package com.alibaba.jstorm.daemon.supervisor;

import backtype.storm.Config;
import backtype.storm.utils.Utils;
import com.alibaba.jstorm.client.ConfigExtension;
import com.alibaba.jstorm.cluster.StormConfig;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.LineNumberReader;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import shade.storm.org.apache.commons.lang.StringUtils;
import shade.storm.org.apache.thrift.protocol.TMultiplexedProtocol;

/* loaded from: input_file:com/alibaba/jstorm/daemon/supervisor/SandBoxMaker.class */
public class SandBoxMaker {
    private static final Logger LOG = LoggerFactory.getLogger(SandBoxMaker.class);
    public static final String SANBOX_TEMPLATE_NAME = "sandbox.policy";
    public static final String JSTORM_HOME_KEY = "%JSTORM_HOME%";
    public static final String CLASS_PATH_KEY = "%CLASS_PATH%";
    public static final String LOCAL_DIR_KEY = "%JSTORM_LOCAL_DIR%";
    private final Map conf;
    private final boolean isEnable;
    private final Map<String, String> replaceBaseMap = new HashMap();

    public SandBoxMaker(Map map) {
        this.conf = map;
        this.isEnable = ConfigExtension.isJavaSandBoxEnable(map);
        LOG.info("Java Sandbox Policy :" + String.valueOf(this.isEnable));
        String property = System.getProperty("jstorm.home");
        property = property == null ? "./" : property;
        this.replaceBaseMap.put(JSTORM_HOME_KEY, property);
        this.replaceBaseMap.put(LOCAL_DIR_KEY, (String) map.get(Config.STORM_LOCAL_DIR));
        LOG.info("JSTORM_HOME is " + property);
    }

    private String genClassPath(String str) {
        StringBuilder sb = new StringBuilder();
        for (String str2 : str.split(TMultiplexedProtocol.SEPARATOR)) {
            if (!StringUtils.isBlank(str2)) {
                if (new File(str2).isDirectory()) {
                    sb.append(" permission java.io.FilePermission \"");
                    sb.append(str2).append(File.separator).append("**");
                    sb.append("\", \"read\";\n");
                } else {
                    sb.append(" permission java.io.FilePermission \"");
                    sb.append(str2);
                    sb.append("\", \"read\";\n");
                }
            }
        }
        return sb.toString();
    }

    private String replaceLine(String str, Map<String, String> map) {
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (str.contains(CLASS_PATH_KEY)) {
                return genClassPath(entry.getValue());
            }
            if (str.contains(entry.getKey())) {
                return str.replace(entry.getKey(), entry.getValue());
            }
        }
        return str;
    }

    public String generatePolicyFile(Map<String, String> map) throws IOException {
        String str = StormConfig.supervisorTmpDir(this.conf) + File.separator + UUID.randomUUID().toString();
        InputStream resourceAsStream = SandBoxMaker.class.getClassLoader().getResourceAsStream(SANBOX_TEMPLATE_NAME);
        PrintWriter printWriter = new PrintWriter(new BufferedWriter(new FileWriter(str)));
        BufferedReader bufferedReader = null;
        InputStreamReader inputStreamReader = null;
        try {
            try {
                inputStreamReader = new InputStreamReader(resourceAsStream);
                bufferedReader = new BufferedReader(new LineNumberReader(inputStreamReader));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    printWriter.println(replaceLine(readLine, map));
                }
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
                if (printWriter != null) {
                    printWriter.close();
                }
                if (bufferedReader != null) {
                    bufferedReader.close();
                }
                if (inputStreamReader != null) {
                    inputStreamReader.close();
                }
                return str;
            } catch (Exception e) {
                LOG.error("Failed to generate policy file\n", e);
                throw new IOException(e);
            }
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
            if (printWriter != null) {
                printWriter.close();
            }
            if (bufferedReader != null) {
                bufferedReader.close();
            }
            if (inputStreamReader != null) {
                inputStreamReader.close();
            }
            throw th;
        }
    }

    public String sandboxPolicy(String str, Map<String, String> map) throws IOException {
        if (!this.isEnable) {
            return "";
        }
        map.putAll(this.replaceBaseMap);
        File file = new File(generatePolicyFile(map));
        String str2 = StormConfig.worker_root(this.conf, str) + File.separator + SANBOX_TEMPLATE_NAME;
        file.renameTo(new File(str2));
        return " -Djava.security.manager -Djava.security.policy=" + str2;
    }

    public static void main(String[] strArr) {
        Map readStormConfig = Utils.readStormConfig();
        readStormConfig.put("java.sandbox.enable", true);
        try {
            System.out.println("sandboxPolicy:" + new SandBoxMaker(readStormConfig).sandboxPolicy("simple", new HashMap()));
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}
