package com.evernote.security;

import java.io.FilePermission;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.SocketPermission;
import java.net.URL;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CopyOnWriteArrayList;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import sun.security.provider.PolicyParser;

/* loaded from: classes.dex */
public class EvernotePolicyFile extends Policy {
    private static Logger LOG = Logger.getLogger(EvernotePolicyFile.class);
    private static final List<Permission> ALL_PERMISSION_COLLECTION = Collections.singletonList(new AllPermission());
    private static final Class<?>[] PERMISSION_CTOR_PARAMS1 = {String.class};
    private static final Class<?>[] PERMISSION_CTOR_PARAMS2 = {String.class, String.class};
    private final Map<CodeSource, Boolean> codeSourceAllPermissionMap = new ConcurrentHashMap();
    private final Map<Class<? extends Permission>, List<Permission>> globalPermissionsByClass = new ConcurrentHashMap();
    private final List<Permission> allGlobalPermissions = new CopyOnWriteArrayList();

    /* loaded from: classes.dex */
    private class ReadOnlyPermissionCollection extends PermissionCollection {
        private List<Permission> permissions;

        ReadOnlyPermissionCollection(List<Permission> list) {
            this.permissions = list;
        }

        @Override // java.security.PermissionCollection
        public void add(Permission permission) {
            Level level = Level.WARN;
            if (implies(permission)) {
                level = Level.DEBUG;
            }
            EvernotePolicyFile.LOG.log(level, "Ignoring attempt to add permission: " + permission);
        }

        @Override // java.security.PermissionCollection
        public Enumeration<Permission> elements() {
            return Collections.enumeration(this.permissions);
        }

        @Override // java.security.PermissionCollection
        public boolean implies(Permission permission) {
            Iterator<Permission> it = this.permissions.iterator();
            while (it.hasNext()) {
                if (it.next().implies(permission)) {
                    return true;
                }
            }
            return false;
        }
    }

    private Boolean addCodeSource(CodeSource codeSource, Boolean bool) {
        LOG.debug("Adding codeSource (" + codeSource + ") to map. Trusted? " + bool);
        this.codeSourceAllPermissionMap.put(codeSource, bool);
        return bool;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private synchronized void addGlobalPermission(Permission permission) {
        LOG.debug("Adding global permission: " + permission);
        Class<?> cls = permission.getClass();
        List<Permission> list = this.globalPermissionsByClass.get(cls);
        if (list == null) {
            list = new CopyOnWriteArrayList<>();
            this.globalPermissionsByClass.put(cls, list);
        }
        if ((permission instanceof SocketPermission) && "*".equals(permission.getName())) {
            permission = new WildcardSocketPermission(permission.getActions());
        }
        this.allGlobalPermissions.add(permission);
        list.add(permission);
    }

    private Boolean checkCodeSourceTrusted(CodeSource codeSource) {
        Boolean bool = this.codeSourceAllPermissionMap.get(codeSource);
        if (bool != null) {
            return bool;
        }
        for (Map.Entry<CodeSource, Boolean> entry : this.codeSourceAllPermissionMap.entrySet()) {
            if (entry.getValue() == Boolean.TRUE && entry.getKey().implies(codeSource)) {
                return addCodeSource(codeSource, Boolean.TRUE);
            }
        }
        return addCodeSource(codeSource, Boolean.FALSE);
    }

    private Permission cloneIfNeeded(Permission permission) {
        return permission instanceof SocketPermission ? new SocketPermission(permission.getName(), permission.getActions()) : permission instanceof FilePermission ? new FilePermission(permission.getName(), permission.getActions()) : permission;
    }

    private void loadPolicyParserGrantEntry(PolicyParser.GrantEntry grantEntry) throws IOException {
        CodeSource codeSource = null;
        if (grantEntry.codeBase != null) {
            try {
                codeSource = new CodeSource(new URL(grantEntry.codeBase), (Certificate[]) null);
            } catch (MalformedURLException e) {
                throw new IOException("Bad codeBase (" + grantEntry.codeBase + "): " + e);
            }
        }
        Enumeration permissionElements = grantEntry.permissionElements();
        while (permissionElements.hasMoreElements()) {
            Permission permissionEntryToPermission = permissionEntryToPermission((PolicyParser.PermissionEntry) permissionElements.nextElement());
            if (codeSource == null) {
                addGlobalPermission(permissionEntryToPermission);
            } else {
                if (!(permissionEntryToPermission instanceof AllPermission)) {
                    throw new IOException("Can only set AllPermission for codeSource: " + codeSource + ", rejecting: " + permissionEntryToPermission);
                }
                addCodeSource(codeSource, Boolean.TRUE);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EvernotePolicyFile parsePolicyFile(URL url) throws IOException {
        EvernotePolicyFile evernotePolicyFile = new EvernotePolicyFile();
        PolicyParser policyParser = new PolicyParser(true);
        InputStreamReader inputStreamReader = new InputStreamReader(url.openStream());
        try {
            try {
                policyParser.read(inputStreamReader);
                inputStreamReader.close();
                Enumeration grantElements = policyParser.grantElements();
                while (grantElements.hasMoreElements()) {
                    evernotePolicyFile.loadPolicyParserGrantEntry((PolicyParser.GrantEntry) grantElements.nextElement());
                }
                return evernotePolicyFile;
            } catch (PolicyParser.ParsingException e) {
                LOG.error("Error parsing policy file (" + url + "): " + e);
                LOG.debug("", e);
                throw new IOException("Can't parse policy file: " + e);
            }
        } catch (Throwable th) {
            inputStreamReader.close();
            throw th;
        }
    }

    private Permission permissionEntryToPermission(PolicyParser.PermissionEntry permissionEntry) throws IOException {
        try {
            Class<?> cls = Class.forName(permissionEntry.permission);
            try {
                return (Permission) cls.getConstructor(PERMISSION_CTOR_PARAMS2).newInstance(permissionEntry.name, permissionEntry.action);
            } catch (NoSuchMethodException e) {
                return (Permission) cls.getConstructor(PERMISSION_CTOR_PARAMS1).newInstance(permissionEntry.name);
            }
        } catch (Exception e2) {
            LOG.debug("", e2);
            throw new IOException("Bad permission entry: " + permissionEntry.permission + " " + permissionEntry.name + " " + permissionEntry.action + ": " + e2);
        }
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        return checkCodeSourceTrusted(codeSource) == Boolean.TRUE ? new ReadOnlyPermissionCollection(ALL_PERMISSION_COLLECTION) : new ReadOnlyPermissionCollection(this.allGlobalPermissions);
    }

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        CodeSource codeSource = protectionDomain.getCodeSource();
        if (Boolean.TRUE == checkCodeSourceTrusted(codeSource)) {
            if (!LOG.isTraceEnabled()) {
                return true;
            }
            LOG.trace("Permitting trusted source (" + codeSource + "): " + permission);
            return true;
        }
        if (LOG.isTraceEnabled()) {
            LOG.trace("CodeSource does not have AllPermission: " + codeSource);
        }
        List<Permission> list = this.globalPermissionsByClass.get(permission.getClass());
        if (list != null) {
            for (Permission permission2 : list) {
                if (cloneIfNeeded(permission2).implies(permission)) {
                    if (!LOG.isTraceEnabled()) {
                        return true;
                    }
                    LOG.trace("Accepting " + permission + " due to global grant: " + permission2);
                    return true;
                }
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Not accepting " + permission + " via " + permission2 + " from: " + codeSource);
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Rejecting " + permission + " for source: " + codeSource);
        }
        return false;
    }
}
