package com.sun.server.realm.certificate;

import com.sun.server.realm.BadAclException;
import com.sun.server.realm.BadRealmException;
import com.sun.server.realm.NoSuchGroupException;
import com.sun.server.realm.NoSuchUserException;
import com.sun.server.realm.Realm;
import com.sun.server.realm.util.FileAcl;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.EOFException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
import java.security.Principal;
import java.security.acl.AclEntry;
import java.security.acl.NotOwnerException;
import java.security.acl.Permission;
import java.util.Enumeration;
import java.util.StringTokenizer;
import sun.security.acl.AclEntryImpl;
import sun.security.acl.PermissionImpl;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.x509.X500Name;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/sun/server/realm/certificate/CertificateAcl.class */
public final class CertificateAcl extends FileAcl {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/sun/server/realm/certificate/CertificateAcl$CertificateEntry.class */
    public class CertificateEntry {
        private final CertificateAcl this$0;
        private X500Name name;
        private String attrString;
        private String permissions;

        public CertificateEntry(CertificateAcl certificateAcl, X500Name x500Name, String str, String str2) {
            this.this$0 = certificateAcl;
            this.this$0 = certificateAcl;
            this.name = x500Name;
            this.attrString = str;
            this.permissions = str2;
        }

        public X500Name getPrincipal() {
            return this.name;
        }

        public String getAttributeString() {
            return this.attrString;
        }

        public String getPermissions() {
            return this.permissions;
        }
    }

    private CertificateAcl(Principal principal, String str) {
        super(principal, str);
    }

    private CertificateAcl(Principal principal, String str, File file) {
        super(principal, str);
        this.aclFile = file;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CertificateAcl loadAcl(String str, Realm realm, Principal principal) throws IOException, BadRealmException {
        CertificateEntry readEntry;
        File file = FileAcl.getFile(str, realm.getRealmDir());
        DataInputStream dataInputStream = new DataInputStream(new FileInputStream(file));
        int i = 0;
        int i2 = 0;
        CertificateAcl certificateAcl = new CertificateAcl(principal, str, file);
        certificateAcl.realm = realm;
        do {
            try {
                readEntry = certificateAcl.readEntry(dataInputStream);
                String trim = readEntry.getAttributeString().trim();
                X500Name principal2 = readEntry.getPrincipal();
                String trim2 = readEntry.getPermissions().trim();
                try {
                    AclEntry aclEntry = getAclEntry(trim, principal2, realm);
                    i++;
                    if (trim.equals("+Host") || trim.equals("-Host")) {
                        i2++;
                    }
                    StringTokenizer stringTokenizer = new StringTokenizer(trim2, ",");
                    while (stringTokenizer.hasMoreTokens()) {
                        aclEntry.addPermission(new PermissionImpl(stringTokenizer.nextToken()));
                    }
                    try {
                        certificateAcl.addFileAclEntry(principal, aclEntry);
                    } catch (NotOwnerException e) {
                        Realm.logError(e, "not owner; internal error");
                        throw new BadAclException("not owner; internal error");
                    }
                } catch (Exception e2) {
                    String stringBuffer = new StringBuffer("bad entry in ACL:  ").append(trim).append(".").append(principal2).toString();
                    Realm.logError(e2, stringBuffer);
                    throw new BadAclException(stringBuffer);
                }
            } catch (EOFException unused) {
            }
        } while (readEntry != null);
        if (i > 0 && i == i2) {
            certificateAcl.hasOnlyHostEntries(true);
        }
        return certificateAcl;
    }

    private static AclEntry getAclEntry(String str, X500Name x500Name, Realm realm) throws BadRealmException, NoSuchUserException, NoSuchGroupException {
        boolean z = false;
        CertificateRealm certificateRealm = (CertificateRealm) realm;
        if (str.startsWith("-")) {
            z = true;
        }
        if (!str.startsWith("User", 1) && !str.startsWith("User")) {
            throw new BadAclException(new StringBuffer("Invalid ACL syntax: ").append(str).append(".").append(x500Name).toString());
        }
        AclEntryImpl aclEntryImpl = new AclEntryImpl(certificateRealm.getUser(x500Name));
        if (z) {
            aclEntryImpl.setNegativePermissions();
        }
        return aclEntryImpl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CertificateAcl buildAcl(String str, Realm realm, Principal principal) throws IOException {
        File file = FileAcl.getFile(str, realm.getRealmDir());
        if (file.exists()) {
            throw new IOException(new StringBuffer("ACL \"").append(str).append("\" already exists").toString());
        }
        new FileOutputStream(file);
        CertificateAcl certificateAcl = new CertificateAcl(principal, str, file);
        certificateAcl.realm = realm;
        certificateAcl.sync();
        return certificateAcl;
    }

    @Override // com.sun.server.realm.util.FileAcl
    protected synchronized void sync() throws IOException {
        String stringBuffer = new StringBuffer(String.valueOf(this.aclFile.toString())).append("tmp").toString();
        FileOutputStream fileOutputStream = new FileOutputStream(stringBuffer);
        PrintStream printStream = new PrintStream(fileOutputStream);
        Enumeration entries = entries();
        while (entries.hasMoreElements()) {
            AclEntry aclEntry = (AclEntry) entries.nextElement();
            Enumeration<Permission> permissions = aclEntry.permissions();
            String str = "";
            boolean z = true;
            do {
                String permission = permissions.nextElement().toString();
                if (z) {
                    z = false;
                } else {
                    str = new StringBuffer(String.valueOf(str)).append(",").toString();
                }
                str = new StringBuffer(String.valueOf(str)).append(permission).toString();
            } while (permissions.hasMoreElements());
            System.out.println(new StringBuffer("Permissions:").append(str).toString());
            addUser(fileOutputStream, ((CertificateUser) aclEntry.getPrincipal()).getCertificate().getSubjectName(), str, aclEntry.isNegative());
        }
        printStream.close();
        File file = new File(stringBuffer);
        this.aclFile.delete();
        file.renameTo(this.aclFile);
    }

    public CertificateEntry readEntry(DataInputStream dataInputStream) throws IOException {
        byte[] bArr = new byte[dataInputStream.readInt()];
        dataInputStream.read(bArr);
        String str = new String(bArr);
        byte[] bArr2 = new byte[dataInputStream.readInt()];
        dataInputStream.read(bArr2);
        X500Name x500Name = new X500Name(new DerInputStream(bArr2));
        byte[] bArr3 = new byte[dataInputStream.readInt()];
        dataInputStream.read(bArr3);
        return new CertificateEntry(this, x500Name, str, new String(bArr3));
    }

    public void addUser(OutputStream outputStream, X500Name x500Name, String str, boolean z) throws IOException {
        DataOutputStream dataOutputStream = new DataOutputStream(outputStream);
        String str2 = z ? new String("-User") : new String("+User");
        dataOutputStream.writeInt(str2.length());
        dataOutputStream.writeBytes(str2);
        emitX500Name(x500Name, dataOutputStream);
        dataOutputStream.writeInt(str.length());
        dataOutputStream.writeBytes(str);
    }

    private void emitX500Name(X500Name x500Name, DataOutputStream dataOutputStream) throws IOException {
        DerOutputStream derOutputStream = new DerOutputStream();
        x500Name.emit(derOutputStream);
        byte[] byteArray = derOutputStream.toByteArray();
        dataOutputStream.writeInt(byteArray.length);
        dataOutputStream.writeBytes(new String(byteArray));
    }
}
