package javax.crypto;

import java.lang.StackWalker;
import java.net.URL;
import java.security.AccessController;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Provider;
import java.util.Enumeration;
import java.util.Locale;
import java.util.Vector;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;

/* JADX INFO: Access modifiers changed from: package-private */
/* JADX WARN: Classes with same name are omitted:
  input_file:META-INF/modules/java.base/classes/javax/crypto/JceSecurityManager.class
 */
/* loaded from: input_file:WEB-INF/lib/java.base-2023-04-24.jar:META-INF/modules/java.base/classes/javax/crypto/JceSecurityManager.class */
public final class JceSecurityManager {
    private static final Vector<Class<?>> TrustedCallersCache = new Vector<>(2);
    private static final ConcurrentMap<URL, CryptoPermissions> exemptCache = new ConcurrentHashMap();
    private static final CryptoPermissions CACHE_NULL_MARK = new CryptoPermissions();
    private static final CryptoPermissions defaultPolicy = JceSecurity.getDefaultPolicy();
    private static final CryptoPermissions exemptPolicy = JceSecurity.getExemptPolicy();
    private static final CryptoAllPermission allPerm = CryptoAllPermission.INSTANCE;
    static final JceSecurityManager INSTANCE = (JceSecurityManager) AccessController.doPrivileged(JceSecurityManager::new);
    static final StackWalker WALKER = (StackWalker) AccessController.doPrivileged(() -> {
        return StackWalker.getInstance(StackWalker.Option.RETAIN_CLASS_REFERENCE);
    });

    private JceSecurityManager() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CryptoPermission getCryptoPermission(String str) {
        String upperCase = str.toUpperCase(Locale.ENGLISH);
        CryptoPermission defaultPermission = getDefaultPermission(upperCase);
        return defaultPermission == CryptoAllPermission.INSTANCE ? defaultPermission : (CryptoPermission) WALKER.walk(stream -> {
            return (CryptoPermission) stream.map((v0) -> {
                return v0.getDeclaringClass();
            }).filter(cls -> {
                return !cls.getPackageName().equals("javax.crypto");
            }).map(cls2 -> {
                URL codeBase = JceSecurity.getCodeBase(cls2);
                return codeBase != null ? getCryptoPermissionFromURL(codeBase, upperCase, defaultPermission) : defaultPermission;
            }).findFirst().get();
        });
    }

    CryptoPermission getCryptoPermissionFromURL(URL url, String str, CryptoPermission cryptoPermission) {
        CryptoPermissions cryptoPermissions = exemptCache.get(url);
        if (cryptoPermissions == null) {
            synchronized (getClass()) {
                cryptoPermissions = exemptCache.get(url);
                if (cryptoPermissions == null) {
                    cryptoPermissions = getAppPermissions(url);
                    exemptCache.putIfAbsent(url, cryptoPermissions == null ? CACHE_NULL_MARK : cryptoPermissions);
                }
            }
        }
        if (cryptoPermissions == null || cryptoPermissions == CACHE_NULL_MARK) {
            return cryptoPermission;
        }
        if (cryptoPermissions.implies(allPerm)) {
            return allPerm;
        }
        PermissionCollection permissionCollection = cryptoPermissions.getPermissionCollection(str);
        if (permissionCollection == null) {
            return cryptoPermission;
        }
        Enumeration<Permission> elements = permissionCollection.elements();
        while (elements.hasMoreElements()) {
            CryptoPermission cryptoPermission2 = (CryptoPermission) elements.nextElement();
            if (cryptoPermission2.getExemptionMechanism() == null) {
                return cryptoPermission2;
            }
        }
        PermissionCollection permissionCollection2 = exemptPolicy.getPermissionCollection(str);
        if (permissionCollection2 == null) {
            return cryptoPermission;
        }
        Enumeration<Permission> elements2 = permissionCollection2.elements();
        while (elements2.hasMoreElements()) {
            CryptoPermission cryptoPermission3 = (CryptoPermission) elements2.nextElement();
            try {
                ExemptionMechanism.getInstance(cryptoPermission3.getExemptionMechanism());
                if (cryptoPermission3.getAlgorithm().equals("*")) {
                    CryptoPermission cryptoPermission4 = cryptoPermission3.getCheckParam() ? new CryptoPermission(str, cryptoPermission3.getMaxKeySize(), cryptoPermission3.getAlgorithmParameterSpec(), cryptoPermission3.getExemptionMechanism()) : new CryptoPermission(str, cryptoPermission3.getMaxKeySize(), cryptoPermission3.getExemptionMechanism());
                    if (cryptoPermissions.implies(cryptoPermission4)) {
                        return cryptoPermission4;
                    }
                }
            } catch (Exception e) {
            }
            if (cryptoPermissions.implies(cryptoPermission3)) {
                return cryptoPermission3;
            }
        }
        return cryptoPermission;
    }

    private static CryptoPermissions getAppPermissions(URL url) {
        try {
            return JceSecurity.verifyExemptJar(url);
        } catch (Exception e) {
            return null;
        }
    }

    private CryptoPermission getDefaultPermission(String str) {
        return (CryptoPermission) defaultPolicy.getPermissionCollection(str).elements().nextElement();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isCallerTrusted(Class<?> cls, Provider provider) {
        if (cls == null) {
            return false;
        }
        URL codeBase = JceSecurity.getCodeBase(cls);
        if (codeBase == null || TrustedCallersCache.contains(cls)) {
            return true;
        }
        Class<?> cls2 = provider.getClass();
        Module module = cls2.getModule();
        if (!(module.isNamed() ? cls.getModule().equals(module) : codeBase.equals(JceSecurity.getCodeBase(cls2)))) {
            provider = null;
        } else if (ProviderVerifier.isTrustedCryptoProvider(provider)) {
            TrustedCallersCache.addElement(cls);
            return true;
        }
        try {
            JceSecurity.verifyProvider(codeBase, provider);
            TrustedCallersCache.addElement(cls);
            return true;
        } catch (Exception e) {
            return false;
        }
    }
}
