package org.lobobrowser.security;

import java.awt.AWTPermission;
import java.io.File;
import java.io.FilePermission;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.NetPermission;
import java.net.SocketPermission;
import java.net.URL;
import java.net.URLPermission;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.SecurityPermission;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.PropertyPermission;
import java.util.StringTokenizer;
import java.util.logging.LoggingPermission;
import javax.net.ssl.SSLPermission;
import org.cobraparser.util.io.Files;
import org.cobraparser.validation.DomainValidation;
import org.h2.engine.Constants;
import org.lobobrowser.LoboBrowser;
import org.lobobrowser.extension.ExtensionManager;
import org.lobobrowser.store.StorageManager;

/* loaded from: input_file:org/lobobrowser/security/LocalSecurityPolicy.class */
public class LocalSecurityPolicy extends Policy {
    public static final File STORE_DIRECTORY;
    private static final String DEFAULT_PROFILE = "default";
    private static final String STORE_DIR_NAME = ".lobobrowser";
    private static final String STORE_DIRECTORY_CANONICAL;
    private static String JAVA_HOME_URL;
    private static final URL unoPath;
    private static final String JAVA_HOME = System.getProperty("java.home");
    private static final String JAVA_CLASS_PATH = System.getProperty("java.class.path");
    private static final String PATH_SEPARATOR = System.getProperty("path.separator");
    private static final LocalSecurityPolicy instance = new LocalSecurityPolicy();
    private static final Collection<Permission> BASE_PRIVILEGE = new LinkedList();
    private static final String recursiveSuffix = File.separator + "-";
    private static final Collection<Permission> CORE_PERMISSIONS = new LinkedList();
    private static final Collection<Permission> EXTENSION_PERMISSIONS = new LinkedList();

    private static void initCorePermissions() {
        CORE_PERMISSIONS.add(new SocketPermission("*", "connect,resolve,listen,accept"));
        CORE_PERMISSIONS.add(new RuntimePermission("createClassLoader"));
        CORE_PERMISSIONS.add(new RuntimePermission("getClassLoader"));
        CORE_PERMISSIONS.add(new RuntimePermission("exitVM"));
        CORE_PERMISSIONS.add(new RuntimePermission("setIO"));
        CORE_PERMISSIONS.add(new RuntimePermission("setContextClassLoader"));
        CORE_PERMISSIONS.add(new RuntimePermission("enableContextClassLoaderOverride"));
        CORE_PERMISSIONS.add(new RuntimePermission("setFactory"));
        CORE_PERMISSIONS.add(new RuntimePermission("accessClassInPackage.*"));
        CORE_PERMISSIONS.add(new RuntimePermission("defineClassInPackage.*"));
        CORE_PERMISSIONS.add(new RuntimePermission("accessDeclaredMembers"));
        CORE_PERMISSIONS.add(new RuntimePermission("getStackTrace"));
        CORE_PERMISSIONS.add(new RuntimePermission("preferences"));
        CORE_PERMISSIONS.add(new RuntimePermission("modifyThreadGroup"));
        CORE_PERMISSIONS.add(new RuntimePermission("getProtectionDomain"));
        CORE_PERMISSIONS.add(new RuntimePermission("shutdownHooks"));
        CORE_PERMISSIONS.add(new RuntimePermission("modifyThread"));
        CORE_PERMISSIONS.add(new RuntimePermission("com.sun.media.jmc.accessMedia"));
        CORE_PERMISSIONS.add(new RuntimePermission("loadLibrary.*"));
        CORE_PERMISSIONS.add(new NetPermission("setDefaultAuthenticator"));
        CORE_PERMISSIONS.add(new NetPermission("setCookieHandler"));
        CORE_PERMISSIONS.add(new NetPermission("specifyStreamHandler"));
        CORE_PERMISSIONS.add(new SSLPermission("setHostnameVerifier"));
        CORE_PERMISSIONS.add(new SSLPermission("getSSLSessionContext"));
        CORE_PERMISSIONS.add(new SecurityPermission("putProviderProperty.*"));
        CORE_PERMISSIONS.add(new SecurityPermission("insertProvider.*"));
        CORE_PERMISSIONS.add(new SecurityPermission("removeProvider.*"));
        CORE_PERMISSIONS.add(new LoggingPermission("control", null));
        CORE_PERMISSIONS.add(GenericLocalPermission.EXT_GENERIC);
        CORE_PERMISSIONS.add(new RuntimePermission("stopThread"));
        copyPermissions(EXTENSION_PERMISSIONS, CORE_PERMISSIONS);
        addStoreDirectoryPermissions(CORE_PERMISSIONS);
        StringTokenizer stringTokenizer = new StringTokenizer(JAVA_CLASS_PATH, PATH_SEPARATOR);
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (new File(nextToken).isDirectory()) {
                CORE_PERMISSIONS.add(new FilePermission(nextToken + recursiveSuffix, "read"));
            } else {
                CORE_PERMISSIONS.add(new FilePermission(nextToken, "read"));
            }
        }
        CORE_PERMISSIONS.add(new FilePermission(JAVA_HOME + recursiveSuffix, "read"));
    }

    private static void addStoreDirectoryPermissions(Collection<Permission> collection) {
        collection.add(new FilePermission(STORE_DIRECTORY_CANONICAL + recursiveSuffix, "read, write, delete"));
    }

    private static void addExtensionPermissions(Collection<Permission> collection) {
        Arrays.stream(ExtensionManager.getExtDirs()).forEach(file -> {
            collection.add(new FilePermission(file.getAbsolutePath() + recursiveSuffix, "read"));
        });
        Arrays.stream(ExtensionManager.getExtFiles()).forEach(file2 -> {
            collection.add(new FilePermission(file2.getAbsolutePath() + recursiveSuffix, "read"));
        });
    }

    private static void copyPermissions(Collection<Permission> collection, Collection<Permission> collection2) {
        Iterator<Permission> it = collection.iterator();
        while (it.hasNext()) {
            collection2.add(it.next());
        }
    }

    private static void copyPermissions(Collection<Permission> collection, PermissionCollection permissionCollection) {
        Iterator<Permission> it = collection.iterator();
        while (it.hasNext()) {
            permissionCollection.add(it.next());
        }
    }

    public static void addPrivilegedPermission(Permission permission) {
        BASE_PRIVILEGE.add(permission);
    }

    private LocalSecurityPolicy() {
    }

    public static LocalSecurityPolicy getInstance() {
        return instance;
    }

    public static boolean hasHost(URL url) {
        String host = url.getHost();
        return (host == null || "".equals(host)) ? false : true;
    }

    public static boolean isLocal(URL url) {
        if (url == null) {
            return false;
        }
        String protocol = url.getProtocol();
        if ("http".equalsIgnoreCase(protocol)) {
            return false;
        }
        if ("file".equalsIgnoreCase(protocol)) {
            if (hasHost(url)) {
                return false;
            }
            if (unoMatch(url)) {
                return true;
            }
            final String path = url.getPath();
            return ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: org.lobobrowser.security.LocalSecurityPolicy.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Boolean run() {
                    try {
                        return Boolean.valueOf(!new File(path).getCanonicalPath().startsWith(LocalSecurityPolicy.STORE_DIRECTORY_CANONICAL));
                    } catch (IOException e) {
                        e.printStackTrace(System.err);
                        return false;
                    }
                }
            })).booleanValue();
        }
        if (!"jar".equalsIgnoreCase(protocol)) {
            return ExtensionManager.ZIPENTRY_PROTOCOL.equalsIgnoreCase(protocol) || "jrt".equals(protocol);
        }
        String path2 = url.getPath();
        int lastIndexOf = path2.lastIndexOf(33);
        try {
            return isLocal(new URL(lastIndexOf == -1 ? path2 : path2.substring(0, lastIndexOf)));
        } catch (MalformedURLException e) {
            return false;
        }
    }

    private static boolean unoMatch(URL url) {
        if (unoPath != null) {
            return unoPath.equals(url);
        }
        return false;
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        if (codeSource == null) {
            Permissions permissions = new Permissions();
            permissions.add(new PropertyPermission("*", "read"));
            return permissions;
        }
        if (LoboBrowser.getInstance().debugOn) {
            System.out.println("Codesource: " + codeSource.getLocation());
            if (codeSource.getCodeSigners() != null) {
                System.out.println("  signers: " + codeSource.getCodeSigners().length);
            }
        }
        URL location = codeSource.getLocation();
        if (location == null) {
            throw new AccessControlException("No location for codesource=" + codeSource);
        }
        boolean isLocal = isLocal(location);
        Permissions permissions2 = new Permissions();
        if (isLocal) {
            String externalForm = location.toExternalForm();
            if (externalForm.endsWith("h2-1.4.188.jar")) {
                String str = StorageManager.getInstance().userDBPath;
                permissions2.add(new FilePermission(STORE_DIRECTORY_CANONICAL, "read"));
                permissions2.add(new FilePermission(str, "read, write, delete"));
                for (String str2 : new String[]{Constants.SUFFIX_LOCK_FILE, Constants.SUFFIX_PAGE_FILE, Constants.SUFFIX_MV_FILE, Constants.SUFFIX_TEMP_FILE, Constants.SUFFIX_TRACE_FILE, ".mv.db.newFile", ".mv.db.tempFile", Constants.SUFFIX_DB_FILE, Constants.SUFFIX_OLD_DATABASE_FILE}) {
                    permissions2.add(new FilePermission(str + str2, "read, write, delete"));
                }
                permissions2.add(new PropertyPermission("line.separator", "read"));
                permissions2.add(new PropertyPermission("file.separator", "read"));
                permissions2.add(new PropertyPermission("file.encoding", "read"));
                permissions2.add(new PropertyPermission("java.specification.version", "read"));
                permissions2.add(new PropertyPermission("h2.*", "read"));
                permissions2.add(new RuntimePermission("shutdownHooks"));
                permissions2.add(new PropertyPermission("user.home", "read"));
            } else if (externalForm.endsWith("jooq-3.4.2.jar")) {
                permissions2.add(new PropertyPermission("org.jooq.settings", "read"));
            } else if (unoMatch(location)) {
                permissions2.add(new FilePermission(unoPath.getPath(), "read"));
            } else if (externalForm.endsWith("core.jar") || externalForm.contains("Common") || externalForm.contains("Primary_Extension") || externalForm.contains("HTML_Renderer")) {
                copyPermissions(CORE_PERMISSIONS, permissions2);
                copyPermissions(BASE_PRIVILEGE, permissions2);
                permissions2.add(new URLPermission("http:*", "GET:*"));
                permissions2.add(new URLPermission("https:*", "GET:*"));
                permissions2.add(StoreHostPermission.forURL(location));
                permissions2.add(new RuntimePermission("com.sun.media.jmc.accessMedia"));
                permissions2.add(new NetPermission("getProxySelector"));
                permissions2.add(new NetPermission("getCookieHandler"));
            } else if (externalForm.endsWith("sac.jar")) {
                permissions2.add(new PropertyPermission("org.w3c.css.sac.parser", "read"));
            } else if (externalForm.endsWith("js.jar")) {
                permissions2.add(new PropertyPermission("java.vm.name", "read"));
                permissions2.add(new PropertyPermission("line.separator", "read"));
                permissions2.add(new PropertyPermission("rhino.stack.style", "read"));
                permissions2.add(new RuntimePermission("getClassLoader"));
            } else if (externalForm.endsWith("okhttp-urlconnection-2.7.2.jar")) {
                permissions2.add(new NetPermission("getProxySelector"));
                permissions2.add(new NetPermission("getCookieHandler"));
                permissions2.add(new PropertyPermission("http.*", "read"));
                permissions2.add(new SocketPermission("*", "connect,resolve,listen,accept"));
            } else if (externalForm.endsWith("okhttp-2.7.2.jar")) {
                permissions2.add(new NetPermission("getProxySelector"));
                permissions2.add(new NetPermission("getCookieHandler"));
                permissions2.add(new PropertyPermission("http.*", "read"));
                permissions2.add(new SocketPermission("*", "connect,resolve,listen,accept"));
            } else if (externalForm.startsWith(JAVA_HOME_URL)) {
                permissions2.add(new FilePermission(JAVA_HOME + recursiveSuffix, "read,execute"));
                permissions2.add(new RuntimePermission("loadLibrary.sunec"));
                permissions2.add(new RuntimePermission("accessClassInPackage.*"));
                permissions2.add(new SecurityPermission("putProviderProperty.*"));
            } else if (externalForm.startsWith("jrt:/jdk")) {
                permissions2.add(new RuntimePermission("accessClassInPackage.sun.*"));
            }
        } else {
            DomainValidation.getPossibleDomains(location.getHost()).forEach(str3 -> {
                permissions2.add(StoreHostPermission.forHost(str3));
            });
        }
        if (LoboBrowser.getInstance().debugOn) {
            System.out.println("Returning permissions: " + permissions2);
        }
        return permissions2;
    }

    static {
        try {
            JAVA_HOME_URL = new File(JAVA_HOME).toURI().toURL().toExternalForm();
            File joinPaths = Files.joinPaths(new File(System.getProperty("user.home")), STORE_DIR_NAME, "default");
            STORE_DIRECTORY = joinPaths;
            String str = "";
            try {
                str = joinPaths.getCanonicalPath();
            } catch (IOException e) {
                e.printStackTrace(System.err);
            }
            STORE_DIRECTORY_CANONICAL = str;
            Collection<Permission> collection = BASE_PRIVILEGE;
            collection.add(new PropertyPermission("*", "read,write"));
            collection.add(new AWTPermission("*"));
            collection.add(new HistoryPermission());
            addExtensionPermissions(EXTENSION_PERMISSIONS);
            initCorePermissions();
            URL url = null;
            try {
                url = ClassLoader.getSystemClassLoader().loadClass("uno.Uno").getProtectionDomain().getCodeSource().getLocation();
                unoPath = url;
            } catch (ClassNotFoundException e2) {
                unoPath = url;
            } catch (Throwable th) {
                unoPath = url;
                throw th;
            }
        } catch (MalformedURLException e3) {
            throw new RuntimeException("Couldn't parse Java Home path: " + JAVA_HOME);
        }
    }
}
