package de.tum.in.test.api.security;

import de.tum.in.test.api.PathActionLevel;
import de.tum.in.test.api.localization.Messages;
import de.tum.in.test.api.util.DelayedFilter;
import de.tum.in.test.api.util.PathRule;
import java.awt.AWTPermission;
import java.io.FilePermission;
import java.io.SerializablePermission;
import java.lang.StackWalker;
import java.lang.Thread;
import java.lang.management.ManagementPermission;
import java.lang.reflect.ReflectPermission;
import java.net.InetAddress;
import java.net.NetPermission;
import java.net.SocketPermission;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.security.AccessController;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Permission;
import java.security.SecurityPermission;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ForkJoinPool;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.BiConsumer;
import java.util.function.Predicate;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.SSLPermission;
import javax.security.auth.AuthPermission;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/tum/in/test/api/security/ArtemisSecurityManager.class */
public final class ArtemisSecurityManager extends SecurityManager {
    private static final int MAX_PORT = 65535;
    private static final SecurityManager ORIGINAL = System.getSecurityManager();
    private static final ArtemisSecurityManager INSTANCE = new ArtemisSecurityManager();
    private static final Logger LOG = LoggerFactory.getLogger(ArtemisSecurityManager.class);
    private static final MessageDigest SHA256;
    private static final BiConsumer<String, Object> ON_SUPPRESSED_MOD;
    private ArtemisSecurityConfiguration configuration;
    private String accessToken;
    private volatile boolean isPartlyDisabled;
    private volatile boolean blockThreadCreation;
    private volatile boolean lastUninstallFailed;
    private volatile boolean isActive;
    private final ThreadGroup testThreadGroup = new ThreadGroup("Test-Threadgroup");
    private final ThreadLocal<AtomicInteger> recursionBreak = ThreadLocal.withInitial(AtomicInteger::new);
    private final StackWalker stackWalker = StackWalker.getInstance();
    private Set<Thread> whitelistedThreads = new HashSet();

    private ArtemisSecurityManager() {
        if (INSTANCE != null) {
            throw new IllegalStateException(Messages.localized("security.already_created"));
        }
    }

    private synchronized String generateAccessToken() {
        String uuid = UUID.randomUUID().toString();
        this.accessToken = hash(uuid);
        return uuid;
    }

    private synchronized void checkAccess(String str) {
        if (!this.accessToken.equals(hash(str))) {
            throw new SecurityException(Messages.localized("security.access_token_invalid"));
        }
    }

    private boolean enterPublicInterface() {
        return this.recursionBreak.get().getAndIncrement() > 0;
    }

    private boolean exitPublicInterface() {
        return this.recursionBreak.get().getAndDecrement() > 0;
    }

    private <T> T externGet(Supplier<T> supplier) {
        try {
            exitPublicInterface();
            return supplier.get();
        } finally {
            enterPublicInterface();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkExit(int i) {
        try {
            if (enterPublicInterface()) {
                return;
            }
            if (Thread.currentThread() != SecurityConstants.MAIN_THREAD || !getNonWhitelistedStackFrames().isEmpty()) {
                throw new SecurityException(Messages.localized("security.error_system_exit"));
            }
            exitPublicInterface();
        } finally {
            exitPublicInterface();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkAccept(String str, int i) {
        try {
            if (enterPublicInterface()) {
                return;
            }
            if (!isConnectionAllowed(str, i)) {
                throw new SecurityException(Messages.formatLocalized("security.error_network_accept", str, Integer.valueOf(i)));
            }
            exitPublicInterface();
        } finally {
            exitPublicInterface();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkConnect(String str, int i) {
        try {
            if (enterPublicInterface()) {
                return;
            }
            if (!isConnectionAllowed(str, i)) {
                throw new SecurityException(Messages.formatLocalized("security.error_network_connect", str, Integer.valueOf(i)));
            }
            exitPublicInterface();
        } finally {
            exitPublicInterface();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkConnect(String str, int i, Object obj) {
        try {
            if (enterPublicInterface()) {
                return;
            }
            if (!isConnectionAllowed(str, i)) {
                throw new SecurityException(Messages.formatLocalized("security.error_network_connect_with_context", str, Integer.valueOf(i)));
            }
            exitPublicInterface();
        } finally {
            exitPublicInterface();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkListen(int i) {
        try {
            if (enterPublicInterface()) {
                return;
            }
            if (!isConnectionAllowed("localhost", i)) {
                throw new SecurityException(Messages.formatLocalized("security.error_network_listen", Integer.valueOf(i)));
            }
            exitPublicInterface();
        } finally {
            exitPublicInterface();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkMulticast(InetAddress inetAddress) {
        try {
            if (enterPublicInterface()) {
            } else {
                throw new SecurityException(Messages.localized("security.error_network_multicast"));
            }
        } finally {
            exitPublicInterface();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkExec(String str) {
        try {
            if (enterPublicInterface()) {
            } else {
                throw new SecurityException(Messages.localized("security.error_execute"));
            }
        } finally {
            exitPublicInterface();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPrintJobAccess() {
        try {
            if (enterPublicInterface()) {
            } else {
                throw new SecurityException(Messages.localized("security.error_printer"));
            }
        } finally {
            exitPublicInterface();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkCreateClassLoader() {
        try {
            if (enterPublicInterface()) {
                return;
            }
            if (isMainThreadAndInactive()) {
                LOG.trace("Allowing main thread to create a ClassLoader inbetween tests");
            } else {
                checkForNonWhitelistedStackFrames(() -> {
                    return Messages.localized("security.error_classloader");
                });
            }
        } finally {
            exitPublicInterface();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkAccess(Thread thread) {
        ThreadGroup threadGroup = thread.getThreadGroup();
        try {
            if (enterPublicInterface()) {
                return;
            }
            super.checkAccess(thread);
            if (threadGroup == null) {
                return;
            }
            if (!isMainThreadAndInactive()) {
                if (!this.testThreadGroup.parentOf(threadGroup)) {
                    checkForNonWhitelistedStackFrames(() -> {
                        return Messages.localized("security.error_thread_access");
                    });
                }
            } else {
                if (LOG.isTraceEnabled()) {
                    Logger logger = LOG;
                    Objects.requireNonNull(thread);
                    logger.trace("Allowing Thread access to {} for main thread inbetween tests", externGet(thread::toString));
                }
            }
        } finally {
            exitPublicInterface();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkAccess(ThreadGroup threadGroup) {
        try {
            if (enterPublicInterface()) {
                return;
            }
            super.checkAccess(threadGroup);
            if (!isMainThreadAndInactive()) {
                if (!this.testThreadGroup.parentOf(threadGroup)) {
                    checkForNonWhitelistedStackFrames(() -> {
                        return Messages.localized("security.error_threadgroup_access");
                    });
                }
                checkThreadCreation();
            } else {
                if (LOG.isTraceEnabled()) {
                    Logger logger = LOG;
                    Objects.requireNonNull(threadGroup);
                    logger.trace("Allowing ThreadGroup access to {} for main thread inbetween tests", externGet(threadGroup::toString));
                }
            }
        } finally {
            exitPublicInterface();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPackageDefinition(String str) {
        try {
            if (enterPublicInterface()) {
                return;
            }
            LOG.info("PKG-DEF: {}", str);
            super.checkPackageDefinition(str);
            Stream<String> stream = SecurityConstants.STACK_WHITELIST.stream();
            Objects.requireNonNull(str);
            if (stream.anyMatch(str::startsWith)) {
                throw new SecurityException(Messages.formatLocalized("security.error_package_definition", str));
            }
        } finally {
            exitPublicInterface();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission) {
        String name = permission.getName();
        String actions = permission.getActions();
        String valueOf = String.valueOf(permission);
        try {
            if (enterPublicInterface()) {
                return;
            }
            if (List.of("getClassLoader", "accessSystemModules").contains(name)) {
                exitPublicInterface();
                return;
            }
            if (List.of("manageProcess", "shutdownHooks", "createSecurityManager").contains(name)) {
                throw new SecurityException(Messages.localized("security.error_blacklist") + valueOf);
            }
            if ("setIO".equals(name) && !isMainThreadAndInactive()) {
                checkForNonWhitelistedStackFrames(() -> {
                    return Messages.localized("security.error_blacklist") + valueOf;
                });
            }
            if ("setSecurityManager".equals(name) && !this.isPartlyDisabled) {
                throw new SecurityException(Messages.localized("security.error_security_manager"));
            }
            if (permission instanceof SerializablePermission) {
                throw new SecurityException(Messages.localized("security.error_modify_serialization") + valueOf);
            }
            if (permission instanceof AWTPermission) {
                throw new SecurityException(Messages.localized("security.error_awt") + valueOf);
            }
            if (permission instanceof ManagementPermission) {
                checkForNonWhitelistedStackFrames(() -> {
                    return Messages.localized("security.error_management") + valueOf;
                });
            }
            if ((this.configuration == null || this.configuration.allowLocalPortsAbove().isEmpty()) && ((permission instanceof NetPermission) || (permission instanceof SocketPermission))) {
                throw new SecurityException(Messages.localized("security.error_networking") + valueOf);
            }
            if (permission instanceof SecurityPermission) {
                if (name.startsWith("getPolicy") || name.startsWith("getProperty")) {
                    exitPublicInterface();
                    return;
                }
                checkForNonWhitelistedStackFrames(() -> {
                    return Messages.localized("security.error_modify_security") + valueOf;
                });
            }
            if (permission instanceof SSLPermission) {
                throw new SecurityException(Messages.localized("security.error_modify_ssl") + valueOf);
            }
            if (permission instanceof AuthPermission) {
                throw new SecurityException(Messages.localized("security.error_modify_auth") + valueOf);
            }
            if (permission instanceof FilePermission) {
                checkPathAccess(Path.of(name, new String[0]), PathActionLevel.getLevelOf(actions));
            }
            if ((permission instanceof ReflectPermission) || "accessDeclaredMembers".equals(name)) {
                checkForNonWhitelistedStackFrames(() -> {
                    return Messages.localized("security.error_modify_security") + valueOf;
                });
            }
            exitPublicInterface();
        } finally {
            exitPublicInterface();
        }
    }

    private void checkPathAccess(Path path, PathActionLevel pathActionLevel) {
        boolean z = false;
        boolean z2 = false;
        try {
            Path absolutePath = path.toAbsolutePath();
            z2 = isPathBlacklisted(absolutePath, pathActionLevel);
            z = isPathWhitelisted(absolutePath, pathActionLevel);
            if (!z2 && z) {
                return;
            }
        } catch (Exception e) {
            LOG.warn("Error in checkPathAccess", e);
        }
        if (isMainThreadAndInactive() && pathActionLevel.isBelowOrEqual(PathActionLevel.READLINK)) {
            LOG.trace("Allowing read access for main thread inbetween tests");
        } else {
            String format = String.format("BAD PATH ACCESS: %s (BL:%s, WL:%s)", path, Boolean.valueOf(z2), Boolean.valueOf(z));
            checkForNonWhitelistedStackFrames(() -> {
                LOG.warn(format);
                return Messages.formatLocalized("security.error_path_access", path);
            });
        }
    }

    private boolean isPathWhitelisted(Path path, PathActionLevel pathActionLevel) {
        Optional<Set<PathRule>> whitelistedPaths = this.configuration.whitelistedPaths();
        return whitelistedPaths.isEmpty() ? path.startsWith(this.configuration.executionPath()) : whitelistedPaths.get().stream().anyMatch(pathRule -> {
            return pathRule.matchesWithLevel(path, pathActionLevel);
        });
    }

    private boolean isPathBlacklisted(Path path, PathActionLevel pathActionLevel) {
        return this.configuration.blacklistedPaths().stream().anyMatch(pathRule -> {
            return pathRule.matchesWithLevel(path, pathActionLevel);
        });
    }

    @Override // java.lang.SecurityManager
    public void checkPackageAccess(String str) {
        try {
            if (enterPublicInterface()) {
                return;
            }
            super.checkPackageAccess(str);
            if (!isMainThreadAndInactive() && isPackageAccessForbidden(str)) {
                checkForNonWhitelistedStackFrames(() -> {
                    LOG.warn("BAD PACKAGE ACCESS: {} (BL:{}, WL:{})", new Object[]{str, Boolean.valueOf(isPackageBlacklisted(str)), Boolean.valueOf(isPackageWhitelisted(str))});
                    return Messages.formatLocalized("security.error_disallowed_package", str);
                }, stackFrame -> {
                    return true;
                });
            }
        } finally {
            exitPublicInterface();
        }
    }

    private boolean isPackageAccessForbidden(String str) {
        Stream<String> stream = SecurityConstants.PACKAGE_USE_BLACKLIST.stream();
        Objects.requireNonNull(str);
        return stream.anyMatch(str::startsWith) || (isPackageBlacklisted(str) && !isPackageWhitelisted(str));
    }

    private boolean isPackageBlacklisted(String str) {
        return this.configuration.blacklistedPackages().stream().anyMatch(packageRule -> {
            return packageRule.matches(str);
        });
    }

    private boolean isPackageWhitelisted(String str) {
        return this.configuration.whitelistedPackages().stream().anyMatch(packageRule -> {
            return packageRule.matches(str);
        });
    }

    private void checkForNonWhitelistedStackFrames(Supplier<String> supplier) {
        throwSecurityExceptionIfNonWhitelistedFound(supplier, getNonWhitelistedStackFrames());
    }

    private void checkForNonWhitelistedStackFrames(Supplier<String> supplier, Predicate<StackWalker.StackFrame> predicate) {
        throwSecurityExceptionIfNonWhitelistedFound(supplier, getNonWhitelistedStackFrames(predicate));
    }

    private static void throwSecurityExceptionIfNonWhitelistedFound(Supplier<String> supplier, List<StackWalker.StackFrame> list) {
        if (list.isEmpty()) {
            return;
        }
        LOG.warn("NWSFs ==> {}", list);
        StackWalker.StackFrame stackFrame = list.get(0);
        throw new SecurityException(Messages.formatLocalized("security.stackframe_add_info", supplier.get(), Integer.valueOf(stackFrame.getLineNumber()), stackFrame.getFileName()));
    }

    private List<StackWalker.StackFrame> getNonWhitelistedStackFrames() {
        return getNonWhitelistedStackFrames(new DelayedFilter(2, this::isNotPrivileged, true));
    }

    private List<StackWalker.StackFrame> getNonWhitelistedStackFrames(Predicate<StackWalker.StackFrame> predicate) {
        return isCurrentThreadWhitelisted() ? (List) this.stackWalker.walk(stream -> {
            return (List) stream.takeWhile(predicate).filter(this::isStackFrameNotWhitelisted).collect(Collectors.toList());
        }) : (List) this.stackWalker.walk(stream2 -> {
            return (List) stream2.takeWhile(predicate).collect(Collectors.toList());
        });
    }

    private boolean isNotPrivileged(StackWalker.StackFrame stackFrame) {
        return !AccessController.class.getName().equals(stackFrame.getClassName());
    }

    private boolean isCallNotWhitelisted(String str) {
        Stream<String> stream = SecurityConstants.STACK_BLACKLIST.stream();
        Objects.requireNonNull(str);
        if (!stream.anyMatch(str::startsWith)) {
            Stream<String> stream2 = SecurityConstants.STACK_WHITELIST.stream();
            Objects.requireNonNull(str);
            if (!stream2.noneMatch(str::startsWith) || (this.configuration != null && (this.configuration.whitelistedClassNames().contains(str) || this.configuration.trustedPackages().stream().anyMatch(packageRule -> {
                return packageRule.matches(str);
            })))) {
                return false;
            }
        }
        return true;
    }

    private boolean isStackFrameNotWhitelisted(StackWalker.StackFrame stackFrame) {
        return isCallNotWhitelisted(stackFrame.getClassName());
    }

    private boolean isStackFrameNotWhitelisted(StackTraceElement stackTraceElement) {
        return isCallNotWhitelisted(stackTraceElement.getClassName());
    }

    public static Optional<StackTraceElement> firstNonWhitelisted(StackTraceElement... stackTraceElementArr) {
        for (StackTraceElement stackTraceElement : stackTraceElementArr) {
            if (INSTANCE.isStackFrameNotWhitelisted(stackTraceElement)) {
                return Optional.ofNullable(stackTraceElement);
            }
        }
        return Optional.empty();
    }

    public static void checkCurrentStack(Supplier<String> supplier) {
        INSTANCE.checkForNonWhitelistedStackFrames(supplier);
    }

    private boolean isConnectionAllowed(String str, int i) {
        List<StackWalker.StackFrame> nonWhitelistedStackFrames = getNonWhitelistedStackFrames();
        LOG.info("Connection use request: {}:{} [NWSFs: {}]", new Object[]{str, Integer.valueOf(i), Integer.valueOf(nonWhitelistedStackFrames.size())});
        if (nonWhitelistedStackFrames.isEmpty()) {
            return true;
        }
        return this.configuration != null && isLocalHost(str) && isLocalPortUsageAllowed(i);
    }

    private static boolean isLocalHost(String str) {
        try {
            InetAddress byName = InetAddress.getByName(str);
            if (!byName.isLoopbackAddress()) {
                if (!byName.isAnyLocalAddress()) {
                    return false;
                }
            }
            return true;
        } catch (UnknownHostException e) {
            return false;
        }
    }

    private boolean isLocalPortUsageAllowed(int i) {
        if (i < -1 || i > 65535) {
            return false;
        }
        if (i == -1 || i == 0) {
            return true;
        }
        if (this.configuration == null) {
            return false;
        }
        return this.configuration.allowedLocalPorts().contains(Integer.valueOf(i)) || (this.configuration.allowLocalPortsAbove().orElse(65535) < i && !this.configuration.excludedLocalPorts().contains(Integer.valueOf(i)));
    }

    @Override // java.lang.SecurityManager
    public ThreadGroup getThreadGroup() {
        return !this.isActive ? super.getThreadGroup() : this.testThreadGroup;
    }

    private Thread[] checkThreadGroup() {
        this.blockThreadCreation = true;
        int activeCount = this.testThreadGroup.activeCount();
        if (activeCount == 0) {
            return new Thread[0];
        }
        Thread[] threadArr = new Thread[activeCount];
        this.testThreadGroup.enumerate(threadArr);
        for (Thread thread : threadArr) {
            if (thread != null) {
                try {
                    thread.interrupt();
                    thread.join((500 / activeCount) + 1);
                    LOG.debug("State {} after interrupt and join of {}", thread.getState(), thread);
                } catch (InterruptedException e) {
                    Thread.currentThread().interrupt();
                }
            }
        }
        if (this.testThreadGroup.activeCount() == 0) {
            return new Thread[0];
        }
        SecurityException securityException = new SecurityException(Messages.formatLocalized("security.error_threads_not_stoppable", Arrays.toString(threadArr)));
        int length = threadArr.length;
        for (int i = 0; i < 50 && length > 0; i++) {
            length = 0;
            for (Thread thread2 : threadArr) {
                if (thread2 != null && thread2.isAlive()) {
                    length++;
                    LOG.debug("Try {} to stop {}, state: {}", new Object[]{Integer.valueOf(i + 1), thread2, thread2.getState()});
                    thread2.stop();
                    try {
                        thread2.join((20 / activeCount) + 1);
                    } catch (InterruptedException e2) {
                        LOG.warn("Error in checkThreadGroup 1", e2);
                        securityException.addSuppressed(e2);
                        Thread.currentThread().interrupt();
                    }
                }
            }
        }
        for (Thread thread3 : threadArr) {
            if (thread3 != null && thread3.isAlive()) {
                try {
                    thread3.join((100 / activeCount) + 1);
                    if (thread3.getState() != Thread.State.TERMINATED) {
                        LOG.error("THREAD STOP ERROR: Thread {} is still in state {}", thread3, thread3.getState());
                    }
                } catch (InterruptedException e3) {
                    LOG.warn("Error in checkThreadGroup 2", e3);
                    securityException.addSuppressed(e3);
                    Thread.currentThread().interrupt();
                }
            }
        }
        if (this.testThreadGroup.activeCount() > 0) {
            throw securityException;
        }
        return threadArr;
    }

    private void checkCommonThreadPool() {
        ForkJoinPool commonPool = ForkJoinPool.commonPool();
        if (commonPool.isQuiescent()) {
            return;
        }
        LOG.debug("Common pool is active: {} with number {} workers", Boolean.valueOf(!commonPool.isQuiescent()), Integer.valueOf(commonPool.getActiveThreadCount()));
        ThreadGroup rootThreadGroup = getRootThreadGroup();
        ThreadGroup[] threadGroupArr = new ThreadGroup[rootThreadGroup.activeGroupCount() + 5];
        rootThreadGroup.enumerate(threadGroupArr, true);
        ThreadGroup threadGroup = (ThreadGroup) Stream.of((Object[]) threadGroupArr).filter(threadGroup2 -> {
            return "InnocuousForkJoinWorkerThreadGroup".equals(threadGroup2.getName());
        }).findFirst().orElseThrow(IllegalStateException::new);
        Thread[] threadArr = new Thread[threadGroup.activeCount() + 5];
        threadGroup.enumerate(threadArr);
        LOG.info("Try interrupt common pool");
        for (Thread thread : threadArr) {
            if (thread != null && thread.isAlive()) {
                thread.interrupt();
            }
        }
        try {
            Thread.sleep(100L);
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
        }
        if (commonPool.isQuiescent()) {
            return;
        }
        LOG.warn("There are still {} common pool workers active", Integer.valueOf(commonPool.getActiveThreadCount()));
    }

    private void checkThreadCreation() {
        if (this.blockThreadCreation || this.configuration == null || this.configuration.allowedThreadCount().isEmpty()) {
            checkForNonWhitelistedStackFrames(() -> {
                return Messages.localized("security.error_thread_access");
            });
            return;
        }
        int activeCount = this.testThreadGroup.activeCount();
        int asInt = this.configuration.allowedThreadCount().getAsInt();
        if (asInt < activeCount) {
            checkForNonWhitelistedStackFrames(() -> {
                return Messages.formatLocalized("security.error_thread_maxExceeded", Integer.valueOf(activeCount), Integer.valueOf(asInt));
            });
        }
    }

    private ThreadGroup getRootThreadGroup() {
        ThreadGroup threadGroup = this.testThreadGroup;
        while (true) {
            ThreadGroup threadGroup2 = threadGroup;
            ThreadGroup parent = threadGroup2.getParent();
            if (parent == null) {
                return threadGroup2;
            }
            threadGroup = parent;
        }
    }

    private boolean isMainThreadAndInactive() {
        return !this.isActive && Thread.currentThread() == SecurityConstants.MAIN_THREAD;
    }

    private boolean isCurrentThreadWhitelisted() {
        Thread currentThread = Thread.currentThread();
        Objects.requireNonNull(currentThread);
        String str = (String) externGet(currentThread::getName);
        Stream stream = Set.of("Finalizer", "InnocuousThread", "ForkJoinPool.commonPool").stream();
        Objects.requireNonNull(str);
        if (stream.anyMatch(str::startsWith)) {
            return false;
        }
        if (this.testThreadGroup.parentOf(currentThread.getThreadGroup())) {
            return this.whitelistedThreads.stream().anyMatch(thread -> {
                return thread.equals(currentThread);
            });
        }
        return true;
    }

    private void whitelistThread(Thread thread) {
        LOG.info("Request whitelisting: {} {}", thread, INSTANCE.whitelistedThreads);
        if (!isCurrentThreadWhitelisted()) {
            throw new SecurityException(Messages.localized("security.error_thread_whitelisting_failed"));
        }
        this.whitelistedThreads.add(thread);
        LOG.info("Thread whitelisted: {}", thread);
    }

    private void unwhitelistThreads() {
        this.whitelistedThreads.clear();
    }

    private void removeDeadThreads() {
        this.whitelistedThreads.removeIf(thread -> {
            return !thread.isAlive();
        });
    }

    static boolean isStaticWhitelisted(String str) {
        Stream<String> stream = SecurityConstants.STACK_WHITELIST.stream();
        Objects.requireNonNull(str);
        return stream.anyMatch(str::startsWith);
    }

    public static synchronized boolean isInstalled() {
        return System.getSecurityManager() instanceof ArtemisSecurityManager;
    }

    public static synchronized String install(ArtemisSecurityConfiguration artemisSecurityConfiguration) {
        if (INSTANCE.lastUninstallFailed) {
            LOG.info("Try recovery from lastUninstallFailed");
            INSTANCE.checkThreadGroup();
            INSTANCE.isPartlyDisabled = true;
            System.setSecurityManager(ORIGINAL);
            INSTANCE.isPartlyDisabled = false;
            INSTANCE.lastUninstallFailed = false;
        }
        if (LOG.isInfoEnabled()) {
            LOG.info("Request install with {}", artemisSecurityConfiguration.shortDesc());
        }
        String generateAccessToken = INSTANCE.generateAccessToken();
        INSTANCE.blockThreadCreation = false;
        INSTANCE.configuration = (ArtemisSecurityConfiguration) Objects.requireNonNull(artemisSecurityConfiguration);
        INSTANCE.removeDeadThreads();
        if (!isInstalled()) {
            System.setSecurityManager(INSTANCE);
        }
        INSTANCE.isActive = true;
        return generateAccessToken;
    }

    /* JADX WARN: Finally extract failed */
    public static synchronized void uninstall(String str) {
        if (!isInstalled()) {
            throw new IllegalStateException(Messages.localized("security.not_installed"));
        }
        Thread[] threadArr = new Thread[0];
        int priority = Thread.currentThread().getPriority();
        try {
            try {
                INSTANCE.checkAccess(str);
                if (INSTANCE.isPartlyDisabled) {
                    throw new IllegalStateException(Messages.localized("security.already_disabled"));
                }
                Thread.currentThread().setPriority(10);
                LOG.info("Request uninstall");
                System.gc();
                System.runFinalization();
                Thread[] checkThreadGroup = INSTANCE.checkThreadGroup();
                INSTANCE.checkCommonThreadPool();
                INSTANCE.unwhitelistThreads();
                INSTANCE.blockThreadCreation = false;
                INSTANCE.lastUninstallFailed = false;
                INSTANCE.isActive = false;
                Thread.currentThread().setPriority(priority);
                if (checkThreadGroup.length > 0) {
                    throw new IllegalStateException(Messages.formatLocalized("security.error_threads_still_active", Arrays.toString(checkThreadGroup)));
                }
            } catch (Throwable th) {
                INSTANCE.lastUninstallFailed = true;
                LOG.error("UNINSTALL FAILED", th);
                throw th;
            }
        } catch (Throwable th2) {
            Thread.currentThread().setPriority(priority);
            throw th2;
        }
    }

    public static synchronized void configure(String str, ArtemisSecurityConfiguration artemisSecurityConfiguration) {
        INSTANCE.checkAccess(str);
        INSTANCE.configuration = artemisSecurityConfiguration;
    }

    public static synchronized void requestThreadWhitelisting(Thread thread) {
        INSTANCE.whitelistThread(thread);
    }

    public static synchronized void revokeThreadWhitelisting() {
        if (INSTANCE.isCurrentThreadWhitelisted()) {
            INSTANCE.unwhitelistThreads();
        }
    }

    private static String hash(String str) {
        return str == null ? "" : Base64.getEncoder().encodeToString(SHA256.digest(str.getBytes(StandardCharsets.UTF_8)));
    }

    public static BiConsumer<String, Object> getOnSuppressedModification() {
        return ON_SUPPRESSED_MOD;
    }

    static {
        try {
            SHA256 = MessageDigest.getInstance("SHA-256");
            Messages.init();
            System.setSecurityManager(INSTANCE);
            ForkJoinPool.commonPool();
            INSTANCE.isPartlyDisabled = true;
            System.setSecurityManager(ORIGINAL);
            INSTANCE.isPartlyDisabled = false;
            if (!Objects.equals("main", SecurityConstants.MAIN_THREAD.getName())) {
                LOG.error("Expected ArtemisSecurityManager to be initialized in the main thread but was {}. Exiting...", SecurityConstants.MAIN_THREAD);
                System.exit(1);
            }
            ON_SUPPRESSED_MOD = (str, obj) -> {
                LOG.warn("addSuppressed, {} called with {}", str, obj == null ? "null" : obj.getClass());
            };
        } catch (NoSuchAlgorithmException e) {
            throw new ExceptionInInitializerError(e);
        }
    }
}
