package org.shadehapi.elasticsearch.bootstrap;

import java.io.FilePermission;
import java.io.IOException;
import java.net.SocketPermission;
import java.net.URL;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.util.Collections;
import java.util.Map;
import java.util.function.Predicate;
import org.shadehapi.elasticsearch.common.SuppressForbidden;

/* loaded from: input_file:org/shadehapi/elasticsearch/bootstrap/ESPolicy.class */
final class ESPolicy extends Policy {
    static final String POLICY_RESOURCE = "security.policy";
    static final String UNTRUSTED_RESOURCE = "untrusted.policy";
    final Policy template;
    final Policy untrusted = Security.readPolicy(getClass().getResource(UNTRUSTED_RESOURCE), Collections.emptyMap());
    final Policy system;
    final PermissionCollection dynamic;
    final Map<String, Policy> plugins;
    private static final Permission BAD_DEFAULT_NUMBER_ONE = new BadDefaultPermission(new RuntimePermission("stopThread"), permission -> {
        return true;
    });
    private static final Permission BAD_DEFAULT_NUMBER_TWO = new BadDefaultPermission(new SocketPermission("localhost:0", "listen"), permission -> {
        return (permission instanceof SocketPermission) && permission.getActions().contains("listen");
    });

    /* loaded from: input_file:org/shadehapi/elasticsearch/bootstrap/ESPolicy$BadDefaultPermission.class */
    private static class BadDefaultPermission extends Permission {
        private final Permission badDefaultPermission;
        private final Predicate<Permission> preImplies;

        BadDefaultPermission(Permission permission, Predicate<Permission> predicate) {
            super(permission.getName());
            this.badDefaultPermission = permission;
            this.preImplies = predicate;
        }

        @Override // java.security.Permission
        public final boolean implies(Permission permission) {
            return this.preImplies.test(permission) && this.badDefaultPermission.implies(permission);
        }

        public final boolean equals(Object obj) {
            return this.badDefaultPermission.equals(obj);
        }

        public int hashCode() {
            return this.badDefaultPermission.hashCode();
        }

        @Override // java.security.Permission
        public String getActions() {
            return this.badDefaultPermission.getActions();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/shadehapi/elasticsearch/bootstrap/ESPolicy$Rethrower.class */
    public static class Rethrower<T extends Throwable> {
        private Rethrower() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void rethrow(Throwable th) throws Throwable {
            throw th;
        }
    }

    /* loaded from: input_file:org/shadehapi/elasticsearch/bootstrap/ESPolicy$SystemPolicy.class */
    static class SystemPolicy extends Policy {
        final Policy delegate;

        SystemPolicy(Policy policy) {
            this.delegate = policy;
        }

        @Override // java.security.Policy
        public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
            if (ESPolicy.BAD_DEFAULT_NUMBER_ONE.implies(permission) || ESPolicy.BAD_DEFAULT_NUMBER_TWO.implies(permission)) {
                return false;
            }
            return this.delegate.implies(protectionDomain, permission);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ESPolicy(Map<String, URL> map, PermissionCollection permissionCollection, Map<String, Policy> map2, boolean z) {
        this.template = Security.readPolicy(getClass().getResource(POLICY_RESOURCE), map);
        if (z) {
            this.system = new SystemPolicy(Policy.getPolicy());
        } else {
            this.system = Policy.getPolicy();
        }
        this.dynamic = permissionCollection;
        this.plugins = map2;
    }

    @Override // java.security.Policy
    @SuppressForbidden(reason = "fast equals check is desired")
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        CodeSource codeSource = protectionDomain.getCodeSource();
        if (codeSource == null) {
            return false;
        }
        URL location = codeSource.getLocation();
        if (location != null) {
            if (BootstrapInfo.UNTRUSTED_CODEBASE.equals(location.getFile())) {
                return this.untrusted.implies(protectionDomain, permission);
            }
            Policy policy = this.plugins.get(location.getFile());
            if (policy != null && policy.implies(protectionDomain, permission)) {
                return true;
            }
        }
        if ((permission instanceof FilePermission) && "<<ALL FILES>>".equals(permission.getName())) {
            for (StackTraceElement stackTraceElement : Thread.currentThread().getStackTrace()) {
                if ("org.apache.hadoop.util.Shell".equals(stackTraceElement.getClassName()) && "runCommand".equals(stackTraceElement.getMethodName())) {
                    rethrow(new IOException("no hadoop, you cannot do this."));
                }
            }
        }
        return this.template.implies(protectionDomain, permission) || this.dynamic.implies(permission) || this.system.implies(protectionDomain, permission);
    }

    private void rethrow(Throwable th) {
        new Rethrower().rethrow(th);
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        for (StackTraceElement stackTraceElement : Thread.currentThread().getStackTrace()) {
            if ("sun.rmi.server.LoaderHandler".equals(stackTraceElement.getClassName()) && "loadClass".equals(stackTraceElement.getMethodName())) {
                return new Permissions();
            }
        }
        return super.getPermissions(codeSource);
    }
}
