package com.github.jlangch.venice.javainterop;

import com.github.jlangch.venice.impl.javainterop.CompiledSandboxRules;
import com.github.jlangch.venice.impl.util.StringUtil;

/* loaded from: input_file:com/github/jlangch/venice/javainterop/SandboxInterceptor.class */
public class SandboxInterceptor extends ValueFilterInterceptor {
    private final CompiledSandboxRules sandboxRules;

    public SandboxInterceptor(SandboxRules sandboxRules) {
        this.sandboxRules = CompiledSandboxRules.compile(sandboxRules);
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor, com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public Object onInvokeInstanceMethod(IInvoker iInvoker, Object obj, String str, Object... objArr) throws SecurityException {
        validateAccessor(obj, str);
        return super.onInvokeInstanceMethod(iInvoker, obj, str, objArr);
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor, com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public Object onInvokeStaticMethod(IInvoker iInvoker, Class<?> cls, String str, Object... objArr) throws SecurityException {
        validateAccessor(cls, str);
        return super.onInvokeStaticMethod(iInvoker, cls, str, objArr);
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor, com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public Object onInvokeConstructor(IInvoker iInvoker, Class<?> cls, Object... objArr) throws SecurityException {
        return super.onInvokeConstructor(iInvoker, cls, objArr);
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor, com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public Object onGetBeanProperty(IInvoker iInvoker, Object obj, String str) throws SecurityException {
        validateAccessor(obj, str);
        return super.onGetBeanProperty(iInvoker, obj, str);
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor, com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public void onSetBeanProperty(IInvoker iInvoker, Object obj, String str, Object obj2) throws SecurityException {
        validateAccessor(obj, str);
        super.onSetBeanProperty(iInvoker, obj, str, obj2);
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor, com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public Object onGetStaticField(IInvoker iInvoker, Class<?> cls, String str) throws SecurityException {
        validateAccessor(cls, str);
        return super.onGetStaticField(iInvoker, cls, str);
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor, com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public Object onGetInstanceField(IInvoker iInvoker, Object obj, String str) throws SecurityException {
        validateAccessor(obj, str);
        return super.onGetInstanceField(iInvoker, obj, str);
    }

    @Override // com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public byte[] onLoadClassPathResource(String str) throws SecurityException {
        validateClasspathResource(str);
        return super.onLoadClassPathResource(str);
    }

    @Override // com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public String onReadSystemProperty(String str) throws SecurityException {
        validateSystemProperty(str);
        return super.onReadSystemProperty(str);
    }

    @Override // com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public void validateVeniceFunction(String str) throws SecurityException {
        if (this.sandboxRules.isBlackListedVeniceFunction(str)) {
            throw new SecurityException(String.format("Venice Sandbox: Access denied to function %s", str));
        }
    }

    @Override // com.github.jlangch.venice.javainterop.Interceptor, com.github.jlangch.venice.javainterop.IInterceptor
    public Integer getMaxExecutionTimeSeconds() {
        return this.sandboxRules.getMaxExecTimeSeconds();
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor
    protected Object filter(Object obj) {
        validateClass(obj);
        return obj;
    }

    @Override // com.github.jlangch.venice.javainterop.ValueFilterInterceptor
    protected Object filterAccessor(Object obj, String str) {
        validateAccessor(obj, str);
        return obj;
    }

    private void validateClass(Object obj) {
        if (obj != null) {
            Class<?> cls = getClass(obj);
            if (!this.sandboxRules.isWhiteListed(cls)) {
                throw new SecurityException(String.format("Venice Sandbox: Access denied to class %s", cls.getName()));
            }
        }
    }

    private void validateAccessor(Object obj, String str) {
        if (obj != null) {
            Class<?> cls = getClass(obj);
            if (!this.sandboxRules.isWhiteListed(cls, str)) {
                throw new SecurityException(String.format("Venice Sandbox: Access denied to accessor %s::%s", cls.getName(), str));
            }
        }
    }

    private void validateClasspathResource(String str) {
        if (!StringUtil.isBlank(str) && !this.sandboxRules.isWhiteListedClasspathResource(str)) {
            throw new SecurityException(String.format("Venice Sandbox: Access denied to classpath resource '%s'", str));
        }
    }

    private void validateSystemProperty(String str) {
        if (!StringUtil.isBlank(str) && !this.sandboxRules.isWhiteListedSystemProperty(str)) {
            throw new SecurityException(String.format("Venice Sandbox: Access denied to system property '%s'", str));
        }
    }

    private Class<?> getClass(Object obj) {
        if (obj != null) {
            return obj instanceof Class ? (Class) obj : obj.getClass();
        }
        return null;
    }
}
