package javax.crypto;

import java.io.BufferedInputStream;
import java.net.URL;
import java.nio.file.DirectoryIteratorException;
import java.nio.file.DirectoryStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.util.IdentityHashMap;
import java.util.Map;
import java.util.WeakHashMap;
import java.util.concurrent.ConcurrentHashMap;
import jdk.internal.util.StaticProperty;
import sun.security.jca.GetInstance;
import sun.security.util.Debug;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:META-INF/modules/java.base/classes/javax/crypto/JceSecurity.class */
public final class JceSecurity {
    private static final Debug debug = Debug.getInstance("jca");
    static final SecureRandom RANDOM = new SecureRandom();
    private static CryptoPermissions defaultPolicy = null;
    private static CryptoPermissions exemptPolicy = null;
    private static final Map<IdentityWrapper, Object> verificationResults = new ConcurrentHashMap();
    private static final Map<Provider, Object> verifyingProviders = new IdentityHashMap();
    private static final boolean isRestricted;
    private static final Object PROVIDER_VERIFIED;
    private static final URL NULL_URL;
    private static final Map<Class<?>, URL> codeBaseCacheRef;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:META-INF/modules/java.base/classes/javax/crypto/JceSecurity$IdentityWrapper.class */
    public static final class IdentityWrapper {
        final Provider obj;

        IdentityWrapper(Provider provider) {
            this.obj = provider;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            return (obj instanceof IdentityWrapper) && this.obj == ((IdentityWrapper) obj).obj;
        }

        public int hashCode() {
            return System.identityHashCode(this.obj);
        }
    }

    private JceSecurity() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static GetInstance.Instance getInstance(String str, Class<?> cls, String str2, String str3) throws NoSuchAlgorithmException, NoSuchProviderException {
        Provider.Service service = GetInstance.getService(str, str2, str3);
        Exception verificationResult = getVerificationResult(service.getProvider());
        if (verificationResult != null) {
            throw ((NoSuchProviderException) new NoSuchProviderException("JCE cannot authenticate the provider " + str3).initCause(verificationResult));
        }
        return GetInstance.getInstance(service, cls);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static GetInstance.Instance getInstance(String str, Class<?> cls, String str2, Provider provider) throws NoSuchAlgorithmException {
        Provider.Service service = GetInstance.getService(str, str2, provider);
        Exception verificationResult = getVerificationResult(provider);
        if (verificationResult != null) {
            throw new SecurityException("JCE cannot authenticate the provider " + provider.getName(), verificationResult);
        }
        return GetInstance.getInstance(service, cls);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static GetInstance.Instance getInstance(String str, Class<?> cls, String str2) throws NoSuchAlgorithmException {
        NoSuchAlgorithmException noSuchAlgorithmException = null;
        for (Provider.Service service : GetInstance.getServices(str, str2)) {
            if (canUseProvider(service.getProvider())) {
                try {
                    return GetInstance.getInstance(service, cls);
                } catch (NoSuchAlgorithmException e) {
                    noSuchAlgorithmException = e;
                }
            }
        }
        throw new NoSuchAlgorithmException("Algorithm " + str2 + " not available", noSuchAlgorithmException);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CryptoPermissions verifyExemptJar(URL url) throws Exception {
        ProviderVerifier providerVerifier = new ProviderVerifier(url, true);
        providerVerifier.verify();
        return providerVerifier.getPermissions();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void verifyProvider(URL url, Provider provider) throws Exception {
        new ProviderVerifier(url, provider, false).verify();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Exception getVerificationResult(Provider provider) {
        IdentityWrapper identityWrapper = new IdentityWrapper(provider);
        Object obj = verificationResults.get(identityWrapper);
        if (obj == null) {
            synchronized (JceSecurity.class) {
                obj = verificationResults.get(identityWrapper);
                if (obj == null) {
                    try {
                        if (verifyingProviders.get(provider) != null) {
                            return new NoSuchProviderException("Recursion during verification");
                        }
                        try {
                            verifyingProviders.put(provider, Boolean.FALSE);
                            verifyProvider(getCodeBase(provider.getClass()), provider);
                            obj = PROVIDER_VERIFIED;
                            verifyingProviders.remove(provider);
                        } catch (Exception e) {
                            obj = e;
                            verifyingProviders.remove(provider);
                        }
                        verificationResults.put(identityWrapper, obj);
                        if (debug != null) {
                            debug.println("Provider " + provider.getName() + " verification result: " + obj);
                        }
                    } catch (Throwable th) {
                        verifyingProviders.remove(provider);
                        throw th;
                    }
                }
            }
        }
        if (obj == PROVIDER_VERIFIED) {
            return null;
        }
        return (Exception) obj;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean canUseProvider(Provider provider) {
        return getVerificationResult(provider) == null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static URL getCodeBase(final Class<?> cls) {
        URL url;
        synchronized (codeBaseCacheRef) {
            URL url2 = codeBaseCacheRef.get(cls);
            if (url2 == null) {
                url2 = (URL) AccessController.doPrivileged(new PrivilegedAction<URL>() { // from class: javax.crypto.JceSecurity.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    /* renamed from: run */
                    public URL run2() {
                        CodeSource codeSource;
                        ProtectionDomain protectionDomain = Class.this.getProtectionDomain();
                        return (protectionDomain == null || (codeSource = protectionDomain.getCodeSource()) == null) ? JceSecurity.NULL_URL : codeSource.getLocation();
                    }
                });
                codeBaseCacheRef.put(cls, url2);
            }
            url = url2 == NULL_URL ? null : url2;
        }
        return url;
    }

    private static void setupJurisdictionPolicies() throws Exception {
        String property = Security.getProperty("crypto.policy");
        if (property == null) {
            property = "unlimited";
            if (debug != null) {
                debug.println("Security Property 'crypto.policy' not found: using '" + property + "' as fallback");
            }
        }
        Path path = Paths.get(property, new String[0]);
        if (path.getNameCount() != 1 || path.compareTo(path.getFileName()) != 0) {
            throw new SecurityException("Invalid policy directory name format: " + property);
        }
        String javaHome = StaticProperty.javaHome();
        Path normalize = Paths.get(javaHome, "conf", "security", "policy").normalize();
        Path normalize2 = Paths.get(javaHome, "conf", "security", "policy", property).normalize();
        if (normalize2.getParent().compareTo(normalize) != 0) {
            throw new SecurityException("Invalid cryptographic jurisdiction policy directory path: " + property);
        }
        if (!Files.isDirectory(normalize2, new LinkOption[0]) || !Files.isReadable(normalize2)) {
            throw new SecurityException("Can't read cryptographic policy directory: " + property);
        }
        try {
            DirectoryStream<Path> newDirectoryStream = Files.newDirectoryStream(normalize2, "{default,exempt}_*.policy");
            try {
                for (Path path2 : newDirectoryStream) {
                    try {
                        BufferedInputStream bufferedInputStream = new BufferedInputStream(Files.newInputStream(path2, new OpenOption[0]));
                        try {
                            String path3 = path2.getFileName().toString();
                            CryptoPermissions cryptoPermissions = new CryptoPermissions();
                            cryptoPermissions.load(bufferedInputStream);
                            if (path3.startsWith("default_")) {
                                defaultPolicy = defaultPolicy == null ? cryptoPermissions : defaultPolicy.getMinimum(cryptoPermissions);
                            } else {
                                if (!path3.startsWith("exempt_")) {
                                    throw new SecurityException("Unexpected jurisdiction policy files in : " + property);
                                }
                                exemptPolicy = exemptPolicy == null ? cryptoPermissions : exemptPolicy.getMinimum(cryptoPermissions);
                            }
                            bufferedInputStream.close();
                        } catch (Throwable th) {
                            try {
                                bufferedInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                            throw th;
                        }
                    } catch (Exception e) {
                        throw new SecurityException("Couldn't parse jurisdiction policy files in: " + property);
                    }
                }
                if (newDirectoryStream != null) {
                    newDirectoryStream.close();
                }
                if (defaultPolicy == null || defaultPolicy.isEmpty()) {
                    throw new SecurityException("Missing mandatory jurisdiction policy files: " + property);
                }
                if (exemptPolicy == null || !exemptPolicy.isEmpty()) {
                    return;
                }
                exemptPolicy = null;
            } finally {
            }
        } catch (DirectoryIteratorException e2) {
            throw new SecurityException("Couldn't iterate through the jurisdiction policy files: " + property);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CryptoPermissions getDefaultPolicy() {
        return defaultPolicy;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CryptoPermissions getExemptPolicy() {
        return exemptPolicy;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isRestricted() {
        return isRestricted;
    }

    static {
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: javax.crypto.JceSecurity.1
                @Override // java.security.PrivilegedExceptionAction
                /* renamed from: run */
                public Object run2() throws Exception {
                    JceSecurity.setupJurisdictionPolicies();
                    return null;
                }
            });
            isRestricted = !defaultPolicy.implies(CryptoAllPermission.INSTANCE);
            PROVIDER_VERIFIED = Boolean.TRUE;
            try {
                NULL_URL = new URL("http://null.oracle.com/");
                codeBaseCacheRef = new WeakHashMap();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } catch (Exception e2) {
            throw new SecurityException("Can not initialize cryptographic mechanism", e2);
        }
    }
}
