package org.apache.harmony.security.fortress;

import com.tencent.mm.sdk.contact.RContact;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Permission;
import java.security.Principal;
import java.security.UnresolvedPermission;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.StringTokenizer;
import org.apache.harmony.security.DefaultPolicyScanner;
import org.apache.harmony.security.PolicyEntry;
import org.apache.harmony.security.UnresolvedPrincipal;
import org.apache.harmony.security.fortress.PolicyUtils;
import org.apache.harmony.security.internal.nls.Messages;

/* loaded from: classes.dex */
public class DefaultPolicyParser {
    private final DefaultPolicyScanner scanner;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class PermissionExpander implements PolicyUtils.GeneralExpansionHandler {
        private DefaultPolicyScanner.GrantEntry ge;
        private KeyStore ks;

        PermissionExpander() {
        }

        private String pc2str(Principal principal) {
            String name = principal.getClass().getName();
            String name2 = principal.getName();
            StringBuilder sb = new StringBuilder(name.length() + name2.length() + 5);
            sb.append(name);
            sb.append(" \"");
            sb.append(name2);
            sb.append("\"");
            return sb.toString();
        }

        public PermissionExpander configure(DefaultPolicyScanner.GrantEntry grantEntry, KeyStore keyStore) {
            this.ge = grantEntry;
            this.ks = keyStore;
            return this;
        }

        @Override // org.apache.harmony.security.fortress.PolicyUtils.GeneralExpansionHandler
        public String resolve(String str, String str2) throws PolicyUtils.ExpansionFailedException {
            if (!"self".equals(str)) {
                if (!RContact.COL_ALIAS.equals(str)) {
                    throw new PolicyUtils.ExpansionFailedException(Messages.getString("security.145", str));
                }
                try {
                    return pc2str(DefaultPolicyParser.this.getPrincipalByAlias(this.ks, str2));
                } catch (Exception e) {
                    throw new PolicyUtils.ExpansionFailedException(Messages.getString("security.143", str2), e);
                }
            }
            if (this.ge.principals == null || this.ge.principals.size() == 0) {
                throw new PolicyUtils.ExpansionFailedException(Messages.getString("security.144"));
            }
            StringBuilder sb = new StringBuilder();
            for (DefaultPolicyScanner.PrincipalEntry principalEntry : this.ge.principals) {
                if (principalEntry.klass == null) {
                    try {
                        sb.append(pc2str(DefaultPolicyParser.this.getPrincipalByAlias(this.ks, principalEntry.name)));
                    } catch (Exception e2) {
                        throw new PolicyUtils.ExpansionFailedException(Messages.getString("security.143", principalEntry.name), e2);
                    }
                } else {
                    sb.append(principalEntry.klass);
                    sb.append(" \"");
                    sb.append(principalEntry.name);
                    sb.append("\" ");
                }
            }
            return sb.toString();
        }
    }

    public DefaultPolicyParser() {
        this.scanner = new DefaultPolicyScanner();
    }

    public DefaultPolicyParser(DefaultPolicyScanner defaultPolicyScanner) {
        this.scanner = defaultPolicyScanner;
    }

    protected Principal getPrincipalByAlias(KeyStore keyStore, String str) throws KeyStoreException, CertificateException {
        if (keyStore == null) {
            throw new KeyStoreException(Messages.getString("security.147", str));
        }
        Certificate certificate = keyStore.getCertificate(str);
        if (certificate instanceof X509Certificate) {
            return ((X509Certificate) certificate).getSubjectX500Principal();
        }
        throw new CertificateException(Messages.getString("security.148", str, certificate));
    }

    protected KeyStore initKeyStore(List<DefaultPolicyScanner.KeystoreEntry> list, URL url, Properties properties, boolean z) {
        for (int i = 0; i < list.size(); i++) {
            try {
                DefaultPolicyScanner.KeystoreEntry keystoreEntry = list.get(i);
                if (z) {
                    keystoreEntry.url = PolicyUtils.expandURL(keystoreEntry.url, properties);
                    if (keystoreEntry.type != null) {
                        keystoreEntry.type = PolicyUtils.expand(keystoreEntry.type, properties);
                    }
                }
                if (keystoreEntry.type == null || keystoreEntry.type.length() == 0) {
                    keystoreEntry.type = KeyStore.getDefaultType();
                }
                KeyStore keyStore = KeyStore.getInstance(keystoreEntry.type);
                InputStream inputStream = (InputStream) AccessController.doPrivileged(new PolicyUtils.URLLoader(new URL(url, keystoreEntry.url)));
                try {
                    continue;
                    keyStore.load(inputStream, null);
                    return keyStore;
                } finally {
                    inputStream.close();
                }
            } catch (Exception unused) {
            }
        }
        return null;
    }

    public Collection<PolicyEntry> parse(URL url, Properties properties) throws Exception {
        boolean canExpandProperties = PolicyUtils.canExpandProperties();
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader((InputStream) AccessController.doPrivileged(new PolicyUtils.URLLoader(url))));
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        try {
            this.scanner.scanStream(bufferedReader, hashSet, arrayList);
            bufferedReader.close();
            KeyStore initKeyStore = initKeyStore(arrayList, url, properties, canExpandProperties);
            HashSet hashSet2 = new HashSet();
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                try {
                    PolicyEntry resolveGrant = resolveGrant((DefaultPolicyScanner.GrantEntry) it.next(), initKeyStore, properties, canExpandProperties);
                    if (!resolveGrant.isVoid()) {
                        hashSet2.add(resolveGrant);
                    }
                } catch (Exception unused) {
                }
            }
            return hashSet2;
        } catch (Throwable th) {
            bufferedReader.close();
            throw th;
        }
    }

    protected PolicyEntry resolveGrant(DefaultPolicyScanner.GrantEntry grantEntry, KeyStore keyStore, Properties properties, boolean z) throws Exception {
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Certificate[] certificateArr = null;
        URL url = grantEntry.codebase != null ? new URL(z ? PolicyUtils.expandURL(grantEntry.codebase, properties) : grantEntry.codebase) : null;
        if (grantEntry.signers != null) {
            if (z) {
                grantEntry.signers = PolicyUtils.expand(grantEntry.signers, properties);
            }
            certificateArr = resolveSigners(keyStore, grantEntry.signers);
        }
        Certificate[] certificateArr2 = certificateArr;
        if (grantEntry.principals != null) {
            for (DefaultPolicyScanner.PrincipalEntry principalEntry : grantEntry.principals) {
                if (z) {
                    principalEntry.name = PolicyUtils.expand(principalEntry.name, properties);
                }
                if (principalEntry.klass == null) {
                    hashSet.add(getPrincipalByAlias(keyStore, principalEntry.name));
                } else {
                    hashSet.add(new UnresolvedPrincipal(principalEntry.klass, principalEntry.name));
                }
            }
        }
        if (grantEntry.permissions != null) {
            Iterator<DefaultPolicyScanner.PermissionEntry> it = grantEntry.permissions.iterator();
            while (it.hasNext()) {
                try {
                    hashSet2.add(resolvePermission(it.next(), grantEntry, keyStore, properties, z));
                } catch (Exception unused) {
                }
            }
        }
        return new PolicyEntry(new CodeSource(url, certificateArr2), hashSet, hashSet2);
    }

    protected Permission resolvePermission(DefaultPolicyScanner.PermissionEntry permissionEntry, DefaultPolicyScanner.GrantEntry grantEntry, KeyStore keyStore, Properties properties, boolean z) throws Exception {
        if (permissionEntry.name != null) {
            permissionEntry.name = PolicyUtils.expandGeneral(permissionEntry.name, new PermissionExpander().configure(grantEntry, keyStore));
        }
        if (z) {
            if (permissionEntry.name != null) {
                permissionEntry.name = PolicyUtils.expand(permissionEntry.name, properties);
            }
            if (permissionEntry.actions != null) {
                permissionEntry.actions = PolicyUtils.expand(permissionEntry.actions, properties);
            }
            if (permissionEntry.signers != null) {
                permissionEntry.signers = PolicyUtils.expand(permissionEntry.signers, properties);
            }
        }
        Certificate[] resolveSigners = permissionEntry.signers == null ? null : resolveSigners(keyStore, permissionEntry.signers);
        try {
            Class<?> cls = Class.forName(permissionEntry.klass);
            if (PolicyUtils.matchSubset(resolveSigners, cls.getSigners())) {
                return PolicyUtils.instantiatePermission(cls, permissionEntry.name, permissionEntry.actions);
            }
        } catch (ClassNotFoundException unused) {
        }
        return new UnresolvedPermission(permissionEntry.klass, permissionEntry.name, permissionEntry.actions, resolveSigners);
    }

    protected Certificate[] resolveSigners(KeyStore keyStore, String str) throws Exception {
        if (keyStore == null) {
            throw new KeyStoreException(Messages.getString("security.146", str));
        }
        HashSet hashSet = new HashSet();
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        while (stringTokenizer.hasMoreTokens()) {
            hashSet.add(keyStore.getCertificate(stringTokenizer.nextToken().trim()));
        }
        return (Certificate[]) hashSet.toArray(new Certificate[hashSet.size()]);
    }
}
