package org.eclipse.jetty.policy;

import java.io.PrintStream;
import java.io.PrintWriter;
import java.security.AccessControlException;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.security.CertificateValidator;

/* loaded from: input_file:org/eclipse/jetty/policy/JettyPolicy.class */
public class JettyPolicy extends Policy {
    private String _policyDirectory;
    private static boolean __DEBUG = false;
    private static boolean __RELOAD = false;
    private static final PolicyContext _context = new PolicyContext();
    private boolean _STARTED = false;
    private final Set<PolicyBlock> _grants = new HashSet();
    private final Map<Object, PermissionCollection> _cache = new ConcurrentHashMap();
    private CertificateValidator _validator = null;
    private PolicyMonitor _policyMonitor = new PolicyMonitor() { // from class: org.eclipse.jetty.policy.JettyPolicy.1
        @Override // org.eclipse.jetty.policy.PolicyMonitor
        public void onPolicyChange(PolicyBlock policyBlock) {
            boolean z = true;
            if (JettyPolicy.this._validator != null && policyBlock.getCertificates() != null) {
                Iterator<Certificate> it = policyBlock.getCertificates().iterator();
                while (it.hasNext()) {
                    try {
                        JettyPolicy.this._validator.validate(JettyPolicy._context.getKeystore(), it.next());
                    } catch (CertificateException e) {
                        z = false;
                    }
                }
            }
            if (z) {
                JettyPolicy.this._grants.add(policyBlock);
                JettyPolicy.this._cache.clear();
            }
        }
    };

    public JettyPolicy(String str, Map<String, String> map) {
        try {
            __RELOAD = Boolean.getBoolean("org.eclipse.jetty.policy.RELOAD");
            __DEBUG = Boolean.getBoolean("org.eclipse.jetty.policy.DEBUG");
        } catch (AccessControlException e) {
            __RELOAD = false;
            __DEBUG = false;
        }
        this._policyDirectory = str;
        _context.setProperties(map);
        try {
            this._policyMonitor.setPolicyDirectory(this._policyDirectory);
        } catch (Exception e2) {
            throw new PolicyException(e2);
        }
    }

    @Override // java.security.Policy
    public void refresh() {
        if (this._STARTED) {
            return;
        }
        initialize();
    }

    public void initialize() {
        if (this._STARTED) {
            return;
        }
        try {
            this._policyMonitor.start();
            this._policyMonitor.waitForScan();
            this._STARTED = true;
        } catch (Exception e) {
            e.printStackTrace();
            throw new PolicyException(e);
        }
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        if (!this._STARTED) {
            throw new PolicyException("JettyPolicy must be started.");
        }
        synchronized (this._cache) {
            if (this._cache.containsKey(protectionDomain)) {
                return copyOf(this._cache.get(protectionDomain));
            }
            Permissions permissions = new Permissions();
            for (PolicyBlock policyBlock : this._grants) {
                ProtectionDomain protectionDomain2 = policyBlock.toProtectionDomain();
                if (__DEBUG) {
                    debug("----START----");
                    debug("PDCS: " + policyBlock.getCodeSource());
                    debug("CS: " + protectionDomain.getCodeSource());
                }
                if (protectionDomain2.getCodeSource() == null || ((protectionDomain2.getCodeSource().implies(protectionDomain.getCodeSource()) && protectionDomain2.getPrincipals() == null) || (protectionDomain2.getCodeSource().implies(protectionDomain.getCodeSource()) && validate(protectionDomain2.getPrincipals(), protectionDomain.getPrincipals())))) {
                    Enumeration<Permission> elements = policyBlock.getPermissions().elements();
                    while (elements.hasMoreElements()) {
                        Permission nextElement = elements.nextElement();
                        if (__DEBUG) {
                            debug("D: " + nextElement);
                        }
                        permissions.add(nextElement);
                    }
                }
                if (__DEBUG) {
                    debug("----STOP----");
                }
            }
            this._cache.put(protectionDomain, permissions);
            return copyOf(permissions);
        }
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        if (!this._STARTED) {
            throw new PolicyException("JettyPolicy must be started.");
        }
        synchronized (this._cache) {
            if (this._cache.containsKey(codeSource)) {
                return copyOf(this._cache.get(codeSource));
            }
            Permissions permissions = new Permissions();
            for (PolicyBlock policyBlock : this._grants) {
                ProtectionDomain protectionDomain = policyBlock.toProtectionDomain();
                if (protectionDomain.getCodeSource() == null || protectionDomain.getCodeSource().implies(codeSource)) {
                    if (__DEBUG) {
                        debug("----START----");
                        debug("PDCS: " + protectionDomain.getCodeSource());
                        debug("CS: " + codeSource);
                    }
                    Enumeration<Permission> elements = policyBlock.getPermissions().elements();
                    while (elements.hasMoreElements()) {
                        Permission nextElement = elements.nextElement();
                        if (__DEBUG) {
                            debug("D: " + nextElement);
                        }
                        permissions.add(nextElement);
                    }
                    if (__DEBUG) {
                        debug("----STOP----");
                    }
                }
            }
            this._cache.put(codeSource, permissions);
            return copyOf(permissions);
        }
    }

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        if (!this._STARTED) {
            throw new PolicyException("JettyPolicy must be started.");
        }
        PermissionCollection permissions = getPermissions(protectionDomain);
        if (permissions == null) {
            return false;
        }
        return permissions.implies(permission);
    }

    private static boolean validate(Principal[] principalArr, Principal[] principalArr2) {
        if (principalArr2 == null) {
            return false;
        }
        for (Principal principal : principalArr) {
            boolean z = false;
            int i = 0;
            while (true) {
                if (i >= principalArr2.length) {
                    break;
                }
                if (principal.equals(principalArr2[i])) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                return false;
            }
        }
        return true;
    }

    public static PolicyContext getContext() {
        return _context;
    }

    private void debug(String str) {
        try {
            Log.info(str);
        } catch (NoClassDefFoundError e) {
            System.out.println("[DEBUG] " + str);
        } catch (AccessControlException e2) {
            System.out.println("[DEBUG] " + str);
        }
    }

    private void log(String str) {
        log(str, null);
    }

    private void log(String str, Throwable th) {
        try {
            Log.info(str, th);
        } catch (NoClassDefFoundError e) {
            System.out.println(str);
            th.printStackTrace();
        } catch (AccessControlException e2) {
            System.out.println(str);
            th.printStackTrace();
        }
    }

    public void dump(PrintStream printStream) {
        PrintWriter printWriter = new PrintWriter(printStream);
        printWriter.println("JettyPolicy: policy settings dump");
        synchronized (this._cache) {
            Iterator<Object> it = this._cache.keySet().iterator();
            while (it.hasNext()) {
                printWriter.println(it.next().toString());
            }
        }
        printWriter.flush();
    }

    private PermissionCollection copyOf(PermissionCollection permissionCollection) {
        Permissions permissions = new Permissions();
        synchronized (permissionCollection) {
            Enumeration<Permission> elements = permissionCollection.elements();
            while (elements.hasMoreElements()) {
                permissions.add(elements.nextElement());
            }
        }
        return permissions;
    }

    public CertificateValidator getCertificateValidator() {
        return this._validator;
    }

    public void setCertificateValidator(CertificateValidator certificateValidator) {
        if (this._STARTED) {
            throw new PolicyException("JettyPolicy already started, unable to set validator on running policy");
        }
        this._validator = certificateValidator;
    }
}
