package sun.plugin.security;

import java.io.IOException;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import sun.plugin.resources.ResourceHandler;
import sun.plugin.usability.Trace;

/* loaded from: input_file:sun/plugin/security/TrustDecider.class */
public class TrustDecider {
    private static CertificateStore rootStore = new RootCACertificateStore();
    private static CertificateStore permanentStore = new PluginCertificateStore();
    private static CertificateStore sessionStore = new SessionCertificateStore();
    private static CertificateStore deniedStore = new DeniedCertificateStore();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:sun/plugin/security/TrustDecider$PrivilegedBlockAction.class */
    public static class PrivilegedBlockAction implements PrivilegedAction {
        Certificate[] certs;
        boolean rootCANotValid;
        boolean timeNotValid;

        PrivilegedBlockAction(CodeSource codeSource, boolean z, boolean z2) {
            this.rootCANotValid = false;
            this.timeNotValid = false;
            this.certs = codeSource.getCertificates();
            this.rootCANotValid = z;
            this.timeNotValid = z2;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            return new Integer(new TrustDeciderDialog(this.certs, this.rootCANotValid, this.timeNotValid).DoModal());
        }
    }

    public static void reset() {
        rootStore = new RootCACertificateStore();
        permanentStore = new PluginCertificateStore();
        sessionStore = new SessionCertificateStore();
        deniedStore = new DeniedCertificateStore();
    }

    public static boolean isAllPermissionGranted(CodeSource codeSource) throws CertificateEncodingException, CertificateExpiredException, CertificateNotYetValidException, CertificateParsingException, CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException {
        Certificate[] certificates = codeSource.getCertificates();
        String url = codeSource.getLocation().toString();
        if (certificates == null) {
            if (isBrowserMozilla()) {
                return isAllPermissionGranted(codeSource, url, null, null, 0, null, 0, "");
            }
            return false;
        }
        int i = 0;
        int i2 = 0;
        while (i2 < certificates.length) {
            int i3 = i;
            CertificateExpiredException certificateExpiredException = null;
            CertificateNotYetValidException certificateNotYetValidException = null;
            if (certificates.length == 1 && (certificates[0] instanceof X509Certificate)) {
                try {
                    ((X509Certificate) certificates[0]).checkValidity();
                } catch (CertificateExpiredException e) {
                    if (0 == 0) {
                        certificateExpiredException = e;
                    }
                } catch (CertificateNotYetValidException e2) {
                    if (0 == 0) {
                        certificateNotYetValidException = e2;
                    }
                }
            } else {
                while (i3 + 1 < certificates.length && (certificates[i3] instanceof X509Certificate) && (certificates[i3 + 1] instanceof X509Certificate) && isIssuerOf((X509Certificate) certificates[i3], (X509Certificate) certificates[i3 + 1])) {
                    try {
                        ((X509Certificate) certificates[i3]).checkValidity();
                        ((X509Certificate) certificates[i3 + 1]).checkValidity();
                    } catch (CertificateExpiredException e3) {
                        if (certificateExpiredException == null) {
                            certificateExpiredException = e3;
                        }
                    } catch (CertificateNotYetValidException e4) {
                        if (certificateNotYetValidException == null) {
                            certificateNotYetValidException = e4;
                        }
                    }
                    i3++;
                }
            }
            i2 = i3 + 1;
            if (!isBrowserMozilla()) {
                boolean z = false;
                rootStore.load();
                permanentStore.load();
                sessionStore.load();
                deniedStore.load();
                if (deniedStore.contains(certificates[i])) {
                    return false;
                }
                boolean z2 = rootStore.verify(certificates[i3]) ? false : true;
                if (permanentStore.contains(certificates[i]) || sessionStore.contains(certificates[i])) {
                    return true;
                }
                int showSecurityDialog = showSecurityDialog(codeSource, z2, (certificateExpiredException == null && certificateNotYetValidException == null) ? false : true);
                if (showSecurityDialog == 0) {
                    Trace.securityPrintln(ResourceHandler.getMessage("trustdecider.user.grant.session"), 2);
                    sessionStore.add(certificates[i]);
                    sessionStore.save();
                    z = true;
                } else if (showSecurityDialog == 2) {
                    Trace.securityPrintln(ResourceHandler.getMessage("trustdecider.user.grant.forever"), 2);
                    permanentStore.add(certificates[i]);
                    permanentStore.save();
                    z = true;
                } else {
                    Trace.securityPrintln(ResourceHandler.getMessage("trustdecider.user.deny"), 2);
                    deniedStore.add(certificates[i]);
                    deniedStore.save();
                }
                return z;
            }
            byte[][] makeChain = makeChain(certificates, i, i2);
            if (makeChain != null) {
                int[] iArr = new int[makeChain.length];
                for (int i4 = 0; i4 < makeChain.length; i4++) {
                    iArr[i4] = makeChain[i4].length;
                }
                X509Certificate x509Certificate = (X509Certificate) certificates[0];
                byte[] signature = x509Certificate.getSignature();
                if (isAllPermissionGranted(codeSource, url, makeChain, iArr, makeChain.length, signature, signature.length, x509Certificate.getSubjectDN().getName())) {
                    return true;
                }
            }
            i = i2;
        }
        return false;
    }

    private static boolean isBrowserMozilla() {
        return false;
    }

    private static boolean isAllPermissionGranted(CodeSource codeSource, String str, byte[][] bArr, int[] iArr, int i, byte[] bArr2, int i2, String str2) {
        return false;
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [byte[], byte[][]] */
    private static byte[][] makeChain(Certificate[] certificateArr, int i, int i2) throws CertificateEncodingException {
        if (i == i2) {
            return null;
        }
        ?? r0 = new byte[i2 - i];
        for (int i3 = i; i3 < i2; i3++) {
            r0[i3 - i] = certificateArr[i3].getEncoded();
        }
        return r0;
    }

    private static boolean isIssuerOf(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        return x509Certificate.getIssuerDN().equals(x509Certificate2.getSubjectDN());
    }

    static int showSecurityDialog(CodeSource codeSource, boolean z, boolean z2) {
        Integer num = (Integer) AccessController.doPrivileged(new PrivilegedBlockAction(codeSource, z, z2));
        int i = 2;
        if (num != null) {
            i = num.intValue();
        }
        return i;
    }
}
