ((Boolean) AccessController.doPrivileged(new PrivilegedExceptionAction(file) { // from class: org.freshcookies.security.policy.PolicyReader.7
                private final File val$file;

                {
                    this.val$file = file;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws SecurityException {
                    return Boolean.valueOf(this.val$file.exists());
                }
            })).booleanValue();
        } catch (PrivilegedActionException e) {
            throw ((SecurityException) e.getException());
        }
    }

    protected URL extractCodeBaseUrl(String str) {
        URL url = null;
        try {
            url = (URL) AccessController.doPrivileged(new PrivilegedExceptionAction(this, extractTarget(str, TOKEN_CODEBASE)) { // from class: org.freshcookies.security.policy.PolicyReader.8
                private final String val$s;
                private final PolicyReader this$0;

                {
                    this.this$0 = this;
                    this.val$s = r5;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws MalformedURLException {
                    return new URL(this.val$s);
                }
            });
        } catch (PrivilegedActionException e) {
            addMessage(e.getException());
        } catch (PolicyException e2) {
            addMessage(e2);
        }
        return url;
    }

    protected Principal extractPrincipal(String str) {
        Principal principal = null;
        try {
            principal = (Principal) AccessController.doPrivileged(new PrivilegedExceptionAction(this, str.substring(TOKEN_PRINCIPAL.length()).trim()) { // from class: org.freshcookies.security.policy.PolicyReader.9
                private final String val$s;
                private final PolicyReader this$0;

                {
                    this.this$0 = this;
                    this.val$s = r5;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws AccessControlException, ClassNotFoundException {
                    return this.this$0.tokenFactory.getPrincipal(this.val$s);
                }
            });
        } catch (PrivilegedActionException e) {
            addMessage(e.getException());
        }
        return principal;
    }

    protected Certificate[] extractSigningCertificates(String str) {
        Certificate[] certificateArr = null;
        if (this.keystoreFile == null) {
            addMessage(new PolicyException("A 'signedBy' entry exists, but no keystore was specified; ignoring."));
        } else {
            try {
                String extractTarget = extractTarget(str, TOKEN_SIGNEDBY);
                certificateArr = getKeyStore().getCertificateChain(extractTarget);
                if (certificateArr == null) {
                    addMessage(new PolicyException(new StringBuffer().append("Certificate with alias '").append(extractTarget).append("' not found in keystore ").append(this.keystoreFile).toString()));
                }
            } catch (Exception e) {
                addMessage(e);
            }
        }
        return certificateArr;
    }

    protected PermissionCollection extractPermissionCollection(String str) {
        String[] split = str.split(REGEX_SEMICOLON_DELIMITER);
        Permissions permissions = new Permissions();
        for (String str2 : split) {
            String trim = str2.trim();
            if (trim.startsWith("permission")) {
                String trim2 = trim.substring("permission".length()).trim();
                try {
                    Permission permission = (Permission) AccessController.doPrivileged(new PrivilegedExceptionAction(this, trim2) { // from class: org.freshcookies.security.policy.PolicyReader.10
                        private final String val$permissionString;
                        private final PolicyReader this$0;

                        {
                            this.this$0 = this;
                            this.val$permissionString = trim2;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws AccessControlException, ClassNotFoundException {
                            return this.this$0.tokenFactory.getPermission(this.val$permissionString);
                        }
                    });
                    try {
                        if ((trim2.indexOf(TOKEN_SIGNEDBY) != -1) && permission != null && !isVerified(permission.getClass())) {
                            addMessage(new PolicyException(new StringBuffer().append("Could not verify permission class signature: ").append(trim2).toString()));
                        }
                    } catch (IOException e) {
                        addMessage(new PolicyException(new StringBuffer().append("Could not instantiate permission: ").append(trim2).toString()));
                    }
                    permissions.add(permission);
                } catch (PrivilegedActionException e2) {
                    addMessage(e2.getException());
                }
            }
        }
        permissions.setReadOnly();
        return permissions;
    }

    public boolean isValid() {
        return this.validPolicy;
    }

    public boolean isVerified(Class cls) throws IOException {
        Certificate signer = getSigner(cls);
        try {
            Enumeration<String> aliases = getKeyStore().aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keystore.isKeyEntry(nextElement) && signer.equals(this.keystore.getCertificate(nextElement))) {
                    return true;
                }
            }
            return false;
        } catch (KeyStoreException e) {
            throw new IOException(e.getMessage());
        }
    }

    private static String extractTarget(String str, String str2) throws PolicyException {
        String trim = str2 == null ? str : str.substring(str2.length()).trim();
        if (trim.startsWith("\"") && trim.endsWith("\"") && trim.length() > 2) {
            return trim.substring(1, trim.length() - 1);
        }
        throw new PolicyException(new StringBuffer().append("Policy string \"").append(str).append("\" must be at least one character and surrounded by quotes.").toString());
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
