package com.sun.deploy.security.ruleset;

import com.sun.deploy.config.Config;
import com.sun.deploy.model.Resource;
import com.sun.deploy.model.ResourceProvider;
import com.sun.deploy.security.CertUtils;
import com.sun.deploy.trace.Trace;
import com.sun.deploy.trace.TraceLevel;
import com.sun.deploy.util.SystemUtils;
import com.sun.deploy.util.URLUtil;
import com.sun.deploy.xml.XMLNode;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.CodeSigner;
import java.security.cert.Certificate;

/* loaded from: input_file:com/sun/deploy/security/ruleset/RuleId.class */
public class RuleId {
    protected String title;
    protected String location;
    protected String mainLocation;
    protected String mainVersion;
    protected String certAlgorithm;
    protected String certHash;
    protected String checksumAlg;
    protected String checksumHash;
    protected boolean isArtifactId;
    protected boolean isDocbaseId;

    public RuleId(String str, String str2, String str3, String str4) {
        this.title = str;
        this.location = str2;
        this.mainLocation = str3;
        this.mainVersion = str4;
        this.certAlgorithm = null;
        this.certHash = null;
        this.checksumAlg = null;
        this.checksumHash = null;
        this.isArtifactId = true;
        this.isDocbaseId = false;
    }

    public RuleId(String str, String str2, String str3, String str4, String str5, String str6) {
        this.title = str;
        this.location = str2;
        this.mainLocation = null;
        this.mainVersion = null;
        this.certAlgorithm = str3;
        this.certHash = str4;
        this.checksumAlg = str5;
        this.checksumHash = str6;
        this.isArtifactId = false;
        this.isDocbaseId = false;
    }

    public RuleId(String str) {
        this.title = null;
        this.location = str;
        this.mainLocation = null;
        this.mainVersion = null;
        this.certAlgorithm = null;
        this.certHash = null;
        this.checksumAlg = null;
        this.checksumHash = null;
        this.isArtifactId = false;
        this.isDocbaseId = true;
    }

    public boolean contains(RuleId ruleId) {
        if (!this.isArtifactId && ruleId.isDocbaseId) {
            try {
                if (this.title == null && this.certHash == null && this.checksumHash == null && (this.location == null || compareStringToURL(this.location, new URL(ruleId.location)))) {
                    Trace.println(new StringBuffer().append("Matching Rule id for docbase only: ").append(this).toString(), TraceLevel.RULESET);
                    return true;
                }
            } catch (Exception e) {
                Trace.ignored(e);
            }
            Trace.println(new StringBuffer().append("Rule location: ").append(this.location).append(" doesn't match ").append("docbase location: ").append(ruleId.location).toString(), TraceLevel.RULESET);
            return false;
        }
        if (this.isArtifactId || !ruleId.isArtifactId) {
            Trace.println("Id.contains() called with wrong id types ?");
            return false;
        }
        if (this.title != null && !this.title.equals(ruleId.title)) {
            Trace.println(new StringBuffer().append("Rule title: ").append(this.title).append(" doesn't match artifactId: ").append(ruleId.title).toString(), TraceLevel.RULESET);
            return false;
        }
        Trace.println(new StringBuffer().append("Rule title: ").append(this.title).append(" matches artifactId: ").append(ruleId.title).toString(), TraceLevel.RULESET);
        if (this.location != null) {
            try {
                if (ruleId.location == null) {
                    Trace.println(new StringBuffer().append("Rule location: ").append(this.location).append(" does not match UNKNOWN artifact location").toString(), TraceLevel.RULESET);
                    return false;
                }
                if (!compareStringToURL(this.location, new URL(ruleId.location))) {
                    Trace.println(new StringBuffer().append("Rule location: ").append(this.location).append(" does not match artifact location: ").append(ruleId.location).toString(), TraceLevel.RULESET);
                    return false;
                }
            } catch (Exception e2) {
                Trace.ignored(e2);
                return false;
            }
        }
        Trace.println(new StringBuffer().append("Rule location: ").append(this.location).append(" matches artifactId: ").append(ruleId.location).toString(), TraceLevel.RULESET);
        if (this.certHash != null) {
            try {
                URL url = new URL(ruleId.mainLocation);
                Resource resource = ResourceProvider.get().getResource(url, ruleId.mainVersion);
                Certificate[] certificateArr = null;
                boolean z = false;
                String str = null;
                if (Config.isJavaVersionAtLeast15()) {
                    CodeSigner[] codeSigners = resource.getCodeSigners();
                    int i = 0;
                    while (true) {
                        if (codeSigners == null || i >= codeSigners.length) {
                            break;
                        }
                        certificateArr = (Certificate[]) codeSigners[i].getSignerCertPath().getCertificates().toArray(new Certificate[0]);
                        if (certificateArr != null) {
                            str = CertUtils.getMainCertHash(certificateArr, this.certAlgorithm);
                            if (this.certHash.equals(str)) {
                                z = true;
                                break;
                            }
                        }
                        i++;
                    }
                } else {
                    certificateArr = resource.getCertificates();
                    if (certificateArr != null) {
                        str = CertUtils.getMainCertHash(certificateArr, this.certAlgorithm);
                        if (this.certHash.equals(str)) {
                            z = true;
                        }
                    }
                }
                if (certificateArr == null) {
                    Trace.println(new StringBuffer().append("Rule hash not matching certificate hash because cannot get certificates from resource: ").append(url).toString(), TraceLevel.RULESET);
                    return false;
                }
                if (!z) {
                    Trace.println(new StringBuffer().append("Rule hash:\n         ").append(this.certHash).append("\n").append("not matching artifact certificate hash:\n         ").append(str).toString(), TraceLevel.RULESET);
                    return false;
                }
                Trace.println("Rule hash matches certificate hash", TraceLevel.RULESET);
            } catch (IOException e3) {
                Trace.println(new StringBuffer().append("IOException: ").append(e3).append("while finding hash for: ").append(ruleId.mainLocation).toString(), TraceLevel.RULESET);
                Trace.ignored(e3);
                return false;
            }
        }
        if (this.checksumHash != null) {
            try {
                String fileChecksum = SystemUtils.getFileChecksum(ResourceProvider.get().getResource(new URL(ruleId.mainLocation), ruleId.mainVersion).getDataFile(), this.checksumAlg);
                if (!this.checksumHash.equals(fileChecksum)) {
                    Trace.println(new StringBuffer().append("Rule checksum:  not equal artifact checksum:\n    ").append(fileChecksum).toString(), TraceLevel.RULESET);
                    return false;
                }
            } catch (IOException e4) {
                Trace.println(new StringBuffer().append("IOException: ").append(e4).append(" while finding checksum for: ").append(ruleId.mainLocation).toString(), TraceLevel.RULESET);
                Trace.ignored(e4);
                return false;
            } catch (NumberFormatException e5) {
                Trace.println(new StringBuffer().append("invalid checksum in rule: ").append(this.checksumHash).toString());
                return false;
            }
        }
        Trace.println(new StringBuffer().append("Matching Rule ID: ").append(this).toString(), TraceLevel.RULESET);
        return true;
    }

    public String toString() {
        String stringBuffer = new StringBuffer().append("\n        title: ").append(this.title).append("\n        location: ").append(this.location).toString();
        if (this.mainLocation != null) {
            stringBuffer = new StringBuffer().append(stringBuffer).append("\n        main location: ").append(this.mainLocation).append("\n        main version: ").append(this.mainVersion).toString();
        }
        if (this.certHash != null) {
            stringBuffer = new StringBuffer().append(stringBuffer).append("\n        certificate algorithm: ").append(this.certAlgorithm).append("\n        certertificate hash: ").append(this.certHash).toString();
        }
        if (this.checksumHash != null) {
            stringBuffer = new StringBuffer().append(stringBuffer).append("\n        checksum algorithm: ").append(this.checksumAlg).append("\n        checksum hash: ").append(this.checksumHash).toString();
        }
        return new StringBuffer().append(stringBuffer).append("\n        isArtifact: ").append(this.isArtifactId).toString();
    }

    public static boolean compareStringToURL(String str, URL url) {
        String str2;
        String host;
        int port;
        String path;
        String host2 = url.getHost();
        String protocol = url.getProtocol();
        int defaultPort = url.getDefaultPort();
        int port2 = url.getPort();
        String path2 = url.getPath();
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        try {
            URL url2 = new URL(str);
            str2 = url2.getProtocol();
            host = url2.getHost();
            port = url2.getPort();
            path = url2.getPath();
        } catch (MalformedURLException e) {
            try {
                URL url3 = new URL(new StringBuffer().append("http://").append(str).toString());
                str2 = null;
                host = url3.getHost();
                port = url3.getPort();
                path = url3.getPath();
            } catch (MalformedURLException e2) {
                Trace.println(new StringBuffer().append("invalid location: ").append(str).toString(), TraceLevel.RULESET);
                return false;
            }
        }
        Trace.println(new StringBuffer().append("RuleId compare: (").append(str2).append(", ").append(host).append(", ").append(port).append(", ").append(path).append(") to url: ").append(url).toString(), TraceLevel.RULESET);
        if (port == -1 || port == port2 || (port == defaultPort && port2 == -1)) {
            z3 = true;
        }
        if (str2 == null || str2.equals(protocol)) {
            z = true;
        }
        if (host.equals(XMLNode.WILDCARD)) {
            z2 = false;
        } else if (host.startsWith("*.")) {
            if (host2.toLowerCase().endsWith(host.substring(2).toLowerCase())) {
                z2 = true;
            }
        } else if (host.equalsIgnoreCase(host2)) {
            z2 = true;
        }
        return z && z2 && z3 && pathIncludes(path, path2, protocol, host2);
    }

    private static boolean pathIncludes(String str, String str2, String str3, String str4) {
        boolean z = false;
        int indexOf = str2.indexOf(37);
        if (indexOf >= 0 && (str2.indexOf("%2E", indexOf) >= 0 || str2.indexOf("%2e", indexOf) >= 0 || str2.indexOf("%2F", indexOf) >= 0 || str2.indexOf("%2f", indexOf) >= 0)) {
            throw new SecurityException("Unsupported encoded character in path");
        }
        String decodePath = URLUtil.decodePath(str2);
        for (int i = 0; i < decodePath.length(); i++) {
            char charAt = decodePath.charAt(i);
            if (charAt <= 31 || charAt == 127 || charAt == '?' || charAt == '%' || charAt == '\\' || charAt == '#') {
                throw new SecurityException("Unsupported character in decoded path");
            }
        }
        try {
            String path = new URI(str3, str4, decodePath, null).normalize().getPath();
            if (str == null || str.length() == 0 || path.startsWith(str)) {
                z = true;
            } else {
                Trace.println(new StringBuffer().append("Path mistach, actualPath: ").append(path).toString(), TraceLevel.RULESET);
            }
            return z;
        } catch (URISyntaxException e) {
            throw new SecurityException("unexpected excpetion", e);
        }
    }
}
