package net.jini.security.policy;

import java.security.AccessController;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.Security;
import java.security.UnresolvedPermission;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.NavigableSet;
import java.util.TreeSet;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import net.jini.security.GrantPermission;
import org.apache.river.api.security.AbstractPolicy;
import org.apache.river.api.security.CachingSecurityManager;
import org.apache.river.api.security.PermissionGrant;
import org.apache.river.api.security.PermissionGrantBuilder;
import org.apache.river.api.security.RevocablePolicy;
import org.apache.river.api.security.ScalableNestedPolicy;

/* loaded from: input_file:net/jini/security/policy/DynamicPolicyProvider.class */
public class DynamicPolicyProvider extends AbstractPolicy implements RevocablePolicy, ScalableNestedPolicy {
    private static final String basePolicyClassProperty = "net.jini.security.policy.DynamicPolicyProvider.basePolicyClass";
    private static final String defaultBasePolicyClass = "org.apache.river.api.security.ConcurrentPolicyFile";
    private static final String revocationSupported = "net.jini.security.policy.DynamicPolicyProvider.revocation";
    private static final Logger logger = Logger.getLogger("net.jini.security.policy");
    private static final ProtectionDomain policyDomain = (ProtectionDomain) AccessController.doPrivileged(new PrivilegedAction<ProtectionDomain>() { // from class: net.jini.security.policy.DynamicPolicyProvider.1
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public ProtectionDomain run() {
            return DynamicPolicyProvider.class.getProtectionDomain();
        }
    });
    private final Policy basePolicy;
    private final Collection<PermissionGrant> dynamicPolicyGrants;
    private final boolean revocable;
    private final boolean loggable;
    private final PermissionCollection policyPermissions;

    public DynamicPolicyProvider() throws PolicyInitializationException {
        String property = Security.getProperty(basePolicyClassProperty);
        property = property == null ? defaultBasePolicyClass : property;
        String property2 = Security.getProperty(revocationSupported);
        property2 = property2 == null ? "TRUE" : property2;
        try {
            this.basePolicy = (Policy) Class.forName(property).newInstance();
            this.dynamicPolicyGrants = Collections.newSetFromMap(new ConcurrentHashMap(64));
            this.loggable = logger.isLoggable(Level.FINEST);
            if (!(this.basePolicy instanceof DynamicPolicy)) {
                this.revocable = property2.equals("TRUE");
            } else if (this.basePolicy instanceof RevocablePolicy) {
                this.revocable = ((RevocablePolicy) this.basePolicy).revokeSupported();
            } else {
                this.revocable = false;
            }
            this.policyPermissions = this.basePolicy.getPermissions(policyDomain);
            this.policyPermissions.setReadOnly();
        } catch (SecurityException e) {
            throw e;
        } catch (Exception e2) {
            throw new PolicyInitializationException("unable to construct base policy", e2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public DynamicPolicyProvider(Policy policy) {
        if (policy == 0) {
            throw new NullPointerException("null basePolicy prohibited");
        }
        this.basePolicy = policy;
        this.dynamicPolicyGrants = Collections.newSetFromMap(new ConcurrentHashMap(64));
        this.loggable = logger.isLoggable(Level.FINEST);
        if (!(policy instanceof DynamicPolicy)) {
            this.revocable = true;
        } else if (policy instanceof RevocablePolicy) {
            this.revocable = ((RevocablePolicy) policy).revokeSupported();
        } else {
            this.revocable = false;
        }
        this.policyPermissions = policy.getPermissions(policyDomain);
        this.policyPermissions.setReadOnly();
    }

    @Override // org.apache.river.api.security.RevocablePolicy
    public boolean revokeSupported() {
        return this.revocable;
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        return this.basePolicy.getPermissions(codeSource);
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        List<PermissionGrant> permissionGrants = getPermissionGrants(protectionDomain);
        TreeSet treeSet = new TreeSet(this.comparator);
        processGrants(permissionGrants, null, true, treeSet);
        PermissionCollection convert = convert(treeSet, 32, 0.75f, 1, 8);
        expandUmbrella(convert);
        return convert;
    }

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        PermissionCollection convert;
        if (protectionDomain == policyDomain) {
            return this.policyPermissions.implies(permission);
        }
        if (permission == null) {
            throw new NullPointerException("permission not allowed to be null");
        }
        NavigableSet<Permission> treeSet = new TreeSet<>(this.comparator);
        Class cls = permission instanceof GrantPermission ? null : permission.getClass();
        if (this.basePolicy instanceof ScalableNestedPolicy) {
            List<PermissionGrant> permissionGrants = ((ScalableNestedPolicy) this.basePolicy).getPermissionGrants(protectionDomain);
            if (!permissionGrants.isEmpty() && permissionGrants.get(0).isPrivileged()) {
                return true;
            }
            processGrants(permissionGrants, cls, false, treeSet);
        } else {
            Enumeration<Permission> elements = this.basePolicy.getPermissions(protectionDomain).elements();
            while (elements.hasMoreElements()) {
                Permission nextElement = elements.nextElement();
                if (nextElement instanceof AllPermission) {
                    return true;
                }
                if (cls == null) {
                    treeSet.add(nextElement);
                } else if (cls.isInstance(permission) || (permission instanceof UnresolvedPermission)) {
                    treeSet.add(nextElement);
                }
            }
        }
        for (PermissionGrant permissionGrant : this.dynamicPolicyGrants) {
            if (permissionGrant.isPrivileged() && permissionGrant.implies(protectionDomain)) {
                return true;
            }
        }
        for (PermissionGrant permissionGrant2 : this.dynamicPolicyGrants) {
            if (!permissionGrant2.isPrivileged() && permissionGrant2.implies(protectionDomain)) {
                for (Permission permission2 : permissionGrant2.getPermissions()) {
                    if (cls == null) {
                        treeSet.add(permission2);
                    } else if (cls.isInstance(permission) || (permission instanceof UnresolvedPermission)) {
                        treeSet.add(permission2);
                    }
                }
            }
        }
        if (cls != null) {
            convert = convert(treeSet, 4, 0.75f, 1, 2);
        } else {
            convert = convert(treeSet, 4, 0.75f, 1, 2);
            expandUmbrella(convert);
        }
        return convert.implies(permission);
    }

    @Override // java.security.Policy
    public void refresh() {
        this.basePolicy.refresh();
        LinkedList linkedList = new LinkedList();
        for (PermissionGrant permissionGrant : this.dynamicPolicyGrants) {
            if (permissionGrant.isVoid()) {
                linkedList.add(permissionGrant);
            }
        }
        this.dynamicPolicyGrants.removeAll(linkedList);
        Object securityManager = System.getSecurityManager();
        if (securityManager == null || !(securityManager instanceof CachingSecurityManager)) {
            return;
        }
        ((CachingSecurityManager) securityManager).clearCache();
    }

    @Override // net.jini.security.policy.DynamicPolicy
    public boolean grantSupported() {
        return true;
    }

    @Override // net.jini.security.policy.DynamicPolicy
    public void grant(final Class cls, Principal[] principalArr, Permission[] permissionArr) {
        if (principalArr == null) {
            principalArr = new Principal[0];
        }
        checkNullElements(principalArr);
        if (permissionArr == null || permissionArr.length == 0) {
            return;
        }
        checkNullElements(permissionArr);
        new GrantPermission(permissionArr).checkGuard(null);
        final PermissionGrantBuilder newBuilder = PermissionGrantBuilder.newBuilder();
        newBuilder.principals(principalArr).permissions(permissionArr).context(0);
        if (cls != null) {
            AccessController.doPrivileged(new PrivilegedAction() { // from class: net.jini.security.policy.DynamicPolicyProvider.2
                @Override // java.security.PrivilegedAction
                public Object run() {
                    newBuilder.clazz(cls);
                    return null;
                }
            });
        }
        PermissionGrant build = newBuilder.build();
        this.dynamicPolicyGrants.add(build);
        if (this.loggable) {
            logger.log(Level.FINEST, "Granting: {0}", build.toString());
        }
    }

    @Override // net.jini.security.policy.DynamicPolicy
    public Permission[] getGrants(Class cls, Principal[] principalArr) {
        ClassLoader classLoader = cls != null ? cls.getClassLoader() : null;
        if (principalArr != null && principalArr.length > 0) {
            principalArr = (Principal[]) principalArr.clone();
            checkNullElements(principalArr);
        }
        HashSet hashSet = new HashSet();
        for (PermissionGrant permissionGrant : this.dynamicPolicyGrants) {
            if (permissionGrant.implies(classLoader, principalArr)) {
                hashSet.addAll(permissionGrant.getPermissions());
            }
        }
        return (Permission[]) hashSet.toArray(new Permission[hashSet.size()]);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.river.api.security.ScalableNestedPolicy
    public List<PermissionGrant> getPermissionGrants(ProtectionDomain protectionDomain) {
        List linkedList;
        if (this.basePolicy instanceof ScalableNestedPolicy) {
            linkedList = ((ScalableNestedPolicy) this.basePolicy).getPermissionGrants(protectionDomain);
            if (!linkedList.isEmpty() && ((PermissionGrant) linkedList.get(0)).isPrivileged()) {
                return linkedList;
            }
        } else {
            linkedList = new LinkedList();
            PermissionGrant extractGrantFromPolicy = extractGrantFromPolicy(this.basePolicy, protectionDomain);
            linkedList.add(extractGrantFromPolicy);
            if (extractGrantFromPolicy.isPrivileged()) {
                return linkedList;
            }
        }
        for (PermissionGrant permissionGrant : this.dynamicPolicyGrants) {
            if (permissionGrant.isPrivileged() && permissionGrant.implies(protectionDomain)) {
                linkedList.clear();
                linkedList.add(permissionGrant);
                return linkedList;
            }
        }
        for (PermissionGrant permissionGrant2 : this.dynamicPolicyGrants) {
            if (!permissionGrant2.isPrivileged() && permissionGrant2.implies(protectionDomain)) {
                linkedList.add(permissionGrant2);
            }
        }
        return linkedList;
    }

    @Override // org.apache.river.api.security.RevocablePolicy
    public boolean grant(PermissionGrant permissionGrant) {
        Collection<Permission> permissions = permissionGrant.getPermissions();
        new GrantPermission((Permission[]) permissions.toArray(new Permission[permissions.size()])).checkGuard(null);
        return this.dynamicPolicyGrants.add(permissionGrant);
    }

    public String toString() {
        StringBuilder sb = new StringBuilder(256);
        sb.append(super.toString()).append("\n");
        sb.append("Dynamic Grants:\n");
        sb.append(this.dynamicPolicyGrants).append("\n");
        sb.append("Base Policy:\n");
        sb.append(this.basePolicy).append("\n");
        return sb.toString();
    }
}
