package com.nesscomputing.testing.lessio;

import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.io.FileDescriptor;
import java.net.InetAddress;
import java.net.URLClassLoader;
import java.security.Permission;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import org.junit.internal.runners.statements.InvokeMethod;
import org.junit.internal.runners.statements.RunAfters;
import org.junit.internal.runners.statements.RunBefores;
import org.junit.rules.TestRule;
import org.junit.runners.ParentRunner;
import org.junit.runners.model.FrameworkMethod;
import org.junit.runners.model.Statement;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/nesscomputing/testing/lessio/LessIOSecurityManager.class */
public class LessIOSecurityManager extends SecurityManager {
    private static final Set<Class<?>> TESTRUNNER_CLASSES;
    private final int lowestEphemeralPort = Integer.getInteger("ness.testing.low-ephemeral-port", Integer.getInteger("kawala.testing.low-ephemeral-port", 32768)).intValue();
    private final int highestEphemeralPort = Integer.getInteger("ness.testing.high-ephemeral-port", Integer.getInteger("kawala.testing.high-ephemeral-port", 65535)).intValue();
    private final Set<Integer> allocatedEphemeralPorts = Sets.newSetFromMap(Maps.newConcurrentMap());
    private final boolean reporting = Boolean.getBoolean("ness.testing.security-manager.reporting");
    protected static final String JAVA_HOME = System.getProperty("java.home");
    protected static final String PATH_SEPARATOR = System.getProperty("path.separator");
    protected static final AtomicReference<List<String>> CP_PARTS = new AtomicReference<>(getClassPath());
    protected static final String TMP_DIR = System.getProperty("java.io.tmpdir").replaceFirst("/$", "");
    private static final Set<Class<?>> whitelistedClasses = ImmutableSet.of(ClassLoader.class, URLClassLoader.class);
    private static final Set<String> LOCAL_HOSTS = ImmutableSet.of("localhost", "127.0.0.1", "::1");

    /* loaded from: input_file:com/nesscomputing/testing/lessio/LessIOSecurityManager$CantDoItException.class */
    public static class CantDoItException extends RuntimeException {
        private static final long serialVersionUID = -8858380898538847118L;

        public CantDoItException() {
        }

        public CantDoItException(String str) {
            super(str);
        }

        public CantDoItException(String str, CantDoItException cantDoItException) {
            super(str, cantDoItException);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/nesscomputing/testing/lessio/LessIOSecurityManager$LogHolder.class */
    public static class LogHolder {
        private static final Logger LOG = LoggerFactory.getLogger(LessIOSecurityManager.class);

        private LogHolder() {
        }
    }

    protected Set<Class<?>> getWhitelistedClasses() {
        return whitelistedClasses;
    }

    private static ImmutableList<String> getClassPath() {
        return ImmutableList.copyOf(System.getProperty("java.class.path").split(PATH_SEPARATOR));
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    public static boolean hasAnnotations(Class<?> cls, Class<?>... clsArr) {
        Preconditions.checkArgument(cls != null, "clazz argument can not be null!");
        Preconditions.checkArgument(clsArr != 0 && clsArr.length > 0, "at least one annotation must be present");
        Class<?> cls2 = cls;
        while (true) {
            Class<?> cls3 = cls2;
            if (cls3 == null) {
                return false;
            }
            Class<?> enclosingClass = cls3.getEnclosingClass();
            for (Class<A> cls4 : clsArr) {
                if (cls3.getAnnotation(cls4) != null) {
                    return true;
                }
                while (enclosingClass != null) {
                    if (enclosingClass.getAnnotation(cls4) != null) {
                        return true;
                    }
                    enclosingClass = enclosingClass.getEnclosingClass();
                }
            }
            cls2 = cls3.getSuperclass();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    public static <T> T findAnnotation(Class<?> cls, Class<T> cls2) {
        Preconditions.checkArgument(cls != null, "clazz argument can not be null!");
        Preconditions.checkArgument(cls2 != 0, "annotation must be present");
        Class<?> cls3 = cls;
        while (true) {
            Class<?> cls4 = cls3;
            if (cls4 == null) {
                return null;
            }
            T t = (T) cls4.getAnnotation(cls2);
            if (t != null) {
                return t;
            }
            for (Class<?> enclosingClass = cls4.getEnclosingClass(); enclosingClass != null; enclosingClass = enclosingClass.getEnclosingClass()) {
                T t2 = (T) enclosingClass.getAnnotation(cls2);
                if (t2 != null) {
                    return t2;
                }
            }
            cls3 = cls4.getSuperclass();
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:25:0x005c, code lost:
    
        r0 = r4.getInterfaces();
        r0 = r0.length;
        r9 = 0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:27:0x0070, code lost:
    
        if (r9 >= r0) goto L43;
     */
    /* JADX WARN: Code restructure failed: missing block: B:29:0x007f, code lost:
    
        if (isTestrunnerClass(r0[r9]) == false) goto L32;
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x0084, code lost:
    
        r9 = r9 + 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x0082, code lost:
    
        return true;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static boolean isTestrunnerClass(java.lang.Class<?> r3) {
        /*
            r0 = r3
            r4 = r0
        L2:
            r0 = r4
            if (r0 == 0) goto L92
            java.util.Set<java.lang.Class<?>> r0 = com.nesscomputing.testing.lessio.LessIOSecurityManager.TESTRUNNER_CLASSES
            r1 = r4
            boolean r0 = r0.contains(r1)
            if (r0 == 0) goto L14
            r0 = 1
            return r0
        L14:
            r0 = r4
            java.lang.Class r0 = r0.getEnclosingClass()
            r5 = r0
        L19:
            r0 = r5
            if (r0 == 0) goto L5c
            r0 = r5
            boolean r0 = isTestrunnerClass(r0)
            if (r0 == 0) goto L26
            r0 = 1
            return r0
        L26:
            r0 = r5
            java.lang.Class[] r0 = r0.getInterfaces()
            r6 = r0
            r0 = r6
            r7 = r0
            r0 = r7
            int r0 = r0.length
            r8 = r0
            r0 = 0
            r9 = r0
        L36:
            r0 = r9
            r1 = r8
            if (r0 >= r1) goto L54
            r0 = r7
            r1 = r9
            r0 = r0[r1]
            r10 = r0
            r0 = r10
            boolean r0 = isTestrunnerClass(r0)
            if (r0 == 0) goto L4e
            r0 = 1
            return r0
        L4e:
            int r9 = r9 + 1
            goto L36
        L54:
            r0 = r5
            java.lang.Class r0 = r0.getEnclosingClass()
            r5 = r0
            goto L19
        L5c:
            r0 = r4
            java.lang.Class[] r0 = r0.getInterfaces()
            r6 = r0
            r0 = r6
            r7 = r0
            r0 = r7
            int r0 = r0.length
            r8 = r0
            r0 = 0
            r9 = r0
        L6c:
            r0 = r9
            r1 = r8
            if (r0 >= r1) goto L8a
            r0 = r7
            r1 = r9
            r0 = r0[r1]
            r10 = r0
            r0 = r10
            boolean r0 = isTestrunnerClass(r0)
            if (r0 == 0) goto L84
            r0 = 1
            return r0
        L84:
            int r9 = r9 + 1
            goto L6c
        L8a:
            r0 = r4
            java.lang.Class r0 = r0.getSuperclass()
            r4 = r0
            goto L2
        L92:
            r0 = 0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.nesscomputing.testing.lessio.LessIOSecurityManager.isTestrunnerClass(java.lang.Class):boolean");
    }

    protected void checkDNSResolution(Class<?>[] clsArr, String str) throws CantDoItException {
        if (!LOCAL_HOSTS.contains(str) && traceWithoutExplicitlyAllowedClass(clsArr)) {
            checkClassContextPermissions(clsArr, new Predicate<Class<?>>() { // from class: com.nesscomputing.testing.lessio.LessIOSecurityManager.1
                public boolean apply(Class<?> cls) {
                    return LessIOSecurityManager.hasAnnotations(cls, AllowDNSResolution.class, AllowNetworkMulticast.class, AllowNetworkListen.class, AllowNetworkAccess.class);
                }

                public String toString() {
                    return String.format("@AllowDNSResolution permission", new Object[0]);
                }
            });
        }
    }

    protected void checkNetworkEndpoint(final String str, final int i, final String str2) throws CantDoItException {
        Class[] classContext = getClassContext();
        if (i == -1) {
            checkDNSResolution(classContext, str);
        } else if (traceWithoutExplicitlyAllowedClass(classContext)) {
            checkClassContextPermissions(classContext, new Predicate<Class<?>>() { // from class: com.nesscomputing.testing.lessio.LessIOSecurityManager.2
                public boolean apply(Class<?> cls) {
                    AllowNetworkAccess allowNetworkAccess = (AllowNetworkAccess) LessIOSecurityManager.findAnnotation(cls, AllowNetworkAccess.class);
                    String[] endpoints = allowNetworkAccess != null ? allowNetworkAccess.endpoints() : null;
                    if (endpoints == null) {
                        return false;
                    }
                    for (String str3 : endpoints) {
                        String[] split = str3.split(":");
                        String num = Integer.toString(i);
                        if (split[0].equals(str) && split[1].equals(num)) {
                            return true;
                        }
                        if (split[0].equals("*") && split[1].equals(num)) {
                            return true;
                        }
                        if (split[0].equals(str) && split[1].equals("*")) {
                            return true;
                        }
                        if (split[0].equals(str) && split[1].equals("0") && LessIOSecurityManager.this.allocatedEphemeralPorts.contains(Integer.valueOf(i))) {
                            return true;
                        }
                    }
                    return false;
                }

                public String toString() {
                    return String.format("@AllowNetworkAccess permission for %s:%d (%s)", str, Integer.valueOf(i), str2);
                }
            });
        }
    }

    @Override // java.lang.SecurityManager
    public void checkAccept(String str, int i) throws CantDoItException {
        checkNetworkEndpoint(str, i, "accept");
    }

    @Override // java.lang.SecurityManager
    public void checkConnect(String str, int i, Object obj) throws CantDoItException {
        checkNetworkEndpoint(str, i, "connect");
    }

    @Override // java.lang.SecurityManager
    public void checkConnect(String str, int i) throws CantDoItException {
        checkNetworkEndpoint(str, i, "connect");
    }

    @Override // java.lang.SecurityManager
    public void checkListen(final int i) throws CantDoItException {
        Class[] classContext = getClassContext();
        if (traceWithoutExplicitlyAllowedClass(classContext)) {
            checkClassContextPermissions(classContext, new Predicate<Class<?>>() { // from class: com.nesscomputing.testing.lessio.LessIOSecurityManager.3
                public boolean apply(Class<?> cls) {
                    AllowNetworkListen allowNetworkListen = (AllowNetworkListen) LessIOSecurityManager.findAnnotation(cls, AllowNetworkListen.class);
                    int[] ports = allowNetworkListen != null ? allowNetworkListen.ports() : null;
                    if (ports == null) {
                        return false;
                    }
                    int[] iArr = ports;
                    int length = iArr.length;
                    for (int i2 = 0; i2 < length; i2++) {
                        int i3 = iArr[i2];
                        if (i3 == 0 && i >= LessIOSecurityManager.this.lowestEphemeralPort && i <= LessIOSecurityManager.this.highestEphemeralPort) {
                            i3 = i;
                            LessIOSecurityManager.this.allocatedEphemeralPorts.add(Integer.valueOf(i));
                        }
                        if (i3 == i) {
                            return true;
                        }
                    }
                    return false;
                }

                public String toString() {
                    return String.format("@AllowNetworkListen permission for port %d", Integer.valueOf(i));
                }
            });
        }
    }

    @Override // java.lang.SecurityManager
    public void checkMulticast(InetAddress inetAddress) throws CantDoItException {
        Class[] classContext = getClassContext();
        if (traceWithoutExplicitlyAllowedClass(classContext)) {
            checkClassContextPermissions(classContext, new Predicate<Class<?>>() { // from class: com.nesscomputing.testing.lessio.LessIOSecurityManager.4
                public boolean apply(Class<?> cls) {
                    return LessIOSecurityManager.hasAnnotations(cls, AllowNetworkMulticast.class);
                }

                public String toString() {
                    return String.format("@AllowNetworkMulticast permission", new Object[0]);
                }
            });
        }
    }

    @Override // java.lang.SecurityManager
    public void checkMulticast(InetAddress inetAddress, byte b) throws CantDoItException {
        checkMulticast(inetAddress);
    }

    protected void checkFileAccess(final String str, final String str2) throws CantDoItException {
        Class[] classContext = getClassContext();
        if (!traceWithoutExplicitlyAllowedClass(classContext) || str.startsWith(JAVA_HOME) || str.startsWith("/dev/random") || str.startsWith("/dev/urandom") || str.startsWith("/tmp/junit")) {
            return;
        }
        Iterator<String> it = CP_PARTS.get().iterator();
        while (it.hasNext()) {
            if (str.startsWith(it.next())) {
                return;
            }
        }
        try {
            checkClassContextPermissions(classContext, new Predicate<Class<?>>() { // from class: com.nesscomputing.testing.lessio.LessIOSecurityManager.5
                public boolean apply(Class<?> cls) {
                    AllowLocalFileAccess allowLocalFileAccess = (AllowLocalFileAccess) LessIOSecurityManager.findAnnotation(cls, AllowLocalFileAccess.class);
                    String[] paths = allowLocalFileAccess != null ? allowLocalFileAccess.paths() : null;
                    if (paths == null) {
                        return false;
                    }
                    for (String str3 : paths) {
                        if (str3.equals("*") || str3.equals(str)) {
                            return true;
                        }
                        if (str3.contains("%TMP_DIR%") && str.startsWith(str3.replaceAll("%TMP_DIR%", LessIOSecurityManager.TMP_DIR))) {
                            return true;
                        }
                        if (str3.startsWith("*") && str3.endsWith("*") && str.contains(str3.split("\\*")[1])) {
                            return true;
                        }
                        if (str3.startsWith("*") && str.endsWith(str3.replaceFirst("^\\*", ""))) {
                            return true;
                        }
                        if (str3.endsWith("*") && str.startsWith(str3.replaceFirst("\\*$", ""))) {
                            return true;
                        }
                    }
                    return false;
                }

                public String toString() {
                    return String.format("@AllowLocalFileAccess for %s (%s)", str, str2);
                }
            });
        } catch (CantDoItException e) {
            throw e;
        }
    }

    public void checkFileDescriptorAccess(final FileDescriptor fileDescriptor, final String str) throws CantDoItException {
        Class[] classContext = getClassContext();
        if (traceWithoutExplicitlyAllowedClass(classContext)) {
            checkClassContextPermissions(classContext, new Predicate<Class<?>>() { // from class: com.nesscomputing.testing.lessio.LessIOSecurityManager.6
                public boolean apply(Class<?> cls) {
                    if (LessIOSecurityManager.hasAnnotations(cls, AllowExternalProcess.class, AllowNetworkAccess.class)) {
                        return true;
                    }
                    AllowLocalFileAccess allowLocalFileAccess = (AllowLocalFileAccess) LessIOSecurityManager.findAnnotation(cls, AllowLocalFileAccess.class);
                    String[] paths = allowLocalFileAccess != null ? allowLocalFileAccess.paths() : null;
                    if (paths == null) {
                        return false;
                    }
                    for (String str2 : paths) {
                        if (str2.equals("%FD%")) {
                            return true;
                        }
                    }
                    return false;
                }

                public String toString() {
                    return String.format("@AllowLocalFileAccess for FileDescriptor(%s) (%s)", fileDescriptor, str);
                }
            });
        }
    }

    @Override // java.lang.SecurityManager
    public void checkRead(String str, Object obj) {
        checkFileAccess(str, "read");
    }

    @Override // java.lang.SecurityManager
    public void checkRead(String str) {
        checkRead(str, null);
    }

    @Override // java.lang.SecurityManager
    public void checkRead(FileDescriptor fileDescriptor) {
        checkFileDescriptorAccess(fileDescriptor, "read");
    }

    @Override // java.lang.SecurityManager
    public void checkDelete(String str) {
        checkFileAccess(str, "delete");
    }

    @Override // java.lang.SecurityManager
    public void checkWrite(FileDescriptor fileDescriptor) {
        checkFileDescriptorAccess(fileDescriptor, "write");
    }

    @Override // java.lang.SecurityManager
    public void checkWrite(String str) {
        checkFileAccess(str, "write");
    }

    @Override // java.lang.SecurityManager
    public void checkExec(final String str) throws CantDoItException {
        Class[] classContext = getClassContext();
        if (traceWithoutExplicitlyAllowedClass(classContext)) {
            checkClassContextPermissions(classContext, new Predicate<Class<?>>() { // from class: com.nesscomputing.testing.lessio.LessIOSecurityManager.7
                public boolean apply(Class<?> cls) {
                    return LessIOSecurityManager.hasAnnotations(cls, AllowExternalProcess.class);
                }

                public String toString() {
                    return String.format("@AllowExternalProcess for %s (exec)", str);
                }
            });
        }
    }

    @Override // java.lang.SecurityManager
    public void checkExit(int i) {
        if (this.reporting) {
            LogHolder.LOG.debug("%s: exit(%d)", currentTest(getClassContext()), Integer.valueOf(i));
        }
    }

    @Override // java.lang.SecurityManager
    public void checkLink(String str) {
        if (this.reporting) {
            LogHolder.LOG.debug("%s: System.loadLibrary(\"%s\")", currentTest(getClassContext()), str);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkAwtEventQueueAccess() {
        if (this.reporting) {
            LogHolder.LOG.debug("%s: AwtEventQueue Access", currentTest(getClassContext()));
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPrintJobAccess() {
        if (this.reporting) {
            LogHolder.LOG.debug("%s: PrintJob Access", currentTest(getClassContext()));
        }
    }

    @Override // java.lang.SecurityManager
    public void checkSystemClipboardAccess() {
        if (this.reporting) {
            LogHolder.LOG.debug("%s: SystemClipboard Access", currentTest(getClassContext()));
        }
    }

    @Override // java.lang.SecurityManager
    public boolean checkTopLevelWindow(Object obj) {
        if (!this.reporting) {
            return true;
        }
        LogHolder.LOG.debug("%s: checkTopLevelWindow aka AWTPermission(\"showWindowWithoutWarningBanner\")", currentTest(getClassContext()));
        return true;
    }

    @Override // java.lang.SecurityManager
    public void checkAccess(Thread thread) {
    }

    @Override // java.lang.SecurityManager
    public void checkAccess(ThreadGroup threadGroup) {
    }

    @Override // java.lang.SecurityManager
    public void checkMemberAccess(Class<?> cls, int i) {
    }

    @Override // java.lang.SecurityManager
    public void checkPackageAccess(String str) {
    }

    @Override // java.lang.SecurityManager
    public void checkPackageDefinition(String str) {
    }

    @Override // java.lang.SecurityManager
    public void checkSetFactory() {
    }

    @Override // java.lang.SecurityManager
    public void checkCreateClassLoader() {
        CP_PARTS.set(getClassPath());
    }

    @Override // java.lang.SecurityManager
    public void checkPropertiesAccess() {
    }

    @Override // java.lang.SecurityManager
    public void checkPropertyAccess(String str) {
    }

    @Override // java.lang.SecurityManager
    public void checkSecurityAccess(String str) {
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission, Object obj) {
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission) {
    }

    private boolean isClassWhitelisted(Class<?> cls) {
        if (getWhitelistedClasses().contains(cls)) {
            return true;
        }
        Class<?> enclosingClass = cls.getEnclosingClass();
        while (true) {
            Class<?> cls2 = enclosingClass;
            if (cls2 == null) {
                return false;
            }
            if (isClassWhitelisted(cls2)) {
                return true;
            }
            enclosingClass = cls2.getEnclosingClass();
        }
    }

    private boolean traceWithoutExplicitlyAllowedClass(Class<?>[] clsArr) {
        for (Class<?> cls : clsArr) {
            if (isClassWhitelisted(cls)) {
                return false;
            }
            if (isTestrunnerClass(cls) && hasAnnotations(cls, AllowAll.class)) {
                return false;
            }
        }
        return true;
    }

    private void checkClassContextPermissions(Class<?>[] clsArr, Predicate<Class<?>> predicate) throws CantDoItException {
        boolean z = false;
        boolean z2 = false;
        int length = clsArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            Class<?> cls = clsArr[i];
            if (isTestrunnerClass(cls)) {
                z = true;
            } else if (hasAnnotations(cls, AllowAll.class)) {
                LogHolder.LOG.error("Found @AllowAll on a non-testrunner class (%s), refusing to run test!", cls.getName());
                z2 = true;
                break;
            }
            if (predicate.apply(cls)) {
                return;
            } else {
                i++;
            }
        }
        if (!z2 && !z) {
            if (this.reporting) {
                LogHolder.LOG.debug("No test runner encountered, assuming a non-test context");
                return;
            }
            return;
        }
        CantDoItException cantDoItException = new CantDoItException(String.format("No class in the class context satisfies %s", predicate));
        if (this.reporting) {
            StackTraceElement currentTest = currentTest(clsArr);
            String format = currentTest != null ? String.format("%s.%s():%d", currentTest.getClassName(), currentTest.getMethodName(), Integer.valueOf(currentTest.getLineNumber())) : "unknown test";
            LogHolder.LOG.error("%s: No %s at %s", new Object[]{format, predicate, format});
            for (StackTraceElement stackTraceElement : Thread.currentThread().getStackTrace()) {
                LogHolder.LOG.trace("%s: Stack: %s.%s():%d", new Object[]{format, stackTraceElement.getClassName(), stackTraceElement.getMethodName(), Integer.valueOf(stackTraceElement.getLineNumber())});
            }
            for (Class<?> cls2 : clsArr) {
                LogHolder.LOG.trace("%s: Class Context: %s %s", new Object[]{format, cls2.getCanonicalName(), cls2});
            }
        }
        throw cantDoItException;
    }

    public StackTraceElement currentTest(Class<?>[] clsArr) {
        Class<?> cls = null;
        for (Class<?> cls2 : clsArr) {
            if (isTestrunnerClass(cls2)) {
                break;
            }
            cls = cls2;
        }
        StackTraceElement stackTraceElement = null;
        for (StackTraceElement stackTraceElement2 : Thread.currentThread().getStackTrace()) {
            if (stackTraceElement2.getClassName().equals(cls.getCanonicalName())) {
                stackTraceElement = stackTraceElement2;
            }
        }
        return stackTraceElement;
    }

    static {
        Set newIdentityHashSet = Sets.newIdentityHashSet();
        newIdentityHashSet.add(ParentRunner.class);
        newIdentityHashSet.add(RunAfters.class);
        newIdentityHashSet.add(RunBefores.class);
        newIdentityHashSet.add(FrameworkMethod.class);
        newIdentityHashSet.add(InvokeMethod.class);
        newIdentityHashSet.add(TestRule.class);
        newIdentityHashSet.add(Statement.class);
        TESTRUNNER_CLASSES = Collections.unmodifiableSet(newIdentityHashSet);
    }
}
