package gnu.java.security;

import gnu.classpath.debug.Component;
import gnu.classpath.debug.SystemLogger;
import gnu.java.lang.CPStringBuilder;
import gnu.java.security.action.GetPropertyAction;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.ObjectStreamConstants;
import java.io.StreamTokenizer;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.Security;
import java.security.UnresolvedPermission;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:gnu/java/security/PolicyFile.class */
public final class PolicyFile extends Policy {
    protected static final Logger logger = SystemLogger.SYSTEM;
    private static GetPropertyAction prop = new GetPropertyAction("file.separator");
    private static final String fs = (String) AccessController.doPrivileged(prop);
    private static final String DEFAULT_POLICY = String.valueOf((String) AccessController.doPrivileged(prop.setParameters("java.home"))) + fs + "lib" + fs + "security" + fs + "java.policy";
    private static final String DEFAULT_USER_POLICY = String.valueOf((String) AccessController.doPrivileged(prop.setParameters("user.home"))) + fs + ".java.policy";
    private final Map cs2pc = new HashMap();
    private static final int STATE_BEGIN = 0;
    private static final int STATE_GRANT = 1;
    private static final int STATE_PERMS = 2;

    public PolicyFile() {
        refresh();
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        Permissions permissions = new Permissions();
        for (Map.Entry entry : this.cs2pc.entrySet()) {
            CodeSource codeSource2 = (CodeSource) entry.getKey();
            if (codeSource2.implies(codeSource)) {
                logger.log((Level) Component.POLICY, "{0} -> {1}", new Object[]{codeSource2, codeSource});
                Enumeration<Permission> elements = ((PermissionCollection) entry.getValue()).elements();
                while (elements.hasMoreElements()) {
                    permissions.add(elements.nextElement());
                }
            } else {
                logger.log((Level) Component.POLICY, "{0} !-> {1}", new Object[]{codeSource2, codeSource});
            }
        }
        logger.log((Level) Component.POLICY, "returning permissions {0} for {1}", new Object[]{permissions, codeSource});
        return permissions;
    }

    @Override // java.security.Policy
    public void refresh() {
        this.cs2pc.clear();
        final LinkedList linkedList = new LinkedList();
        try {
            linkedList.add(new File(DEFAULT_POLICY).toURL());
            linkedList.add(new File(DEFAULT_USER_POLICY).toURL());
            AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: gnu.java.security.PolicyFile.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    String property = Security.getProperty("policy.allowSystemProperty");
                    if (property == null || Boolean.getBoolean(property)) {
                        String property2 = System.getProperty("java.security.policy");
                        PolicyFile.logger.log(Component.POLICY, "java.security.policy={0}", property2);
                        if (property2 != null) {
                            boolean startsWith = property2.startsWith("=");
                            if (startsWith) {
                                property2 = property2.substring(1);
                            }
                            linkedList.clear();
                            linkedList.add(new URL(property2));
                            if (startsWith) {
                                return null;
                            }
                        }
                    }
                    int i = 1;
                    while (true) {
                        String str = "policy.url." + i;
                        String property3 = Security.getProperty(str);
                        PolicyFile.logger.log((Level) Component.POLICY, "{0}={1}", new Object[]{str, property3});
                        if (property3 == null) {
                            return null;
                        }
                        linkedList.add(new URL(property3));
                        i++;
                    }
                }
            });
        } catch (MalformedURLException e) {
            logger.log((Level) Component.POLICY, "setting default policies", (Throwable) e);
        } catch (PrivilegedActionException e2) {
            logger.log((Level) Component.POLICY, "reading policy properties", (Throwable) e2);
        }
        logger.log(Component.POLICY, "building policy from URLs {0}", linkedList);
        Iterator<T> it = linkedList.iterator();
        while (it.hasNext()) {
            try {
                parse((URL) it.next());
            } catch (IOException e3) {
                logger.log((Level) Component.POLICY, "reading policy", (Throwable) e3);
            }
        }
    }

    public String toString() {
        return String.valueOf(super.toString()) + " [ " + this.cs2pc.toString() + " ]";
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void parse(URL url) throws IOException {
        logger.log(Component.POLICY, "reading policy file from {0}", url);
        StreamTokenizer streamTokenizer = new StreamTokenizer(new InputStreamReader(url.openStream()));
        streamTokenizer.resetSyntax();
        streamTokenizer.slashSlashComments(true);
        streamTokenizer.slashStarComments(true);
        streamTokenizer.wordChars(65, 90);
        streamTokenizer.wordChars(97, 122);
        streamTokenizer.wordChars(48, 57);
        streamTokenizer.wordChars(46, 46);
        streamTokenizer.wordChars(95, 95);
        streamTokenizer.wordChars(36, 36);
        streamTokenizer.whitespaceChars(32, 32);
        streamTokenizer.whitespaceChars(9, 9);
        streamTokenizer.whitespaceChars(12, 12);
        streamTokenizer.whitespaceChars(10, 10);
        streamTokenizer.whitespaceChars(13, 13);
        streamTokenizer.quoteChar(39);
        streamTokenizer.quoteChar(34);
        boolean z = false;
        LinkedList<KeyStore> linkedList = new LinkedList();
        URL url2 = null;
        LinkedList linkedList2 = new LinkedList();
        Permissions permissions = new Permissions();
        while (true) {
            int nextToken = streamTokenizer.nextToken();
            int i = nextToken;
            if (nextToken == -1) {
                return;
            }
            switch (i) {
                case 123:
                    if (!z) {
                        error(url, streamTokenizer, "spurious '{'");
                    }
                    z = 2;
                    i = streamTokenizer.nextToken();
                    break;
                case ObjectStreamConstants.TC_PROXYCLASSDESC /* 125 */:
                    if (z != 2) {
                        error(url, streamTokenizer, "spurious '}'");
                    }
                    z = false;
                    permissions.setReadOnly();
                    this.cs2pc.put(new CodeSource(url2, linkedList2.isEmpty() ? null : (Certificate[]) linkedList2.toArray(new Certificate[linkedList2.size()])), permissions);
                    linkedList2.clear();
                    permissions = new Permissions();
                    url2 = null;
                    if (streamTokenizer.nextToken() != 59) {
                        streamTokenizer.pushBack();
                        break;
                    } else {
                        continue;
                    }
            }
            if (i != -3) {
                error(url, streamTokenizer, "expecting word token");
            }
            if (streamTokenizer.sval.equalsIgnoreCase("keystore")) {
                String defaultType = KeyStore.getDefaultType();
                int nextToken2 = streamTokenizer.nextToken();
                if (nextToken2 != 34 && nextToken2 != 39) {
                    error(url, streamTokenizer, "expecting key store URL");
                }
                String str = streamTokenizer.sval;
                int nextToken3 = streamTokenizer.nextToken();
                if (nextToken3 == 44) {
                    int nextToken4 = streamTokenizer.nextToken();
                    if (nextToken4 != 34 && nextToken4 != 39) {
                        error(url, streamTokenizer, "expecting key store type");
                    }
                    defaultType = streamTokenizer.sval;
                    nextToken3 = streamTokenizer.nextToken();
                }
                if (nextToken3 != 59) {
                    error(url, streamTokenizer, "expecting semicolon");
                }
                try {
                    KeyStore keyStore = KeyStore.getInstance(defaultType);
                    keyStore.load(new URL(url, str).openStream(), null);
                    linkedList.add(keyStore);
                } catch (Exception e) {
                    error(url, streamTokenizer, e.toString());
                }
            } else if (streamTokenizer.sval.equalsIgnoreCase("grant")) {
                if (z) {
                    error(url, streamTokenizer, "extraneous grant keyword");
                }
                z = true;
            } else if (streamTokenizer.sval.equalsIgnoreCase("signedBy")) {
                if (!z && z != 2) {
                    error(url, streamTokenizer, "spurious 'signedBy'");
                }
                if (linkedList.isEmpty()) {
                    error(url, streamTokenizer, "'signedBy' with no keystores");
                }
                int nextToken5 = streamTokenizer.nextToken();
                if (nextToken5 != 34 && nextToken5 != 39) {
                    error(url, streamTokenizer, "expecting signedBy name");
                }
                StringTokenizer stringTokenizer = new StringTokenizer(streamTokenizer.sval, ",");
                while (stringTokenizer.hasMoreTokens()) {
                    String nextToken6 = stringTokenizer.nextToken();
                    for (KeyStore keyStore2 : linkedList) {
                        try {
                            if (keyStore2.isCertificateEntry(nextToken6)) {
                                linkedList2.add(keyStore2.getCertificate(nextToken6));
                            }
                        } catch (KeyStoreException e2) {
                            error(url, streamTokenizer, e2.toString());
                        }
                    }
                }
                if (streamTokenizer.nextToken() != 44) {
                    if (!z) {
                        error(url, streamTokenizer, "spurious ','");
                    }
                    streamTokenizer.pushBack();
                }
            } else if (streamTokenizer.sval.equalsIgnoreCase("codeBase")) {
                if (!z) {
                    error(url, streamTokenizer, "spurious 'codeBase'");
                }
                int nextToken7 = streamTokenizer.nextToken();
                if (nextToken7 != 34 && nextToken7 != 39) {
                    error(url, streamTokenizer, "expecting code base URL");
                }
                String expand = expand(streamTokenizer.sval);
                if (File.separatorChar != '/') {
                    expand = expand.replace(File.separatorChar, '/');
                }
                try {
                    url2 = new URL(expand);
                } catch (MalformedURLException e3) {
                    error(url, streamTokenizer, e3.toString());
                }
                if (streamTokenizer.nextToken() != 44) {
                    streamTokenizer.pushBack();
                }
            } else if (streamTokenizer.sval.equalsIgnoreCase("principal")) {
                if (!z) {
                    error(url, streamTokenizer, "spurious 'principal'");
                }
                int nextToken8 = streamTokenizer.nextToken();
                if (nextToken8 == -3) {
                    int nextToken9 = streamTokenizer.nextToken();
                    if (nextToken9 != 34 && nextToken9 != 39) {
                        error(url, streamTokenizer, "expecting principal name");
                    }
                    Principal principal = null;
                    try {
                        principal = (Principal) Class.forName(streamTokenizer.sval).getConstructor(String.class).newInstance(streamTokenizer.sval);
                    } catch (Exception e4) {
                        error(url, streamTokenizer, e4.toString());
                    }
                    for (KeyStore keyStore3 : linkedList) {
                        try {
                            Enumeration<String> aliases = keyStore3.aliases();
                            while (aliases.hasMoreElements()) {
                                String nextElement = aliases.nextElement();
                                if (keyStore3.isCertificateEntry(nextElement)) {
                                    Certificate certificate = keyStore3.getCertificate(nextElement);
                                    if ((certificate instanceof X509Certificate) && (principal.equals(((X509Certificate) certificate).getSubjectDN()) || principal.equals(((X509Certificate) certificate).getSubjectX500Principal()))) {
                                        linkedList2.add(certificate);
                                    }
                                }
                            }
                        } catch (KeyStoreException e5) {
                            error(url, streamTokenizer, e5.toString());
                        }
                    }
                } else if (nextToken8 == 34 || nextToken8 == 39) {
                    String str2 = streamTokenizer.sval;
                    for (KeyStore keyStore4 : linkedList) {
                        try {
                            if (keyStore4.isCertificateEntry(str2)) {
                                linkedList2.add(keyStore4.getCertificate(str2));
                            }
                        } catch (KeyStoreException e6) {
                            error(url, streamTokenizer, e6.toString());
                        }
                    }
                } else {
                    error(url, streamTokenizer, "expecting principal");
                }
                if (streamTokenizer.nextToken() != 44) {
                    streamTokenizer.pushBack();
                }
            } else if (streamTokenizer.sval.equalsIgnoreCase("permission")) {
                if (z != 2) {
                    error(url, streamTokenizer, "spurious 'permission'");
                }
                if (streamTokenizer.nextToken() != -3) {
                    error(url, streamTokenizer, "expecting permission class name");
                }
                String str3 = streamTokenizer.sval;
                Class<?> cls = null;
                try {
                    cls = Class.forName(str3);
                } catch (ClassNotFoundException unused) {
                }
                int nextToken10 = streamTokenizer.nextToken();
                if (nextToken10 != 59) {
                    if (nextToken10 != 34 && nextToken10 != 39) {
                        error(url, streamTokenizer, "expecting permission target");
                    }
                    String expand2 = expand(streamTokenizer.sval);
                    int nextToken11 = streamTokenizer.nextToken();
                    if (nextToken11 != 59) {
                        if (nextToken11 != 44) {
                            error(url, streamTokenizer, "expecting ','");
                        }
                        int nextToken12 = streamTokenizer.nextToken();
                        if (nextToken12 == -3) {
                            if (!streamTokenizer.sval.equalsIgnoreCase("signedBy")) {
                                error(url, streamTokenizer, "expecting 'signedBy'");
                            }
                            try {
                                permissions.add((Permission) cls.getConstructor(String.class).newInstance(expand2));
                            } catch (Exception e7) {
                                error(url, streamTokenizer, e7.toString());
                            }
                            streamTokenizer.pushBack();
                        } else {
                            if (nextToken12 != 34 && nextToken12 != 39) {
                                error(url, streamTokenizer, "expecting permission action");
                            }
                            String str4 = streamTokenizer.sval;
                            if (cls == null) {
                                permissions.add(new UnresolvedPermission(str3, expand2, str4, (Certificate[]) linkedList2.toArray(new Certificate[linkedList2.size()])));
                            } else {
                                try {
                                    permissions.add((Permission) cls.getConstructor(String.class, String.class).newInstance(expand2, str4));
                                } catch (Exception e8) {
                                    error(url, streamTokenizer, e8.toString());
                                }
                                int nextToken13 = streamTokenizer.nextToken();
                                if (nextToken13 != 59 && nextToken13 != 44) {
                                    error(url, streamTokenizer, "expecting ';' or ','");
                                }
                            }
                        }
                    } else if (cls == null) {
                        permissions.add(new UnresolvedPermission(str3, expand2, null, (Certificate[]) linkedList2.toArray(new Certificate[linkedList2.size()])));
                    } else {
                        try {
                            permissions.add((Permission) cls.getConstructor(String.class).newInstance(expand2));
                        } catch (Exception e9) {
                            error(url, streamTokenizer, e9.toString());
                        }
                    }
                } else if (cls == null) {
                    permissions.add(new UnresolvedPermission(str3, null, null, (Certificate[]) linkedList2.toArray(new Certificate[linkedList2.size()])));
                } else {
                    try {
                        permissions.add((Permission) cls.newInstance());
                    } catch (Exception e10) {
                        error(url, streamTokenizer, e10.toString());
                    }
                }
            }
        }
    }

    private static String expand(String str) {
        CPStringBuilder cPStringBuilder = new CPStringBuilder();
        CPStringBuilder cPStringBuilder2 = new CPStringBuilder();
        boolean z = false;
        for (int i = 0; i < str.length(); i++) {
            switch (z) {
                case false:
                    if (str.charAt(i) == '$') {
                        z = true;
                        break;
                    } else {
                        cPStringBuilder.append(str.charAt(i));
                        break;
                    }
                case true:
                    if (str.charAt(i) == '{') {
                        z = 2;
                        break;
                    } else {
                        z = false;
                        cPStringBuilder.append('$').append(str.charAt(i));
                        break;
                    }
                case true:
                    if (str.charAt(i) == '}') {
                        String cPStringBuilder3 = cPStringBuilder2.toString();
                        if (cPStringBuilder3.equals("/")) {
                            cPStringBuilder3 = "file.separator";
                        }
                        String property = System.getProperty(cPStringBuilder3);
                        if (property == null) {
                            property = "";
                        }
                        cPStringBuilder.append(property);
                        cPStringBuilder2.setLength(0);
                        z = false;
                        break;
                    } else {
                        cPStringBuilder2.append(str.charAt(i));
                        break;
                    }
            }
        }
        if (z) {
            cPStringBuilder.append('$').append('{').append((CharSequence) cPStringBuilder2);
        }
        return cPStringBuilder.toString();
    }

    private static void error(URL url, StreamTokenizer streamTokenizer, String str) throws IOException {
        throw new IOException(((Object) url) + ":" + streamTokenizer.lineno() + ": " + str);
    }
}
