package org.ngrinder.sm;

import java.awt.AWTPermission;
import java.io.File;
import java.io.FileDescriptor;
import java.net.InetAddress;
import java.security.AllPermission;
import java.security.Permission;
import java.security.Security;
import java.security.UnresolvedPermission;
import java.util.ArrayList;
import java.util.List;
import javax.security.auth.AuthPermission;
import javax.security.auth.PrivateCredentialPermission;
import javax.security.auth.kerberos.DelegationPermission;
import javax.security.auth.kerberos.ServicePermission;
import javax.sound.sampled.AudioPermission;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:org/ngrinder/sm/NGrinderSecurityManager.class */
public class NGrinderSecurityManager extends SecurityManager {
    private static final String NGRINDER_CONTROLLER_DEFAULT_FOLDER = ".ngrinder";
    private static final String NGRINDER_CONTROLLER_TEMP_FOLDER = "tmp";
    private static final String NGRINDER_CONTEXT_CONTROLLER = "controller";
    private String workDirectory = System.getProperty("user.dir");
    private String controllerHomeDir = "";
    private String controllerHomeTmpDir = "";
    private String ngrinderContext = "";
    private final String pythonPath = System.getProperty("python.path");
    private final String pythonHome = System.getProperty("python.home");
    private final String pythonCache = System.getProperty("python.cachedir");
    private final String etcHosts = System.getProperty("ngrinder.etc.hosts", "");
    private final String consoleIP = System.getProperty("ngrinder.console.ip", "127.0.0.1");
    private final List<String> allowedHost = new ArrayList();
    private final List<String> writeAllowedDirectory = new ArrayList();
    private final List<String> deleteAllowedDirectory = new ArrayList();
    private static final char SYSTEM_SEPARATOR = File.separatorChar;
    private static final char UNIX_SEPARATOR = '/';
    private static final char WINDOWS_SEPARATOR = '\\';
    private static final char OTHER_SEPARATOR;

    public NGrinderSecurityManager() {
        init();
        checkPermission(new AllPermission());
    }

    void init() {
        this.ngrinderContext = System.getProperty("ngrinder.context", "agent");
        if (isControllerContext()) {
            this.controllerHomeDir = resolveControllerHomeDir();
            this.controllerHomeTmpDir = this.controllerHomeDir + File.separator + "tmp";
        }
        initAccessOfDirectories();
        initAccessOfHosts();
    }

    private String resolveControllerHomeDir() {
        String defaultIfEmpty = StringUtils.defaultIfEmpty(System.getProperty("ngrinder.home"), System.getenv("NGRINDER_HOME"));
        if (StringUtils.isEmpty(defaultIfEmpty)) {
            defaultIfEmpty = System.getProperty("user.home") + File.separator + ".ngrinder";
        } else if (StringUtils.startsWith(defaultIfEmpty, "~" + File.separator)) {
            defaultIfEmpty = System.getProperty("user.home") + File.separator + defaultIfEmpty.substring(2);
        } else if (StringUtils.startsWith(defaultIfEmpty, "." + File.separator)) {
            defaultIfEmpty = System.getProperty("user.dir") + File.separator + defaultIfEmpty.substring(2);
        }
        return FilenameUtils.normalize(defaultIfEmpty);
    }

    private void initAccessOfDirectories() {
        this.workDirectory = normalize(new File(this.workDirectory).getAbsolutePath(), null);
        String str = (this.workDirectory == null || this.workDirectory.isEmpty()) ? "log" : this.workDirectory.substring(0, this.workDirectory.lastIndexOf(File.separator)).substring(0, this.workDirectory.lastIndexOf(File.separator)) + File.separator + "log";
        if (isNotEmpty(this.pythonCache)) {
            this.writeAllowedDirectory.add(this.pythonCache);
        }
        if (isNotEmpty(this.pythonHome)) {
            this.writeAllowedDirectory.add(this.pythonHome);
        }
        if (isNotEmpty(this.pythonPath)) {
            this.writeAllowedDirectory.add(this.pythonPath);
        }
        if (isNotEmpty(this.pythonCache)) {
            this.writeAllowedDirectory.add(this.pythonCache);
        }
        this.writeAllowedDirectory.add(this.workDirectory);
        this.writeAllowedDirectory.add(str);
        this.writeAllowedDirectory.add(getTempDirectoryPath());
        this.deleteAllowedDirectory.add(this.workDirectory);
    }

    private static boolean isNotEmpty(String str) {
        return (str == null || str.length() == 0) ? false : true;
    }

    private static String getTempDirectoryPath() {
        return System.getProperty("java.io.tmpdir");
    }

    private void initAccessOfHosts() {
        for (String str : this.etcHosts.split(",")) {
            String[] split = str.split(":");
            if (split.length > 1) {
                this.allowedHost.add(split[0]);
                this.allowedHost.add(split[split.length - 1]);
            } else {
                this.allowedHost.add(str);
            }
        }
        this.allowedHost.add(this.consoleIP);
        try {
            Security.setProperty("networkaddress.cache.ttl", "0");
        } catch (Exception e) {
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission) {
        if (permission instanceof RuntimePermission) {
            if ("setSecurityManager".equals(permission.getName())) {
                processSetSecurityManagerAction();
            }
        } else {
            if (permission instanceof UnresolvedPermission) {
                throw new SecurityException("java.security.UnresolvedPermission is not allowed.");
            }
            if (permission instanceof AWTPermission) {
                throw new SecurityException("java.awt.AWTPermission is not allowed.");
            }
            if (permission instanceof AuthPermission) {
                throw new SecurityException("javax.security.auth.AuthPermission is not allowed.");
            }
            if (permission instanceof PrivateCredentialPermission) {
                throw new SecurityException("javax.security.auth.PrivateCredentialPermission is not allowed.");
            }
            if (permission instanceof DelegationPermission) {
                throw new SecurityException("javax.security.auth.kerberos.DelegationPermission is not allowed.");
            }
            if (permission instanceof ServicePermission) {
                throw new SecurityException("javax.security.auth.kerberos.ServicePermission is not allowed.");
            }
            if (permission instanceof AudioPermission) {
                throw new SecurityException("javax.sound.sampled.AudioPermission is not allowed.");
            }
        }
    }

    protected void processSetSecurityManagerAction() throws SecurityException {
        throw new SecurityException("java.lang.RuntimePermission: setSecurityManager is not allowed.");
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission, Object obj) {
        checkPermission(permission);
    }

    @Override // java.lang.SecurityManager
    public void checkRead(String str) {
        if (!isControllerContext() || str == null) {
            return;
        }
        fileAccessReadAllowed(str);
    }

    @Override // java.lang.SecurityManager
    public void checkRead(String str, Object obj) {
        if (!isControllerContext() || str == null) {
            return;
        }
        fileAccessReadAllowed(str);
    }

    @Override // java.lang.SecurityManager
    public void checkRead(FileDescriptor fileDescriptor) {
    }

    @Override // java.lang.SecurityManager
    public void checkWrite(String str) {
        fileAccessWriteAllowed(str);
    }

    @Override // java.lang.SecurityManager
    public void checkDelete(String str) {
        fileAccessDeleteAllowed(str);
    }

    @Override // java.lang.SecurityManager
    public void checkExec(String str) {
        throw new SecurityException("Cmd execution of " + str + " is not allowed.");
    }

    private void fileAccessReadAllowed(String str) {
        String normalize = normalize(str, this.workDirectory);
        if (normalize != null && normalize.startsWith(this.controllerHomeDir) && !normalize.startsWith(this.workDirectory) && !normalize.startsWith(this.controllerHomeTmpDir)) {
            throw new SecurityException("File Read access on " + str + "(" + normalize + ") is not allowed.");
        }
    }

    private void fileAccessWriteAllowed(String str) {
        if (isAgentWorkerLogFile(str)) {
            return;
        }
        String normalize = normalize(str, this.workDirectory);
        for (String str2 : this.writeAllowedDirectory) {
            if (normalize != null && normalize.startsWith(str2)) {
                return;
            }
        }
        throw new SecurityException("File write access on " + str + "(" + normalize + ") is not allowed.");
    }

    private void fileAccessDeleteAllowed(String str) {
        if (isAgentWorkerLogFile(str)) {
            return;
        }
        String normalize = normalize(str, this.workDirectory);
        for (String str2 : this.deleteAllowedDirectory) {
            if (normalize != null && normalize.startsWith(str2)) {
                return;
            }
        }
        throw new SecurityException("File delete access on " + str + "(" + normalize + ") is not allowed.");
    }

    @Override // java.lang.SecurityManager
    public void checkMulticast(InetAddress inetAddress) {
        throw new SecurityException("Multicast on " + inetAddress.toString() + " is not always allowed.");
    }

    @Override // java.lang.SecurityManager
    public void checkConnect(String str, int i) {
        netWorkAccessAllowed(str);
    }

    @Override // java.lang.SecurityManager
    public void checkConnect(String str, int i, Object obj) {
        netWorkAccessAllowed(str);
    }

    private boolean isAgentWorkerLogFile(String str) {
        return str != null && (str.contains("log/test_") || str.contains("log\\test_"));
    }

    private String normalize(String str, String str2) {
        if (getPrefixLength(str) == 0 && str2 != null) {
            str = str2 + File.separator + str;
        }
        return doNormalize(str);
    }

    private void netWorkAccessAllowed(String str) {
        if (!this.allowedHost.contains(str)) {
            throw new SecurityException("NetWork access on " + str + " is not allowed. Please add " + str + " on the target host setting.");
        }
    }

    private boolean isControllerContext() {
        return this.ngrinderContext.equalsIgnoreCase(NGRINDER_CONTEXT_CONTROLLER);
    }

    private static boolean isSystemWindows() {
        return SYSTEM_SEPARATOR == WINDOWS_SEPARATOR;
    }

    private static String doNormalize(String str) {
        if (str == null) {
            return null;
        }
        int length = str.length();
        if (length == 0) {
            return str;
        }
        int prefixLength = getPrefixLength(str);
        if (prefixLength < 0) {
            return null;
        }
        char[] cArr = new char[length + 2];
        str.getChars(0, str.length(), cArr, 0);
        for (int i = 0; i < cArr.length; i++) {
            if (cArr[i] == OTHER_SEPARATOR) {
                cArr[i] = SYSTEM_SEPARATOR;
            }
        }
        boolean z = true;
        if (cArr[length - 1] != SYSTEM_SEPARATOR) {
            length++;
            cArr[length] = SYSTEM_SEPARATOR;
            z = false;
        }
        int i2 = prefixLength + 1;
        while (i2 < length) {
            if (cArr[i2] == SYSTEM_SEPARATOR && cArr[i2 - 1] == SYSTEM_SEPARATOR) {
                System.arraycopy(cArr, i2, cArr, i2 - 1, length - i2);
                length--;
                i2--;
            }
            i2++;
        }
        int i3 = prefixLength + 1;
        while (i3 < length) {
            if (cArr[i3] == SYSTEM_SEPARATOR && cArr[i3 - 1] == '.' && (i3 == prefixLength + 1 || cArr[i3 - 2] == SYSTEM_SEPARATOR)) {
                if (i3 == length - 1) {
                    z = true;
                }
                System.arraycopy(cArr, i3 + 1, cArr, i3 - 1, length - i3);
                length -= 2;
                i3--;
            }
            i3++;
        }
        int i4 = prefixLength + 2;
        while (i4 < length) {
            if (cArr[i4] == SYSTEM_SEPARATOR && cArr[i4 - 1] == '.' && cArr[i4 - 2] == '.' && (i4 == prefixLength + 2 || cArr[i4 - 3] == SYSTEM_SEPARATOR)) {
                if (i4 == prefixLength + 2) {
                    return null;
                }
                if (i4 == length - 1) {
                    z = true;
                }
                int i5 = i4 - 4;
                while (true) {
                    if (i5 < prefixLength) {
                        System.arraycopy(cArr, i4 + 1, cArr, prefixLength, length - i4);
                        length -= (i4 + 1) - prefixLength;
                        i4 = prefixLength + 1;
                        break;
                    }
                    if (cArr[i5] == SYSTEM_SEPARATOR) {
                        System.arraycopy(cArr, i4 + 1, cArr, i5 + 1, length - i4);
                        length -= i4 - i5;
                        i4 = i5 + 1;
                        break;
                    }
                    i5--;
                }
            }
            i4++;
        }
        if (length <= 0) {
            return "";
        }
        if (length > prefixLength && !z) {
            return new String(cArr, 0, length - 1);
        }
        return new String(cArr, 0, length);
    }

    private static int getPrefixLength(String str) {
        if (str == null) {
            return -1;
        }
        int length = str.length();
        if (length == 0) {
            return 0;
        }
        char charAt = str.charAt(0);
        if (charAt == ':') {
            return -1;
        }
        if (length == 1) {
            if (charAt == '~') {
                return 2;
            }
            return isSeparator(charAt) ? 1 : 0;
        }
        if (charAt == '~') {
            int indexOf = str.indexOf(UNIX_SEPARATOR, 1);
            int indexOf2 = str.indexOf(WINDOWS_SEPARATOR, 1);
            if (indexOf == -1 && indexOf2 == -1) {
                return length + 1;
            }
            int i = indexOf == -1 ? indexOf2 : indexOf;
            return Math.min(i, indexOf2 == -1 ? i : indexOf2) + 1;
        }
        char charAt2 = str.charAt(1);
        if (charAt2 == ':') {
            char upperCase = Character.toUpperCase(charAt);
            if (upperCase < 'A' || upperCase > 'Z') {
                return -1;
            }
            return (length == 2 || !isSeparator(str.charAt(2))) ? 2 : 3;
        }
        if (!isSeparator(charAt) || !isSeparator(charAt2)) {
            return isSeparator(charAt) ? 1 : 0;
        }
        int indexOf3 = str.indexOf(UNIX_SEPARATOR, 2);
        int indexOf4 = str.indexOf(WINDOWS_SEPARATOR, 2);
        if ((indexOf3 == -1 && indexOf4 == -1) || indexOf3 == 2 || indexOf4 == 2) {
            return -1;
        }
        int i2 = indexOf3 == -1 ? indexOf4 : indexOf3;
        return Math.min(i2, indexOf4 == -1 ? i2 : indexOf4) + 1;
    }

    private static boolean isSeparator(char c) {
        return c == UNIX_SEPARATOR || c == WINDOWS_SEPARATOR;
    }

    static {
        if (isSystemWindows()) {
            OTHER_SEPARATOR = '/';
        } else {
            OTHER_SEPARATOR = '\\';
        }
    }
}
