package org.rythmengine.sandbox;

import de.sep.sesam.ui.images.Images;
import java.io.File;
import java.io.FilePermission;
import java.net.InetAddress;
import java.security.Permission;
import java.util.Locale;
import org.apache.poi.util.TempFile;
import org.rythmengine.RythmEngine;
import org.rythmengine.Sandbox;
import org.rythmengine.conf.RythmConfigurationKey;
import org.rythmengine.logger.ILogger;
import org.rythmengine.logger.Logger;
import org.rythmengine.utils.S;

/* loaded from: input_file:org/rythmengine/sandbox/RythmSecurityManager.class */
public class RythmSecurityManager extends SecurityManager {
    private SecurityManager osm = System.getSecurityManager();
    private SecurityManager csm;
    private String code;
    private static ILogger logger = Logger.get(RythmSecurityManager.class);
    private static IFilePathValidator readable = new IFilePathValidator() { // from class: org.rythmengine.sandbox.RythmSecurityManager.1
        @Override // org.rythmengine.sandbox.RythmSecurityManager.IFilePathValidator
        public boolean isValid(String str) {
            String str2 = str;
            if (str.matches("^(jar:file:)?[a-zA-Z]:.*")) {
                str2 = "/" + str.replace("\\", "/").toLowerCase();
            }
            if (str2.startsWith(RythmSecurityManager.BASE_RYTHM) || str2.startsWith(RythmSecurityManager.BASE_JDK) || RythmSecurityManager.allowTmpDirIO(str)) {
                return true;
            }
            if (!RythmSecurityManager.access$300().conf().playFramework()) {
                return false;
            }
            StackTraceElement[] stackTrace = new Throwable().getStackTrace();
            return stackTrace.length > 6 && S.eq(stackTrace[5].getClassName(), "play.classloading.ApplicationClasses");
        }
    };
    private static IFilePathValidator writable = new IFilePathValidator() { // from class: org.rythmengine.sandbox.RythmSecurityManager.2
        @Override // org.rythmengine.sandbox.RythmSecurityManager.IFilePathValidator
        public boolean isValid(String str) {
            return RythmSecurityManager.allowTmpDirIO(str);
        }
    };
    private static IFilePathValidator deletable = writable;
    private static final String BASE_RYTHM = RythmEngine.class.getResource(RythmEngine.class.getSimpleName() + ".class").getFile().replace("RythmEngine.class", "").toLowerCase(Locale.US);
    private static final String BASE_JDK = Integer.class.getResource(Integer.class.getSimpleName() + ".class").getFile().replace("Integer.class", "").toLowerCase(Locale.US);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/rythmengine/sandbox/RythmSecurityManager$IFilePathValidator.class */
    public interface IFilePathValidator {
        boolean isValid(String str);
    }

    private static RythmEngine engine() {
        return RythmEngine.get();
    }

    public String getCode() {
        if (S.ne(new Throwable().getStackTrace()[1].getClassName(), RythmEngine.class.getName())) {
            forbidden();
        }
        return this.code;
    }

    public RythmSecurityManager(SecurityManager securityManager, String str, RythmEngine rythmEngine) {
        this.code = null;
        this.csm = securityManager;
        if (null == str) {
            throw new NullPointerException();
        }
        this.code = str;
    }

    private static void forbidden() {
        throw new SecurityException("Access to protected resource is restricted in Sandbox mode");
    }

    public void forbiddenIfCodeNotMatch(String str) {
        if (S.ne(str, this.code)) {
            forbidden();
        }
    }

    private void checkRythm() {
        if (Sandbox.isRestricted()) {
            forbidden();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkAccess(Thread thread) {
        if (null != this.osm) {
            this.osm.checkAccess(thread);
        }
        if (null != this.csm) {
            this.csm.checkAccess(thread);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkAccess(ThreadGroup threadGroup) {
        checkRythm();
        if (null != this.csm) {
            this.csm.checkAccess(threadGroup);
        }
        if (null != this.osm) {
            this.osm.checkAccess(threadGroup);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkExit(int i) {
        checkRythm();
        if (null != this.osm) {
            this.osm.checkExit(i);
        }
        if (null != this.csm) {
            this.csm.checkExit(i);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkExec(String str) {
        checkRythm();
        if (null != this.osm) {
            this.osm.checkExec(str);
        }
        if (null != this.csm) {
            this.csm.checkExec(str);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkLink(String str) {
        checkRythm();
        if (null != this.osm) {
            this.osm.checkLink(str);
        }
        if (null != this.csm) {
            this.csm.checkLink(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean allowTmpDirIO(String str) {
        if (!RythmEngine.get().conf().sandboxTmpIO()) {
            return false;
        }
        String property = System.getProperty(TempFile.JAVA_IO_TMPDIR);
        return str.startsWith(property) || new StringBuilder().append(str).append(File.separator).toString().startsWith(property);
    }

    private void safeCheckFile(String str, IFilePathValidator iFilePathValidator) {
        if (Sandbox.isRestricted()) {
            Sandbox.enterSafeZone(this.code);
            try {
                if (!iFilePathValidator.isValid(str)) {
                    forbidden();
                }
            } finally {
                Sandbox.leaveCurZone(this.code);
            }
        }
    }

    @Override // java.lang.SecurityManager
    public void checkRead(String str) {
        safeCheckFile(str, readable);
        if (null != this.csm) {
            this.csm.checkRead(str);
        }
        if (null != this.osm) {
            this.osm.checkRead(str);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkWrite(String str) {
        safeCheckFile(str, writable);
        if (null != this.csm) {
            this.csm.checkWrite(str);
        }
        if (null != this.osm) {
            this.osm.checkWrite(str);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkDelete(String str) {
        safeCheckFile(str, deletable);
        if (null != this.csm) {
            this.csm.checkDelete(str);
        }
        if (null != this.osm) {
            this.osm.checkDelete(str);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkConnect(String str, int i) {
        checkRythm();
        if (null != this.csm) {
            this.csm.checkConnect(str, i);
        }
        if (null != this.osm) {
            this.osm.checkConnect(str, i);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkConnect(String str, int i, Object obj) {
        checkRythm();
        if (null != this.csm) {
            this.csm.checkConnect(str, i, obj);
        }
        if (null != this.osm) {
            this.osm.checkConnect(str, i, obj);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkListen(int i) {
        checkRythm();
        if (null != this.csm) {
            this.csm.checkListen(i);
        }
        if (null != this.osm) {
            this.osm.checkListen(i);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkAccept(String str, int i) {
        checkRythm();
        if (null != this.csm) {
            this.csm.checkAccept(str, i);
        }
        if (null != this.osm) {
            this.osm.checkAccept(str, i);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkMulticast(InetAddress inetAddress) {
        checkRythm();
        if (null != this.csm) {
            this.csm.checkMulticast(inetAddress);
        }
        if (null != this.osm) {
            this.osm.checkMulticast(inetAddress);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPropertiesAccess() {
        checkRythm();
        if (null != this.csm) {
            this.csm.checkPropertiesAccess();
        }
        if (null != this.osm) {
            this.osm.checkPropertiesAccess();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPropertyAccess(String str) {
        RythmEngine engine;
        if (str.startsWith("rythm.")) {
            str = str.substring(7);
        }
        if (null == RythmConfigurationKey.valueOfIgnoreCase(str) && null != (engine = engine())) {
            String allowedSystemProperties = engine.conf().allowedSystemProperties();
            if (allowedSystemProperties.indexOf(str) > -1) {
                return;
            }
            if (engine.isDevMode()) {
                logger.info("checking security on property[%s] access on [%s]", str, allowedSystemProperties);
            }
            checkRythm();
            if (null != this.csm) {
                this.csm.checkPropertyAccess(str);
            }
            if (null != this.osm) {
                this.osm.checkPropertyAccess(str);
            }
        }
    }

    @Override // java.lang.SecurityManager
    public boolean checkTopLevelWindow(Object obj) {
        checkRythm();
        if (null != this.csm) {
            return this.csm.checkTopLevelWindow(obj);
        }
        if (null != this.osm) {
            return this.osm.checkTopLevelWindow(obj);
        }
        return true;
    }

    @Override // java.lang.SecurityManager
    public void checkPrintJobAccess() {
        checkRythm();
        if (null != this.csm) {
            this.csm.checkPrintJobAccess();
        }
        if (null != this.osm) {
            this.osm.checkPrintJobAccess();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkSystemClipboardAccess() {
        checkRythm();
        if (null != this.osm) {
            this.osm.checkSystemClipboardAccess();
        }
        if (null != this.csm) {
            this.csm.checkSystemClipboardAccess();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkAwtEventQueueAccess() {
        checkRythm();
        if (null != this.osm) {
            this.osm.checkAwtEventQueueAccess();
        }
        if (null != this.csm) {
            this.csm.checkAwtEventQueueAccess();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPackageAccess(String str) {
        if (null != this.osm) {
            this.osm.checkPackageAccess(str);
        }
        if (null != this.csm) {
            this.csm.checkPackageAccess(str);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPackageDefinition(String str) {
        checkRythm();
        if (null != this.osm) {
            this.osm.checkPackageDefinition(str);
        }
        if (null != this.osm) {
            this.osm.checkPackageDefinition(str);
        }
    }

    private void checkFilePermission(FilePermission filePermission) {
        String actions = filePermission.getActions();
        String name = filePermission.getName();
        if (actions.contains("read")) {
            checkRead(name);
        }
        if (actions.contains("write")) {
            checkWrite(name);
        }
        if (actions.contains(Images.DELETE)) {
            checkDelete(name);
        }
        if (actions.contains("execute")) {
            checkExec(name);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission) {
        if (permission instanceof FilePermission) {
            checkFilePermission((FilePermission) permission);
        } else if ("setSecurityManager".equals(permission.getName())) {
            checkRythm();
        }
        if (null != this.osm) {
            this.osm.checkPermission(permission);
        }
        if (null != this.csm) {
            this.csm.checkPermission(permission);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkMemberAccess(Class<?> cls, int i) {
        if (null != this.osm) {
            this.osm.checkMemberAccess(cls, i);
        }
        if (null != this.csm) {
            this.csm.checkMemberAccess(cls, i);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkSetFactory() {
        checkRythm();
        if (null != this.osm) {
            this.osm.checkSetFactory();
        }
        if (null != this.csm) {
            this.csm.checkSetFactory();
        }
    }

    static /* synthetic */ RythmEngine access$300() {
        return engine();
    }
}
