package org.apache.catalina.security;

import java.util.HashSet;
import java.util.Locale;
import java.util.Set;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleEvent;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.Server;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.StringUtils;
import org.apache.tomcat.util.res.StringManager;

/* loaded from: input_file:WEB-INF/lib/tomcat-embed-core-10.1.13.jar:org/apache/catalina/security/SecurityListener.class */
public class SecurityListener implements LifecycleListener {
    private static final Log log = LogFactory.getLog((Class<?>) SecurityListener.class);
    private static final StringManager sm = StringManager.getManager(Constants.PACKAGE);
    private static final String UMASK_PROPERTY_NAME = "org.apache.catalina.security.SecurityListener.UMASK";
    private static final String UMASK_FORMAT = "%04o";
    private final Set<String> checkedOsUsers = new HashSet();
    private Integer minimumUmask = 7;

    public SecurityListener() {
        this.checkedOsUsers.add("root");
    }

    @Override // org.apache.catalina.LifecycleListener
    public void lifecycleEvent(LifecycleEvent lifecycleEvent) {
        if (lifecycleEvent.getType().equals(Lifecycle.BEFORE_INIT_EVENT)) {
            if (!(lifecycleEvent.getLifecycle() instanceof Server)) {
                log.warn(sm.getString("listener.notServer", lifecycleEvent.getLifecycle().getClass().getSimpleName()));
            }
            doChecks();
        }
    }

    public void setCheckedOsUsers(String str) {
        if (str == null || str.length() == 0) {
            this.checkedOsUsers.clear();
            return;
        }
        for (String str2 : str.split(",")) {
            if (str2.length() > 0) {
                this.checkedOsUsers.add(str2.toLowerCase(Locale.getDefault()));
            }
        }
    }

    public String getCheckedOsUsers() {
        return StringUtils.join(this.checkedOsUsers);
    }

    public void setMinimumUmask(String str) {
        if (str == null || str.length() == 0) {
            this.minimumUmask = 0;
        } else {
            this.minimumUmask = Integer.valueOf(str, 8);
        }
    }

    public String getMinimumUmask() {
        return String.format(UMASK_FORMAT, this.minimumUmask);
    }

    protected void doChecks() {
        checkOsUser();
        checkUmask();
    }

    protected void checkOsUser() {
        String property = System.getProperty("user.name");
        if (property != null && this.checkedOsUsers.contains(property.toLowerCase(Locale.getDefault()))) {
            throw new Error(sm.getString("SecurityListener.checkUserWarning", property));
        }
    }

    protected void checkUmask() {
        String property = System.getProperty(UMASK_PROPERTY_NAME);
        Integer num = null;
        if (property != null) {
            try {
                num = Integer.valueOf(property, 8);
            } catch (NumberFormatException e) {
                log.warn(sm.getString("SecurityListener.checkUmaskParseFail", property));
            }
        }
        if (num != null) {
            if ((num.intValue() & this.minimumUmask.intValue()) != this.minimumUmask.intValue()) {
                throw new Error(sm.getString("SecurityListener.checkUmaskFail", String.format(UMASK_FORMAT, num), getMinimumUmask()));
            }
        } else if ("\r\n".equals(System.lineSeparator())) {
            if (log.isDebugEnabled()) {
                log.debug(sm.getString("SecurityListener.checkUmaskSkip"));
            }
        } else if (this.minimumUmask.intValue() > 0) {
            log.warn(sm.getString("SecurityListener.checkUmaskNone", UMASK_PROPERTY_NAME, getMinimumUmask()));
        }
    }
}
