package com.sony.bdjstack.core;

import com.sony.bdjstack.security.cert.RootCertManager;
import com.sony.gemstack.core.CoreAppClassLoader;
import com.sony.gemstack.core.CoreAppContext;
import com.sony.gemstack.core.CoreIxcClassLoader;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.URL;
import java.net.URLClassLoader;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.PermissionCollection;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.StringTokenizer;
import java.util.jar.Attributes;
import java.util.jar.Manifest;

/* loaded from: input_file:com/sony/bdjstack/core/XletClassLoader.class */
class XletClassLoader extends URLClassLoader implements CoreAppClassLoader, CoreIxcClassLoader {
    private CoreAppContext appContext;
    private URLClassPath ucp;
    private AccessControlContext acc;

    public XletClassLoader(URL[] urlArr, boolean z) {
        super(urlArr);
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkCreateClassLoader();
        }
        this.ucp = new URLClassPath(urlArr, z, this);
        this.acc = AccessController.getContext();
    }

    public void addClassPath(URL url) {
        this.ucp.addClassPath(url);
    }

    public void reloadJarFile() {
        this.ucp.reloadJarFile(this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAppContext(CoreAppContext coreAppContext) {
        this.appContext = coreAppContext;
    }

    @Override // com.sony.gemstack.core.CoreAppClassLoader
    public CoreAppContext getAppContext() {
        return this.appContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.lang.ClassLoader
    public Class loadClass(String str, boolean z) throws ClassNotFoundException {
        if (SysProfile.usesJSSEforCDC10() && str.startsWith("javax.net.ssl") && (str.equals("javax.net.ssl.HostnameVerifier") || str.equals("javax.net.ssl.KeyManager") || str.equals("javax.net.ssl.ManagerFactoryParameters") || str.equals("javax.net.ssl.TrustManager") || str.equals("javax.net.ssl.X509KeyManager") || str.equals("javax.net.ssl.X509TrustManager") || str.equals("javax.net.ssl.HttpsURLConnection") || str.equals("javax.net.ssl.KeyManagerFactory") || str.equals("javax.net.ssl.KeyManagerFactorySpi") || str.equals("javax.net.ssl.SSLContext") || str.equals("javax.net.ssl.SSLContextSpi") || str.equals("javax.net.ssl.SSLPermission") || str.equals("javax.net.ssl.TrustManagerFactory") || str.equals("javax.net.ssl.TrustManagerFactorySpi"))) {
            throw new ClassNotFoundException();
        }
        return super.loadClass(str, z);
    }

    @Override // com.sony.gemstack.core.CoreIxcClassLoader
    public Class findLoadedProxyClass(String str) {
        return findLoadedClass(str.replace('/', '.'));
    }

    @Override // com.sony.gemstack.core.CoreIxcClassLoader
    public Class defineProxyClass(String str, byte[] bArr) {
        String replace = str.startsWith("/") ? str.substring(1).replace('/', '.') : str.replace('/', '.');
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPackageDefinition(packageName(replace));
        }
        return defineClass(replace, bArr, 0, bArr.length);
    }

    static String packageName(String str) {
        int lastIndexOf = str.lastIndexOf(46);
        return lastIndexOf == -1 ? "" : str.substring(0, lastIndexOf);
    }

    @Override // java.net.URLClassLoader, java.security.SecureClassLoader
    protected PermissionCollection getPermissions(CodeSource codeSource) {
        Certificate[] certificates = codeSource.getCertificates();
        if (needsToVerify() && !RootCertManager.inKeyStore(certificates)) {
            System.err.println("cannot load unsigned class.");
            dumpCertificates(codeSource.toString(), certificates);
            throw new SecurityException("cannot load unsigned class.");
        }
        ProtectionDomain protectionDomain = getAppContext().getProtectionDomain();
        if (protectionDomain != null) {
            return protectionDomain.getPermissions();
        }
        return null;
    }

    @Override // java.net.URLClassLoader, java.lang.ClassLoader
    protected Class findClass(String str) throws ClassNotFoundException {
        SecurityManager securityManager;
        int lastIndexOf = str.lastIndexOf(46);
        if (lastIndexOf != -1 && (securityManager = System.getSecurityManager()) != null) {
            securityManager.checkPackageDefinition(str.substring(0, lastIndexOf));
        }
        try {
            return (Class) AccessController.doPrivileged(new PrivilegedExceptionAction(this, str) { // from class: com.sony.bdjstack.core.XletClassLoader.1
                private final String val$name;
                private final XletClassLoader this$0;

                {
                    this.this$0 = this;
                    this.val$name = str;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws ClassNotFoundException {
                    String concat = this.val$name.replace('.', '/').concat(".class");
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    Resource resource = this.this$0.ucp.getResource(concat, false, byteArrayOutputStream);
                    if (resource == null) {
                        throw new ClassNotFoundException(this.val$name);
                    }
                    try {
                        return this.this$0.defineClass1(this.val$name, resource, byteArrayOutputStream.toByteArray());
                    } catch (IOException e) {
                        throw new ClassNotFoundException(this.val$name, e);
                    }
                }
            }, this.acc);
        } catch (PrivilegedActionException e) {
            throw ((ClassNotFoundException) e.getException());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Class defineClass1(String str, Resource resource, byte[] bArr) throws IOException {
        boolean z;
        int lastIndexOf = str.lastIndexOf(46);
        URL codeSourceURL = resource.getCodeSourceURL();
        if (lastIndexOf != -1) {
            String substring = str.substring(0, lastIndexOf);
            Package r0 = getPackage(substring);
            Manifest manifest = resource.getManifest();
            if (r0 != null) {
                if (r0.isSealed()) {
                    z = r0.isSealed(codeSourceURL);
                } else {
                    z = manifest == null || !isSealed(substring, manifest);
                }
                if (!z) {
                    throw new SecurityException("sealing violation");
                }
            } else if (manifest != null) {
                definePackage(substring, manifest, codeSourceURL);
            } else {
                definePackage(substring, null, null, null, null, null, null, null);
            }
        }
        try {
            Certificate[] certificates = resource.getCertificates();
            checkOrganizationId(certificates);
            if (certificates != null && !resource.isBDJVerified()) {
                certificates = null;
            }
            return defineClass(str, bArr, 0, bArr.length, new CodeSource(codeSourceURL, certificates));
        } catch (SecurityException e) {
            throw new IOException(e.getMessage());
        }
    }

    private void checkOrganizationId(Certificate[] certificateArr) throws SecurityException {
        if (certificateArr == null) {
            return;
        }
        for (Certificate certificate : certificateArr) {
            StringTokenizer stringTokenizer = new StringTokenizer(((X509Certificate) certificate).getSubjectDN().getName(), ",");
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                if (nextToken.startsWith("O=") || nextToken.startsWith(" O=")) {
                    int lastIndexOf = nextToken.lastIndexOf(".");
                    if (lastIndexOf != -1 && ((int) Long.parseLong(nextToken.substring(lastIndexOf + 1), 16)) == this.appContext.getCoreAppId().getOID()) {
                        return;
                    }
                }
            }
        }
        throw new SecurityException("cannot load classes with invalid oid");
    }

    private boolean isSealed(String str, Manifest manifest) {
        Attributes mainAttributes;
        Attributes attributes = manifest.getAttributes(str.replace('.', '/').concat("/"));
        String str2 = null;
        if (attributes != null) {
            str2 = attributes.getValue(Attributes.Name.SEALED);
        }
        if (str2 == null && (mainAttributes = manifest.getMainAttributes()) != null) {
            str2 = mainAttributes.getValue(Attributes.Name.SEALED);
        }
        return "true".equalsIgnoreCase(str2);
    }

    @Override // java.net.URLClassLoader, java.lang.ClassLoader
    public URL findResource(String str) {
        Resource resource = (Resource) AccessController.doPrivileged(new PrivilegedAction(this, str) { // from class: com.sony.bdjstack.core.XletClassLoader.2
            private final String val$name;
            private final XletClassLoader this$0;

            {
                this.this$0 = this;
                this.val$name = str;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.this$0.ucp.getResource(this.val$name, true);
            }
        }, this.acc);
        if (resource == null) {
            return null;
        }
        try {
            Certificate[] certificates = resource.getCertificates();
            if (!needsToVerify() || RootCertManager.inKeyStore(certificates)) {
                if (resource != null) {
                    return this.ucp.checkURL(resource.getURL());
                }
                return null;
            }
            System.err.println("cannot load unsigned resource.");
            dumpCertificates(str, certificates);
            return null;
        } catch (SecurityException e) {
            e.printStackTrace();
            System.err.println("cannot load unsigned resource.");
            return null;
        }
    }

    private boolean needsToVerify() {
        if (getAppContext() == null || getAppContext().getCoreAppId() == null) {
            return true;
        }
        return getAppContext().getCoreAppId().isSigned();
    }

    private void dumpCertificates(String str, Certificate[] certificateArr) {
        if (certificateArr == null) {
            return;
        }
        for (int i = 0; i < certificateArr.length; i++) {
        }
    }

    public String toString() {
        return new StringBuffer().append("XletClassLoader@").append(Integer.toHexString(hashCode())).toString();
    }

    protected void finalize() throws Throwable {
        super.finalize();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void cleanup() {
        if (this.ucp != null) {
            URLClassPath uRLClassPath = this.ucp;
            URLClassPath.cleanup(this);
        }
    }
}
