package javax.crypto;

import java.net.URL;
import java.security.AccessController;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.util.Enumeration;
import java.util.Locale;
import java.util.Vector;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.slf4j.Marker;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/java.base-2018-11-29.jar:META-INF/modules/java.base/classes/javax/crypto/JceSecurityManager.class */
public final class JceSecurityManager extends SecurityManager {
    private static final Vector<Class<?>> TrustedCallersCache = new Vector<>(2);
    private static final ConcurrentMap<URL, CryptoPermissions> exemptCache = new ConcurrentHashMap();
    private static final CryptoPermissions CACHE_NULL_MARK = new CryptoPermissions();
    private static final CryptoPermissions defaultPolicy = JceSecurity.getDefaultPolicy();
    private static final CryptoPermissions exemptPolicy = JceSecurity.getExemptPolicy();
    private static final CryptoAllPermission allPerm = CryptoAllPermission.INSTANCE;
    static final JceSecurityManager INSTANCE = (JceSecurityManager) AccessController.doPrivileged(new PrivilegedAction<JceSecurityManager>() { // from class: javax.crypto.JceSecurityManager.1
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        /* renamed from: run */
        public JceSecurityManager run2() {
            return new JceSecurityManager();
        }
    });

    private JceSecurityManager() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CryptoPermission getCryptoPermission(String str) {
        String upperCase = str.toUpperCase(Locale.ENGLISH);
        CryptoPermission defaultPermission = getDefaultPermission(upperCase);
        if (defaultPermission == CryptoAllPermission.INSTANCE) {
            return defaultPermission;
        }
        Class<?>[] classContext = getClassContext();
        URL url = null;
        int i = 0;
        while (i < classContext.length) {
            Class<?> cls = classContext[i];
            url = JceSecurity.getCodeBase(cls);
            if (url != null) {
                break;
            }
            if (!cls.getName().startsWith("javax.crypto.")) {
                return defaultPermission;
            }
            i++;
        }
        if (i == classContext.length) {
            return defaultPermission;
        }
        CryptoPermissions cryptoPermissions = exemptCache.get(url);
        if (cryptoPermissions == null) {
            synchronized (getClass()) {
                cryptoPermissions = exemptCache.get(url);
                if (cryptoPermissions == null) {
                    cryptoPermissions = getAppPermissions(url);
                    exemptCache.putIfAbsent(url, cryptoPermissions == null ? CACHE_NULL_MARK : cryptoPermissions);
                }
            }
        }
        if (cryptoPermissions == null || cryptoPermissions == CACHE_NULL_MARK) {
            return defaultPermission;
        }
        if (cryptoPermissions.implies(allPerm)) {
            return allPerm;
        }
        PermissionCollection permissionCollection = cryptoPermissions.getPermissionCollection(upperCase);
        if (permissionCollection == null) {
            return defaultPermission;
        }
        Enumeration<Permission> elements = permissionCollection.elements();
        while (elements.hasMoreElements()) {
            CryptoPermission cryptoPermission = (CryptoPermission) elements.nextElement();
            if (cryptoPermission.getExemptionMechanism() == null) {
                return cryptoPermission;
            }
        }
        PermissionCollection permissionCollection2 = exemptPolicy.getPermissionCollection(upperCase);
        if (permissionCollection2 == null) {
            return defaultPermission;
        }
        Enumeration<Permission> elements2 = permissionCollection2.elements();
        while (elements2.hasMoreElements()) {
            CryptoPermission cryptoPermission2 = (CryptoPermission) elements2.nextElement();
            try {
                ExemptionMechanism.getInstance(cryptoPermission2.getExemptionMechanism());
                if (cryptoPermission2.getAlgorithm().equals(Marker.ANY_MARKER)) {
                    CryptoPermission cryptoPermission3 = cryptoPermission2.getCheckParam() ? new CryptoPermission(upperCase, cryptoPermission2.getMaxKeySize(), cryptoPermission2.getAlgorithmParameterSpec(), cryptoPermission2.getExemptionMechanism()) : new CryptoPermission(upperCase, cryptoPermission2.getMaxKeySize(), cryptoPermission2.getExemptionMechanism());
                    if (cryptoPermissions.implies(cryptoPermission3)) {
                        return cryptoPermission3;
                    }
                }
            } catch (Exception e) {
            }
            if (cryptoPermissions.implies(cryptoPermission2)) {
                return cryptoPermission2;
            }
        }
        return defaultPermission;
    }

    private static CryptoPermissions getAppPermissions(URL url) {
        try {
            return JceSecurity.verifyExemptJar(url);
        } catch (Exception e) {
            return null;
        }
    }

    private CryptoPermission getDefaultPermission(String str) {
        return (CryptoPermission) defaultPolicy.getPermissionCollection(str).elements().nextElement();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isCallerTrusted(Provider provider) {
        Class<?>[] classContext = getClassContext();
        if (classContext.length < 3) {
            return false;
        }
        Class<?> cls = classContext[2];
        URL codeBase = JceSecurity.getCodeBase(cls);
        if (codeBase == null || TrustedCallersCache.contains(cls)) {
            return true;
        }
        Class<?> cls2 = provider.getClass();
        Module module = cls2.getModule();
        if (!(module.isNamed() ? cls.getModule().equals(module) : codeBase.equals(JceSecurity.getCodeBase(cls2)))) {
            provider = null;
        } else if (ProviderVerifier.isTrustedCryptoProvider(provider)) {
            TrustedCallersCache.addElement(cls);
            return true;
        }
        try {
            JceSecurity.verifyProvider(codeBase, provider);
            TrustedCallersCache.addElement(cls);
            return true;
        } catch (Exception e) {
            return false;
        }
    }
}
