package org.autoplot;

import java.awt.AWTPermission;
import java.io.File;
import java.io.FilePermission;
import java.net.InetAddress;
import java.net.NetPermission;
import java.net.URLPermission;
import java.nio.file.LinkPermission;
import java.security.AllPermission;
import java.security.Permission;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.PropertyPermission;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.logging.LoggingPermission;
import javax.sound.sampled.AudioPermission;
import org.autoplot.datasource.AutoplotSettings;
import org.autoplot.hapi.HapiDataSource;
import org.das2.util.LoggerManager;

/* loaded from: input_file:org/autoplot/Sandbox.class */
public final class Sandbox {
    private static final Logger logger = LoggerManager.getLogger("autoplot.security");
    private static SecurityManager instance = null;

    public static synchronized SecurityManager getSandboxManager() {
        if (instance == null) {
            instance = createSandboxManager();
        }
        return instance;
    }

    private static SecurityManager createSandboxManager() {
        boolean equals = System.getProperty("os.name").equals("Linux");
        boolean startsWith = System.getProperty("os.name").startsWith("Windows");
        boolean z = !startsWith;
        ArrayList arrayList = new ArrayList();
        arrayList.add(AutoplotSettings.settings().resolveProperty(AutoplotSettings.PROP_AUTOPLOTDATA));
        if (equals) {
            arrayList.add(System.getProperty("user.home") + "/.java/.userPrefs");
        }
        if (z) {
            arrayList.add("/tmp");
        } else {
            arrayList.add(System.getProperty("user.home") + "\\AppData\\Local\\Temp");
        }
        arrayList.add(HapiDataSource.getHapiCache());
        ArrayList arrayList2 = new ArrayList(arrayList);
        String property = System.getProperty("java.class.path");
        if (startsWith) {
            arrayList2.addAll(Arrays.asList(property.split(";")));
        } else {
            arrayList2.addAll(Arrays.asList(property.split(":")));
        }
        arrayList2.add(System.getProperty("java.home"));
        if (equals) {
            arrayList2.add("/usr/share/fonts/");
            arrayList2.add(System.getProperty("user.home") + "/.fonts/");
        }
        arrayList2.add("__classpath__");
        if (startsWith) {
            arrayList2.add(System.getProperty("user.home") + "\\.das2rc");
        } else {
            arrayList2.add(System.getProperty("user.home") + "/.das2rc");
        }
        final List unmodifiableList = Collections.unmodifiableList(arrayList);
        final List unmodifiableList2 = Collections.unmodifiableList(arrayList2);
        HashSet hashSet = new HashSet();
        if (z) {
            hashSet.add("/etc");
            hashSet.add("/sys");
            hashSet.add("/boot");
            hashSet.add("/proc");
            hashSet.add("/dev");
        }
        final Set unmodifiableSet = Collections.unmodifiableSet(hashSet);
        HashSet hashSet2 = new HashSet();
        hashSet2.add("sun.awt.disablegrab");
        hashSet2.add("java.awt.headless");
        hashSet2.add("useHugeScatter");
        hashSet2.add("rangeChecking");
        hashSet2.add("sun.arch.data.model");
        hashSet2.add("line.separator");
        hashSet2.add("os.name");
        hashSet2.add("os.arch");
        hashSet2.add("user.dir");
        hashSet2.add("user.home");
        hashSet2.add("java.home");
        hashSet2.add("java.version");
        hashSet2.add("proxyHost");
        hashSet2.add("socksProxyHost");
        hashSet2.add("https.proxyHost");
        hashSet2.add("http.agent");
        hashSet2.add("enableReferenceCache");
        hashSet2.add("sun.awt.noerasebackground");
        hashSet2.add("HAPI_DATA");
        hashSet2.add("AUTOPLOT_DATA");
        hashSet2.add("cdawebHttps");
        hashSet2.add("python.cachedir");
        final Set unmodifiableSet2 = Collections.unmodifiableSet(hashSet2);
        HashSet hashSet3 = new HashSet();
        hashSet3.add("accessClipboard");
        hashSet3.add("AWTPermission");
        hashSet3.add("suppressAccessChecks");
        hashSet3.add("accessDeclaredMembers");
        final Set unmodifiableSet3 = Collections.unmodifiableSet(hashSet3);
        HashSet hashSet4 = new HashSet();
        hashSet4.add("putProviderProperty.SunRsaSign");
        hashSet4.add("putProviderProperty.SUN");
        hashSet4.add("putProviderProperty.Sun");
        hashSet4.add("putProviderProperty.XMLD");
        final Set unmodifiableSet4 = Collections.unmodifiableSet(hashSet4);
        return new SecurityManager() { // from class: org.autoplot.Sandbox.1
            @Override // java.lang.SecurityManager
            public ThreadGroup getThreadGroup() {
                return super.getThreadGroup();
            }

            @Override // java.lang.SecurityManager
            public void checkSecurityAccess(String str) {
                for (String str2 : unmodifiableSet4) {
                    if (str.startsWith(str2)) {
                        Sandbox.logger.log(Level.FINER, "checkSecurityAccess({0})", str2);
                        return;
                    }
                }
                Sandbox.logger.log(Level.FINE, "checkSecurityAccess({0})", str);
            }

            @Override // java.lang.SecurityManager
            public void checkPackageDefinition(String str) {
                Sandbox.logger.log(Level.FINE, "checkPackageDefinition({0})", str);
            }

            @Override // java.lang.SecurityManager
            public void checkPropertyAccess(String str) {
                if (unmodifiableSet2.contains(str)) {
                    Sandbox.logger.log(Level.FINER, "checkPropertyAccess({0}) OK", str);
                } else {
                    Sandbox.logger.log(Level.FINER, "checkPropertyAccess({0}) (All properties are okay)", str);
                }
            }

            @Override // java.lang.SecurityManager
            public void checkMulticast(InetAddress inetAddress) {
                Sandbox.logger.log(Level.FINE, "checkMulticast({0})", inetAddress);
            }

            @Override // java.lang.SecurityManager
            public void checkAccept(String str, int i) {
                Sandbox.logger.log(Level.FINER, "checkAccept({0}, {1})", new Object[]{str, Integer.valueOf(i)});
            }

            @Override // java.lang.SecurityManager
            public void checkListen(int i) {
                Sandbox.logger.log(Level.FINER, "checkListen({0})", Integer.valueOf(i));
            }

            @Override // java.lang.SecurityManager
            public void checkConnect(String str, int i, Object obj) {
                Sandbox.logger.log(Level.FINER, "checkConnect({0}, {1}, {2}) NET", new Object[]{str, Integer.valueOf(i), obj});
            }

            @Override // java.lang.SecurityManager
            public void checkConnect(String str, int i) {
                Sandbox.logger.log(Level.FINER, "checkConnect({0}, {1}) NET", new Object[]{str, Integer.valueOf(i)});
            }

            private boolean whitelistFile(String str) {
                if (str.contains("..")) {
                    return false;
                }
                return unmodifiableList.stream().anyMatch(str2 -> {
                    return str.startsWith(str2);
                });
            }

            private boolean readOnlyWhitelistFile(String str) {
                if (str.contains("..")) {
                    return false;
                }
                return unmodifiableList2.stream().anyMatch(str2 -> {
                    return str.startsWith(str2);
                });
            }

            private boolean readOnlyBlacklistFile(String str) {
                if (str.contains("..")) {
                    return false;
                }
                return unmodifiableSet.stream().anyMatch(str2 -> {
                    return str.startsWith(str2);
                });
            }

            private String getCanonicalFile(String str) {
                return new File(str).getAbsolutePath();
            }

            @Override // java.lang.SecurityManager
            public void checkDelete(String str) {
                String canonicalFile = getCanonicalFile(str);
                if (!whitelistFile(canonicalFile)) {
                    throw new SecurityException("sandbox disallows delete of " + canonicalFile);
                }
                Sandbox.logger.log(Level.FINER, "checkDelete({0}) WHITELIST", canonicalFile);
            }

            @Override // java.lang.SecurityManager
            public void checkWrite(String str) {
                String canonicalFile = getCanonicalFile(str);
                if (!whitelistFile(canonicalFile)) {
                    throw new SecurityException("sandbox disallows write of " + canonicalFile);
                }
                Sandbox.logger.log(Level.FINER, "checkWrite({0}) WHITELIST", canonicalFile);
            }

            @Override // java.lang.SecurityManager
            public void checkRead(String str, Object obj) {
                String canonicalFile = getCanonicalFile(str);
                if (readOnlyWhitelistFile(canonicalFile)) {
                    Sandbox.logger.log(Level.FINER, "checkRead({0}, {1}) WHITELIST", new Object[]{canonicalFile, obj});
                } else {
                    if (readOnlyBlacklistFile(canonicalFile)) {
                        throw new SecurityException(String.format("sandbox disallows read from " + canonicalFile, new Object[0]));
                    }
                    Sandbox.logger.log(Level.FINER, "checkRead({0}, {1})", new Object[]{canonicalFile, obj});
                    Sandbox.logger.log(Level.FINE, "checkRead({0}, {1})", new Object[]{canonicalFile, obj});
                }
            }

            @Override // java.lang.SecurityManager
            public void checkRead(String str) {
                String canonicalFile = getCanonicalFile(str);
                if (readOnlyWhitelistFile(canonicalFile)) {
                    Sandbox.logger.log(Level.FINER, "checkRead({0}) WHITELIST", canonicalFile);
                } else {
                    if (readOnlyBlacklistFile(canonicalFile)) {
                        throw new SecurityException(String.format("checkRead( (%s) BLACKLIST", canonicalFile));
                    }
                    Sandbox.logger.log(Level.FINER, "checkRead({0})", canonicalFile);
                }
            }

            @Override // java.lang.SecurityManager
            public void checkPermission(Permission permission, Object obj) {
                Sandbox.logger.log(Level.FINE, "checkPermission( {0}, {1})", new Object[]{permission.getName(), obj});
                checkPermission(permission);
            }

            @Override // java.lang.SecurityManager
            public void checkPermission(Permission permission) {
                if (permission instanceof PropertyPermission) {
                    String name = permission.getName();
                    String actions = permission.getActions();
                    if (unmodifiableSet2.contains(name)) {
                        Sandbox.logger.log(Level.FINER, "checkPermission( PropertyPermission {0} ) OK", new Object[]{name});
                        return;
                    }
                    if ("*".equals(name) && "read,write".equals(actions)) {
                        Sandbox.logger.log(Level.FINER, "checkPermission( PropertyPermission * read,write ) okay for Beans", new Object[]{name});
                        return;
                    } else if ("read".equals(actions)) {
                        Sandbox.logger.log(Level.FINER, "checkPermission( PropertyPermission read ) OK");
                        return;
                    } else {
                        Sandbox.logger.log(Level.FINE, "checkPermission( PropertyPermission {0} )", new Object[]{name});
                        return;
                    }
                }
                if (permission instanceof LoggingPermission) {
                    Sandbox.logger.log(Level.FINER, "checkPermission( LoggingPermission {0} ) OK", new Object[]{permission});
                    return;
                }
                if (permission instanceof AWTPermission) {
                    Sandbox.logger.log(Level.FINER, "checkPermission( AWTPermission {0} ) OK", new Object[]{permission});
                    return;
                }
                if (permission instanceof URLPermission) {
                    Sandbox.logger.log(Level.FINER, "checkPermission( URLPermission {0} ) OK", new Object[]{permission});
                    return;
                }
                if (permission instanceof FilePermission) {
                    String name2 = permission.getName();
                    if (!"read".equals(permission.getActions())) {
                        super.checkPermission(permission);
                        return;
                    } else if (readOnlyWhitelistFile(name2)) {
                        Sandbox.logger.log(Level.FINER, "checkPermission( FilePermission({0}) WHITELIST", name2);
                        return;
                    } else {
                        if (readOnlyBlacklistFile(name2)) {
                            throw new SecurityException(String.format("checkPermission( FilePermission(%s) BLACKLIST", name2));
                        }
                        Sandbox.logger.log(Level.FINER, "checkPermission( FilePermission({0})", name2);
                        return;
                    }
                }
                if (permission instanceof LinkPermission) {
                    throw new SecurityException(String.format("sandbox disallows making filesystem links.", new Object[0]));
                }
                if (permission instanceof RuntimePermission) {
                    Sandbox.logger.log(Level.FINER, "checkPermission( RuntimePermission {0} ) OK", new Object[]{permission.getName()});
                    return;
                }
                if (permission instanceof AllPermission) {
                    Sandbox.logger.log(Level.FINER, "checkPermission( AllPermission ) FileSystem calls so OK");
                    return;
                }
                if (permission instanceof NetPermission) {
                    Sandbox.logger.log(Level.FINER, "checkPermission( NetPermission ) OK, but this should be studied more.");
                    return;
                }
                if (permission instanceof AudioPermission) {
                    throw new SecurityException(String.format("checkPermission( AudioPermission(%s) )", permission.getName()));
                }
                String name3 = permission.getName();
                if (unmodifiableSet3.contains(name3)) {
                    Sandbox.logger.log(Level.FINER, "checkPermission( {0} ) OK", new Object[]{name3});
                } else {
                    if (!name3.startsWith("getProperty")) {
                        throw new SecurityException(String.format("unrecognized permission: (%s)", name3));
                    }
                    Sandbox.logger.log(Level.FINER, "checkPermission( {0} ) OK getProperty", new Object[]{name3});
                }
            }
        };
    }

    public static void enterSandbox() {
        System.setSecurityManager(getSandboxManager());
    }
}
