package com.floragunn.searchguard.test.helper.cluster;

import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.security.NoSuchAlgorithmException;
import java.security.Permissions;
import java.security.Policy;
import java.security.URIParameter;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.elasticsearch.bootstrap.BootstrapInfo;
import org.elasticsearch.bootstrap.FilePermissionUtils;
import org.elasticsearch.core.PathUtils;
import org.elasticsearch.core.SuppressForbidden;
import org.elasticsearch.jdk.JarHell;

/* loaded from: input_file:com/floragunn/searchguard/test/helper/cluster/EsJavaSecurity.class */
public class EsJavaSecurity {
    /* JADX INFO: Access modifiers changed from: package-private */
    public static Policy getBaseEsSecurityPolicy() {
        return readPolicy(BootstrapInfo.class.getResource("security.policy"), getCodebases());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Policy getSgPluginSecurityPolicy() {
        return readPolicy(EsJavaSecurity.class.getResource("/sg-plugin-security.policy"), getCodebases());
    }

    @SuppressForbidden(reason = "find URL path")
    static Map<String, URL> getCodebaseJarMap(Set<URL> set) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (URL url : set) {
            try {
                String path = PathUtils.get(url.toURI()).getFileName().toString();
                if (path.endsWith(".jar")) {
                    linkedHashMap.put(path, url);
                }
            } catch (URISyntaxException e) {
                throw new RuntimeException(e);
            }
        }
        return linkedHashMap;
    }

    @SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
    static Policy readPolicy(URL url, Map<String, URL> map) {
        try {
            ArrayList arrayList = new ArrayList();
            try {
                for (Map.Entry<String, URL> entry : map.entrySet()) {
                    String key = entry.getKey();
                    URL value = entry.getValue();
                    String str = "codebase." + key;
                    String str2 = "codebase." + key.replaceFirst("-\\d+\\.\\d+.*\\.jar", "");
                    if (!str2.equals(str)) {
                        arrayList.add(str2);
                        System.setProperty(str2, value.toString());
                    }
                    arrayList.add(str);
                    System.setProperty(str, value.toString());
                }
                Policy policy = Policy.getInstance("JavaPolicy", new URIParameter(url.toURI()));
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    System.clearProperty((String) it.next());
                }
                return policy;
            } catch (Throwable th) {
                Iterator it2 = arrayList.iterator();
                while (it2.hasNext()) {
                    System.clearProperty((String) it2.next());
                }
                throw th;
            }
        } catch (URISyntaxException | NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("unable to parse policy file `" + url + "`", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
    public static Permissions getClasspathPermissions() {
        try {
            Permissions permissions = new Permissions();
            Iterator it = JarHell.parseClassPath().iterator();
            while (it.hasNext()) {
                try {
                    Path path = PathUtils.get(((URL) it.next()).toURI());
                    if (Files.isDirectory(path, new LinkOption[0])) {
                        FilePermissionUtils.addDirectoryPath(permissions, "class.path", path, "read,readlink", false);
                    } else {
                        FilePermissionUtils.addSingleFilePath(permissions, path, "read,readlink");
                    }
                } catch (URISyntaxException e) {
                    throw new RuntimeException(e);
                }
            }
            return permissions;
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Permissions getMiscPermissions() {
        try {
            Permissions permissions = new Permissions();
            FilePermissionUtils.addDirectoryPath(permissions, "java.io.tmpdir", PathUtils.get((String) Objects.requireNonNull(System.getProperty("java.io.tmpdir"), "please set ${java.io.tmpdir} in pom.xml"), new String[0]), "read,readlink,write,delete", false);
            permissions.add(new RuntimePermission("getStackWalkerWithClassReference"));
            return permissions;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    static Map<String, URL> getCodebases() {
        Map<String, URL> codebaseJarMap = getCodebaseJarMap(JarHell.parseClassPath());
        addClassCodebase(codebaseJarMap, "elasticsearch", "org.elasticsearch.plugins.PluginsService");
        if (System.getProperty("tests.gradle") == null) {
            addClassCodebase(codebaseJarMap, "plugin-classloader", "org.elasticsearch.plugins.ExtendedPluginsClassLoader");
            addClassCodebase(codebaseJarMap, "elasticsearch-nio", "org.elasticsearch.nio.ChannelFactory");
            addClassCodebase(codebaseJarMap, "elasticsearch-secure-sm", "org.elasticsearch.secure_sm.SecureSM");
            addClassCodebase(codebaseJarMap, "elasticsearch-rest-client", "org.elasticsearch.client.RestClient");
        }
        return codebaseJarMap;
    }

    private static void addClassCodebase(Map<String, URL> map, String str, String str2) {
        try {
            URL location = EsJavaSecurity.class.getClassLoader().loadClass(str2).getProtectionDomain().getCodeSource().getLocation();
            if (location.toString().endsWith(".jar") || map.put(str, location) == null) {
            } else {
                throw new IllegalStateException("Already added " + str + " codebase for testing");
            }
        } catch (ClassNotFoundException e) {
        }
    }
}
