package net.jini.security.proxytrust;

import aQute.bnd.annotation.headers.ProvideCapability;
import aQute.bnd.annotation.headers.RequireCapability;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectOutputStream;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.net.MalformedURLException;
import java.rmi.RemoteException;
import java.rmi.UnmarshalException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import net.jini.core.constraint.MethodConstraints;
import net.jini.core.constraint.RemoteMethodControl;
import net.jini.io.MarshalInputStream;
import net.jini.io.ObjectStreamContext;
import net.jini.loader.ClassLoading;
import net.jini.security.SecurityContext;
import net.jini.security.TrustVerifier;
import org.apache.river.api.io.AtomicMarshalInputStream;
import org.apache.river.logging.Levels;

@RequireCapability(ns = "osgi.extender", filter = "(osgi.extender=osgi.serviceloader.registrar)")
@Deprecated
@ProvideCapability(ns = "osgi.serviceloader", name = "net.jini.security.TrustVerifier")
/* loaded from: input_file:net/jini/security/proxytrust/ProxyTrustVerifier.class */
public class ProxyTrustVerifier implements TrustVerifier {
    private static final Logger logger = Logger.getLogger("net.jini.security.trust");
    private static final ThreadLocal state = new ThreadLocal();
    private static Method gpvMethod;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/jini/security/proxytrust/ProxyTrustVerifier$MOStream.class */
    public static class MOStream extends ObjectOutputStream implements ObjectStreamContext {
        private final String bcb;
        private final ClassLoader bcl;
        boolean replace;

        MOStream(ByteArrayOutputStream byteArrayOutputStream, String str, ClassLoader classLoader) throws IOException {
            super(byteArrayOutputStream);
            this.replace = false;
            this.bcb = str;
            this.bcl = classLoader;
        }

        @Override // net.jini.io.ObjectStreamContext
        public Collection getObjectStreamContext() {
            return Collections.EMPTY_SET;
        }

        @Override // java.io.ObjectOutputStream
        protected void annotateClass(Class cls) throws IOException {
            writeAnnotation(cls);
        }

        @Override // java.io.ObjectOutputStream
        protected void annotateProxyClass(Class cls) throws IOException {
            writeAnnotation(cls);
        }

        private void writeAnnotation(final Class cls) throws IOException {
            String classAnnotation = ClassLoading.getClassAnnotation(cls);
            writeObject(classAnnotation);
            if (this.bcb.equals(classAnnotation)) {
                AccessController.doPrivileged(new PrivilegedAction() { // from class: net.jini.security.proxytrust.ProxyTrustVerifier.MOStream.1
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        if (cls.getClassLoader() == MOStream.this.bcl) {
                            return null;
                        }
                        MOStream.this.replace = true;
                        return null;
                    }
                });
            }
        }
    }

    @Override // net.jini.security.TrustVerifier
    public boolean isTrustedObject(Object obj, TrustVerifier.Context context) throws RemoteException {
        if (obj == null || context == null) {
            throw new NullPointerException();
        }
        MethodConstraints methodConstraints = null;
        UntrustedObjectSecurityContext untrustedObjectSecurityContext = null;
        Iterator it = context.getCallerContext().iterator();
        while (true) {
            if ((methodConstraints == null || untrustedObjectSecurityContext == null) && it.hasNext()) {
                Object next = it.next();
                if (methodConstraints == null && (next instanceof MethodConstraints)) {
                    MethodConstraints methodConstraints2 = (MethodConstraints) next;
                    if (!methodConstraints2.getConstraints(gpvMethod).isEmpty()) {
                        methodConstraints = methodConstraints2;
                    }
                } else if (untrustedObjectSecurityContext == null && (next instanceof UntrustedObjectSecurityContext)) {
                    untrustedObjectSecurityContext = (UntrustedObjectSecurityContext) next;
                }
            }
        }
        if (methodConstraints == null) {
            return false;
        }
        if (untrustedObjectSecurityContext == null) {
            untrustedObjectSecurityContext = new BasicUntrustedObjectSecurityContext(null);
        }
        TrustVerifier verifier = getVerifier(obj, context, methodConstraints, untrustedObjectSecurityContext);
        return verifier != null && verifier.isTrustedObject(obj, context);
    }

    private static TrustVerifier getVerifier(Object obj, TrustVerifier.Context context, MethodConstraints methodConstraints, UntrustedObjectSecurityContext untrustedObjectSecurityContext) throws RemoteException {
        TrustVerifier altVerifier;
        Method method = getMethod(obj);
        if (method == null) {
            if (!Proxy.isProxyClass(obj.getClass())) {
                return null;
            }
            InvocationHandler invocationHandler = Proxy.getInvocationHandler(obj);
            method = getMethod(invocationHandler);
            if (method == null) {
                if ((obj instanceof ProxyTrust) && (obj instanceof RemoteMethodControl)) {
                    return getAltVerifier(obj, context, methodConstraints);
                }
                return null;
            }
            obj = invocationHandler;
        }
        logger.log(Level.FINER, "{0} has ProxyTrustIterator", obj);
        SecurityContext context2 = untrustedObjectSecurityContext.getContext();
        try {
            ProxyTrustIterator proxyTrustIterator = (ProxyTrustIterator) restrictedInvoke(method, obj, context2);
            Throwable th = null;
            while (restrictedHasNext(proxyTrustIterator, context2)) {
                RemoteMethodControl remoteMethodControl = null;
                try {
                    Object restrictedNext = restrictedNext(proxyTrustIterator, context2);
                    logger.log(Level.FINER, "ProxyTrustIterator produces {0}", restrictedNext);
                    if (!(restrictedNext instanceof ProxyTrust)) {
                        TrustVerifier verifier = getVerifier(restrictedNext, context, methodConstraints, untrustedObjectSecurityContext);
                        if (verifier != null) {
                            return verifier;
                        }
                    } else if (!(restrictedNext instanceof RemoteMethodControl)) {
                        continue;
                    } else {
                        if (isTrusted(restrictedNext, context)) {
                            remoteMethodControl = ((RemoteMethodControl) restrictedNext).setConstraints(methodConstraints);
                            TrustVerifier proxyVerifier = ((ProxyTrust) remoteMethodControl).getProxyVerifier();
                            logger.log(Level.FINE, "verifier is {0}", proxyVerifier);
                            return proxyVerifier;
                        }
                        if (Proxy.isProxyClass(restrictedNext.getClass()) && getMethod(restrictedNext) == null && getMethod(Proxy.getInvocationHandler(restrictedNext)) == null && (altVerifier = getAltVerifier(restrictedNext, context, methodConstraints)) != null) {
                            return altVerifier;
                        }
                    }
                } catch (RemoteException e) {
                    th = e;
                    if (remoteMethodControl instanceof ProxyTrust) {
                        logger.log(Levels.HANDLED, "setting ProxyTrustIterator exception", e);
                        restrictedSetException(proxyTrustIterator, e, context2);
                    }
                }
            }
            if (th != null) {
                throw th;
            }
            logger.log(Levels.FAILED, "no verifier obtained from ProxyTrustIterator");
            return null;
        } catch (IllegalAccessException e2) {
            throw new AssertionError(e2);
        } catch (InvocationTargetException e3) {
            Throwable targetException = e3.getTargetException();
            if (targetException instanceof RuntimeException) {
                throw ((RuntimeException) targetException);
            }
            throw ((Error) targetException);
        }
    }

    private static Object restrictedInvoke(final Method method, final Object obj, SecurityContext securityContext) throws IllegalAccessException, InvocationTargetException {
        try {
            return AccessController.doPrivileged(securityContext.wrap(new PrivilegedExceptionAction() { // from class: net.jini.security.proxytrust.ProxyTrustVerifier.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws IllegalAccessException, InvocationTargetException {
                    return method.invoke(obj, (Object[]) null);
                }
            }), securityContext.getAccessControlContext());
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            if (exception instanceof InvocationTargetException) {
                throw ((InvocationTargetException) exception);
            }
            throw ((IllegalAccessException) exception);
        }
    }

    private static boolean restrictedHasNext(final ProxyTrustIterator proxyTrustIterator, SecurityContext securityContext) {
        return ((Boolean) AccessController.doPrivileged(securityContext.wrap(new PrivilegedAction<Boolean>() { // from class: net.jini.security.proxytrust.ProxyTrustVerifier.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Boolean run() {
                return Boolean.valueOf(ProxyTrustIterator.this.hasNext());
            }
        }), securityContext.getAccessControlContext())).booleanValue();
    }

    private static Object restrictedNext(final ProxyTrustIterator proxyTrustIterator, SecurityContext securityContext) throws RemoteException {
        try {
            return AccessController.doPrivileged(securityContext.wrap(new PrivilegedExceptionAction() { // from class: net.jini.security.proxytrust.ProxyTrustVerifier.3
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws RemoteException {
                    return ProxyTrustIterator.this.next();
                }
            }), securityContext.getAccessControlContext());
        } catch (PrivilegedActionException e) {
            throw e.getException();
        }
    }

    private static void restrictedSetException(final ProxyTrustIterator proxyTrustIterator, final RemoteException remoteException, SecurityContext securityContext) {
        AccessController.doPrivileged(securityContext.wrap(new PrivilegedAction() { // from class: net.jini.security.proxytrust.ProxyTrustVerifier.4
            @Override // java.security.PrivilegedAction
            public Object run() {
                ProxyTrustIterator.this.setException(remoteException);
                return null;
            }
        }), securityContext.getAccessControlContext());
    }

    private static boolean isTrusted(Object obj, TrustVerifier.Context context) throws RemoteException {
        Object obj2 = state.get();
        try {
            state.set(obj);
            boolean isTrustedObject = context.isTrustedObject(obj);
            state.set(obj2);
            return isTrustedObject;
        } catch (Throwable th) {
            state.set(obj2);
            throw th;
        }
    }

    private static TrustVerifier getAltVerifier(Object obj, TrustVerifier.Context context, MethodConstraints methodConstraints) throws RemoteException {
        final Class<?> cls;
        final String classAnnotation;
        if (obj == state.get() || (classAnnotation = ClassLoading.getClassAnnotation((cls = obj.getClass()))) == null || classAnnotation.length() == 0) {
            return null;
        }
        final InvocationHandler invocationHandler = Proxy.getInvocationHandler(obj);
        Object doPrivileged = AccessController.doPrivileged((PrivilegedAction<Object>) new PrivilegedAction() { // from class: net.jini.security.proxytrust.ProxyTrustVerifier.5
            @Override // java.security.PrivilegedAction
            public Object run() {
                ClassLoader classLoader = cls.getClassLoader();
                if (classLoader == null) {
                    return null;
                }
                ClassLoader parent = classLoader.getParent();
                Thread currentThread = Thread.currentThread();
                ClassLoader contextClassLoader = currentThread.getContextClassLoader();
                boolean z = false;
                try {
                    currentThread.setContextClassLoader(parent);
                    z = ClassLoading.getClassLoader(classAnnotation) == classLoader;
                    currentThread.setContextClassLoader(contextClassLoader);
                } catch (MalformedURLException e) {
                    currentThread.setContextClassLoader(contextClassLoader);
                } catch (Throwable th) {
                    currentThread.setContextClassLoader(contextClassLoader);
                    throw th;
                }
                if (!z) {
                    return null;
                }
                try {
                    return Proxy.newProxyInstance(parent, new Class[]{ProxyTrust.class, RemoteMethodControl.class}, invocationHandler);
                } catch (IllegalArgumentException e2) {
                    return null;
                }
            }
        });
        if (doPrivileged == null) {
            return null;
        }
        logger.log(Level.FINER, "trying derivative bootstrap proxy {0}", doPrivileged);
        if (!isTrusted(doPrivileged, context)) {
            return null;
        }
        TrustVerifier proxyVerifier = ((ProxyTrust) ((RemoteMethodControl) doPrivileged).setConstraints(methodConstraints)).getProxyVerifier();
        final Class<?> cls2 = proxyVerifier.getClass();
        ClassLoader classLoader = (ClassLoader) AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() { // from class: net.jini.security.proxytrust.ProxyTrustVerifier.6
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public ClassLoader run() {
                ClassLoader classLoader2 = cls.getClassLoader();
                if (classLoader2 == cls2.getClassLoader()) {
                    return null;
                }
                return classLoader2;
            }
        });
        if (classLoader != null) {
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                MOStream mOStream = new MOStream(byteArrayOutputStream, classAnnotation, classLoader);
                mOStream.writeObject(proxyVerifier);
                mOStream.close();
                if (mOStream.replace) {
                    logger.log(Level.FINER, "remarshalling verifier");
                    MarshalInputStream marshalInputStream = (MarshalInputStream) AtomicMarshalInputStream.create(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), classLoader, false, null, Collections.EMPTY_SET, true);
                    marshalInputStream.useCodebaseAnnotations();
                    proxyVerifier = (TrustVerifier) marshalInputStream.readObject();
                    marshalInputStream.close();
                }
            } catch (IOException e) {
                throw new UnmarshalException("remarshalling verifier failed", e);
            } catch (ClassNotFoundException e2) {
                throw new UnmarshalException("remarshalling verifier failed", e2);
            }
        }
        logger.log(Level.FINE, "verifier is {0}", proxyVerifier);
        return proxyVerifier;
    }

    private static Method getMethod(Object obj) {
        final Class<?> cls = obj.getClass();
        return (Method) AccessController.doPrivileged(new PrivilegedAction() { // from class: net.jini.security.proxytrust.ProxyTrustVerifier.7
            @Override // java.security.PrivilegedAction
            public Object run() {
                Class cls2 = cls;
                while (true) {
                    Class cls3 = cls2;
                    if (cls3 == null) {
                        return null;
                    }
                    try {
                        Method declaredMethod = cls3.getDeclaredMethod("getProxyTrustIterator", new Class[0]);
                        if (!ProxyTrustVerifier.usable(declaredMethod, cls3, cls)) {
                            return null;
                        }
                        declaredMethod.setAccessible(true);
                        return declaredMethod;
                    } catch (NoSuchMethodException e) {
                        cls2 = cls3.getSuperclass();
                    }
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean usable(Method method, Class cls, Class cls2) {
        int modifiers = method.getModifiers();
        return method.getReturnType() == ProxyTrustIterator.class && method.getExceptionTypes().length == 0 && (modifiers & 8) == 0 && ((modifiers & 5) != 0 || ((modifiers & 2) == 0 ? samePackage(cls, cls2) : cls == cls2));
    }

    private static boolean samePackage(Class cls, Class cls2) {
        if (cls.getClassLoader() != cls2.getClassLoader()) {
            return false;
        }
        String name = cls.getName();
        int lastIndexOf = name.lastIndexOf(46);
        String name2 = cls2.getName();
        return lastIndexOf == name2.lastIndexOf(46) && (lastIndexOf < 0 || name.regionMatches(0, name2, 0, lastIndexOf));
    }

    static {
        try {
            gpvMethod = ProxyTrust.class.getMethod("getProxyVerifier", new Class[0]);
        } catch (Exception e) {
            throw new ExceptionInInitializerError(e);
        }
    }
}
