package net.sourceforge.jnlp.runtime;

import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import net.sourceforge.jnlp.ExtensionDesc;
import net.sourceforge.jnlp.JARDesc;
import net.sourceforge.jnlp.JNLPFile;
import net.sourceforge.jnlp.LaunchException;
import net.sourceforge.jnlp.PluginBridge;
import net.sourceforge.jnlp.ResourcesDesc;
import net.sourceforge.jnlp.SecurityDesc;
import net.sourceforge.jnlp.config.BasicValueValidators;
import net.sourceforge.jnlp.config.DeploymentConfiguration;
import net.sourceforge.jnlp.runtime.JNLPClassLoader;
import net.sourceforge.jnlp.security.SecurityDialogs;
import net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel;
import net.sourceforge.jnlp.security.appletextendedsecurity.AppletStartupSecuritySettings;
import net.sourceforge.jnlp.util.ClasspathMatcher;
import net.sourceforge.jnlp.util.UrlUtils;
import net.sourceforge.jnlp.util.logging.OutputController;

/* loaded from: input_file:net/sourceforge/jnlp/runtime/ManifestAttributesChecker.class */
public class ManifestAttributesChecker {
    private final SecurityDesc security;
    private final JNLPFile file;
    private final JNLPClassLoader.SigningState signing;
    private final JNLPClassLoader.SecurityDelegate securityDelegate;

    /* loaded from: input_file:net/sourceforge/jnlp/runtime/ManifestAttributesChecker$MANIFEST_ATTRIBUTES_CHECK.class */
    public enum MANIFEST_ATTRIBUTES_CHECK {
        ALL,
        NONE,
        PERMISSIONS,
        CODEBASE,
        TRUSTED,
        ALAC,
        ENTRYPOINT
    }

    public ManifestAttributesChecker(SecurityDesc securityDesc, JNLPFile jNLPFile, JNLPClassLoader.SigningState signingState, JNLPClassLoader.SecurityDelegate securityDelegate) throws LaunchException {
        this.security = securityDesc;
        this.file = jNLPFile;
        this.signing = signingState;
        this.securityDelegate = securityDelegate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkAll() throws LaunchException {
        List<MANIFEST_ATTRIBUTES_CHECK> attributesCheck = getAttributesCheck();
        if (attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.NONE)) {
            OutputController.getLogger().log(OutputController.Level.WARNING_ALL, Translator.R("MACDisabledMessage"));
            return;
        }
        if (attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.TRUSTED) || attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.ALL)) {
            checkTrustedOnlyAttribute();
        } else {
            OutputController.getLogger().log(OutputController.Level.WARNING_ALL, Translator.R("MACCheckSkipped", JNLPFile.ManifestsAttributes.TRUSTED_ONLY, "TRUSTED"));
        }
        if (attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.CODEBASE) || attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.ALL)) {
            checkCodebaseAttribute();
        } else {
            OutputController.getLogger().log(OutputController.Level.WARNING_ALL, Translator.R("MACCheckSkipped", JNLPFile.ManifestsAttributes.CODEBASE, "CODEBASE"));
        }
        if (attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.PERMISSIONS) || attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.ALL)) {
            checkPermissionsAttribute();
        } else {
            OutputController.getLogger().log(OutputController.Level.WARNING_ALL, Translator.R("MACCheckSkipped", JNLPFile.ManifestsAttributes.PERMISSIONS, "PERMISSIONS"));
        }
        if (attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.ALAC) || attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.ALL)) {
            checkApplicationLibraryAllowableCodebaseAttribute();
        } else {
            OutputController.getLogger().log(OutputController.Level.WARNING_ALL, Translator.R("MACCheckSkipped", "Application Library Allowable Codebase", "ALAC"));
        }
        if (attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.ENTRYPOINT) || attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.ALL)) {
            checkEntryPoint();
        } else {
            OutputController.getLogger().log(OutputController.Level.WARNING_ALL, Translator.R("MACCheckSkipped", JNLPFile.ManifestsAttributes.ENTRY_POINT, "ENTRYPOINT"));
        }
    }

    public static List<MANIFEST_ATTRIBUTES_CHECK> getAttributesCheck() {
        String[] splitCombination = BasicValueValidators.splitCombination(JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK));
        ArrayList arrayList = new ArrayList();
        for (String str : splitCombination) {
            for (MANIFEST_ATTRIBUTES_CHECK manifest_attributes_check : MANIFEST_ATTRIBUTES_CHECK.values()) {
                if (manifest_attributes_check.toString().equals(str)) {
                    arrayList.add(manifest_attributes_check);
                }
            }
        }
        return arrayList;
    }

    private void checkEntryPoint() throws LaunchException {
        if (this.signing == JNLPClassLoader.SigningState.NONE) {
            return;
        }
        if (this.file.getLaunchInfo() == null) {
            OutputController.getLogger().log(OutputController.Level.MESSAGE_DEBUG, "Entry-Point can not be checked now, because of not existing launch info.");
            return;
        }
        if (this.file.getLaunchInfo().getMainClass() == null) {
            OutputController.getLogger().log(OutputController.Level.MESSAGE_DEBUG, "Entry-Point can not be checked now, because of unknown main class.");
            return;
        }
        String[] entryPoints = this.file.getManifestsAttributes().getEntryPoints();
        String mainClass = this.file.getLaunchInfo().getMainClass();
        if (entryPoints == null) {
            OutputController.getLogger().log(OutputController.Level.MESSAGE_DEBUG, "Entry-Point manifest attribute for yours '" + mainClass + "'not found. Continuing.");
            return;
        }
        for (String str : entryPoints) {
            if (str.equals(mainClass)) {
                OutputController.getLogger().log(OutputController.Level.MESSAGE_DEBUG, "Entry-Point of " + str + " mathches " + mainClass + " continuing.");
                return;
            }
        }
        throw new LaunchException("None of the entry points specified: '" + this.file.getManifestsAttributes().getEntryPointString() + "' matched the main class " + mainClass + " and apelt is signed. This is a security error and the app will not be launched.");
    }

    private void checkTrustedOnlyAttribute() throws LaunchException {
        JNLPFile.ManifestBoolean isTrustedOnly = this.file.getManifestsAttributes().isTrustedOnly();
        if (isTrustedOnly == JNLPFile.ManifestBoolean.UNDEFINED) {
            OutputController.getLogger().log(OutputController.Level.MESSAGE_DEBUG, "Trusted Only manifest attribute not found. Continuing.");
            return;
        }
        if (isTrustedOnly == JNLPFile.ManifestBoolean.FALSE) {
            OutputController.getLogger().log(OutputController.Level.MESSAGE_DEBUG, "Trusted Only manifest attribute is false. Continuing.");
            return;
        }
        Object securityType = this.security.getSecurityType();
        String str = securityType == null ? "Not Specified" : securityType.equals(SecurityDesc.ALL_PERMISSIONS) ? "All-Permission" : securityType.equals(SecurityDesc.SANDBOX_PERMISSIONS) ? "Sandbox" : securityType.equals(SecurityDesc.J2EE_PERMISSIONS) ? "J2EE" : "Unknown";
        boolean z = this.signing == JNLPClassLoader.SigningState.FULL;
        boolean runInSandbox = this.securityDelegate.getRunInSandbox();
        boolean z2 = (z && SecurityDesc.ALL_PERMISSIONS.equals(securityType)) || (runInSandbox && SecurityDesc.SANDBOX_PERMISSIONS.equals(securityType));
        String R = (!z || runInSandbox) ? (z && runInSandbox) ? Translator.R("STOAsignedMsgAndSandbox") : Translator.R("STOAsignedMsgPartiall") : Translator.R("STOAsignedMsgFully");
        OutputController.getLogger().log(OutputController.Level.MESSAGE_DEBUG, "Trusted Only manifest attribute is \"true\". " + R + " and requests permission level: " + str);
        if (!z || !z2) {
            throw new LaunchException(Translator.R("STrustedOnlyAttributeFailure", R, str));
        }
    }

    private void checkCodebaseAttribute() throws LaunchException {
        if (this.file.getCodeBase() == null || this.file.getCodeBase().getProtocol().equals("file")) {
            OutputController.getLogger().log(OutputController.Level.WARNING_ALL, Translator.R("CBCheckFile"));
            return;
        }
        Object securityType = this.security.getSecurityType();
        URL guessCodeBase = UrlUtils.guessCodeBase(this.file);
        ClasspathMatcher.ClasspathMatchers codebase = this.file.getManifestsAttributes().getCodebase();
        if (codebase == null) {
            OutputController.getLogger().log(OutputController.Level.WARNING_ALL, Translator.R("CBCheckNoEntry"));
            return;
        }
        if (securityType.equals(SecurityDesc.SANDBOX_PERMISSIONS)) {
            if (codebase.matches(guessCodeBase)) {
                OutputController.getLogger().log(OutputController.Level.MESSAGE_ALL, Translator.R("CBCheckUnsignedPass"));
                return;
            } else {
                OutputController.getLogger().log(OutputController.Level.ERROR_ALL, Translator.R("CBCheckUnsignedFail"));
                return;
            }
        }
        if (codebase.matches(guessCodeBase)) {
            OutputController.getLogger().log(OutputController.Level.MESSAGE_ALL, Translator.R("CBCheckOkSignedOk"));
        } else {
            if (this.file instanceof PluginBridge) {
                throw new LaunchException(Translator.R("CBCheckSignedAppletDontMatchException", this.file.getManifestsAttributes().getCodebase().toString(), guessCodeBase));
            }
            OutputController.getLogger().log(OutputController.Level.ERROR_ALL, Translator.R("CBCheckSignedFail"));
        }
    }

    private void checkPermissionsAttribute() throws LaunchException {
        if (this.securityDelegate.getRunInSandbox()) {
            OutputController.getLogger().log(OutputController.Level.WARNING_ALL, "The 'Permissions' attribute of this application is '" + this.file.getManifestsAttributes().permissionsToString() + "'. You have chosen the Sandbox run option, which overrides the Permissions manifest attribute, or the applet has already been automatically sandboxed.");
            return;
        }
        JNLPFile.ManifestBoolean isSandboxForced = this.file.getManifestsAttributes().isSandboxForced();
        if (isSandboxForced == JNLPFile.ManifestBoolean.UNDEFINED) {
            AppletSecurityLevel securityLevel = AppletStartupSecuritySettings.getInstance().getSecurityLevel();
            if (securityLevel == AppletSecurityLevel.DENY_UNSIGNED) {
                throw new LaunchException("Your Extended applets security is at 'Very high', and this application is missing the 'permissions' attribute in manifest. This is fatal");
            }
            if (securityLevel == AppletSecurityLevel.ASK_UNSIGNED) {
                if (!SecurityDialogs.showMissingPermissionsAttributeDialogue(this.file)) {
                    throw new LaunchException("Your Extended applets security is at 'high' and this application is missing the 'permissions' attribute in manifest. And you have refused to run it.");
                }
                OutputController.getLogger().log("Your Extended applets security is at 'high' and this application is missing the 'permissions' attribute in manifest. And you have allowed to run it.");
                return;
            }
            return;
        }
        SecurityDesc.RequestedPermissionLevel requestedPermissionLevel = this.file.getRequestedPermissionLevel();
        validateRequestedPermissionLevelMatchesManifestPermissions(requestedPermissionLevel, isSandboxForced);
        if (this.file instanceof PluginBridge) {
            if (isNoneOrDefault(requestedPermissionLevel) && isSandboxForced == JNLPFile.ManifestBoolean.TRUE && this.signing != JNLPClassLoader.SigningState.NONE) {
                this.securityDelegate.setRunInSandbox();
                return;
            }
            return;
        }
        if (isNoneOrDefault(requestedPermissionLevel)) {
            if (isSandboxForced == JNLPFile.ManifestBoolean.TRUE && this.signing != JNLPClassLoader.SigningState.NONE) {
                OutputController.getLogger().log(OutputController.Level.WARNING_ALL, "The 'permissions' attribute is '" + this.file.getManifestsAttributes().permissionsToString() + "' and the applet is signed. Forcing sandbox.");
                this.securityDelegate.setRunInSandbox();
            }
            if (isSandboxForced == JNLPFile.ManifestBoolean.FALSE && this.signing == JNLPClassLoader.SigningState.NONE) {
                OutputController.getLogger().log(OutputController.Level.WARNING_ALL, "The 'permissions' attribute is '" + this.file.getManifestsAttributes().permissionsToString() + "' and the applet is unsigned. Forcing sandbox.");
                this.securityDelegate.setRunInSandbox();
            }
        }
    }

    private static boolean isLowSecurity() {
        return AppletStartupSecuritySettings.getInstance().getSecurityLevel().equals(AppletSecurityLevel.ALLOW_UNSIGNED);
    }

    private static boolean isNoneOrDefault(SecurityDesc.RequestedPermissionLevel requestedPermissionLevel) {
        return requestedPermissionLevel == SecurityDesc.RequestedPermissionLevel.NONE || requestedPermissionLevel == SecurityDesc.RequestedPermissionLevel.DEFAULT;
    }

    private void validateRequestedPermissionLevelMatchesManifestPermissions(SecurityDesc.RequestedPermissionLevel requestedPermissionLevel, JNLPFile.ManifestBoolean manifestBoolean) throws LaunchException {
        if (requestedPermissionLevel == SecurityDesc.RequestedPermissionLevel.ALL && manifestBoolean != JNLPFile.ManifestBoolean.FALSE) {
            throw new LaunchException("The 'permissions' attribute is '" + this.file.getManifestsAttributes().permissionsToString() + "' but the applet requested " + requestedPermissionLevel + ". This is fatal");
        }
        if (requestedPermissionLevel == SecurityDesc.RequestedPermissionLevel.SANDBOX && manifestBoolean != JNLPFile.ManifestBoolean.TRUE) {
            throw new LaunchException("The 'permissions' attribute is '" + this.file.getManifestsAttributes().permissionsToString() + "' but the applet requested " + requestedPermissionLevel + ". This is fatal");
        }
    }

    private void checkApplicationLibraryAllowableCodebaseAttribute() throws LaunchException {
        URL codeBase = this.file.getCodeBase();
        URL sourceLocation = this.file instanceof PluginBridge ? ((PluginBridge) this.file).getSourceLocation() : null;
        if (sourceLocation == null) {
            sourceLocation = this.file.getCodeBase();
        }
        HashSet<URL> hashSet = new HashSet();
        URL sourceLocation2 = this.file.getSourceLocation();
        ResourcesDesc[] resourcesDescs = this.file.getResourcesDescs();
        if (sourceLocation2 != null) {
            hashSet.add(UrlUtils.removeFileName(sourceLocation2));
        }
        for (ResourcesDesc resourcesDesc : resourcesDescs) {
            ExtensionDesc[] extensions = resourcesDesc.getExtensions();
            if (extensions != null) {
                for (ExtensionDesc extensionDesc : extensions) {
                    if (extensionDesc != null) {
                        hashSet.add(UrlUtils.removeFileName(extensionDesc.getLocation()));
                    }
                }
            }
            JARDesc[] jARs = resourcesDesc.getJARs();
            if (jARs != null) {
                for (JARDesc jARDesc : jARs) {
                    if (jARDesc != null) {
                        hashSet.add(UrlUtils.removeFileName(jARDesc.getLocation()));
                    }
                }
            }
            JNLPFile jNLPFile = resourcesDesc.getJNLPFile();
            if (jNLPFile != null) {
                hashSet.add(UrlUtils.removeFileName(jNLPFile.getSourceLocation()));
            }
        }
        OutputController.getLogger().log("Found alaca URLs to be verified");
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            OutputController.getLogger().log(" - " + ((URL) it.next()).toExternalForm());
        }
        if (hashSet.isEmpty()) {
            OutputController.getLogger().log("The application is not using any url resources, skipping Application-Library-Allowable-Codebase Attribute check.");
            return;
        }
        boolean z = true;
        for (URL url : hashSet) {
            if (UrlUtils.equalsIgnoreLastSlash(url, codeBase) && UrlUtils.equalsIgnoreLastSlash(url, stripDocbase(sourceLocation))) {
                OutputController.getLogger().log("OK - " + url.toExternalForm() + " is from codebase/docbase.");
            } else {
                z = false;
                OutputController.getLogger().log("Warning! " + url.toExternalForm() + " is NOT from codebase/docbase.");
            }
        }
        if (z) {
            OutputController.getLogger().log("All applications resources (" + ((URL[]) hashSet.toArray(new URL[0]))[0] + ") are from codebas/documentbase " + codeBase + ClasspathMatcher.PATH_DELIMITER + sourceLocation + ", skipping Application-Library-Allowable-Codebase Attribute check.");
            return;
        }
        ClasspathMatcher.ClasspathMatchers applicationLibraryAllowableCodebase = this.signing != JNLPClassLoader.SigningState.NONE ? this.file.getManifestsAttributes().getApplicationLibraryAllowableCodebase() : null;
        if (applicationLibraryAllowableCodebase == null) {
            if (!SecurityDialogs.showMissingALACAttributePanel(this.file, sourceLocation, hashSet)) {
                throw new LaunchException("The application uses non-codebase resources, has no Application-Library-Allowable-Codebase Attribute, and was blocked from running by the user");
            }
            OutputController.getLogger().log("The application uses non-codebase resources, has no Application-Library-Allowable-Codebase Attribute, and was allowed to run by the user or user's security settings");
            return;
        }
        for (URL url2 : hashSet) {
            if (!applicationLibraryAllowableCodebase.matches(url2)) {
                throw new LaunchException("The resource from " + url2 + " does not match the  location in Application-Library-Allowable-Codebase Attribute " + applicationLibraryAllowableCodebase + ". Blocking the application from running.");
            }
            OutputController.getLogger().log("The resource from " + url2 + " does  match the  location in Application-Library-Allowable-Codebase Attribute " + applicationLibraryAllowableCodebase + ". Continuing.");
        }
        if (!(isLowSecurity() || SecurityDialogs.showMatchingALACAttributePanel(this.file, sourceLocation, hashSet))) {
            throw new LaunchException("The application uses non-codebase resources, which do match its Application-Library-Allowable-Codebase Attribute, but was blocked from running by the user.");
        }
        OutputController.getLogger().log("The application uses non-codebase resources, which do match its Application-Library-Allowable-Codebase Attribute, and was allowed to run by the user or user's security settings.");
    }

    static URL stripDocbase(URL url) {
        String externalForm = url.toExternalForm();
        if (externalForm.endsWith(ClasspathMatcher.PATH_DELIMITER) || externalForm.endsWith("\\")) {
            return url;
        }
        int max = Math.max(externalForm.lastIndexOf(ClasspathMatcher.PATH_DELIMITER), externalForm.lastIndexOf("\\"));
        if (max <= 8 || max >= externalForm.length()) {
            return url;
        }
        try {
            url = new URL(externalForm.substring(0, max + 1));
        } catch (MalformedURLException e) {
            OutputController.getLogger().log(e);
        }
        return url;
    }
}
