package com.floragunn.searchguard.test.helper.cluster;

import java.io.FilePermission;
import java.net.SocketPermission;
import java.security.AccessControlException;
import java.security.Permission;
import java.security.Permissions;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantLock;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.junit.rules.ExternalResource;
import org.opensearch.bootstrap.BootstrapInfo;
import org.opensearch.monitor.jvm.JvmInfo;
import org.opensearch.secure_sm.SecureSM;

/* loaded from: input_file:com/floragunn/searchguard/test/helper/cluster/JavaSecurityTestSetup.class */
public class JavaSecurityTestSetup extends ExternalResource {
    private static final Logger log = LogManager.getLogger(JavaSecurityTestSetup.class);
    private static ReentrantLock lock = new ReentrantLock();
    private static Policy baseSystemPolicy = Policy.getPolicy();
    private static Policy baseEsPolicy = EsJavaSecurity.getBaseEsSecurityPolicy();
    private static Policy sgPluginPolicy = EsJavaSecurity.getSgPluginSecurityPolicy();
    private static Permissions classPathPermissions = EsJavaSecurity.getClasspathPermissions();
    private static Permissions miscPermissions = EsJavaSecurity.getMiscPermissions();
    private boolean enabled = System.getProperty("sg.test-java-security.enabled", "true").equals("true");

    /* loaded from: input_file:com/floragunn/searchguard/test/helper/cluster/JavaSecurityTestSetup$TestPolicy.class */
    static class TestPolicy extends Policy {
        private static final Pattern JAR_PATTERN = Pattern.compile(".*/(.*?)(-[0-9]+\\.[0-9]+(\\.[0-9]+)?(\\.[^\\.]+)?)?\\.jar$");

        TestPolicy() {
        }

        @Override // java.security.Policy
        public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
            if (permission instanceof FilePermission) {
                FilePermission filePermission = (FilePermission) permission;
                if (filePermission.getName().contains("data") || filePermission.getName().contains("/target/test-classes/") || filePermission.getName().contains("/config") || filePermission.getName().contains("/sgconfig") || filePermission.getName().contains("/search-guard-suite") || filePermission.getName().contains("/modules") || filePermission.getName().contains("/plugins")) {
                    return true;
                }
            }
            if (JavaSecurityTestSetup.baseEsPolicy.implies(protectionDomain, permission) || JavaSecurityTestSetup.classPathPermissions.implies(permission) || JavaSecurityTestSetup.miscPermissions.implies(permission) || (permission instanceof SocketPermission)) {
                return true;
            }
            if (JavaSecurityTestSetup.baseSystemPolicy != null && JavaSecurityTestSetup.baseSystemPolicy.implies(protectionDomain, permission)) {
                return true;
            }
            String protectionDomainKey = getProtectionDomainKey(protectionDomain);
            if ((permission instanceof SocketPermission) && JavaSecurityTestSetup.log.isTraceEnabled()) {
                JavaSecurityTestSetup.log.trace(permission + " " + protectionDomainKey + " " + protectionDomain.getCodeSource().getLocation() + " " + protectionDomain.getClassLoader());
            }
            return !"search-guard-plugin".equals(protectionDomainKey) || JavaSecurityTestSetup.sgPluginPolicy.implies(protectionDomain, permission);
        }

        private String getProtectionDomainKey(ProtectionDomain protectionDomain) {
            String externalForm = protectionDomain.getCodeSource().getLocation().toExternalForm();
            if (externalForm.contains("/org.opensearch/") && externalForm.endsWith(".jar")) {
                return "es";
            }
            if (externalForm.contains("/org/apache/lucene/") && externalForm.endsWith(".jar")) {
                return "lucene";
            }
            if (externalForm.contains("/io/netty/") && externalForm.endsWith(".jar")) {
                return "netty";
            }
            Matcher matcher = JAR_PATTERN.matcher(externalForm);
            return matcher.matches() ? matcher.group(1) + ".jar" : externalForm.endsWith("/target/test-classes/") ? "test-classes" : externalForm.endsWith("/target/classes/") ? "search-guard-plugin" : externalForm.contains("eclipse/configuration") ? "test-runner" : externalForm;
        }
    }

    public JavaSecurityTestSetup() {
        if (this.enabled) {
            if (lock.isLocked()) {
                try {
                    if (!lock.tryLock(10L, TimeUnit.SECONDS)) {
                        log.warn("***** Multithreaded use of TestJavaSecurityManagement is not possible. Waiting for current owner to finish: " + lock);
                        lock.lock();
                    }
                } catch (InterruptedException e) {
                    throw new RuntimeException(e);
                }
            }
            Policy.setPolicy(new TestPolicy());
            System.setSecurityManager(SecureSM.createTestSecureSM());
            log.info("JavaSecurityTestSetup has been installed");
        }
    }

    protected void after() {
        try {
            if (this.enabled) {
                System.setSecurityManager(null);
                Policy.setPolicy(baseSystemPolicy);
            }
            if (lock.isHeldByCurrentThread()) {
                lock.unlock();
            }
        } catch (Throwable th) {
            if (lock.isHeldByCurrentThread()) {
                lock.unlock();
            }
            throw th;
        }
    }

    static {
        try {
            JvmInfo.jvmInfo();
        } catch (AccessControlException e) {
        }
        try {
            BootstrapInfo.init();
        } catch (AccessControlException e2) {
        }
        try {
            BootstrapInfo.isNativesAvailable();
        } catch (AccessControlException e3) {
        }
    }
}
