package com.sap.platin.base.security;

import com.sap.jnet.JNetControllerImpl;
import com.sap.platin.base.security.SAPPolicyParser;
import com.sap.platin.base.security.SAPPropertyExpander;
import com.sap.platin.base.security.descriptor.GenericPermissionDescriptor;
import com.sap.platin.base.util.GuiDesktopModel;
import com.sap.platin.micro.DResult;
import com.sap.platin.micro.Dynamic;
import com.sap.platin.micro.PathInfo;
import com.sap.platin.micro.Version;
import com.sap.platin.trace.T;
import java.awt.AWTPermission;
import java.io.File;
import java.io.FileInputStream;
import java.io.FilePermission;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.NetPermission;
import java.net.SocketPermission;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.AccessController;
import java.security.AllPermission;
import java.security.CodeSigner;
import java.security.CodeSource;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.Security;
import java.security.UnresolvedPermission;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.PropertyPermission;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import org.icepdf.core.util.PdfOps;

/* loaded from: input_file:platinsecS.jar:com/sap/platin/base/security/SAPPolicyImpl.class */
public abstract class SAPPolicyImpl extends Policy {
    public static final AllPermission mAllPermissions = new AllPermission();
    private static final Class<?>[] P0 = new Class[0];
    private static final Class<?>[] P1 = {String.class};
    private static final Class<?>[] P2 = {String.class, String.class};
    private static final Permission[] mStaticPermissions = {new SocketPermission("localhost:1024-", "listen"), new PropertyPermission("java.version", "read"), new PropertyPermission("java.vendor", "read"), new PropertyPermission("java.vendor.url", "read"), new PropertyPermission("java.class.version", "read"), new PropertyPermission("os.name", "read"), new PropertyPermission("os.version", "read"), new PropertyPermission("os.arch", "read"), new PropertyPermission("file.separator", "read"), new PropertyPermission("path.separator", "read"), new PropertyPermission("line.separator", "read"), new PropertyPermission("java.specification.version", "read"), new PropertyPermission("java.specification.vendor", "read"), new PropertyPermission("java.specification.name", "read"), new PropertyPermission("java.vm.specification.version", "read"), new PropertyPermission("java.vm.specification.vendor", "read"), new PropertyPermission("java.vm.specification.name", "read"), new PropertyPermission("java.vm.version", "read"), new PropertyPermission("java.vm.vendor", "read"), new PropertyPermission("java.vm.name", "read")};
    private Map<String, Set<PolicyEntry>> mTemporaryPermissions = new HashMap();
    private AtomicReference<PolicyEntryList> mPolicyData = new AtomicReference<>();
    private Set<URL> mInternalCodeSources = null;
    private Set<URL> mInstalledCodeSources = null;
    private List<File> mWellKnownDirectories = new ArrayList();

    /* loaded from: input_file:platinsecS.jar:com/sap/platin/base/security/SAPPolicyImpl$PolicyEntry.class */
    public static class PolicyEntry {
        private final CodeSource mCodesource;
        final List<Permission> mPermissions;
        private final List<SAPPolicyParser.PrincipalEntry> mPrincipals;

        PolicyEntry(CodeSource codeSource) {
            this(codeSource, (List<SAPPolicyParser.PrincipalEntry>) null);
        }

        PolicyEntry(CodeSource codeSource, Permission[] permissionArr) {
            this(codeSource, (List<SAPPolicyParser.PrincipalEntry>) null);
            this.mPermissions.addAll(Arrays.asList(permissionArr));
        }

        PolicyEntry(CodeSource codeSource, List<SAPPolicyParser.PrincipalEntry> list) {
            this.mCodesource = codeSource;
            this.mPermissions = new ArrayList();
            this.mPrincipals = list;
        }

        public boolean contains(Class<?> cls) {
            boolean z = false;
            Iterator<SAPPolicyParser.PrincipalEntry> it = this.mPrincipals.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (it.next().getPrincipalClass().equals(cls.getName())) {
                    z = true;
                    break;
                }
            }
            return z;
        }

        public List<Permission> getPermissions() {
            return this.mPermissions;
        }

        public List<SAPPolicyParser.PrincipalEntry> getPrincipals() {
            return this.mPrincipals;
        }

        void add(Permission permission) {
            if (this.mPermissions.contains(permission)) {
                return;
            }
            this.mPermissions.add(permission);
        }

        public CodeSource getCodeSource() {
            return this.mCodesource;
        }

        public String dumpData() {
            StringBuilder sb = new StringBuilder();
            List<SAPPolicyParser.PrincipalEntry> principals = getPrincipals();
            CodeSource codeSource = getCodeSource();
            String str = " ";
            if (principals != null && !principals.isEmpty()) {
                for (SAPPolicyParser.PrincipalEntry principalEntry : principals) {
                    sb.append(str).append("principal ").append(principalEntry.getPrincipalClass()).append(" \"").append(principalEntry.getPrincipalName()).append(PdfOps.DOUBLE_QUOTE__TOKEN);
                    str = ",\n      ";
                }
            }
            if (codeSource != null && codeSource.getLocation() != null) {
                CodeSigner[] codeSigners = codeSource.getCodeSigners();
                if (codeSigners != null) {
                    for (CodeSigner codeSigner : codeSigners) {
                        sb.append(str).append("signedBy \"").append(codeSigner).append(" \"");
                        str = ",\n      ";
                    }
                }
                sb.append(str).append("codeBase \"").append(codeSource.getLocation()).append(PdfOps.DOUBLE_QUOTE__TOKEN);
            }
            sb.append(" ").append("{\n");
            Iterator<Permission> it = getPermissions().iterator();
            while (it.hasNext()) {
                sb.append("    ").append(GenericPermissionDescriptor.formatPermissionRuleSyntax(it.next())).append("\n");
            }
            sb.append("}\n");
            return sb.toString();
        }

        public String toString() {
            return dumpData();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:platinsecS.jar:com/sap/platin/base/security/SAPPolicyImpl$PolicyEntryList.class */
    public static class PolicyEntryList {
        private final ProtectionDomainCache pdCache = new ProtectionDomainCache();
        private final List<PolicyEntry> mPolicyEntries = new ArrayList();
        private final List<PolicyEntry> mIdentityPolicyEntries = Collections.synchronizedList(new ArrayList(2));
        private final Map<Serializable, Serializable> mAliasMap = Collections.synchronizedMap(new HashMap(11));

        PolicyEntryList() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addEntry(PolicyEntry policyEntry) {
            this.mPolicyEntries.add(policyEntry);
        }

        ProtectionDomainCache getPDCache() {
            return this.pdCache;
        }

        public List<PolicyEntry> getPolicyEntries() {
            return new ArrayList(this.mPolicyEntries);
        }

        public String dumpData() {
            StringBuilder sb = new StringBuilder();
            Iterator<PolicyEntry> it = this.mPolicyEntries.iterator();
            while (it.hasNext()) {
                sb.append("grant ").append(it.next().dumpData()).append("\n");
            }
            return sb.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:platinsecS.jar:com/sap/platin/base/security/SAPPolicyImpl$ProtectionDomainCache.class */
    public static class ProtectionDomainCache {
        private final Map<Integer, PermissionCollection> map;

        private ProtectionDomainCache() {
            this.map = Collections.synchronizedMap(new HashMap());
        }

        public void put(ProtectionDomain protectionDomain, PermissionCollection permissionCollection) {
            this.map.put(protectionDomain == null ? null : Integer.valueOf(protectionDomain.hashCode()), permissionCollection);
        }

        public PermissionCollection get(ProtectionDomain protectionDomain) {
            return protectionDomain == null ? this.map.get(null) : this.map.get(Integer.valueOf(protectionDomain.hashCode()));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:platinsecS.jar:com/sap/platin/base/security/SAPPolicyImpl$URLData.class */
    public class URLData {
        private URL mURL;
        private String mType;

        public URLData(URL url, String str) {
            this.mURL = null;
            this.mType = null;
            this.mURL = url;
            this.mType = str;
        }

        public URL getURL() {
            return this.mURL;
        }

        public String getType() {
            return this.mType;
        }

        public String toString() {
            return this.mType + " [" + this.mURL + "]";
        }
    }

    public SAPPolicyImpl() {
        init();
    }

    public String dumpData() {
        StringBuilder sb = new StringBuilder();
        sb.append("=============================================================\n");
        sb.append("Static policy data\n");
        sb.append("=============================================================\n");
        sb.append(this.mPolicyData.get().dumpData()).append("\n");
        sb.append(dumpTempData()).append("\n");
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String dumpTempData() {
        StringBuilder sb = new StringBuilder();
        sb.append("=============================================================\n");
        sb.append("Temporary permissions\n");
        sb.append("=============================================================\n");
        for (Map.Entry<String, Set<PolicyEntry>> entry : getTemporaryPermissionsStorage().entrySet()) {
            sb.append("Key: ").append(entry.getKey()).append("\n");
            Iterator<PolicyEntry> it = entry.getValue().iterator();
            while (it.hasNext()) {
                sb.append(it.next().dumpData()).append("\n");
            }
        }
        return sb.toString();
    }

    private PolicyEntry findPolicyEntry(Set<PolicyEntry> set, CodeSource codeSource, List<SAPPolicyParser.PrincipalEntry> list) {
        boolean z;
        PolicyEntry policyEntry = null;
        if (set != null) {
            Iterator<PolicyEntry> it = set.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                PolicyEntry next = it.next();
                boolean z2 = true;
                if (codeSource != null) {
                    z2 = codeSource.equals(next.getCodeSource());
                }
                if (list.isEmpty()) {
                    z = next.getPrincipals() == null || next.getPrincipals().isEmpty();
                } else {
                    z = next.getPrincipals() != null && list.containsAll(next.getPrincipals()) && list.size() == next.getPrincipals().size();
                }
                if (z && z2) {
                    policyEntry = next;
                    break;
                }
            }
        }
        return policyEntry;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addTemporaryPermissionsImpl(Map<String, Set<PolicyEntry>> map, String str, Permissions permissions, List<SAPPolicyParser.PrincipalEntry> list, CodeSource codeSource) {
        if (list == null) {
            list = Collections.emptyList();
        }
        if (codeSource == null) {
            codeSource = new CodeSource((URL) null, (Certificate[]) null);
        }
        synchronized (map) {
            Set<PolicyEntry> set = map.get(str);
            if (set == null) {
                set = new HashSet();
                map.put(str, set);
            }
            PolicyEntry findPolicyEntry = findPolicyEntry(set, codeSource, list);
            if (findPolicyEntry == null) {
                findPolicyEntry = new PolicyEntry(codeSource, list);
                set.add(findPolicyEntry);
            }
            Enumeration<Permission> elements = permissions.elements();
            while (elements.hasMoreElements()) {
                findPolicyEntry.add(elements.nextElement());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeTemporaryPermissionsImpl(Map<String, Set<PolicyEntry>> map, String str) {
        synchronized (map) {
            if (map.get(str) != null) {
                map.remove(str);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PolicyEntryList getPolicyData() {
        return this.mPolicyData.get();
    }

    private void init() {
        this.mPolicyData.set(initPolicy());
        this.mWellKnownDirectories.add(GuiDesktopModel.getCommandPath(GuiDesktopModel.APP_UPLOAD));
        this.mWellKnownDirectories.add(GuiDesktopModel.getCommandPath(GuiDesktopModel.APP_DOWNLOAD));
    }

    private PolicyEntryList initPolicy() {
        return (PolicyEntryList) AccessController.doPrivileged(new PrivilegedAction<PolicyEntryList>() { // from class: com.sap.platin.base.security.SAPPolicyImpl.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public PolicyEntryList run() {
                PolicyEntryList policyEntryList = new PolicyEntryList();
                ProtectionDomain[] protectionDomainArr = {null, SAPPolicyImpl.class.getProtectionDomain(), Version.class.getProtectionDomain()};
                try {
                    protectionDomainArr[0] = Class.forName("com.sap.platin.r3.macosx.MacGuiR3Init").getProtectionDomain();
                } catch (ClassNotFoundException e) {
                }
                Permissions permissions = new Permissions();
                permissions.add(SAPPolicyImpl.mAllPermissions);
                for (ProtectionDomain protectionDomain : protectionDomainArr) {
                    if (protectionDomain != null) {
                        policyEntryList.getPDCache().put(protectionDomain, permissions);
                    }
                }
                boolean z = false;
                for (URLData uRLData : SAPPolicyImpl.this.getPolicyResourceList()) {
                    if (!"static".equals(uRLData.getType())) {
                        if (T.race("POLICY")) {
                            T.race("POLICY", "============================================================");
                            T.race("POLICY", "Read Policy from: " + uRLData);
                        }
                        boolean initPolicy = SAPPolicyImpl.this.initPolicy(uRLData.getURL(), policyEntryList);
                        if (initPolicy && T.race("POLICY")) {
                            T.race("POLICY", "Policy has been successfully loaded.");
                        }
                        if (!"java.security.auth.policy".equals(uRLData.getType())) {
                            z |= initPolicy;
                        }
                        if (T.race("POLICY")) {
                            T.race("POLICY", "============================================================");
                        }
                    } else if (!z) {
                        if (T.race("POLICY")) {
                            T.race("POLICY", "============================================================");
                            T.race("POLICY", "Initialize static policy.");
                        }
                        new PolicyEntry(new CodeSource((URL) null, (Certificate[]) null), SAPPolicyImpl.mStaticPermissions);
                        String[] parseExtDirs = SAPPolicyImpl.this.parseExtDirs();
                        if (parseExtDirs != null && parseExtDirs.length > 0) {
                            for (String str : parseExtDirs) {
                                try {
                                    PolicyEntry policyEntry = new PolicyEntry(SAPPolicyImpl.this.getCodebase(new CodeSource(new URL(str), (Certificate[]) null), false));
                                    policyEntry.add(SAPPolicyImpl.mAllPermissions);
                                    policyEntryList.addEntry(policyEntry);
                                } catch (MalformedURLException e2) {
                                    T.raceError("Illegal URL for JVM extension: " + str, e2);
                                }
                            }
                        }
                        if (T.race("POLICY")) {
                            T.race("POLICY", "============================================================");
                        }
                    }
                }
                return policyEntryList;
            }
        });
    }

    public String[] parseExtDirs() {
        String[] strArr = null;
        String property = System.getProperty("java.ext.dirs");
        if (property != null) {
            String[] split = property.split(File.pathSeparator);
            ArrayList arrayList = new ArrayList(split.length);
            for (String str : split) {
                String uri = new File(str).toURI().toString();
                if (uri.endsWith("/")) {
                    uri = uri.substring(0, uri.length() - 1);
                }
                arrayList.add(uri + "/*");
            }
            strArr = (String[]) arrayList.toArray(split);
        }
        return strArr;
    }

    protected abstract HashMap<String, List<PolicyEntry>> extractTLs();

    protected abstract PolicyEntry extractTLPermissionsImpl(String str, String str2);

    private URL convertPropertyEntryToUrl(String str) {
        URL url = null;
        if (str != null && str.length() > 0) {
            try {
                String replace = SAPPropertyExpander.expand(str, false, true).replace(File.separatorChar, '/');
                url = replace.startsWith("file:") ? new File(replace.substring(5)).toURI().toURL() : new URI(replace).toURL();
            } catch (SAPPropertyExpander.ExpandException e) {
                T.raceError("Can not expand url: " + str, e);
            } catch (MalformedURLException e2) {
                T.raceError("Malformed URL: " + str, e2);
            } catch (URISyntaxException e3) {
                T.raceError("Incorrect URL syntax: " + str, e3);
            }
        }
        return url;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final List<URLData> getPolicyResourceList() {
        ArrayList arrayList = new ArrayList();
        for (String str : new String[]{"java.security.policy", "static", "java.security.auth.policy"}) {
            if (str.equals("static")) {
                URL policyResource = getPolicyResource("Policy.info");
                if (policyResource != null) {
                    arrayList.add(new URLData(policyResource, "SAPGUIPolicy.internal"));
                }
                URL policyResource2 = getPolicyResource("TrustLevelDefaultPermissions.info");
                if (policyResource2 != null) {
                    arrayList.add(new URLData(policyResource2, "SAPGUIPolicy.internal"));
                }
                for (File file : new File[]{PathInfo.getCurrent().locatePath(20034), PathInfo.getCurrent().locatePath(PathInfo.F_PRIVATEUSERPOLICY)}) {
                    if (file != null) {
                        try {
                            arrayList.add(new URLData(file.toURI().toURL(), "SAPGUIPolicy.external"));
                        } catch (MalformedURLException e) {
                            T.raceError("Illegal file URL: " + e.getMessage(), e);
                        }
                    }
                }
                arrayList.add(new URLData(null, str));
            } else {
                boolean z = false;
                String property = System.getProperty(str);
                if (property != null && property.length() > 0) {
                    System.err.println("URI: \"" + property + PdfOps.DOUBLE_QUOTE__TOKEN);
                    if (property.startsWith("=")) {
                        z = true;
                        property = property.substring(1);
                    }
                    URL convertPropertyEntryToUrl = convertPropertyEntryToUrl(property);
                    if (convertPropertyEntryToUrl != null) {
                        arrayList.add(new URLData(convertPropertyEntryToUrl, str));
                    }
                }
                String str2 = str.equals("java.security.policy") ? "policy.url." : "auth.policy.url.";
                if (!z) {
                    int i = 1;
                    String property2 = Security.getProperty(str2 + 1);
                    while (true) {
                        String str3 = property2;
                        if (str3 != null) {
                            URL convertPropertyEntryToUrl2 = convertPropertyEntryToUrl(str3);
                            if (convertPropertyEntryToUrl2 != null) {
                                arrayList.add(new URLData(convertPropertyEntryToUrl2, str));
                            }
                            i++;
                            property2 = Security.getProperty(str2 + i);
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    protected URL getPolicyResource(String str) {
        String str2 = str;
        if (str2.indexOf("/") < 0) {
            str2 = "com/sap/platin/base/security/" + str2;
        }
        ClassLoader classLoader = SAPPolicyImpl.class.getClassLoader();
        if (classLoader == null) {
            classLoader = ClassLoader.getSystemClassLoader();
        }
        return classLoader.getResource(str2);
    }

    private static InputStream getInputStream(URL url) throws IOException {
        try {
            URI uri = url.toURI();
            if ("file".equals(url.getProtocol())) {
                return new FileInputStream(new File(uri));
            }
        } catch (URISyntaxException e) {
            T.raceError("Illegal URI syntax: " + url, e);
        }
        return url.openStream();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Removed duplicated region for block: B:116:0x029c A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:60:0x02f9 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:80:0x021d A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:98:0x01b1 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean initPolicy(java.net.URL r7, com.sap.platin.base.security.SAPPolicyImpl.PolicyEntryList r8) {
        /*
            Method dump skipped, instructions count: 805
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sap.platin.base.security.SAPPolicyImpl.initPolicy(java.net.URL, com.sap.platin.base.security.SAPPolicyImpl$PolicyEntryList):boolean");
    }

    protected abstract Set<URL> getInternalCodeSourcesImpl(boolean z);

    protected final Set<URL> getInternalCodeSources() {
        if (this.mInternalCodeSources == null) {
            this.mInternalCodeSources = getInternalCodeSourcesImpl(false);
        }
        return this.mInternalCodeSources;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final Set<URL> getInstalledCodeSources() {
        if (this.mInstalledCodeSources == null) {
            this.mInstalledCodeSources = getInternalCodeSourcesImpl(true);
        }
        return this.mInstalledCodeSources;
    }

    private CodeSource getCS(SAPPolicyParser.GrantEntry grantEntry, KeyStore keyStore, PolicyEntryList policyEntryList) throws MalformedURLException {
        String codeBase = grantEntry.getCodeBase();
        String str = null;
        if (codeBase != null) {
            str = new URL(codeBase).getFile();
        }
        Certificate[] certificateArr = null;
        if (grantEntry.getSigner() != null) {
            certificateArr = getCerts(keyStore, grantEntry.getSigner(), policyEntryList);
            if (certificateArr == null) {
                if (!T.race("POLICY")) {
                    return null;
                }
                T.race("POLICY", "  -- No certs for alias '" + grantEntry.getSigner() + "' - ignoring entry");
                return null;
            }
        }
        if (str != null) {
            new File(str);
            URL url = new File(str).toURI().toURL();
            Set<URL> internalCodeSources = getInternalCodeSources();
            if (certificateArr == null && ("${{InternalJars}}".equals(grantEntry.getCodeBase()) || (url != null && internalCodeSources.contains(url)))) {
                certificateArr = getSignerCertificates(getClass().getProtectionDomain().getCodeSource());
            }
        }
        URL url2 = null;
        if (grantEntry.getCodeBase() != null) {
            url2 = new URL(grantEntry.getCodeBase());
        }
        return getCodebase(new CodeSource(url2, certificateArr), false);
    }

    protected void addGrantEntry(SAPPolicyParser.GrantEntry grantEntry, KeyStore keyStore, PolicyEntryList policyEntryList) {
        CodeSource cs;
        if (T.race("POLICY1")) {
            T.race("POLICY1", "SAPPolicyImpl.addGrantEntry(): Adding policy entry: ");
            T.race("POLICY1", "SAPPolicyImpl.addGrantEntry():   signedBy " + grantEntry.getSigner());
            T.race("POLICY1", "SAPPolicyImpl.addGrantEntry():   codeBase " + grantEntry.getCodeBase());
            LinkedList<SAPPolicyParser.PrincipalEntry> principals = grantEntry.getPrincipals();
            if (principals != null) {
                Iterator<SAPPolicyParser.PrincipalEntry> it = principals.iterator();
                while (it.hasNext()) {
                    T.race("POLICY1", "SAPPolicyImpl.addGrantEntry():  " + it.next().toString());
                }
            }
        }
        try {
            cs = getCS(grantEntry, keyStore, policyEntryList);
        } catch (Exception e) {
            T.raceError("SAPPolicyImpl.addGrantEntry(): error adding entry:" + e, e);
        }
        if (cs != null && expandPrincipals(grantEntry.getPrincipals(), keyStore)) {
            PolicyEntry policyEntry = new PolicyEntry(cs, grantEntry.getPrincipals());
            for (SAPPolicyParser.PermissionEntry permissionEntry : grantEntry.permissionElements()) {
                try {
                    try {
                    } catch (ClassNotFoundException e2) {
                        Certificate[] certs = permissionEntry.getSignedBy() != null ? getCerts(keyStore, permissionEntry.getSignedBy(), policyEntryList) : null;
                        if (certs != null || permissionEntry.getSignedBy() == null) {
                            UnresolvedPermission unresolvedPermission = new UnresolvedPermission(permissionEntry.getPermission(), permissionEntry.getName(), permissionEntry.getAction(), certs);
                            policyEntry.add(unresolvedPermission);
                            if (T.race("POLICY1")) {
                                T.race("POLICY1", "SAPPolicyImpl.addGrantEntry():   " + unresolvedPermission);
                            }
                        }
                    }
                } catch (InvocationTargetException e3) {
                    T.raceError("SAPPolicyImpl.addGrantEntry(): error adding Permission, " + permissionEntry.getPermission() + ":\n\t" + e3.getTargetException(), e3);
                } catch (Exception e4) {
                    T.raceError("SAPPolicyImpl.addGrantEntry(): error adding Permission, " + permissionEntry.getPermission() + ":\n\t" + e4, e4);
                }
                if (!permissionEntry.getPermission().equals("javax.security.auth.PrivateCredentialPermission")) {
                    expandPermissionName(permissionEntry, keyStore);
                    Permission permissionFactory = permissionFactory(permissionEntry.getPermission(), permissionEntry.getName(), permissionEntry.getAction());
                    policyEntry.add(permissionFactory);
                    if (T.race("POLICY1")) {
                        T.race("POLICY1", "SAPPolicyImpl.addGrantEntry():   " + permissionFactory);
                    }
                }
            }
            policyEntryList.mPolicyEntries.add(policyEntry);
            if (T.race("POLICY1")) {
                T.race("POLICY1", "");
            }
        }
    }

    private static final Permission permissionFactory(String str, String str2, String str3) throws ClassNotFoundException, InstantiationException, IllegalAccessException, NoSuchMethodException, InvocationTargetException {
        DResult dResult = new DResult();
        ClassLoader classLoader = SAPPolicyImpl.class.getClassLoader();
        if (classLoader == null) {
            classLoader = ClassLoader.getSystemClassLoader();
        }
        Class<?> cls = Class.forName(str, true, classLoader);
        if (cls.equals(FilePermission.class)) {
            return new FilePermission(str2, str3);
        }
        if (cls.equals(SocketPermission.class)) {
            return new SocketPermission(str2, str3);
        }
        if (cls.equals(RuntimePermission.class)) {
            return new RuntimePermission(str2, str3);
        }
        if (cls.equals(PropertyPermission.class)) {
            return new PropertyPermission(str2, str3);
        }
        if (cls.equals(NetPermission.class)) {
            return new NetPermission(str2, str3);
        }
        if (cls.equals(AllPermission.class)) {
            return mAllPermissions;
        }
        if (cls.equals(AWTPermission.class)) {
            return new AWTPermission(str2, str3);
        }
        if (str2 == null && str3 == null) {
            if (dResult.isFailure()) {
                dResult.reset();
                if (dResult.isFailure()) {
                    dResult.reset();
                }
            }
        }
        if (str2 != null && str3 == null) {
            if (dResult.isFailure()) {
                dResult.reset();
            }
        }
        Permission permission = (Permission) Dynamic.createObject(dResult, cls, P2, new Object[]{str2, str3});
        if (dResult.isFailure()) {
            Exception exc = dResult.get();
            if (exc instanceof ClassNotFoundException) {
                throw ((ClassNotFoundException) exc);
            }
            if (exc instanceof InstantiationException) {
                throw ((InstantiationException) exc);
            }
            if (exc instanceof IllegalAccessException) {
                throw ((IllegalAccessException) exc);
            }
            if (exc instanceof NoSuchMethodException) {
                throw ((NoSuchMethodException) exc);
            }
            if (exc instanceof InvocationTargetException) {
                throw ((InvocationTargetException) exc);
            }
        }
        return permission;
    }

    private Certificate[] getCerts(KeyStore keyStore, String str, PolicyEntryList policyEntryList) {
        Certificate certificate;
        Certificate[] certificateArr = null;
        ArrayList arrayList = new ArrayList();
        int i = 0;
        for (String str2 : str.split(",")) {
            i++;
            str2.trim();
            synchronized (policyEntryList.mAliasMap) {
                certificate = (Certificate) policyEntryList.mAliasMap.get(str2);
                if (certificate == null && keyStore != null) {
                    try {
                        certificate = keyStore.getCertificate(str2);
                        policyEntryList.mAliasMap.put(str2, certificate);
                        policyEntryList.mAliasMap.put(certificate, str2);
                    } catch (KeyStoreException e) {
                    }
                }
            }
            if (certificate != null) {
                arrayList.add(certificate);
            }
        }
        if (!arrayList.isEmpty() && i == arrayList.size()) {
            certificateArr = new Certificate[arrayList.size()];
            arrayList.toArray(certificateArr);
        }
        return certificateArr;
    }

    @Override // java.security.Policy
    public void refresh() {
        super.refresh();
        init();
        refreshTemporaryPermissions();
    }

    private void refreshTemporaryPermissions() {
        ArrayList<File> arrayList = new ArrayList(this.mWellKnownDirectories);
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Set<PolicyEntry>> entry : this.mTemporaryPermissions.entrySet()) {
            HashSet hashSet = new HashSet();
            for (PolicyEntry policyEntry : entry.getValue()) {
                PolicyEntry policyEntry2 = new PolicyEntry(policyEntry.getCodeSource(), policyEntry.getPrincipals());
                for (Permission permission : policyEntry.getPermissions()) {
                    if ((permission instanceof FilePermission) || (permission instanceof ApplicationPermission)) {
                        boolean z = false;
                        String name = permission.getName();
                        for (File file : arrayList) {
                            String path = file.getPath();
                            if (name.startsWith(path)) {
                                int indexOf = arrayList.indexOf(file);
                                String substring = name.substring(path.length(), name.length());
                                String actions = permission.getActions();
                                String str = this.mWellKnownDirectories.get(indexOf).getPath() + substring;
                                policyEntry2.add(permission instanceof FilePermission ? new FilePermission(str, actions) : new ApplicationPermission(str, actions));
                                z = true;
                            }
                        }
                        if (!z) {
                            policyEntry2.add(permission);
                        }
                    }
                }
                hashSet.add(policyEntry2);
            }
            hashMap.put(entry.getKey(), hashSet);
        }
        this.mTemporaryPermissions = hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean bailOut(ProtectionDomain protectionDomain) {
        boolean z = false;
        if (protectionDomain.getCodeSource() == null) {
            z = true;
        }
        return z;
    }

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        ProtectionDomainCache pDCache = this.mPolicyData.get().getPDCache();
        PermissionCollection permissionCollection = pDCache.get(protectionDomain);
        if (permissionCollection == null) {
            permissionCollection = getPermissions(protectionDomain);
            if (permissionCollection == null) {
                return false;
            }
            pDCache.put(protectionDomain, permissionCollection);
        }
        PermissionCollection mergeTemporaryPermissions = mergeTemporaryPermissions(permissionCollection, protectionDomain.getCodeSource(), protectionDomain.getPrincipals());
        if (implyApplicationPermissions(mergeTemporaryPermissions, permission)) {
            return true;
        }
        return mergeTemporaryPermissions.implies(permission);
    }

    protected boolean implyApplicationPermissions(PermissionCollection permissionCollection, Permission permission) {
        if (!ApplicationPermission.canImplyPermission(permission)) {
            return false;
        }
        Enumeration<Permission> elements = permissionCollection.elements();
        while (elements.hasMoreElements()) {
            Permission nextElement = elements.nextElement();
            if (nextElement.getClass() == ApplicationPermission.class && nextElement.implies(permission)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, Set<PolicyEntry>> getTemporaryPermissionsStorage() {
        return this.mTemporaryPermissions;
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        Permissions permissions = null;
        if (protectionDomain != null) {
            permissions = new Permissions();
            getPermissions(permissions, protectionDomain);
            PermissionCollection permissions2 = protectionDomain.getPermissions();
            if (permissions2 != null) {
                synchronized (permissions2) {
                    Enumeration<Permission> elements = permissions2.elements();
                    while (elements.hasMoreElements()) {
                        permissions.add(elements.nextElement());
                    }
                }
            }
        }
        return permissions;
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        return getPermissions(new Permissions(), codeSource);
    }

    private PermissionCollection getPermissions(Permissions permissions, final ProtectionDomain protectionDomain) {
        Permissions permissions2 = permissions;
        if (T.race("POLICY1")) {
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.sap.platin.base.security.SAPPolicyImpl.2
                @Override // java.security.PrivilegedAction
                public Object run() {
                    T.race("POLICY1", "SAPPolicyImpl.getPermissions(): getPermissions:\n\t" + SAPPolicyImpl.this.printPD(protectionDomain));
                    return null;
                }
            });
        }
        final CodeSource codeSource = protectionDomain.getCodeSource();
        if (codeSource != null) {
            permissions2 = getPermissions(permissions, (CodeSource) AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.sap.platin.base.security.SAPPolicyImpl.3
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return SAPPolicyImpl.this.getCodebase(codeSource, true);
                }
            }), protectionDomain.getPrincipals());
        }
        return permissions2;
    }

    private PermissionCollection getPermissions(Permissions permissions, final CodeSource codeSource) {
        return getPermissions(permissions, (CodeSource) AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.sap.platin.base.security.SAPPolicyImpl.4
            @Override // java.security.PrivilegedAction
            public Object run() {
                return SAPPolicyImpl.this.getCodebase(codeSource, true);
            }
        }), null);
    }

    private Permissions getPermissions(Permissions permissions, CodeSource codeSource, Principal[] principalArr) {
        PolicyEntryList policyEntryList = this.mPolicyData.get();
        Iterator it = policyEntryList.mPolicyEntries.iterator();
        while (it.hasNext()) {
            collectPermissions(permissions, codeSource, principalArr, (PolicyEntry) it.next());
        }
        synchronized (policyEntryList.mIdentityPolicyEntries) {
            Iterator it2 = policyEntryList.mIdentityPolicyEntries.iterator();
            while (it2.hasNext()) {
                collectPermissions(permissions, codeSource, principalArr, (PolicyEntry) it2.next());
            }
        }
        return permissions;
    }

    private PermissionCollection mergeTemporaryPermissions(PermissionCollection permissionCollection, CodeSource codeSource, Principal[] principalArr) {
        Permissions permissions = new Permissions();
        Enumeration<Permission> elements = permissionCollection.elements();
        while (elements.hasMoreElements()) {
            permissions.add(elements.nextElement());
        }
        synchronized (this.mTemporaryPermissions) {
            Iterator<Set<PolicyEntry>> it = this.mTemporaryPermissions.values().iterator();
            while (it.hasNext()) {
                Iterator<PolicyEntry> it2 = it.next().iterator();
                while (it2.hasNext()) {
                    collectPermissions(permissions, codeSource, principalArr, it2.next());
                }
            }
        }
        return permissions;
    }

    private boolean checkCS(final CodeSource codeSource, final PolicyEntry policyEntry) {
        return ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: com.sap.platin.base.security.SAPPolicyImpl.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Boolean run() {
                if (T.race("POLICY1")) {
                    T.race("POLICY1", "SAPPolicyImpl.checkCS(): evaluate codesources:\n\tPolicy CodeSource: " + policyEntry.getCodeSource() + "\n\tActive CodeSource: " + codeSource);
                }
                boolean implies = policyEntry.getCodeSource().implies(codeSource);
                if (!implies && T.race("POLICY1")) {
                    T.race("POLICY1", "SAPPolicyImpl.checkCS(): evaluation (codesource) failed");
                }
                return Boolean.valueOf(implies);
            }
        })).booleanValue();
    }

    private boolean checkAgainstComparator(Class<?> cls, String str, Principal[] principalArr) {
        if (T.race("POLICY1")) {
            T.race("POLICY1", "SAPPolicyImpl.checkAgainstComparator(): found SAPPrincipalComparator: " + cls.getName());
        }
        SAPPrincipalComparator sAPPrincipalComparator = (SAPPrincipalComparator) Dynamic.createObject(cls, P1, new Object[]{str});
        HashSet hashSet = new HashSet(principalArr.length);
        for (Principal principal : principalArr) {
            hashSet.add(principal);
        }
        return sAPPrincipalComparator.implies(new Subject(true, hashSet, Collections.EMPTY_SET, Collections.EMPTY_SET));
    }

    private void collectPermissions(Permissions permissions, CodeSource codeSource, Principal[] principalArr, PolicyEntry policyEntry) {
        if (checkCS(codeSource, policyEntry)) {
            List<SAPPolicyParser.PrincipalEntry> principals = policyEntry.getPrincipals();
            if (principals == null || principals.isEmpty()) {
                addPermissions(permissions, principalArr, policyEntry);
                return;
            }
            if (principalArr == null || principalArr.length == 0) {
                return;
            }
            for (SAPPolicyParser.PrincipalEntry principalEntry : principals) {
                Class<?> createClass = Dynamic.createClass(principalEntry.getPrincipalClass(), Thread.currentThread().getContextClassLoader());
                if (createClass == null || !SAPPrincipalComparator.class.isAssignableFrom(createClass)) {
                    if (!checkEntryPlist(principalArr, principalEntry)) {
                        return;
                    }
                } else if (!checkAgainstComparator(createClass, principalEntry.getPrincipalName(), principalArr)) {
                    return;
                }
            }
            if (T.race("POLICY1")) {
                T.race("POLICY1", "SAPPolicyImpl.addPermissions(): evaluation (codesource/principals) passed");
            }
            addPermissions(permissions, principalArr, policyEntry);
        }
    }

    private void addPermissions(Permissions permissions, Principal[] principalArr, PolicyEntry policyEntry) {
        for (Permission permission : policyEntry.mPermissions) {
            if (T.race("POLICY1")) {
                T.race("POLICY1", "SAPPolicyImpl.addPerms():   granting " + permission);
            }
            permissions.add(permission);
        }
    }

    private boolean checkEntryPlist(Principal[] principalArr, SAPPolicyParser.PrincipalEntry principalEntry) {
        for (Principal principal : principalArr) {
            if (T.race("CHECKPRINCIPAL")) {
                T.race("CHECKPRINCIPAL", "Policy type: " + principalEntry.getPrincipalClass() + ", PD type: " + principal.getClass().getName());
            }
            if (principalEntry.getPrincipalClass().equals(JNetControllerImpl.EVENT_ALL_EVENTS) || principalEntry.getPrincipalClass().equals(principal.getClass().getName())) {
                if (T.race("CHECKPRINCIPAL")) {
                    T.race("CHECKPRINCIPAL", "Policy name: " + principalEntry.getPrincipalName() + ", PD name: " + principal.getName());
                }
                if (principalEntry.getPrincipalName().equals(JNetControllerImpl.EVENT_ALL_EVENTS) || principalEntry.getPrincipalName().equals(principal.getName())) {
                    return true;
                }
            }
        }
        return false;
    }

    protected Certificate[] getSignerCertificates(CodeSource codeSource) {
        Certificate[] certificateArr = null;
        Certificate[] certificates = codeSource.getCertificates();
        if (certificates != null) {
            for (Certificate certificate : certificates) {
                if (!(certificate instanceof X509Certificate)) {
                    return certificates;
                }
            }
            if (countCerts(certificates) == certificates.length) {
                certificateArr = certificates;
            } else {
                ArrayList<Certificate> collectUserCerts = collectUserCerts(certificates);
            }
        }
        return certificateArr;
    }

    private ArrayList<Certificate> collectUserCerts(Certificate[] certificateArr) {
        ArrayList<Certificate> arrayList = new ArrayList<>();
        int i = 0;
        while (i < certificateArr.length) {
            arrayList.add(certificateArr[i]);
            while (i + 1 < certificateArr.length && ((X509Certificate) certificateArr[i]).getIssuerDN().equals(((X509Certificate) certificateArr[i + 1]).getSubjectDN())) {
                i++;
            }
            i++;
        }
        return arrayList;
    }

    private int countCerts(Certificate[] certificateArr) {
        int i = 0;
        int i2 = 0;
        while (i < certificateArr.length) {
            i2++;
            while (i + 1 < certificateArr.length && ((X509Certificate) certificateArr[i]).getIssuerDN().equals(((X509Certificate) certificateArr[i + 1]).getSubjectDN())) {
                i++;
            }
            i++;
        }
        return i2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public CodeSource getCodebase(CodeSource codeSource, boolean z) {
        Permission permission;
        String str = null;
        CodeSource codeSource2 = codeSource;
        URL location = codeSource.getLocation();
        if (location != null) {
            try {
                permission = location.openConnection().getPermission();
            } catch (IOException e) {
                permission = null;
            }
            if (permission instanceof FilePermission) {
                str = permission.getName();
            } else if (permission == null && location.getProtocol().equals("file")) {
                try {
                    str = new File(location.toURI()).getPath();
                } catch (URISyntaxException e2) {
                    T.raceError("Illegal URI: " + location, e2);
                }
            }
        }
        if (str != null) {
            try {
                URL url = new File(canonPath(str)).toURI().toURL();
                codeSource2 = z ? new CodeSource(url, getSignerCertificates(codeSource)) : new CodeSource(url, codeSource.getCertificates());
            } catch (IOException e3) {
                if (z) {
                    codeSource2 = new CodeSource(codeSource.getLocation(), getSignerCertificates(codeSource));
                }
            }
        } else if (z) {
            codeSource2 = new CodeSource(codeSource.getLocation(), getSignerCertificates(codeSource));
        }
        return codeSource2;
    }

    public static String canonPath(String str) throws IOException {
        if (!str.endsWith(JNetControllerImpl.EVENT_ALL_EVENTS)) {
            return new File(str).getCanonicalPath();
        }
        String canonicalPath = new File(str.substring(0, str.length() - 1) + "-").getCanonicalPath();
        return canonicalPath.substring(0, canonicalPath.length() - 1) + JNetControllerImpl.EVENT_ALL_EVENTS;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String printPD(ProtectionDomain protectionDomain) {
        Principal[] principals = protectionDomain.getPrincipals();
        String str = "<no principals>";
        if (principals != null && principals.length > 0) {
            StringBuilder sb = new StringBuilder("(principals ");
            for (int i = 0; i < principals.length; i++) {
                sb.append(principals[i].getClass().getName() + " \"" + principals[i].getName() + PdfOps.DOUBLE_QUOTE__TOKEN);
                if (i < principals.length - 1) {
                    sb.append(", ");
                } else {
                    sb.append(")");
                }
            }
            str = sb.toString();
        }
        return "PD CodeSource: " + protectionDomain.getCodeSource() + "\n\tPD ClassLoader: " + protectionDomain.getClassLoader() + "\n\tPD Principals: " + str;
    }

    private boolean expandPrincipals(List<SAPPolicyParser.PrincipalEntry> list, KeyStore keyStore) {
        if (list == null || list.size() == 0 || keyStore == null) {
            return true;
        }
        for (SAPPolicyParser.PrincipalEntry principalEntry : list) {
            if ("PolicyParser.REPLACE_NAME".equals(principalEntry.getPrincipalClass())) {
                String distinguishedName = getDistinguishedName(principalEntry.getPrincipalName(), keyStore);
                if (distinguishedName == null) {
                    return false;
                }
                if (T.race("POLICY1")) {
                    T.race("POLICY1", "SAPPolicyImpl.expandPrincipals(): Replacing \"" + principalEntry.getPrincipalName() + "\" with javax.security.auth.x500.X500Principal /\"" + distinguishedName + PdfOps.DOUBLE_QUOTE__TOKEN);
                }
                principalEntry.setPrincipalClass("javax.security.auth.x500.X500Principal");
                principalEntry.setPrincipalName(distinguishedName);
            }
        }
        return true;
    }

    private void expandPermissionName(SAPPolicyParser.PermissionEntry permissionEntry, KeyStore keyStore) throws Exception {
        int indexOf;
        String name = permissionEntry.getName();
        if (name == null || !name.contains("${{")) {
            return;
        }
        int i = 0;
        StringBuilder sb = new StringBuilder();
        while (true) {
            int indexOf2 = name.indexOf("${{", i);
            if (indexOf2 == -1 || (indexOf = name.indexOf("}}", indexOf2)) < 1) {
                break;
            }
            sb.append(name.substring(i, indexOf2));
            String substring = name.substring(indexOf2 + 3, indexOf);
            String str = substring;
            if (substring.contains(":")) {
                str = substring.substring(0, substring.indexOf(":"));
            }
            if (str.equalsIgnoreCase("self")) {
                sb.append(name.substring(indexOf2, indexOf + 2));
                i = indexOf + 2;
            } else {
                if (!str.equalsIgnoreCase("alias")) {
                    String str2 = "SAPPolicyImpl.expandPermissionName(): substitution value, " + str + " unsupported";
                    T.raceError(str2);
                    throw new Exception(str2);
                }
                if (!substring.contains(":")) {
                    String str3 = "SAPPolicyImpl.expandPermissionName(): alias name not provided, " + permissionEntry.getName();
                    T.raceError(str3);
                    throw new Exception(str3);
                }
                int indexOf3 = substring.indexOf(":");
                String distinguishedName = getDistinguishedName(substring.substring(indexOf3 + 1), keyStore);
                if (distinguishedName == null) {
                    String str4 = "SAPPolicyImpl.expandPermissionName(): unable to perform substitution on alias, " + substring.substring(indexOf3 + 1);
                    T.raceError(str4);
                    throw new Exception(str4);
                }
                sb.append("javax.security.auth.x500.X500Principal \"" + distinguishedName + PdfOps.DOUBLE_QUOTE__TOKEN);
                i = indexOf + 2;
            }
        }
        sb.append(name.substring(i));
        if (T.race("POLICY1")) {
            T.race("POLICY1", "SAPPolicyImpl.expandPermissionName(): Permission name expanded from:\n\t" + permissionEntry.getName() + "\nto\n\t" + sb.toString());
        }
        permissionEntry.setName(sb.toString());
    }

    private String getDistinguishedName(String str, KeyStore keyStore) {
        String str2 = null;
        if (keyStore != null) {
            try {
                Certificate certificate = keyStore.getCertificate(str);
                if (certificate != null && (certificate instanceof X509Certificate)) {
                    str2 = new X500Principal(((X509Certificate) certificate).getSubjectX500Principal().toString()).getName();
                } else if (T.race("POLICY1")) {
                    T.race("POLICY1", "SAPPolicyImpl.getDN(): -- No certificate for '" + str + "' - ignoring entry");
                }
            } catch (KeyStoreException e) {
                if (T.race("POLICY1")) {
                    T.raceError("SAPPolicyImpl.getDN(): Error retrieving certificate for '" + str + "': " + e, e);
                }
            }
        }
        return str2;
    }
}
