package org.eclipse.jetty.policy.entry;

import java.net.URI;
import java.security.CodeSource;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Principal;
import java.security.cert.Certificate;
import java.util.Collection;
import java.util.HashSet;
import java.util.StringTokenizer;
import org.eclipse.jetty.policy.PolicyContext;
import org.eclipse.jetty.policy.PolicyException;

/* loaded from: input_file:org/eclipse/jetty/policy/entry/GrantEntry.class */
public class GrantEntry extends AbstractEntry {
    private String signers;
    private String codebase;
    private Collection<PrincipalEntry> principalNodes;
    private Collection<PermissionEntry> permissionNodes;
    private PermissionCollection permissions;
    private Certificate[] signerArray;
    private CodeSource codesource;
    private Principal[] principals;

    public void addPrincipal(PrincipalEntry principalEntry) {
        if (this.principalNodes == null) {
            this.principalNodes = new HashSet();
        }
        this.principalNodes.add(principalEntry);
    }

    @Override // org.eclipse.jetty.policy.entry.AbstractEntry
    public void expand(PolicyContext policyContext) throws PolicyException {
        if (this.signers != null) {
            this.signerArray = resolveToCertificates(policyContext.getKeystore(), this.signers);
        }
        this.codebase = policyContext.evaluate(this.codebase);
        if (this.principalNodes != null) {
            HashSet hashSet = new HashSet();
            for (PrincipalEntry principalEntry : this.principalNodes) {
                principalEntry.expand(policyContext);
                hashSet.add(principalEntry.toPrincipal(policyContext));
            }
            this.principals = (Principal[]) hashSet.toArray(new Principal[hashSet.size()]);
        }
        policyContext.setPrincipals(this.principals);
        this.permissions = new Permissions();
        for (PermissionEntry permissionEntry : this.permissionNodes) {
            permissionEntry.expand(policyContext);
            this.permissions.add(permissionEntry.toPermission());
        }
        policyContext.setPrincipals(null);
        setExpanded(true);
    }

    public PermissionCollection getPermissions() throws PolicyException {
        return this.permissions;
    }

    public Principal[] getPrincipals() throws PolicyException {
        return this.principals;
    }

    public CodeSource getCodeSource() throws PolicyException {
        if (!isExpanded()) {
            throw new PolicyException("GrantNode needs to be expanded.");
        }
        try {
            if (this.codesource == null && this.codebase != null) {
                this.codesource = new CodeSource(new URI(this.codebase).toURL(), this.signerArray);
            }
            return this.codesource;
        } catch (Exception e) {
            throw new PolicyException(e);
        }
    }

    private Certificate[] resolveToCertificates(KeyStore keyStore, String str) throws PolicyException {
        if (keyStore == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        int i = 0;
        while (stringTokenizer.hasMoreTokens()) {
            try {
                Certificate certificate = keyStore.getCertificate(stringTokenizer.nextToken().trim());
                if (certificate != null) {
                    hashSet.add(certificate);
                }
                i++;
            } catch (KeyStoreException e) {
                throw new PolicyException(e);
            }
        }
        return (Certificate[]) hashSet.toArray(new Certificate[hashSet.size()]);
    }

    public void setSigners(String str) {
        this.signers = str;
    }

    public void setCodebase(String str) {
        this.codebase = str;
    }

    public void setPrincipals(Collection<PrincipalEntry> collection) {
        this.principalNodes = collection;
    }

    public void setPermissions(Collection<PermissionEntry> collection) {
        this.permissionNodes = collection;
    }
}
