package com.sun.deploy.security.ruleset;

import com.sun.deploy.config.Config;
import com.sun.deploy.ref.AppRef;
import com.sun.deploy.ref.CodeRef;
import com.sun.deploy.resources.ResourceManager;
import com.sun.deploy.security.BlockedException;
import com.sun.deploy.security.CertUtils;
import com.sun.deploy.trace.Trace;
import com.sun.deploy.trace.TraceLevel;
import com.sun.deploy.util.URLUtil;
import com.sun.deploy.xml.XMLNode;
import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.CodeSigner;
import java.security.cert.Certificate;

/* loaded from: input_file:com/sun/deploy/security/ruleset/RuleId.class */
public class RuleId {
    protected String title;
    protected String location;
    protected String certAlgorithm;
    protected String certHash;
    protected String checksumAlg;
    protected String checksumHash;
    protected String[] jnlpHash;
    private static String[] exceptionSites = null;

    public RuleId(String str, String str2, String str3, String str4, String str5, String str6) {
        this(str, str2, str3, str4, str5, str6, null);
    }

    public RuleId(String str, String str2, String str3, String str4, String str5, String str6, String[] strArr) {
        this.title = str;
        this.location = str2;
        this.certAlgorithm = str3;
        this.certHash = str4;
        this.checksumAlg = str5;
        this.checksumHash = str6;
        this.jnlpHash = strArr;
    }

    public String getTitle() {
        return this.title;
    }

    public String getLocation() {
        return this.location;
    }

    public String getCertAlgorithm() {
        return this.certAlgorithm;
    }

    public String getCertHash() {
        return this.certHash;
    }

    public String getChecksumAlg() {
        return this.checksumAlg;
    }

    public String getChecksumHash() {
        return this.checksumHash;
    }

    public boolean contains(AppRef appRef, CodeRef codeRef) {
        if (appRef.getType() == AppRef.Type.DOCBASE) {
            try {
                if (this.title == null && this.certHash == null && this.checksumHash == null) {
                    URL location = appRef.getLocation();
                    if (this.location == null || (location != null && compareStringToURL(this.location, location, true, true))) {
                        Trace.println("Matching Rule id for docbase only: " + this, TraceLevel.RULESET);
                        return true;
                    }
                    if (location == null && this.jnlpHash != null) {
                        for (String str : this.jnlpHash) {
                            if (str != null && str.equals(appRef.getJnlpHash())) {
                                Trace.println("Rule location: " + this.location + " matches UNKNOWN jnlp location due to matching jnlp-checksum", TraceLevel.RULESET);
                                return true;
                            }
                            Trace.println("hash: " + str + " does not match app jnlp hash: " + appRef.getJnlpHash(), TraceLevel.RULESET);
                        }
                    }
                }
            } catch (Exception e) {
                Trace.ignored(e);
            }
            Trace.println("Rule location: " + this.location + " doesn't match docbase location: " + appRef.getLocation(), TraceLevel.RULESET);
            return false;
        }
        if (this.title != null && !this.title.equals(appRef.getTitle())) {
            Trace.println("Rule title: " + this.title + " doesn't match artifactId: " + appRef.getTitle(), TraceLevel.RULESET);
            return false;
        }
        Trace.println("Rule title: " + this.title + " matches artifactId: " + appRef.getTitle(), TraceLevel.RULESET);
        if (this.location != null) {
            try {
                if (appRef.getLocation() == null) {
                    boolean z = false;
                    if (this.jnlpHash == null) {
                        Trace.println("Rule location: " + this.location + " does not match UNKNOWN artifact location", TraceLevel.RULESET);
                        return false;
                    }
                    String[] strArr = this.jnlpHash;
                    int length = strArr.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        String str2 = strArr[i];
                        if (str2 != null && str2.equals(appRef.getJnlpHash())) {
                            z = true;
                            break;
                        }
                        i++;
                    }
                    if (!z) {
                        Trace.println("Rule location: " + this.location + " does not match UNKNOWN artifact location with jnlp checksum: " + appRef.getJnlpHash(), TraceLevel.RULESET);
                        return false;
                    }
                    Trace.println("Rule location: " + this.location + " matches UNKNOWN jnlp location due to matching jnlp-checksum", TraceLevel.RULESET);
                } else if (!compareStringToURL(this.location, appRef.getLocation(), true, true)) {
                    Trace.println("Rule location: " + this.location + " does not match artifact location: " + appRef.getLocation(), TraceLevel.RULESET);
                    return false;
                }
                Trace.println("Rule location: " + this.location + " matches artifactId: " + appRef.getLocation(), TraceLevel.RULESET);
            } catch (Exception e2) {
                Trace.ignored(e2);
                return false;
            }
        }
        if (this.certHash != null) {
            try {
                Certificate[] certificateArr = null;
                boolean z2 = false;
                String str3 = null;
                CodeSigner[] codeSigners = codeRef.getCodeSigners();
                int i2 = 0;
                while (true) {
                    if (codeSigners == null || i2 >= codeSigners.length) {
                        break;
                    }
                    certificateArr = codeRef.getCerts(codeSigners[i2]);
                    if (certificateArr != null) {
                        str3 = CertUtils.getMainCertHash(certificateArr, this.certAlgorithm);
                        if (this.certHash.equals(str3)) {
                            z2 = true;
                            break;
                        }
                    }
                    i2++;
                }
                if (certificateArr == null) {
                    Trace.println("Rule hash not matching unsigned artifact", TraceLevel.RULESET);
                    return false;
                }
                if (!z2) {
                    Trace.println("Rule hash:\n         " + this.certHash + "\nnot matching artifact certificate hash:\n         " + str3, TraceLevel.RULESET);
                    return false;
                }
                Trace.println("Rule hash matches certificate hash", TraceLevel.RULESET);
            } catch (IOException e3) {
                Trace.println("IOException: " + e3 + "while finding hash for codeRef: " + codeRef, TraceLevel.RULESET);
                Trace.ignored(e3);
                return false;
            }
        }
        if (this.checksumHash != null) {
            try {
                CodeSigner[] codeSigners2 = codeRef.getCodeSigners();
                if (codeSigners2 != null && codeSigners2.length > 0) {
                    Trace.println("checksum rule cannot match signed content", TraceLevel.RULESET);
                    return false;
                }
                String checksum = codeRef.getChecksum(this.checksumAlg);
                if (!this.checksumHash.equals(checksum)) {
                    if (checksum == null) {
                        Trace.println("Rule checksum not equal to codebase artifact", TraceLevel.RULESET);
                        return false;
                    }
                    Trace.println("Rule checksum not equal to artifact checksum: " + checksum, TraceLevel.RULESET);
                    return false;
                }
            } catch (IOException e4) {
                Trace.println("IOException: " + e4 + " while finding checksum for: " + codeRef.getJarLocation(), TraceLevel.RULESET);
                Trace.ignored(e4);
                return false;
            } catch (NumberFormatException e5) {
                Trace.println("invalid checksum in rule: " + this.checksumHash);
                return false;
            }
        }
        Trace.println("Matching Rule ID: " + this, TraceLevel.RULESET);
        return true;
    }

    public String toString() {
        String str = "\n        title: " + this.title + "\n        location: " + this.location;
        if (this.certHash != null) {
            str = str + "\n        certificate algorithm: " + this.certAlgorithm + "\n        certificate hash: " + this.certHash;
        }
        if (this.checksumHash != null) {
            str = str + "\n        checksum algorithm: " + this.checksumAlg + "\n        checksum hash: " + this.checksumHash;
        }
        return str;
    }

    public static boolean compareStringToURL(String str, URL url, boolean z, boolean z2) {
        String str2;
        String host;
        int port;
        String path;
        String host2 = url.getHost();
        String protocol = url.getProtocol();
        int defaultPort = url.getDefaultPort();
        int port2 = url.getPort();
        String path2 = url.getPath();
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        boolean z6 = false;
        boolean z7 = false;
        try {
            URL url2 = new URL(str);
            str2 = url2.getProtocol();
            host = url2.getHost();
            port = url2.getPort();
            path = url2.getPath();
        } catch (MalformedURLException e) {
            try {
                URL url3 = new URL(Config.JAVAWS_JRE_INSTALL_DEF + str);
                str2 = null;
                host = url3.getHost();
                port = url3.getPort();
                path = url3.getPath();
            } catch (MalformedURLException e2) {
                Trace.println("invalid location: " + str, TraceLevel.RULESET);
                return false;
            }
        }
        Trace.println("RuleId compare: (" + str2 + ", " + host + ", " + port + ", " + path + ") to url: " + url, TraceLevel.RULESET);
        if (z) {
            if (port == -1 || port == port2 || (port == defaultPort && port2 == -1)) {
                z5 = true;
            }
        } else if (port == port2 || ((port == -1 && port2 == defaultPort) || (port == defaultPort && port2 == -1))) {
            z5 = true;
        }
        if (str2 == null || str2.equals(protocol)) {
            z3 = true;
            if ("file".equals(str2)) {
                z7 = true;
            }
        }
        if (host.equals(XMLNode.WILDCARD)) {
            z4 = false;
        } else if (z && host.startsWith("*.")) {
            if (host2.toLowerCase().endsWith(host.substring(2).toLowerCase())) {
                z4 = true;
            }
        } else if (host.equalsIgnoreCase(host2)) {
            z4 = true;
        }
        if (z2) {
            z6 = pathIncludes(path, path2, protocol, host2, z7);
        } else if (path == null || path.length() == 0 || path.equals(path2)) {
            z6 = true;
        } else if (z7) {
            try {
                z6 = new File(path).getCanonicalPath().equals(new File(path2).getCanonicalPath());
            } catch (Exception e3) {
            }
        }
        return z3 && z4 && z5 && z6;
    }

    private static boolean pathIncludes(String str, String str2, String str3, String str4, boolean z) {
        int indexOf = str2.indexOf(37);
        if (indexOf >= 0 && (str2.indexOf("%2E", indexOf) >= 0 || str2.indexOf("%2e", indexOf) >= 0 || str2.indexOf("%2F", indexOf) >= 0 || str2.indexOf("%2f", indexOf) >= 0)) {
            throw new SecurityException("Unsupported encoded character in path");
        }
        String decodePath = URLUtil.decodePath(str2);
        for (int i = 0; i < decodePath.length(); i++) {
            char charAt = decodePath.charAt(i);
            if (charAt <= 31 || charAt == 127 || charAt == '?' || charAt == '%' || charAt == '\\' || charAt == '#') {
                throw new SecurityException("Unsupported character in decoded path");
            }
        }
        try {
            String path = new URI(str3, str4, decodePath, null).normalize().getPath();
            if (str == null || str.length() == 0 || path.equals(str)) {
                r12 = true;
            } else {
                String str5 = str.endsWith("/") ? str : str + "/";
                if (path.startsWith(str5)) {
                    r12 = true;
                } else if (z) {
                    try {
                        r12 = new File(path).getCanonicalPath().startsWith(new File(str5).getCanonicalPath());
                    } catch (Exception e) {
                    }
                }
            }
            return r12;
        } catch (URISyntaxException e2) {
            throw new SecurityException("unexpected excpetion", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean isException(AppRef appRef, CodeRef codeRef) {
        try {
            URL hTMLLocation = appRef.getHTMLLocation() != null ? appRef.getHTMLLocation() : null;
            URL jNLPLocation = appRef.getJNLPLocation() != null ? appRef.getJNLPLocation() : null;
            URL jarLocation = codeRef != null ? codeRef.getJarLocation() : null;
            if (exceptionSites == null) {
                exceptionSites = Config.getExceptionSites();
            }
            if (hTMLLocation != null && onExceptionList(hTMLLocation)) {
                if (jNLPLocation != null && !URLUtil.sameBase(hTMLLocation, jNLPLocation) && !onExceptionList(jNLPLocation)) {
                    String string = ResourceManager.getString("deployment.blocked.exception.list.domains", "html", String.valueOf(appRef.getHTMLLocation()), "jnlp", String.valueOf(appRef.getJNLPLocation()));
                    Trace.println(string, TraceLevel.BASIC);
                    throw new BlockedException(string, new Exception());
                }
                if (jarLocation == null || URLUtil.sameBase(hTMLLocation, jarLocation) || onExceptionList(jarLocation)) {
                    return true;
                }
                String string2 = ResourceManager.getString("deployment.blocked.exception.list.domains", "html", String.valueOf(appRef.getHTMLLocation()), "jar", String.valueOf(codeRef.getJarLocation()));
                Trace.println(string2, TraceLevel.BASIC);
                throw new BlockedException(string2, new Exception());
            }
            if (hTMLLocation == null && jNLPLocation != null && onExceptionList(jNLPLocation)) {
                if (jarLocation == null || URLUtil.sameBase(jNLPLocation, jarLocation) || onExceptionList(jarLocation)) {
                    return true;
                }
                String string3 = ResourceManager.getString("deployment.blocked.exception.list.domains", "jnlp", String.valueOf(appRef.getJNLPLocation()), "jar", String.valueOf(codeRef.getJarLocation()));
                Trace.println(string3, TraceLevel.BASIC);
                throw new BlockedException(string3, new Exception());
            }
            if (hTMLLocation != null || jNLPLocation != null || appRef.getAnchorURL() == null || !onExceptionList(appRef.getAnchorURL())) {
                return false;
            }
            if (jarLocation == null || URLUtil.sameBase(appRef.getAnchorURL(), jarLocation) || onExceptionList(jarLocation)) {
                return true;
            }
            String string4 = ResourceManager.getString("deployment.blocked.exception.list.domains", "jar", String.valueOf(appRef.getAnchorURL()), "jar", String.valueOf(codeRef.getJarLocation()));
            Trace.println(string4, TraceLevel.BASIC);
            throw new BlockedException(string4, new Exception());
        } catch (IOException e) {
            Trace.println("IOException processing exception list: " + e, TraceLevel.RULESET);
            Trace.ignored(e);
            return false;
        }
    }

    private static boolean onExceptionList(URL url) throws IOException {
        for (int i = 0; i < exceptionSites.length; i++) {
            if (exceptionSites[i] != null && exceptionSites[i].length() > 0) {
                if (compareStringToURL(exceptionSites[i], url, false, exceptionSites[i].endsWith("/"))) {
                    return true;
                }
            }
        }
        return false;
    }
}
