package javax.crypto;

import java.io.File;
import java.io.InputStream;
import java.net.URL;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Enumeration;
import java.util.IdentityHashMap;
import java.util.Map;
import java.util.WeakHashMap;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import sun.security.jca.GetInstance;
import sun.security.util.Debug;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:javax/crypto/JceSecurity.class */
public final class JceSecurity {
    private static boolean isRestricted;
    private static final Object PROVIDER_VERIFIED;
    private static final URL NULL_URL;
    private static final Map<Class<?>, URL> codeBaseCacheRef;
    static final SecureRandom RANDOM = new SecureRandom();
    private static CryptoPermissions defaultPolicy = null;
    private static CryptoPermissions exemptPolicy = null;
    private static final Map<Provider, Object> verificationResults = new IdentityHashMap();
    private static final Map<Provider, Object> verifyingProviders = new IdentityHashMap();
    private static final Debug debug = Debug.getInstance("jca", "Cipher");

    private JceSecurity() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static GetInstance.Instance getInstance(String str, Class<?> cls, String str2, String str3) throws NoSuchAlgorithmException, NoSuchProviderException {
        Provider.Service service = GetInstance.getService(str, str2, str3);
        Exception verificationResult = getVerificationResult(service.getProvider());
        if (verificationResult != null) {
            throw ((NoSuchProviderException) new NoSuchProviderException("JCE cannot authenticate the provider " + str3).initCause(verificationResult));
        }
        return GetInstance.getInstance(service, cls);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static GetInstance.Instance getInstance(String str, Class<?> cls, String str2, Provider provider) throws NoSuchAlgorithmException {
        Provider.Service service = GetInstance.getService(str, str2, provider);
        Exception verificationResult = getVerificationResult(provider);
        if (verificationResult != null) {
            throw new SecurityException("JCE cannot authenticate the provider " + provider.getName(), verificationResult);
        }
        return GetInstance.getInstance(service, cls);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static GetInstance.Instance getInstance(String str, Class<?> cls, String str2) throws NoSuchAlgorithmException {
        NoSuchAlgorithmException noSuchAlgorithmException = null;
        for (Provider.Service service : GetInstance.getServices(str, str2)) {
            if (canUseProvider(service.getProvider())) {
                try {
                    return GetInstance.getInstance(service, cls);
                } catch (NoSuchAlgorithmException e) {
                    noSuchAlgorithmException = e;
                }
            }
        }
        throw new NoSuchAlgorithmException("Algorithm " + str2 + " not available", noSuchAlgorithmException);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CryptoPermissions verifyExemptJar(URL url) throws Exception {
        JarVerifier jarVerifier = new JarVerifier(url, true);
        jarVerifier.verify();
        return jarVerifier.getPermissions();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void verifyProviderJar(URL url) throws Exception {
        new JarVerifier(url, false).verify();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized Exception getVerificationResult(Provider provider) {
        Object obj = verificationResults.get(provider);
        if (obj == PROVIDER_VERIFIED) {
            return null;
        }
        if (obj != null) {
            return (Exception) obj;
        }
        try {
            if (verifyingProviders.get(provider) != null) {
                return new NoSuchProviderException("Recursion during verification");
            }
            try {
                verifyingProviders.put(provider, Boolean.FALSE);
                verifyProviderJar(getCodeBase(provider.getClass()));
                verificationResults.put(provider, PROVIDER_VERIFIED);
                verifyingProviders.remove(provider);
                return null;
            } catch (Exception e) {
                verificationResults.put(provider, e);
                verifyingProviders.remove(provider);
                return e;
            }
        } catch (Throwable th) {
            verifyingProviders.remove(provider);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean canUseProvider(Provider provider) {
        return getVerificationResult(provider) == null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static URL getCodeBase(final Class<?> cls) {
        URL url;
        synchronized (codeBaseCacheRef) {
            URL url2 = codeBaseCacheRef.get(cls);
            if (url2 == null) {
                url2 = (URL) AccessController.doPrivileged(new PrivilegedAction<URL>() { // from class: javax.crypto.JceSecurity.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public URL run() {
                        CodeSource codeSource;
                        ProtectionDomain protectionDomain = cls.getProtectionDomain();
                        return (protectionDomain == null || (codeSource = protectionDomain.getCodeSource()) == null) ? JceSecurity.NULL_URL : codeSource.getLocation();
                    }
                });
                codeBaseCacheRef.put(cls, url2);
            }
            url = url2 == NULL_URL ? null : url2;
        }
        return url;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void setupJurisdictionPolicies() throws Exception {
        String property = System.getProperty("java.home");
        String property2 = Security.getProperty("crypto.policy");
        Path path = property2 == null ? null : Paths.get(property2, new String[0]);
        if (path != null && (path.getNameCount() != 1 || path.compareTo(path.getFileName()) != 0)) {
            throw new SecurityException("Invalid policy directory name format: " + property2);
        }
        Path path2 = path == null ? Paths.get(property, "lib", "security") : Paths.get(property, "lib", "security", "policy", property2);
        if (debug != null) {
            debug.println("crypto policy directory: " + path2);
        }
        File file = new File(path2.toFile(), "US_export_policy.jar");
        File file2 = new File(path2.toFile(), "local_policy.jar");
        if (property2 == null && (!file.exists() || !file2.exists())) {
            Path path3 = Paths.get(property, "lib", "security", "policy", "unlimited");
            file = new File(path3.toFile(), "US_export_policy.jar");
            file2 = new File(path3.toFile(), "local_policy.jar");
        }
        if (ClassLoader.getSystemResource("javax/crypto/Cipher.class") == null || !file.exists() || !file2.exists()) {
            throw new SecurityException("Cannot locate policy or framework files!");
        }
        CryptoPermissions cryptoPermissions = new CryptoPermissions();
        CryptoPermissions cryptoPermissions2 = new CryptoPermissions();
        loadPolicies(file, cryptoPermissions, cryptoPermissions2);
        CryptoPermissions cryptoPermissions3 = new CryptoPermissions();
        CryptoPermissions cryptoPermissions4 = new CryptoPermissions();
        loadPolicies(file2, cryptoPermissions3, cryptoPermissions4);
        if (cryptoPermissions.isEmpty() || cryptoPermissions3.isEmpty()) {
            throw new SecurityException("Missing mandatory jurisdiction policy files");
        }
        defaultPolicy = cryptoPermissions.getMinimum(cryptoPermissions3);
        if (cryptoPermissions2.isEmpty()) {
            exemptPolicy = cryptoPermissions4.isEmpty() ? null : cryptoPermissions4;
        } else {
            exemptPolicy = cryptoPermissions2.getMinimum(cryptoPermissions4);
        }
    }

    private static void loadPolicies(File file, CryptoPermissions cryptoPermissions, CryptoPermissions cryptoPermissions2) throws Exception {
        InputStream inputStream;
        JarFile jarFile = new JarFile(file);
        Enumeration<JarEntry> entries = jarFile.entries();
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            InputStream inputStream2 = null;
            try {
                if (nextElement.getName().startsWith("default_")) {
                    inputStream = jarFile.getInputStream(nextElement);
                    cryptoPermissions.load(inputStream);
                } else if (nextElement.getName().startsWith("exempt_")) {
                    inputStream = jarFile.getInputStream(nextElement);
                    cryptoPermissions2.load(inputStream);
                } else if (0 != 0) {
                    inputStream2.close();
                }
                if (inputStream != null) {
                    inputStream.close();
                }
                JarVerifier.verifyPolicySigned(nextElement.getCertificates());
            } catch (Throwable th) {
                if (0 != 0) {
                    inputStream2.close();
                }
                throw th;
            }
        }
        jarFile.close();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CryptoPermissions getDefaultPolicy() {
        return defaultPolicy;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CryptoPermissions getExemptPolicy() {
        return exemptPolicy;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isRestricted() {
        return isRestricted;
    }

    static {
        isRestricted = true;
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: javax.crypto.JceSecurity.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    JceSecurity.setupJurisdictionPolicies();
                    return null;
                }
            });
            isRestricted = !defaultPolicy.implies(CryptoAllPermission.INSTANCE);
            PROVIDER_VERIFIED = Boolean.TRUE;
            try {
                NULL_URL = new URL("http://null.oracle.com/");
                codeBaseCacheRef = new WeakHashMap();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } catch (Exception e2) {
            throw new SecurityException("Can not initialize cryptographic mechanism", e2);
        }
    }
}
