package org.elasticsearch.entitlement.runtime.policy;

import java.io.File;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.function.BiConsumer;
import org.elasticsearch.core.Nullable;
import org.elasticsearch.core.PathUtils;
import org.elasticsearch.core.Strings;
import org.elasticsearch.core.SuppressForbidden;
import org.elasticsearch.entitlement.runtime.policy.PathLookup;
import org.elasticsearch.entitlement.runtime.policy.entitlements.FilesEntitlement;
import org.elasticsearch.logging.LogManager;
import org.elasticsearch.logging.Logger;

/* loaded from: input_file:org/elasticsearch/entitlement/runtime/policy/FileAccessTree.class */
public final class FileAccessTree {
    private static final Logger logger = LogManager.getLogger(FileAccessTree.class);
    private static final String FILE_SEPARATOR = PathUtils.getDefaultFileSystem().getSeparator();
    static final FileAccessTreeComparison DEFAULT_COMPARISON;
    private final FileAccessTreeComparison comparison;
    private final String[] exclusivePaths;
    private final String[] readPaths;
    private final String[] writePaths;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/elasticsearch/entitlement/runtime/policy/FileAccessTree$ExclusiveFileEntitlement.class */
    public static final class ExclusiveFileEntitlement extends Record {
        private final String componentName;
        private final String moduleName;
        private final FilesEntitlement filesEntitlement;

        /* JADX INFO: Access modifiers changed from: package-private */
        public ExclusiveFileEntitlement(String str, String str2, FilesEntitlement filesEntitlement) {
            this.componentName = str;
            this.moduleName = str2;
            this.filesEntitlement = filesEntitlement;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, ExclusiveFileEntitlement.class), ExclusiveFileEntitlement.class, "componentName;moduleName;filesEntitlement", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/FileAccessTree$ExclusiveFileEntitlement;->componentName:Ljava/lang/String;", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/FileAccessTree$ExclusiveFileEntitlement;->moduleName:Ljava/lang/String;", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/FileAccessTree$ExclusiveFileEntitlement;->filesEntitlement:Lorg/elasticsearch/entitlement/runtime/policy/entitlements/FilesEntitlement;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, ExclusiveFileEntitlement.class), ExclusiveFileEntitlement.class, "componentName;moduleName;filesEntitlement", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/FileAccessTree$ExclusiveFileEntitlement;->componentName:Ljava/lang/String;", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/FileAccessTree$ExclusiveFileEntitlement;->moduleName:Ljava/lang/String;", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/FileAccessTree$ExclusiveFileEntitlement;->filesEntitlement:Lorg/elasticsearch/entitlement/runtime/policy/entitlements/FilesEntitlement;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, ExclusiveFileEntitlement.class, Object.class), ExclusiveFileEntitlement.class, "componentName;moduleName;filesEntitlement", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/FileAccessTree$ExclusiveFileEntitlement;->componentName:Ljava/lang/String;", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/FileAccessTree$ExclusiveFileEntitlement;->moduleName:Ljava/lang/String;", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/FileAccessTree$ExclusiveFileEntitlement;->filesEntitlement:Lorg/elasticsearch/entitlement/runtime/policy/entitlements/FilesEntitlement;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String componentName() {
            return this.componentName;
        }

        public String moduleName() {
            return this.moduleName;
        }

        public FilesEntitlement filesEntitlement() {
            return this.filesEntitlement;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/elasticsearch/entitlement/runtime/policy/FileAccessTree$ExclusivePath.class */
    public static final class ExclusivePath extends Record {
        private final String componentName;
        private final Set<String> moduleNames;
        private final String path;

        ExclusivePath(String str, Set<String> set, String str2) {
            this.componentName = str;
            this.moduleNames = set;
            this.path = str2;
        }

        @Override // java.lang.Record
        public String toString() {
            return "[[" + this.componentName + "] " + String.valueOf(this.moduleNames) + " [" + this.path + "]]";
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, ExclusivePath.class), ExclusivePath.class, "componentName;moduleNames;path", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/FileAccessTree$ExclusivePath;->componentName:Ljava/lang/String;", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/FileAccessTree$ExclusivePath;->moduleNames:Ljava/util/Set;", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/FileAccessTree$ExclusivePath;->path:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, ExclusivePath.class, Object.class), ExclusivePath.class, "componentName;moduleNames;path", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/FileAccessTree$ExclusivePath;->componentName:Ljava/lang/String;", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/FileAccessTree$ExclusivePath;->moduleNames:Ljava/util/Set;", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/FileAccessTree$ExclusivePath;->path:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String componentName() {
            return this.componentName;
        }

        public Set<String> moduleNames() {
            return this.moduleNames;
        }

        public String path() {
            return this.path;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<ExclusivePath> buildExclusivePathList(List<ExclusiveFileEntitlement> list, PathLookup pathLookup, FileAccessTreeComparison fileAccessTreeComparison) {
        HashMap hashMap = new HashMap();
        for (ExclusiveFileEntitlement exclusiveFileEntitlement : list) {
            for (FilesEntitlement.FileData fileData : exclusiveFileEntitlement.filesEntitlement().filesData()) {
                if (fileData.exclusive()) {
                    Iterator<Path> it = fileData.resolvePaths(pathLookup).toList().iterator();
                    while (it.hasNext()) {
                        String normalizePath = normalizePath(it.next());
                        ExclusivePath exclusivePath = (ExclusivePath) hashMap.computeIfAbsent(normalizePath, str -> {
                            return new ExclusivePath(exclusiveFileEntitlement.componentName(), new HashSet(), normalizePath);
                        });
                        if (!exclusivePath.componentName().equals(exclusiveFileEntitlement.componentName())) {
                            throw new IllegalArgumentException("Path [" + normalizePath + "] is already exclusive to [" + exclusivePath.componentName() + "]" + String.valueOf(exclusivePath.moduleNames) + ", cannot add exclusive access for [" + exclusiveFileEntitlement.componentName() + "][" + exclusiveFileEntitlement.moduleName + "]");
                        }
                        exclusivePath.moduleNames.add(exclusiveFileEntitlement.moduleName());
                    }
                }
            }
        }
        return hashMap.values().stream().sorted(Comparator.comparing((v0) -> {
            return v0.path();
        }, fileAccessTreeComparison.pathComparator())).distinct().toList();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateExclusivePaths(List<ExclusivePath> list, FileAccessTreeComparison fileAccessTreeComparison) {
        if (list.isEmpty()) {
            return;
        }
        ExclusivePath exclusivePath = list.get(0);
        for (int i = 1; i < list.size(); i++) {
            ExclusivePath exclusivePath2 = list.get(i);
            if (fileAccessTreeComparison.samePath(exclusivePath.path(), exclusivePath2.path) || fileAccessTreeComparison.isParent(exclusivePath.path(), exclusivePath2.path())) {
                throw new IllegalArgumentException("duplicate/overlapping exclusive paths found in files entitlements: " + String.valueOf(exclusivePath) + " and " + String.valueOf(exclusivePath2));
            }
            exclusivePath = exclusivePath2;
        }
    }

    @SuppressForbidden(reason = "we need the separator as a char, not a string")
    static char separatorChar() {
        return File.separatorChar;
    }

    private static String[] buildUpdatedAndSortedExclusivePaths(String str, String str2, List<ExclusivePath> list, FileAccessTreeComparison fileAccessTreeComparison) {
        ArrayList arrayList = new ArrayList();
        for (ExclusivePath exclusivePath : list) {
            if (!exclusivePath.componentName().equals(str) || !exclusivePath.moduleNames().contains(str2)) {
                arrayList.add(exclusivePath.path());
            }
        }
        arrayList.sort(fileAccessTreeComparison.pathComparator());
        return (String[]) arrayList.toArray(new String[0]);
    }

    FileAccessTree(FilesEntitlement filesEntitlement, PathLookup pathLookup, Path path, String[] strArr, FileAccessTreeComparison fileAccessTreeComparison) {
        this.comparison = fileAccessTreeComparison;
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        BiConsumer biConsumer = (path2, mode) -> {
            String normalizePath = normalizePath(path2);
            if (mode == FilesEntitlement.Mode.READ_WRITE) {
                arrayList2.add(normalizePath);
            }
            arrayList.add(normalizePath);
        };
        BiConsumer biConsumer2 = (path3, mode2) -> {
            biConsumer.accept(path3, mode2);
            if (Files.exists(path3, new LinkOption[0])) {
                try {
                    Path realPath = path3.toRealPath(new LinkOption[0]);
                    if (!realPath.equals(path3)) {
                        biConsumer.accept(realPath, mode2);
                    }
                } catch (IOException e) {
                    throw new UncheckedIOException(e);
                }
            }
        };
        for (FilesEntitlement.FileData fileData : filesEntitlement.filesData()) {
            Platform platform = fileData.platform();
            if (platform == null || platform.isCurrent()) {
                FilesEntitlement.Mode mode3 = fileData.mode();
                fileData.resolvePaths(pathLookup).forEach(path4 -> {
                    if (path4 == null) {
                        return;
                    }
                    biConsumer2.accept(path4, mode3);
                });
            }
        }
        pathLookup.getBaseDirPaths(PathLookup.BaseDir.TEMP).forEach(path5 -> {
            biConsumer2.accept(path5, FilesEntitlement.Mode.READ_WRITE);
        });
        pathLookup.getBaseDirPaths(PathLookup.BaseDir.CONFIG).forEach(path6 -> {
            biConsumer2.accept(path6, FilesEntitlement.Mode.READ);
        });
        if (path != null) {
            biConsumer2.accept(path, FilesEntitlement.Mode.READ);
        }
        biConsumer2.accept(Paths.get(System.getProperty("java.home"), new String[0]).resolve("conf"), FilesEntitlement.Mode.READ);
        arrayList.sort(fileAccessTreeComparison.pathComparator());
        arrayList2.sort(fileAccessTreeComparison.pathComparator());
        this.exclusivePaths = strArr;
        this.readPaths = (String[]) pruneSortedPaths(arrayList, fileAccessTreeComparison).toArray(new String[0]);
        this.writePaths = (String[]) pruneSortedPaths(arrayList2, fileAccessTreeComparison).toArray(new String[0]);
        logger.debug(() -> {
            return Strings.format("Created FileAccessTree with paths: exclusive [%s], read [%s], write [%s]", new Object[]{String.join(",", this.exclusivePaths), String.join(",", this.readPaths), String.join(",", this.writePaths)});
        });
    }

    static List<String> pruneSortedPaths(List<String> list, FileAccessTreeComparison fileAccessTreeComparison) {
        ArrayList arrayList = new ArrayList();
        if (!list.isEmpty()) {
            String str = list.get(0);
            arrayList.add(str);
            for (int i = 1; i < list.size(); i++) {
                String str2 = list.get(i);
                if (!fileAccessTreeComparison.samePath(str, str2) && !fileAccessTreeComparison.isParent(str, str2)) {
                    arrayList.add(str2);
                    str = str2;
                }
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static FileAccessTree of(String str, String str2, FilesEntitlement filesEntitlement, PathLookup pathLookup, @Nullable Path path, List<ExclusivePath> list) {
        return new FileAccessTree(filesEntitlement, pathLookup, path, buildUpdatedAndSortedExclusivePaths(str, str2, list, DEFAULT_COMPARISON), DEFAULT_COMPARISON);
    }

    public static FileAccessTree withoutExclusivePaths(FilesEntitlement filesEntitlement, PathLookup pathLookup, @Nullable Path path) {
        return new FileAccessTree(filesEntitlement, pathLookup, path, new String[0], DEFAULT_COMPARISON);
    }

    public boolean canRead(Path path) {
        String normalizePath = normalizePath(path);
        boolean checkPath = checkPath(normalizePath, this.readPaths);
        logger.trace(() -> {
            return Strings.format("checking [%s] (normalized to [%s]) for read: %b", new Object[]{path, normalizePath, Boolean.valueOf(checkPath)});
        });
        return checkPath;
    }

    public boolean canWrite(Path path) {
        String normalizePath = normalizePath(path);
        boolean checkPath = checkPath(normalizePath, this.writePaths);
        logger.trace(() -> {
            return Strings.format("checking [%s] (normalized to [%s]) for write: %b", new Object[]{path, normalizePath, Boolean.valueOf(checkPath)});
        });
        return checkPath;
    }

    static String normalizePath(Path path) {
        String path2 = path.toAbsolutePath().normalize().toString();
        while (true) {
            String str = path2;
            if (!str.endsWith(FILE_SEPARATOR)) {
                return str;
            }
            path2 = str.substring(0, str.length() - FILE_SEPARATOR.length());
        }
    }

    private boolean checkPath(String str, String[] strArr) {
        if (strArr.length == 0) {
            return false;
        }
        int binarySearch = Arrays.binarySearch(this.exclusivePaths, str, this.comparison.pathComparator());
        if ((binarySearch < -1 && this.comparison.isParent(this.exclusivePaths[(-binarySearch) - 2], str)) || binarySearch >= 0) {
            return false;
        }
        int binarySearch2 = Arrays.binarySearch(strArr, str, this.comparison.pathComparator());
        return binarySearch2 < -1 ? this.comparison.isParent(strArr[(-binarySearch2) - 2], str) : binarySearch2 >= 0;
    }

    public boolean equals(Object obj) {
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        FileAccessTree fileAccessTree = (FileAccessTree) obj;
        return Objects.deepEquals(this.readPaths, fileAccessTree.readPaths) && Objects.deepEquals(this.writePaths, fileAccessTree.writePaths);
    }

    public int hashCode() {
        return Objects.hash(Integer.valueOf(Arrays.hashCode(this.readPaths)), Integer.valueOf(Arrays.hashCode(this.writePaths)));
    }

    static {
        DEFAULT_COMPARISON = Platform.LINUX.isCurrent() ? new CaseSensitiveComparison(separatorChar()) : new CaseInsensitiveComparison(separatorChar());
    }
}
