package com.sun.deploy.security;

import com.sun.deploy.cache.Cache;
import com.sun.deploy.model.LocalApplicationProperties;
import com.sun.deploy.trace.Trace;
import com.sun.deploy.trace.TraceLevel;
import com.sun.deploy.ui.AppInfo;
import com.sun.deploy.uitoolkit.ToolkitStore;
import com.sun.deploy.util.SecurityBaseline;
import com.sun.deploy.util.URLUtil;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.Date;

/* loaded from: input_file:com/sun/deploy/security/DecisionTime.class */
public class DecisionTime {
    private static final long ONEDAY = 86400000;
    private static final String ALLOWED_CERT_HASH = "rdf.allowed.cert.hash";
    private static final String ALLOWED_CERT_BASE = "rdf.allowed.cert.base";
    private static final String ALLOWED_CERT_ALL_PERMISSION_GRANTED = "rdf.allowed.cert.all-perms.granted";

    public static void reset(LocalApplicationProperties localApplicationProperties) {
        if (localApplicationProperties != null) {
            localApplicationProperties.put(LocalApplicationProperties.UNSIGNED_KEY, null);
            localApplicationProperties.put(LocalApplicationProperties.SASIGNED_KEY, null);
            localApplicationProperties.put(LocalApplicationProperties.ALSIGNED_KEY, null);
            localApplicationProperties.put(LocalApplicationProperties.URL_BASE_KEY, null);
            try {
                localApplicationProperties.store();
            } catch (IOException e) {
                Trace.ignoredException(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean withinTime(URL url, AppInfo appInfo, X509Certificate x509Certificate, String str) {
        boolean z = !SecurityBaseline.isExpired();
        LocalApplicationProperties localApplicationProperties = Cache.getLocalApplicationProperties(appInfo.getLapURL());
        if (!z || localApplicationProperties == null) {
            return false;
        }
        String str2 = localApplicationProperties.get(str);
        String str3 = localApplicationProperties.get(LocalApplicationProperties.APP_HASH_KEY);
        if (str2 != null && str3 != null) {
            try {
                if (new Long(str2).longValue() <= new Date().getTime()) {
                    Trace.println("Decision time exceeded - show dialog", TraceLevel.SECURITY);
                } else if (!str3.equals(appInfo.getHashString()) || !sameBase(localApplicationProperties, url)) {
                    Trace.println("Decision hash not matching ai: " + appInfo, TraceLevel.SECURITY);
                } else {
                    if (x509Certificate == null) {
                        return true;
                    }
                    String certificateFingerPrint = CertUtils.getCertificateFingerPrint("SHA-256", x509Certificate);
                    if (certificateFingerPrint.equals(localApplicationProperties.get(LocalApplicationProperties.CERT_HASH_KEY))) {
                        boolean equals = str.equals(LocalApplicationProperties.ALSIGNED_KEY);
                        ToolkitStore.get().getAppContext().put(ALLOWED_CERT_HASH, certificateFingerPrint);
                        ToolkitStore.get().getAppContext().put(ALLOWED_CERT_BASE, url);
                        ToolkitStore.get().getAppContext().put(ALLOWED_CERT_ALL_PERMISSION_GRANTED, Boolean.valueOf(equals));
                        return true;
                    }
                    Trace.println("Decision cert hash not matching", TraceLevel.SECURITY);
                }
                return false;
            } catch (Exception e) {
                Trace.ignored(e);
                return false;
            }
        }
        if (x509Certificate == null) {
            return false;
        }
        String str4 = (String) ToolkitStore.get().getAppContext().get(ALLOWED_CERT_HASH);
        URL url2 = (URL) ToolkitStore.get().getAppContext().get(ALLOWED_CERT_BASE);
        if (str4 == null || url2 == null) {
            return false;
        }
        String certificateFingerPrint2 = CertUtils.getCertificateFingerPrint("SHA-256", x509Certificate);
        if (!str4.equals(certificateFingerPrint2)) {
            Trace.println("DecisionTime not allowed. Cert of main app not matching cert of extension", TraceLevel.SECURITY);
            return false;
        }
        if (!URLUtil.sameBase(url, url2)) {
            Trace.println("DecisionTime not allowed. Cert matches but not same base: " + url2 + " vs " + url, TraceLevel.SECURITY);
            return false;
        }
        Trace.println("DecisionTime allowed cert: " + certificateFingerPrint2, TraceLevel.SECURITY);
        if (!str.equals(LocalApplicationProperties.ALSIGNED_KEY) || ((Boolean) ToolkitStore.get().getAppContext().get(ALLOWED_CERT_ALL_PERMISSION_GRANTED)).booleanValue()) {
            return true;
        }
        Trace.println("DecisionTime not allowed. Cert matches but not allowed for all-permissions", TraceLevel.SECURITY);
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void setTime(URL url, AppInfo appInfo, X509Certificate x509Certificate, String str) {
        LocalApplicationProperties localApplicationProperties = Cache.getLocalApplicationProperties(appInfo.getLapURL());
        if (localApplicationProperties == null) {
            Trace.println("Lap null for ai: " + appInfo, TraceLevel.SECURITY);
            return;
        }
        if (localApplicationProperties.get(LocalApplicationProperties.URL_BASE_KEY) == null || sameBase(localApplicationProperties, url)) {
            long time = new Date().getTime();
            URL from = appInfo.getFrom();
            if (from != null) {
                time = (!"https".equals(from.getProtocol()) || appInfo.isMultiHost()) ? time + ONEDAY : time + 604800000;
            }
            localApplicationProperties.put(str, "" + time);
            localApplicationProperties.put(LocalApplicationProperties.APP_HASH_KEY, "" + appInfo.getHashString());
            localApplicationProperties.put(LocalApplicationProperties.URL_BASE_KEY, url.toString());
            if (x509Certificate != null) {
                localApplicationProperties.put(LocalApplicationProperties.CERT_HASH_KEY, CertUtils.getCertificateFingerPrint("SHA-256", x509Certificate));
            }
            Trace.println("Decision time stored for ai: " + appInfo, TraceLevel.SECURITY);
            try {
                localApplicationProperties.store();
            } catch (IOException e) {
                Trace.ignoredException(e);
            }
        }
    }

    private static boolean sameBase(LocalApplicationProperties localApplicationProperties, URL url) {
        String str;
        if (localApplicationProperties == null || url == null || (str = localApplicationProperties.get(LocalApplicationProperties.URL_BASE_KEY)) == null) {
            return false;
        }
        try {
            return URLUtil.sameBase(new URL(str), url);
        } catch (MalformedURLException e) {
            Trace.ignored(e);
            return false;
        }
    }
}
