package com.github.jlangch.venice.javainterop;

import com.github.jlangch.venice.SecurityException;
import com.github.jlangch.venice.impl.sandbox.CompiledSandboxRules;
import com.github.jlangch.venice.impl.util.StringUtil;
import java.io.File;

/* loaded from: input_file:com/github/jlangch/venice/javainterop/SandboxInterceptor.class */
public class SandboxInterceptor extends ValueFilterInterceptor {
    private static final String PREFIX = "Venice Sandbox";
    private final SandboxRules sandboxRulesOrg;
    private final CompiledSandboxRules sandboxRules;
    private final long executionTimeDeadline;

    public SandboxInterceptor(SandboxRules sandboxRules) {
        this(sandboxRules, LoadPathsFactory.rejectAll());
    }

    public SandboxInterceptor(SandboxRules sandboxRules, ILoadPaths iLoadPaths) {
        super(iLoadPaths);
        this.sandboxRulesOrg = sandboxRules;
        this.sandboxRules = CompiledSandboxRules.compile(sandboxRules);
        this.executionTimeDeadline = getExecutionTimeDeadlineTime();
    }

    public SandboxRules getRules() {
        return this.sandboxRulesOrg;
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor, com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public ReturnValue onInvokeInstanceMethod(IInvoker iInvoker, Object obj, Class<?> cls, String str, Object... objArr) throws SecurityException {
        validateClassAccessor(cls, str);
        validateObjAccessor(obj, str);
        return super.onInvokeInstanceMethod(iInvoker, obj, cls, str, objArr);
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor, com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public ReturnValue onInvokeStaticMethod(IInvoker iInvoker, Class<?> cls, String str, Object... objArr) throws SecurityException {
        validateClassAccessor(cls, str);
        return super.onInvokeStaticMethod(iInvoker, cls, str, objArr);
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor, com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public ReturnValue onInvokeConstructor(IInvoker iInvoker, Class<?> cls, Object... objArr) throws SecurityException {
        return super.onInvokeConstructor(iInvoker, cls, objArr);
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor, com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public ReturnValue onGetBeanProperty(IInvoker iInvoker, Object obj, String str) throws SecurityException {
        validateObjAccessor(obj, str);
        return super.onGetBeanProperty(iInvoker, obj, str);
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor, com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public void onSetBeanProperty(IInvoker iInvoker, Object obj, String str, Object obj2) throws SecurityException {
        validateObjAccessor(obj, str);
        super.onSetBeanProperty(iInvoker, obj, str, obj2);
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor, com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public ReturnValue onGetStaticField(IInvoker iInvoker, Class<?> cls, String str) throws SecurityException {
        validateClassAccessor(cls, str);
        return super.onGetStaticField(iInvoker, cls, str);
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor, com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public ReturnValue onGetInstanceField(IInvoker iInvoker, Object obj, Class<?> cls, String str) throws SecurityException {
        validateObjAccessor(obj, str);
        return super.onGetInstanceField(iInvoker, obj, cls, str);
    }

    @Override // com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public byte[] onLoadClassPathResource(String str) throws SecurityException {
        validateClasspathResource(str);
        return super.onLoadClassPathResource(str);
    }

    @Override // com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public String onReadSystemProperty(String str) throws SecurityException {
        validateSystemProperty(str);
        return super.onReadSystemProperty(str);
    }

    @Override // com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public String onReadSystemEnv(String str) throws SecurityException {
        validateSystemEnv(str);
        return super.onReadSystemEnv(str);
    }

    @Override // com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public void validateVeniceFunction(String str) throws SecurityException {
        if (this.sandboxRules.isBlackListedVeniceFunction(str)) {
            throw new SecurityException(String.format("%s: Access denied to function %s", PREFIX, str));
        }
    }

    @Override // com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public void validateLoadModule(String str) throws SecurityException {
        if (!this.sandboxRules.isWhiteListedVeniceModule(str)) {
            throw new SecurityException(String.format("%s: Access denied to module %s", PREFIX, str));
        }
    }

    @Override // com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public void validateMaxExecutionTime() throws SecurityException {
        if (this.executionTimeDeadline > 0 && System.currentTimeMillis() > this.executionTimeDeadline) {
            throw new SecurityException("Venice Sandbox: The sandbox exceeded the max execution time");
        }
    }

    @Override // com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public void validateFileRead(File file) throws SecurityException {
        if (!getLoadPaths().isOnLoadPath(file)) {
            throw new SecurityException("Venice Sandbox: The sandbox denied reading the file: " + file + "! The file is not on the sandbox' load paths.");
        }
    }

    @Override // com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public void validateFileWrite(File file) throws SecurityException {
        if (!getLoadPaths().isOnLoadPath(file)) {
            throw new SecurityException("Venice Sandbox: The sandbox denied writing the file: " + file + "! The file is not on the sandbox' load paths.");
        }
    }

    @Override // com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public Integer getMaxExecutionTimeSeconds() {
        return this.sandboxRules.getMaxExecTimeSeconds();
    }

    @Override // com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public Integer getMaxFutureThreadPoolSize() {
        return this.sandboxRules.getMaxFutureThreadPoolSize();
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor
    protected ReturnValue filterReturnValue(ReturnValue returnValue) {
        validateClass(returnValue.getFormalType());
        validateObj(returnValue.getValue());
        return returnValue;
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor
    protected Object filter(Object obj) {
        validateObj(obj);
        return obj;
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor
    protected Object filterAccessor(Object obj, String str) {
        validateObjAccessor(obj, str);
        return obj;
    }

    private void validateClass(Class<?> cls) {
        if (cls != null && !this.sandboxRules.isWhiteListed(cls)) {
            throw new SecurityException(String.format("%s: Access denied to class %s", PREFIX, cls.getName()));
        }
    }

    private void validateObj(Object obj) {
        if (obj != null) {
            validateClass(getClass(obj));
        }
    }

    private void validateClassAccessor(Class<?> cls, String str) {
        if (cls != null && !this.sandboxRules.isWhiteListed(cls, str)) {
            throw new SecurityException(String.format("%s: Access denied to accessor %s::%s", PREFIX, cls.getName(), str));
        }
    }

    private void validateObjAccessor(Object obj, String str) {
        if (obj != null) {
            validateClassAccessor(getClass(obj), str);
        }
    }

    private void validateClasspathResource(String str) {
        if (!StringUtil.isBlank(str) && !this.sandboxRules.isWhiteListedClasspathResource(str)) {
            throw new SecurityException(String.format("%s: Access denied to classpath resource '%s'", PREFIX, str));
        }
    }

    private void validateSystemProperty(String str) {
        if (!StringUtil.isBlank(str) && !this.sandboxRules.isWhiteListedSystemProperty(str)) {
            throw new SecurityException(String.format("%s: Access denied to system property '%s'", PREFIX, str));
        }
    }

    private void validateSystemEnv(String str) {
        if (!StringUtil.isBlank(str) && !this.sandboxRules.isWhiteListedSystemEnv(str)) {
            throw new SecurityException(String.format("%s: Access denied to system environment variable '%s'", PREFIX, str));
        }
    }

    private Class<?> getClass(Object obj) {
        if (obj != null) {
            return obj instanceof Class ? (Class) obj : obj.getClass();
        }
        return null;
    }

    private long getExecutionTimeDeadlineTime() {
        Integer maxExecutionTimeSeconds = getMaxExecutionTimeSeconds();
        if (maxExecutionTimeSeconds == null) {
            return -1L;
        }
        return System.currentTimeMillis() + (1000 * maxExecutionTimeSeconds.longValue());
    }
}
