package com.sun.star.lib.sandbox;

import java.io.File;
import java.io.FileDescriptor;
import java.io.IOException;
import java.net.InetAddress;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.AllPermission;
import java.security.IdentityScope;
import java.util.Hashtable;
import java.util.StringTokenizer;
import java.util.Vector;
import sun.security.provider.IdentityDatabase;

/* loaded from: input_file:120185-04/SUNWstaroffice-core03/reloc/program/classes/sandbox.jar:com/sun/star/lib/sandbox/SandboxSecurity.class */
public class SandboxSecurity extends SecurityManager {
    private static boolean debug = false;
    public static final int NETWORK_NONE = 1;
    public static final int NETWORK_HOST = 2;
    public static final int NETWORK_UNRESTRICTED = 3;
    private static final int PRIVELEGED_PORT = 1024;
    boolean bNoExit;
    boolean initACL;
    String[] readACL;
    String[] writeACL;
    int networkMode;
    boolean bCheckSecurity;
    RecursionCounter InCheck = new RecursionCounter();
    RecursionCounter InIsSecureLoader = new RecursionCounter();
    RecursionCounter InInClassLoader = new RecursionCounter();
    RecursionCounter InClassLoaderDepth = new RecursionCounter();
    AllPermission allPerm = new AllPermission();
    IdentityScope scope;
    Hashtable loadedClasses;

    public int getNetworkMode() {
        return this.networkMode;
    }

    public SandboxSecurity() {
        reset();
    }

    public SandboxSecurity(boolean z) {
        reset();
        this.bNoExit = z;
    }

    public void reset() {
        String property = System.getProperty("appletviewer.security.mode");
        if (property == null) {
            this.networkMode = 2;
        } else if (property.equals("unrestricted")) {
            this.networkMode = 3;
        } else if (property.equals("none")) {
            this.networkMode = 1;
        } else {
            this.networkMode = 2;
        }
        this.bCheckSecurity = !Boolean.getBoolean("stardiv.security.disableSecurity");
        IdentityDatabase systemScope = IdentityScope.getSystemScope();
        if (systemScope instanceof IdentityDatabase) {
            this.scope = systemScope;
            debug(new StringBuffer().append("installing ").append(systemScope).append(" as the scope for signers.").toString());
        } else {
            debug("no signer scope found.");
        }
        this.loadedClasses = new Hashtable();
    }

    synchronized boolean inApplet() {
        try {
            this.InCheck.acquire();
            return inClassLoader();
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized Object getSecurityContext() {
        URL url = null;
        try {
            this.InCheck.acquire();
            ClassLoader currentClassLoader = currentClassLoader();
            if (currentClassLoader != null) {
                if (!(currentClassLoader instanceof ClassContextImpl)) {
                    throw new SandboxSecurityException("getsecuritycontext.unknown");
                }
                url = ((ClassContextImpl) currentClassLoader).getBase();
            }
            return url;
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkCreateClassLoader() {
        try {
            this.InCheck.acquire();
            if (this.bCheckSecurity && !isSecureLoader() && classLoaderDepth() == 2) {
                throw new SandboxSecurityException("checkcreateclassloader");
            }
        } finally {
            this.InCheck.release();
        }
    }

    protected synchronized boolean inThreadGroup(ThreadGroup threadGroup) {
        boolean z = false;
        try {
            this.InCheck.acquire();
            ClassLoader currentClassLoader = currentClassLoader();
            if (currentClassLoader instanceof ClassContextImpl) {
                z = ((ClassContextImpl) currentClassLoader).getThreadGroup().parentOf(threadGroup);
            }
            return z;
        } finally {
            this.InCheck.release();
        }
    }

    protected synchronized boolean inThreadGroup(Thread thread) {
        try {
            this.InCheck.acquire();
            return inThreadGroup(thread.getThreadGroup());
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkAccess(Thread thread) {
        try {
            this.InCheck.acquire();
            if (!this.bCheckSecurity || isSecureLoader() || classLoaderDepth() != 3 || inThreadGroup(thread)) {
            } else {
                throw new SandboxSecurityException("checkaccess.thread");
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkAccess(ThreadGroup threadGroup) {
        try {
            this.InCheck.acquire();
            if (!this.bCheckSecurity || isSecureLoader() || classLoaderDepth() != 4 || inThreadGroup(threadGroup)) {
            } else {
                throw new SandboxSecurityException("checkaccess.threadgroup", threadGroup.toString());
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkExit(int i) {
        try {
            this.InCheck.acquire();
            if (this.bNoExit) {
                throw new SandboxSecurityException("checkexit", String.valueOf(i));
            }
            if (this.bCheckSecurity && !isSecureLoader() && inApplet()) {
                throw new SandboxSecurityException("checkexit", String.valueOf(i));
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkExec(String str) {
        try {
            this.InCheck.acquire();
            if (this.bCheckSecurity && !isSecureLoader() && inApplet()) {
                throw new SandboxSecurityException("checkexec", str);
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkLink(String str) {
        try {
            this.InCheck.acquire();
        } finally {
            this.InCheck.release();
        }
        if (this.bCheckSecurity && !isSecureLoader()) {
            switch (classLoaderDepth()) {
                case 2:
                case 3:
                    throw new SandboxSecurityException("checklink", str);
            }
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkPropertiesAccess() {
        try {
            this.InCheck.acquire();
            if (this.bCheckSecurity && !isSecureLoader() && classLoaderDepth() == 2) {
                throw new SandboxSecurityException("checkpropsaccess");
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkPropertyAccess(String str) {
        try {
            this.InCheck.acquire();
            if (this.bCheckSecurity && !isSecureLoader() && classLoaderDepth() == 2) {
                String property = System.getProperty(new StringBuffer().append(str).append(".applet").toString());
                if (!new Boolean(property).booleanValue()) {
                    throw new SandboxSecurityException("checkpropsaccess.key", property);
                }
            }
        } finally {
            this.InCheck.release();
        }
    }

    void parseACL(Vector vector, String str, String str2) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, System.getProperty("path.separator"));
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.startsWith("~")) {
                vector.addElement(new StringBuffer().append(System.getProperty("user.home")).append(nextToken.substring(1)).toString());
            } else if (!nextToken.equals("+")) {
                vector.addElement(nextToken);
            } else if (str2 != null) {
                parseACL(vector, str2, null);
            }
        }
    }

    String[] parseACL(String str, String str2) {
        if (str == null) {
            return new String[0];
        }
        if (str.equals("*")) {
            return null;
        }
        Vector vector = new Vector();
        parseACL(vector, str, str2);
        String[] strArr = new String[vector.size()];
        vector.copyInto(strArr);
        return strArr;
    }

    void initializeACLs() {
        this.readACL = parseACL(System.getProperty("acl.read"), System.getProperty("acl.read.default"));
        this.writeACL = parseACL(System.getProperty("acl.write"), System.getProperty("acl.write.default"));
        this.initACL = true;
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkRead(String str) {
        ClassLoader currentClassLoader;
        try {
            this.InCheck.acquire();
            if (this.bCheckSecurity && !isSecureLoader() && (currentClassLoader = currentClassLoader()) != null) {
                if (!(currentClassLoader instanceof ClassContextImpl)) {
                    throw new SandboxSecurityException("checkread.unknown", str);
                }
                checkRead(str, ((ClassContextImpl) currentClassLoader).getBase());
            }
        } finally {
            this.InCheck.release();
        }
    }

    public synchronized void checkRead(String str, URL url) {
        try {
            this.InCheck.acquire();
            if (!this.bCheckSecurity || url == null || isSecureLoader()) {
                return;
            }
            if (!this.initACL) {
                initializeACLs();
            }
            if (this.readACL == null) {
                this.InCheck.release();
                return;
            }
            try {
                String canonicalPath = new File(str).getCanonicalPath();
                int length = this.readACL.length;
                do {
                    int i = length;
                    length = i - 1;
                    if (i <= 0) {
                        if (url.getProtocol().equals("file")) {
                            try {
                                StringBuffer stringBuffer = new StringBuffer(256);
                                String file = url.getFile();
                                int i2 = 0;
                                while (true) {
                                    int indexOf = file.indexOf("%20", i2);
                                    if (indexOf == -1) {
                                        break;
                                    }
                                    stringBuffer.append(file.substring(i2, indexOf));
                                    stringBuffer.append(" ");
                                    i2 = indexOf + "%20".length();
                                }
                                stringBuffer.append(file.substring(i2));
                                if (canonicalPath.startsWith(new File(stringBuffer.toString()).getCanonicalPath())) {
                                    this.InCheck.release();
                                    return;
                                }
                            } catch (IOException e) {
                                throw new SandboxSecurityException("checkread.exception2", e.toString());
                            }
                        }
                        throw new SandboxSecurityException("checkread", str, canonicalPath);
                    }
                } while (!canonicalPath.startsWith(this.readACL[length]));
                this.InCheck.release();
            } catch (IOException e2) {
                throw new SandboxSecurityException("checkread.exception1", e2.getMessage(), str);
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkRead(String str, Object obj) {
        try {
            this.InCheck.acquire();
            checkRead(str);
            if (obj != null) {
                checkRead(str, (URL) obj);
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkWrite(String str) {
        try {
            this.InCheck.acquire();
            if (this.bCheckSecurity && inApplet() && !isSecureLoader()) {
                if (!this.initACL) {
                    initializeACLs();
                }
                if (this.writeACL == null) {
                    this.InCheck.release();
                    return;
                }
                try {
                    String canonicalPath = new File(str).getCanonicalPath();
                    int length = this.writeACL.length;
                    do {
                        int i = length;
                        length = i - 1;
                        if (i <= 0) {
                            throw new SandboxSecurityException("checkwrite", str, canonicalPath);
                        }
                    } while (!canonicalPath.startsWith(this.writeACL[length]));
                    this.InCheck.release();
                } catch (IOException e) {
                    throw new SandboxSecurityException("checkwrite.exception", e.getMessage(), str);
                }
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkRead(FileDescriptor fileDescriptor) {
        try {
            this.InCheck.acquire();
            if (!this.bCheckSecurity || isSecureLoader() || ((!inApplet() || inClass("java.net.SocketInputStream")) && fileDescriptor.valid())) {
            } else {
                throw new SandboxSecurityException("checkread.fd");
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkWrite(FileDescriptor fileDescriptor) {
        try {
            this.InCheck.acquire();
            if (!this.bCheckSecurity || isSecureLoader() || ((!inApplet() || inClass("java.net.SocketOutputStream")) && fileDescriptor.valid())) {
            } else {
                throw new SandboxSecurityException("checkwrite.fd");
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkListen(int i) {
        try {
            this.InCheck.acquire();
            if (!this.bCheckSecurity || isSecureLoader() || !inApplet() || i <= 0 || i >= 1024) {
            } else {
                throw new SandboxSecurityException("checklisten", String.valueOf(i));
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkAccept(String str, int i) {
        try {
            this.InCheck.acquire();
            if (this.bCheckSecurity && !isSecureLoader()) {
                if (inApplet() && i < 1024) {
                    throw new SandboxSecurityException("checkaccept", str, String.valueOf(i));
                }
                checkConnect(str, i);
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkConnect(String str, int i) {
        try {
            this.InCheck.acquire();
            if (this.bCheckSecurity && !isSecureLoader()) {
                ClassLoader currentClassLoader = currentClassLoader();
                if (currentClassLoader == null) {
                    this.InCheck.release();
                    return;
                }
                if (classDepth("sun.net.www.http.HttpClient") > 1) {
                    this.InCheck.release();
                } else if (getInCheck()) {
                    this.InCheck.release();
                } else {
                    if (!(currentClassLoader instanceof ClassContextImpl)) {
                        throw new SandboxSecurityException("checkconnect.unknown");
                    }
                    checkConnect(((ClassContextImpl) currentClassLoader).getBase().getHost(), str);
                }
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkConnect(String str, int i, Object obj) {
        try {
            this.InCheck.acquire();
            checkConnect(str, i);
            if (obj != null) {
                checkConnect(((URL) obj).getHost(), str);
            }
        } finally {
            this.InCheck.release();
        }
    }

    public synchronized void checkConnect(String str, String str2, boolean z) {
        try {
            this.InCheck.acquire();
        } catch (Throwable th) {
            this.InCheck.release();
            throw th;
        }
        if (!this.bCheckSecurity || isSecureLoader()) {
            this.InCheck.release();
            return;
        }
        if (str == null) {
            this.InCheck.release();
            this.InCheck.release();
            return;
        }
        switch (this.networkMode) {
            case 1:
                throw new SandboxSecurityException("checkconnect.networknone", str, str2);
            case 2:
                try {
                    this.inCheck = true;
                    if (!str.equals(str2)) {
                        try {
                            if (!InetAddress.getByName(str).equals(InetAddress.getByName(str2))) {
                                throw new SandboxSecurityException("checkconnect.networkhost1", str2, str);
                            }
                            this.InCheck.release();
                            this.InCheck.release();
                            return;
                        } catch (UnknownHostException e) {
                            throw new SecurityException(new StringBuffer().append("checkconnect.networkhost2").append(str2).append(str).toString());
                        }
                    }
                    try {
                        InetAddress.getByName(str2);
                        this.InCheck.release();
                        this.InCheck.release();
                        return;
                    } catch (UnknownHostException e2) {
                        if (!z) {
                            throw new SandboxSecurityException("checkconnect.networkhost3", str2);
                        }
                        this.InCheck.release();
                        this.InCheck.release();
                        return;
                    }
                } finally {
                    this.inCheck = false;
                }
            case 3:
                this.InCheck.release();
                this.InCheck.release();
                return;
            default:
                throw new SandboxSecurityException("checkconnect", str, str2);
        }
        this.InCheck.release();
        throw th;
    }

    public synchronized void checkConnect(String str, String str2) {
        try {
            this.InCheck.acquire();
            checkConnect(str, str2, Boolean.getBoolean("trustProxy"));
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized boolean checkTopLevelWindow(Object obj) {
        boolean z = true;
        try {
            this.InCheck.acquire();
            if (this.bCheckSecurity && inClassLoader()) {
                if (!isSecureLoader()) {
                    z = false;
                }
            }
            return z;
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkPackageAccess(String str) {
        try {
            this.InCheck.acquire();
            if (this.bCheckSecurity && inClassLoader() && !isSecureLoader()) {
                if (str.equals("stardiv.applet") || str.equals("stardiv.look") || str.equals("netscape.javascript")) {
                    this.InCheck.release();
                    return;
                }
                for (String str2 : new String[]{"com.sun.star.uno", "com.sun.star.lib.uno", "com.sun.star.comp.connections", "com.sun.star.comp.loader", "com.sun.star.comp.servicemanager"}) {
                    if (str.startsWith(str2)) {
                        throw new SandboxSecurityException("checkpackageaccess2", str);
                    }
                }
                int indexOf = str.indexOf(46);
                while (indexOf > 0) {
                    if (Boolean.getBoolean(new StringBuffer().append("package.restrict.access.").append(str.substring(0, indexOf)).toString())) {
                        throw new SandboxSecurityException("checkpackageaccess", str);
                    }
                    indexOf = str.indexOf(46, indexOf + 1);
                }
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkPackageDefinition(String str) {
        try {
            this.InCheck.acquire();
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkSetFactory() {
        try {
            this.InCheck.acquire();
            if (this.bCheckSecurity && inApplet() && !isSecureLoader()) {
                throw new SandboxSecurityException("cannotsetfactory");
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkMemberAccess(Class cls, int i) {
        ClassLoader currentClassLoader;
        try {
            this.InCheck.acquire();
            if (!this.bCheckSecurity || isSecureLoader() || i == 0 || (currentClassLoader = currentClassLoader()) == null || classLoaderDepth() > 3 || currentClassLoader == cls.getClassLoader()) {
            } else {
                throw new SandboxSecurityException("checkmemberaccess");
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkPrintJobAccess() {
        try {
            this.InCheck.acquire();
            if (this.bCheckSecurity && inApplet() && !isSecureLoader()) {
                throw new SandboxSecurityException("checkgetprintjob");
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkSystemClipboardAccess() {
        try {
            this.InCheck.acquire();
            if (this.bCheckSecurity && inApplet() && !isSecureLoader()) {
                throw new SandboxSecurityException("checksystemclipboardaccess");
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkAwtEventQueueAccess() {
        try {
            this.InCheck.acquire();
            if (this.bCheckSecurity && inClassLoader()) {
                if (!isSecureLoader()) {
                }
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkSecurityAccess(String str) {
        try {
            this.InCheck.acquire();
            if (this.bCheckSecurity && inApplet() && !isSecureLoader()) {
                throw new SandboxSecurityException("checksecurityaccess", str);
            }
        } finally {
            this.InCheck.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized ThreadGroup getThreadGroup() {
        try {
            this.InCheck.acquire();
            ClassLoader currentClassLoader = currentClassLoader();
            return (currentClassLoader == null || !(currentClassLoader instanceof ClassContextImpl)) ? super.getThreadGroup() : inThreadGroup(Thread.currentThread()) ? Thread.currentThread().getThreadGroup() : ((ClassContextImpl) currentClassLoader).getThreadGroup();
        } finally {
            this.InCheck.release();
        }
    }

    public void debug(String str) {
        if (debug) {
            System.err.println(str);
        }
    }

    private synchronized boolean isSecureLoader() {
        boolean z;
        this.InIsSecureLoader.acquire();
        try {
            ClassLoader currentClassLoader = currentClassLoader();
            if (currentClassLoader == null) {
                z = true;
            } else if (currentClassLoader instanceof ClassContextImpl) {
                z = !((ClassContextImpl) currentClassLoader).checkSecurity();
            } else {
                z = true;
            }
            return z;
        } finally {
            this.InIsSecureLoader.release();
        }
    }

    @Override // java.lang.SecurityManager
    public synchronized void checkPermission(java.security.Permission permission) {
        if ((this.InIsSecureLoader.inRecursion() || this.InInClassLoader.inRecursion() || this.InClassLoaderDepth.inRecursion()) && permission.implies(this.allPerm)) {
            throw new SandboxSecurityException("checkPermission ", permission.toString());
        }
        if (!this.InCheck.inRecursion() && !isSecureLoader()) {
            throw new SandboxSecurityException("checkPermission ", permission.toString());
        }
    }

    @Override // java.lang.SecurityManager
    protected boolean inClassLoader() {
        this.InInClassLoader.acquire();
        try {
            return super.inClassLoader();
        } finally {
            this.InInClassLoader.release();
        }
    }

    @Override // java.lang.SecurityManager
    protected int classLoaderDepth() {
        this.InClassLoaderDepth.acquire();
        try {
            return super.classLoaderDepth();
        } finally {
            this.InClassLoaderDepth.release();
        }
    }
}
