package org.apache.river.api.security;

import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.DomainCombiner;
import java.security.Guard;
import java.security.Permission;
import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.SecurityPermission;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.Iterator;
import java.util.NavigableSet;
import java.util.concurrent.Callable;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.ConcurrentSkipListSet;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executor;
import java.util.concurrent.FutureTask;
import java.util.concurrent.RunnableFuture;
import java.util.concurrent.SynchronousQueue;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import net.jini.security.Security;
import net.jini.security.SecurityContext;
import net.jini.security.policy.PolicyInitializationException;
import org.apache.river.concurrent.RC;
import org.apache.river.concurrent.Ref;
import org.apache.river.concurrent.Referrer;
import org.apache.river.constants.TimeConstants;

/* loaded from: input_file:org/apache/river/api/security/CombinerSecurityManager.class */
public class CombinerSecurityManager extends SecurityManager implements CachingSecurityManager {
    private static Logger logger;
    private static final Object loggerLock = new Object();
    private final DomainCombiner dc;
    private final ConcurrentMap<AccessControlContext, AccessControlContext> contextCache;
    private final ConcurrentMap<Object, NavigableSet<Permission>> checked;
    private final Guard g;
    private final Action action;
    private final Executor executor;
    private final Comparator<Referrer<Permission>> permCompare;
    private final AccessControlContext SMConstructorContext;
    private final AccessControlContext SMPrivilegedContext;
    private final ProtectionDomain privilegedDomain;
    private final ThreadLocal<SecurityContext> threadContext;
    private final ThreadLocal<Boolean> inTrustedCodeRecursiveCall;
    private final boolean constructed;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/river/api/security/CombinerSecurityManager$Action.class */
    public static class Action implements PrivilegedAction<AccessControlContext> {
        private Action() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public AccessControlContext run() {
            return AccessController.getContext();
        }
    }

    /* loaded from: input_file:org/apache/river/api/security/CombinerSecurityManager$DelegateDomainCombiner.class */
    private class DelegateDomainCombiner implements DomainCombiner {
        private DelegateDomainCombiner() {
        }

        @Override // java.security.DomainCombiner
        public ProtectionDomain[] combine(ProtectionDomain[] protectionDomainArr, ProtectionDomain[] protectionDomainArr2) {
            int length = protectionDomainArr2.length;
            ArrayList arrayList = new ArrayList(length);
            for (int i = 0; i < length; i++) {
                if (protectionDomainArr2[i] != CombinerSecurityManager.this.privilegedDomain) {
                    arrayList.add(protectionDomainArr2[i]);
                }
            }
            return new DelegateProtectionDomain[]{new DelegateProtectionDomain((ProtectionDomain[]) arrayList.toArray(new ProtectionDomain[arrayList.size()]))};
        }
    }

    /* loaded from: input_file:org/apache/river/api/security/CombinerSecurityManager$DelegateProtectionDomain.class */
    private class DelegateProtectionDomain extends ProtectionDomain {
        private final ProtectionDomain[] context;

        DelegateProtectionDomain(ProtectionDomain[] protectionDomainArr) {
            super(null, null);
            this.context = protectionDomainArr;
        }

        @Override // java.security.ProtectionDomain
        public boolean implies(Permission permission) {
            Thread currentThread = Thread.currentThread();
            boolean interrupted = Thread.interrupted();
            int length = this.context.length;
            if (length < 4) {
                for (int i = 0; i < length; i++) {
                    if (!CombinerSecurityManager.this.checkPermission(this.context[i], permission)) {
                        if (!interrupted) {
                            return false;
                        }
                        currentThread.interrupt();
                        return false;
                    }
                }
                if (!interrupted) {
                    return true;
                }
                currentThread.interrupt();
                return true;
            }
            CountDownLatch countDownLatch = new CountDownLatch(length);
            ArrayList arrayList = new ArrayList(length);
            for (int i2 = 0; i2 < length; i2++) {
                arrayList.add(new FutureTask(new PermissionCheck(this.context[i2], permission, countDownLatch, (SecurityContext) CombinerSecurityManager.this.threadContext.get())));
            }
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                CombinerSecurityManager.this.executor.execute((Runnable) it.next());
            }
            try {
                if (!countDownLatch.await(180L, TimeUnit.SECONDS)) {
                    return false;
                }
                Iterator it2 = arrayList.iterator();
                do {
                    try {
                        if (!it2.hasNext()) {
                            if (!interrupted) {
                                return true;
                            }
                            currentThread.interrupt();
                            return true;
                        }
                    } catch (ExecutionException e) {
                        if (CombinerSecurityManager.access$600().isLoggable(Level.SEVERE)) {
                            CombinerSecurityManager.access$600().log(Level.SEVERE, (String) null, (Throwable) e);
                        }
                        throw new RuntimeException("Unrecoverable: ", e.getCause());
                    }
                } while (!((Boolean) ((RunnableFuture) it2.next()).get()).equals(Boolean.FALSE));
                if (!interrupted) {
                    return false;
                }
                currentThread.interrupt();
                return false;
            } catch (InterruptedException e2) {
                if (CombinerSecurityManager.access$600().isLoggable(Level.FINEST)) {
                    CombinerSecurityManager.access$600().log(Level.FINEST, "External Interruption", (Throwable) e2);
                }
                for (int i3 = 0; i3 < length; i3++) {
                    if (!CombinerSecurityManager.this.checkPermission(this.context[i3], permission)) {
                        currentThread.interrupt();
                        return false;
                    }
                }
                currentThread.interrupt();
                return true;
            }
        }

        public String toString() {
            StringBuilder sb = new StringBuilder(800);
            sb.append("DomainCombinerSecurityManager full stack: \n");
            int length = this.context.length;
            for (int i = 0; i < length; i++) {
                sb.append(this.context[i].toString());
            }
            return sb.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/river/api/security/CombinerSecurityManager$PermissionCheck.class */
    public class PermissionCheck implements Callable<Boolean> {
        private final ProtectionDomain pd;
        private final Permission p;
        private final CountDownLatch latch;
        private final SecurityContext securityContext;

        PermissionCheck(ProtectionDomain protectionDomain, Permission permission, CountDownLatch countDownLatch, SecurityContext securityContext) {
            if (protectionDomain == null || permission == null) {
                throw new NullPointerException();
            }
            this.pd = protectionDomain;
            this.p = permission;
            this.latch = countDownLatch;
            this.securityContext = securityContext;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public Boolean call() throws Exception {
            try {
                return (Boolean) AccessController.doPrivileged(this.securityContext != null ? this.securityContext.wrap(new PrivilegedAction<Boolean>() { // from class: org.apache.river.api.security.CombinerSecurityManager.PermissionCheck.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public Boolean run() {
                        return Boolean.valueOf(CombinerSecurityManager.this.checkPermission(PermissionCheck.this.pd, PermissionCheck.this.p));
                    }
                }) : new PrivilegedAction<Boolean>() { // from class: org.apache.river.api.security.CombinerSecurityManager.PermissionCheck.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public Boolean run() {
                        return Boolean.valueOf(CombinerSecurityManager.this.checkPermission(PermissionCheck.this.pd, PermissionCheck.this.p));
                    }
                });
            } finally {
                this.latch.countDown();
            }
        }
    }

    private static Logger getLogger() {
        synchronized (loggerLock) {
            if (logger != null) {
                return logger;
            }
            logger = Logger.getLogger(CombinerSecurityManager.class.getName());
            return logger;
        }
    }

    private static boolean check() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager == null) {
            return true;
        }
        securityManager.checkPermission(new RuntimePermission("createSecurityManager"));
        return true;
    }

    public CombinerSecurityManager() {
        this(check());
    }

    private CombinerSecurityManager(boolean z) {
        String property = System.getProperty("policy.provider");
        if (property == null || "sun.security.provider.PolicyFile".equals(property)) {
            try {
                Policy.setPolicy(new ConcurrentPolicyFile());
            } catch (PolicyInitializationException e) {
                throw new ExceptionInInitializerError(e);
            }
        }
        this.SMConstructorContext = AccessController.getContext();
        this.privilegedDomain = getClass().getProtectionDomain();
        this.SMPrivilegedContext = new AccessControlContext(new ProtectionDomain[]{this.privilegedDomain});
        this.dc = new DelegateDomainCombiner();
        this.contextCache = RC.concurrentMap(new ConcurrentHashMap(), Ref.TIME, Ref.STRONG, TimeConstants.MINUTES, TimeConstants.MINUTES);
        this.checked = RC.concurrentMap(new ConcurrentHashMap(), Ref.TIME, Ref.STRONG, 20000L, 20000L);
        this.g = new SecurityPermission("getPolicy");
        this.action = new Action();
        int availableProcessors = Runtime.getRuntime().availableProcessors();
        this.executor = new ThreadPoolExecutor(availableProcessors, (int) (availableProcessors / (1.0d - 0.6d)), 20L, TimeUnit.SECONDS, new SynchronousQueue(), new ThreadFactory() { // from class: org.apache.river.api.security.CombinerSecurityManager.1
            @Override // java.util.concurrent.ThreadFactory
            public Thread newThread(Runnable runnable) {
                Thread thread = new Thread(runnable, "CombinerSecurityManager_thread");
                thread.setDaemon(true);
                return thread;
            }
        }, new ThreadPoolExecutor.CallerRunsPolicy());
        this.permCompare = RC.comparator(new PermissionComparator());
        this.threadContext = new ThreadLocal<>();
        this.inTrustedCodeRecursiveCall = new ThreadLocal<>();
        try {
            checkPermission(new RuntimePermission("setIO"), this.SMPrivilegedContext);
            this.constructed = Security.class != 0;
        } catch (ExceptionInInitializerError e2) {
            ExceptionInInitializerError exceptionInInitializerError = new ExceptionInInitializerError("All domains on stack when starting a security manager must have AllPermission");
            exceptionInInitializerError.initCause(e2);
            throw exceptionInInitializerError;
        }
    }

    @Override // java.lang.SecurityManager
    public Object getSecurityContext() {
        this.inTrustedCodeRecursiveCall.set(Boolean.TRUE);
        try {
            return Security.getContext();
        } finally {
            this.inTrustedCodeRecursiveCall.set(Boolean.FALSE);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission) throws SecurityException {
        if (this.inTrustedCodeRecursiveCall.get() == Boolean.TRUE) {
            return;
        }
        checkPermission(permission, getSecurityContext());
    }

    @Override // java.lang.SecurityManager
    public final void checkPermission(Permission permission, Object obj) throws SecurityException {
        AccessControlContext accessControlContext;
        if (permission == null) {
            throw new NullPointerException("Permission Collection null");
        }
        permission.getActions();
        SecurityContext securityContext = null;
        if (obj instanceof AccessControlContext) {
            accessControlContext = (AccessControlContext) obj;
        } else {
            if (!(obj instanceof SecurityContext)) {
                throw new SecurityException();
            }
            securityContext = (SecurityContext) obj;
            accessControlContext = securityContext.getAccessControlContext();
        }
        this.threadContext.set(securityContext);
        if (this.constructed && (this.SMPrivilegedContext.equals(accessControlContext) || this.SMConstructorContext.equals(accessControlContext))) {
            return;
        }
        NavigableSet<Permission> navigableSet = this.checked.get(obj);
        if (navigableSet == null) {
            navigableSet = RC.navigableSet(new ConcurrentSkipListSet(this.permCompare), Ref.TIME, 10000L);
            this.inTrustedCodeRecursiveCall.set(Boolean.TRUE);
            try {
                NavigableSet<Permission> putIfAbsent = this.checked.putIfAbsent(obj, navigableSet);
                if (putIfAbsent != null) {
                    navigableSet = putIfAbsent;
                }
            } finally {
            }
        }
        if (navigableSet.contains(permission)) {
            return;
        }
        AccessControlContext accessControlContext2 = this.contextCache.get(accessControlContext);
        if (accessControlContext2 == null) {
            final AccessControlContext accessControlContext3 = accessControlContext;
            this.inTrustedCodeRecursiveCall.set(Boolean.TRUE);
            try {
                AccessControlContext accessControlContext4 = (AccessControlContext) AccessController.doPrivileged(new PrivilegedAction<AccessControlContext>() { // from class: org.apache.river.api.security.CombinerSecurityManager.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public AccessControlContext run() {
                        return new AccessControlContext(accessControlContext3, CombinerSecurityManager.this.dc);
                    }
                });
                this.inTrustedCodeRecursiveCall.set(Boolean.FALSE);
                accessControlContext2 = (AccessControlContext) AccessController.doPrivileged(this.action, accessControlContext4);
                this.inTrustedCodeRecursiveCall.set(Boolean.TRUE);
                try {
                    this.contextCache.putIfAbsent(accessControlContext, accessControlContext2);
                    this.inTrustedCodeRecursiveCall.set(Boolean.FALSE);
                } finally {
                    this.inTrustedCodeRecursiveCall.set(Boolean.FALSE);
                }
            } finally {
                this.inTrustedCodeRecursiveCall.set(Boolean.FALSE);
            }
        }
        accessControlContext2.checkPermission(permission);
        navigableSet.add(permission);
    }

    @Override // org.apache.river.api.security.CachingSecurityManager
    public void clearCache() throws SecurityException {
        this.g.checkGuard(this);
        this.inTrustedCodeRecursiveCall.set(Boolean.TRUE);
        try {
            this.checked.clear();
        } finally {
            this.inTrustedCodeRecursiveCall.set(Boolean.FALSE);
        }
    }

    protected boolean checkPermission(ProtectionDomain protectionDomain, Permission permission) {
        return protectionDomain.implies(permission);
    }

    static /* synthetic */ Logger access$600() {
        return getLogger();
    }
}
