package com.sun.deploy.security;

import com.sun.deploy.config.Config;
import com.sun.deploy.config.SecuritySettings;
import com.sun.deploy.model.Resource;
import com.sun.deploy.model.ResourceProvider;
import com.sun.deploy.trace.Trace;
import com.sun.deploy.trace.TraceLevel;
import com.sun.deploy.ui.AppInfo;
import com.sun.deploy.uitoolkit.ToolkitStore;
import com.sun.deploy.xml.XMLNode;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.jar.Attributes;

/* loaded from: input_file:com/sun/deploy/security/DeployManifestChecker.class */
public class DeployManifestChecker {
    private static final String JARJNLP_SUFFIX = ".jarjnlp";
    private static final String JAR_SUFFIX = ".jar";

    private DeployManifestChecker() {
    }

    public static void verify(URL url, boolean z, AppInfo appInfo) {
        Resource cachedResource = ResourceProvider.get().getCachedResource(url, (String) ToolkitStore.get().getAppContext().get(new StringBuffer().append(Config.APPCONTEXT_KEY_PREFIX).append(url).toString()));
        if (cachedResource == null || !cachedResource.isJarFile()) {
            return;
        }
        try {
            verify(url, cachedResource.getJarFile().getManifest().getMainAttributes(), z, appInfo);
        } catch (IOException e) {
            Trace.ignored(e);
            throw new SecurityException("unexpected exception when trying to access manifest attributes");
        }
    }

    static void verify(URL url, Attributes attributes, boolean z, AppInfo appInfo) {
        if (appInfo != null && !appInfo.hasSignedJNLP()) {
            String value = attributes.getValue("Application-Name");
            if (value == null) {
                Trace.println(new StringBuffer().append("Missing Application-Name: manifest attribute for: ").append(url).toString());
                value = attributes.getValue(Attributes.Name.MAIN_CLASS);
            }
            appInfo.setTitle(value);
        }
        String value2 = attributes.getValue("Permissions");
        if (appInfo != null) {
            appInfo.setPermissionAttr(value2 != null);
        }
        if (value2 == null) {
            if (SecuritySettings.isPermissionsManifestRequired()) {
                throw new SecurityException(new StringBuffer().append("Missing required Permissions manifest attribute for: ").append(url).toString());
            }
            Trace.println(new StringBuffer().append("Missing Permissions manifest attribute for: ").append(url).toString());
        } else if (value2.equals("sandbox")) {
            if (z) {
                throw new SecurityException(new StringBuffer().append("JAR manifest requested to run in sandbox only: ").append(url).toString());
            }
        } else {
            if (!value2.equals("all-permissions")) {
                throw new SecurityException(new StringBuffer().append("Invalid Permissions value: ").append(value2).toString());
            }
            if (!z) {
                throw new SecurityException(new StringBuffer().append("JAR manifest requested to run in all-permissons only: ").append(url).toString());
            }
        }
        String value3 = attributes.getValue("Codebase");
        if (value3 == null) {
            Trace.println(new StringBuffer().append("Missing Codebase manifest attribute for: ").append(url).toString());
        } else if (!verifyCodebase(url, value3, false)) {
            throw new SecurityException(new StringBuffer().append("JAR manifest codebase mismatch for ").append(url).toString());
        }
    }

    public static boolean verifyCodebase(URL url, String str, boolean z) {
        String str2;
        int parseInt;
        String host = url.getHost();
        String protocol = url.getProtocol();
        int defaultPort = url.getDefaultPort();
        int port = url.getPort();
        String[] split = str.split("\\s");
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        for (int i = 0; i < split.length; i++) {
            String str3 = null;
            try {
                URL url2 = new URL(split[i]);
                str2 = url2.getHost();
                str3 = url2.getProtocol();
                parseInt = url2.getPort();
            } catch (MalformedURLException e) {
                str2 = split[i];
                int indexOf = str2.indexOf(":");
                if (indexOf == -1) {
                    parseInt = -1;
                } else {
                    str2 = split[i].substring(0, indexOf);
                    parseInt = Integer.parseInt(split[i].substring(indexOf + 1));
                }
            }
            if (parseInt == -1) {
                z4 = true;
            } else if (parseInt == port) {
                z4 = true;
            } else if (parseInt == defaultPort && port == -1) {
                z4 = true;
            }
            if (str3 == null) {
                z2 = true;
            } else if (str3.equals(protocol)) {
                z2 = true;
            }
            if (str2.equals(XMLNode.WILDCARD)) {
                z3 = true;
            } else if (str2.indexOf(XMLNode.WILDCARD) != -1) {
                if (!str2.startsWith("*.")) {
                    throw new SecurityException(new StringBuffer().append("Invalid Codebase value: ").append(split[i]).toString());
                }
                if (host.endsWith(str2.substring(2))) {
                    z3 = true;
                }
            } else if (str2.equals(host)) {
                z3 = true;
            }
            if (z2 && z3 && z4) {
                if (!z || !"http".equals(url.getProtocol()) || "http".equals(str3)) {
                    return true;
                }
                Trace.println("Javascript from a non secure page is accessing a privileged code. Consider using HTTPS protocol when using Javascript -> Liveconnect calls.", TraceLevel.SECURITY);
                return true;
            }
            z3 = false;
            z2 = false;
            z4 = false;
        }
        return false;
    }

    public static boolean verifyMultiHost(URL url, AppInfo appInfo) {
        if (!appInfo.isMultiHost()) {
            return true;
        }
        if (url.toString().endsWith(JARJNLP_SUFFIX)) {
            String url2 = url.toString();
            try {
                url = new URL(new StringBuffer().append(url2.substring(0, url2.length() - JARJNLP_SUFFIX.length())).append(JAR_SUFFIX).toString());
            } catch (MalformedURLException e) {
                Trace.ignored(e);
                return false;
            }
        }
        Resource cachedResource = ResourceProvider.get().getCachedResource(url, (String) ToolkitStore.get().getAppContext().get(new StringBuffer().append(Config.APPCONTEXT_KEY_PREFIX).append(url).toString()));
        if (cachedResource == null || !cachedResource.isJarFile()) {
            return true;
        }
        boolean z = false;
        try {
            String value = cachedResource.getJarFile().getManifest().getMainAttributes().getValue("Application-Library-Allowable-Codebase");
            if (value == null) {
                Trace.println(new StringBuffer().append("Missing Application-Library-Allowable-Codebase manifest attribute for: ").append(url).toString());
            }
            if (value != null && value.trim().length() > 0) {
                for (URL url3 : appInfo.getMultiHostUrls()) {
                    z = verifyCodebase(url3, value, false);
                    if (!z) {
                        break;
                    }
                }
            }
        } catch (IOException e2) {
            Trace.ignored(e2);
        }
        return z;
    }
}
