package org.elasticsearch.bootstrap;

import java.io.FilePermission;
import java.io.IOException;
import java.net.SocketPermission;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.AccessMode;
import java.nio.file.DirectoryStream;
import java.nio.file.FileAlreadyExistsException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.NotDirectoryException;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.NoSuchAlgorithmException;
import java.security.Permissions;
import java.security.Policy;
import java.security.URIParameter;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.elasticsearch.SecureSM;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.http.netty.NettyHttpServerTransport;
import org.elasticsearch.plugins.PluginInfo;
import org.elasticsearch.transport.netty.NettyTransport;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-309.zip:modules/system/layers/fuse/org/elasticsearch/main/elasticsearch-2.2.0.jar:org/elasticsearch/bootstrap/Security.class */
public final class Security {
    private Security() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void configure(Environment environment, boolean z) throws Exception {
        Policy.setPolicy(new ESPolicy(createPermissions(environment), getPluginPermissions(environment), z));
        System.setSecurityManager(new SecureSM());
        selfTest();
    }

    @SuppressForbidden(reason = "proper use of URL")
    static Map<String, Policy> getPluginPermissions(Environment environment) throws IOException, NoSuchAlgorithmException {
        DirectoryStream<Path> newDirectoryStream;
        HashMap hashMap = new HashMap();
        ArrayList<Path> arrayList = new ArrayList();
        if (Files.exists(environment.pluginsFile(), new LinkOption[0])) {
            newDirectoryStream = Files.newDirectoryStream(environment.pluginsFile());
            Throwable th = null;
            try {
                try {
                    Iterator<Path> it = newDirectoryStream.iterator();
                    while (it.hasNext()) {
                        arrayList.add(it.next());
                    }
                    if (newDirectoryStream != null) {
                        if (0 != 0) {
                            try {
                                newDirectoryStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newDirectoryStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        }
        if (Files.exists(environment.modulesFile(), new LinkOption[0])) {
            newDirectoryStream = Files.newDirectoryStream(environment.modulesFile());
            Throwable th3 = null;
            try {
                try {
                    Iterator<Path> it2 = newDirectoryStream.iterator();
                    while (it2.hasNext()) {
                        arrayList.add(it2.next());
                    }
                    if (newDirectoryStream != null) {
                        if (0 != 0) {
                            try {
                                newDirectoryStream.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            newDirectoryStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        }
        for (Path path : arrayList) {
            Path resolve = path.resolve(PluginInfo.ES_PLUGIN_POLICY);
            if (Files.exists(resolve, new LinkOption[0])) {
                ArrayList<URL> arrayList2 = new ArrayList();
                DirectoryStream<Path> newDirectoryStream2 = Files.newDirectoryStream(path, "*.jar");
                Throwable th5 = null;
                try {
                    try {
                        Iterator<Path> it3 = newDirectoryStream2.iterator();
                        while (it3.hasNext()) {
                            arrayList2.add(it3.next().toRealPath(new LinkOption[0]).toUri().toURL());
                        }
                        if (newDirectoryStream2 != null) {
                            if (0 != 0) {
                                try {
                                    newDirectoryStream2.close();
                                } catch (Throwable th6) {
                                    th5.addSuppressed(th6);
                                }
                            } else {
                                newDirectoryStream2.close();
                            }
                        }
                        Policy readPolicy = readPolicy(resolve.toUri().toURL(), (URL[]) arrayList2.toArray(new URL[arrayList2.size()]));
                        for (URL url : arrayList2) {
                            if (hashMap.put(url.getFile(), readPolicy) != null) {
                                throw new IllegalStateException("per-plugin permissions already granted for jar file: " + url);
                            }
                        }
                    } finally {
                    }
                } catch (Throwable th7) {
                    if (newDirectoryStream2 != null) {
                        if (th5 != null) {
                            try {
                                newDirectoryStream2.close();
                            } catch (Throwable th8) {
                                th5.addSuppressed(th8);
                            }
                        } else {
                            newDirectoryStream2.close();
                        }
                    }
                    throw th7;
                }
            }
        }
        return Collections.unmodifiableMap(hashMap);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
    public static Policy readPolicy(URL url, URL[] urlArr) {
        try {
            try {
                for (URL url2 : urlArr) {
                    System.setProperty("codebase." + PathUtils.get(url2.toURI()).getFileName().toString(), url2.toString());
                }
                Policy policy = Policy.getInstance("JavaPolicy", new URIParameter(url.toURI()));
                for (URL url3 : urlArr) {
                    System.clearProperty("codebase." + PathUtils.get(url3.toURI()).getFileName().toString());
                }
                return policy;
            } catch (Throwable th) {
                for (URL url4 : urlArr) {
                    System.clearProperty("codebase." + PathUtils.get(url4.toURI()).getFileName().toString());
                }
                throw th;
            }
        } catch (URISyntaxException | NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("unable to parse policy file `" + url + "`", e);
        }
    }

    static Permissions createPermissions(Environment environment) throws IOException {
        Permissions permissions = new Permissions();
        addClasspathPermissions(permissions);
        addFilePermissions(permissions, environment);
        addBindPermissions(permissions, environment.settings());
        return permissions;
    }

    @SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
    static void addClasspathPermissions(Permissions permissions) throws IOException {
        for (URL url : JarHell.parseClassPath()) {
            try {
                Path path = PathUtils.get(url.toURI());
                permissions.add(new FilePermission(path.toString(), "read,readlink"));
                if (Files.isDirectory(path, new LinkOption[0])) {
                    permissions.add(new FilePermission(path.toString() + path.getFileSystem().getSeparator() + "-", "read,readlink"));
                }
            } catch (URISyntaxException e) {
                throw new RuntimeException(e);
            }
        }
    }

    static void addFilePermissions(Permissions permissions, Environment environment) {
        addPath(permissions, "path.home", environment.binFile(), "read,readlink");
        addPath(permissions, "path.home", environment.libFile(), "read,readlink");
        addPath(permissions, "path.home", environment.modulesFile(), "read,readlink");
        addPath(permissions, "path.plugins", environment.pluginsFile(), "read,readlink");
        addPath(permissions, "path.conf", environment.configFile(), "read,readlink");
        addPath(permissions, "path.scripts", environment.scriptsFile(), "read,readlink");
        addPath(permissions, "java.io.tmpdir", environment.tmpFile(), "read,readlink,write,delete");
        addPath(permissions, "path.logs", environment.logsFile(), "read,readlink,write,delete");
        if (environment.sharedDataFile() != null) {
            addPath(permissions, "path.shared_data", environment.sharedDataFile(), "read,readlink,write,delete");
        }
        for (Path path : environment.dataFiles()) {
            addPath(permissions, "path.data", path, "read,readlink,write,delete");
        }
        for (Path path2 : environment.dataWithClusterFiles()) {
            addPath(permissions, "path.data", path2, "read,readlink,write,delete");
        }
        for (Path path3 : environment.repoFiles()) {
            addPath(permissions, "path.repo", path3, "read,readlink,write,delete");
        }
        if (environment.pidFile() != null) {
            permissions.add(new FilePermission(environment.pidFile().toString(), "delete"));
        }
    }

    static void addBindPermissions(Permissions permissions, Settings settings) throws IOException {
        permissions.add(new SocketPermission("*:" + settings.get("http.netty.port", settings.get("http.port", NettyHttpServerTransport.DEFAULT_PORT_RANGE)), "listen,resolve"));
        Map<String, Settings> groups = settings.getGroups("transport.profiles", true);
        if (!groups.containsKey("default")) {
            groups = new HashMap(groups);
            groups.put("default", Settings.EMPTY);
        }
        for (Map.Entry<String, Settings> entry : groups.entrySet()) {
            Settings value = entry.getValue();
            String key = entry.getKey();
            String str = value.get("port", settings.get("transport.tcp.port", NettyTransport.DEFAULT_PORT_RANGE));
            if ("default".equals(key) || (Strings.hasLength(key) && value.get("port") != null)) {
                permissions.add(new SocketPermission("*:" + str, "listen,resolve"));
            }
        }
    }

    static void addPath(Permissions permissions, String str, Path path, String str2) {
        try {
            ensureDirectoryExists(path);
            permissions.add(new FilePermission(path.toString(), str2));
            permissions.add(new FilePermission(path.toString() + path.getFileSystem().getSeparator() + "-", str2));
        } catch (IOException e) {
            throw new IllegalStateException("Unable to access '" + str + "' (" + path + ")", e);
        }
    }

    static void ensureDirectoryExists(Path path) throws IOException {
        if (Files.isDirectory(path, new LinkOption[0])) {
            path.getFileSystem().provider().checkAccess(path.toRealPath(new LinkOption[0]), AccessMode.READ);
            return;
        }
        try {
            Files.createDirectories(path, new FileAttribute[0]);
        } catch (FileAlreadyExistsException e) {
            NotDirectoryException notDirectoryException = new NotDirectoryException(path.toString());
            notDirectoryException.addSuppressed(e);
            throw notDirectoryException;
        }
    }

    @SuppressForbidden(reason = "accesses jvm default tempdir as a self-test")
    static void selfTest() throws IOException {
        try {
            try {
                Files.delete(Files.createTempFile(null, null, new FileAttribute[0]));
            } catch (IOException e) {
            }
        } catch (SecurityException e2) {
            throw new SecurityException("Security misconfiguration: cannot access java.io.tmpdir", e2);
        }
    }
}
