package org.elasticsearch.bootstrap;

import com.carrotsearch.randomizedtesting.RandomizedRunner;
import com.carrotsearch.randomizedtesting.RandomizedTest;
import java.io.Closeable;
import java.io.InputStream;
import java.lang.invoke.MethodHandles;
import java.net.SocketPermission;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.AccessController;
import java.security.Permission;
import java.security.Permissions;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.lucene.tests.util.LuceneTestCase;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.filesystem.FileSystemNatives;
import org.elasticsearch.common.io.FileSystemUtils;
import org.elasticsearch.common.network.IfConfig;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.core.Booleans;
import org.elasticsearch.core.PathUtils;
import org.elasticsearch.core.SuppressForbidden;
import org.elasticsearch.jdk.JarHell;
import org.elasticsearch.secure_sm.SecureSM;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.test.PrivilegedOperations;
import org.elasticsearch.test.mockito.SecureMockMaker;
import org.junit.Assert;

/* loaded from: input_file:org/elasticsearch/bootstrap/BootstrapForTesting.class */
public class BootstrapForTesting {
    static Map<String, URL> getCodebases() {
        Map<String, URL> codebaseJarMap = PolicyUtil.getCodebaseJarMap(JarHell.parseClassPath());
        addClassCodebase(codebaseJarMap, "elasticsearch", "org.elasticsearch.plugins.PluginsService");
        addClassCodebase(codebaseJarMap, "elasticsearch-plugin-classloader", "org.elasticsearch.plugins.loader.ExtendedPluginsClassLoader");
        addClassCodebase(codebaseJarMap, "elasticsearch-nio", "org.elasticsearch.nio.ChannelFactory");
        addClassCodebase(codebaseJarMap, "elasticsearch-secure-sm", "org.elasticsearch.secure_sm.SecureSM");
        addClassCodebase(codebaseJarMap, "elasticsearch-rest-client", "org.elasticsearch.client.RestClient");
        addClassCodebase(codebaseJarMap, "elasticsearch-core", "org.elasticsearch.core.Booleans");
        addClassCodebase(codebaseJarMap, "elasticsearch-cli", "org.elasticsearch.cli.Command");
        addClassCodebase(codebaseJarMap, "framework", "org.elasticsearch.test.ESTestCase");
        return codebaseJarMap;
    }

    private static void addClassCodebase(Map<String, URL> map, String str, String str2) {
        try {
            if (map.containsKey(str)) {
                return;
            }
            URL location = BootstrapForTesting.class.getClassLoader().loadClass(str2).getProtectionDomain().getCodeSource().getLocation();
            if (location.toString().endsWith(".jar") || map.put(str, location) == null) {
            } else {
                throw new IllegalStateException("Already added " + str + " codebase for testing");
            }
        } catch (ClassNotFoundException e) {
        }
    }

    @SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
    static Map<String, Policy> getPluginPermissions() throws Exception {
        ArrayList<URL> list = Collections.list(BootstrapForTesting.class.getClassLoader().getResources("plugin-security.policy"));
        if (list.isEmpty()) {
            return Collections.emptyMap();
        }
        HashSet hashSet = new HashSet(parseClassPathWithSymlinks());
        hashSet.removeAll(new HashSet(Arrays.asList(Bootstrap.class.getProtectionDomain().getCodeSource().getLocation(), BootstrapForTesting.class.getProtectionDomain().getCodeSource().getLocation(), LuceneTestCase.class.getProtectionDomain().getCodeSource().getLocation(), RandomizedRunner.class.getProtectionDomain().getCodeSource().getLocation(), Assert.class.getProtectionDomain().getCodeSource().getLocation())));
        Map codebaseJarMap = PolicyUtil.getCodebaseJarMap(hashSet);
        final ArrayList arrayList = new ArrayList(list.size());
        for (URL url : list) {
            Map map = codebaseJarMap;
            if (!url.toString().contains(".jar!")) {
                Path resolve = PathUtils.get(url.toURI()).getParent().resolve("plugin-security.codebases");
                if (Files.exists(resolve, new LinkOption[0])) {
                    map = new HashMap(codebaseJarMap);
                    for (Map.Entry<String, String> entry : parsePropertiesFile(resolve).entrySet()) {
                        addClassCodebase(map, entry.getKey(), entry.getValue());
                    }
                }
            }
            arrayList.add(PolicyUtil.readPolicy(url, map));
        }
        HashMap hashMap = new HashMap();
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            hashMap.put(((URL) it.next()).getFile(), new Policy() { // from class: org.elasticsearch.bootstrap.BootstrapForTesting.2
                @Override // java.security.Policy
                public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
                    Iterator it2 = arrayList.iterator();
                    while (it2.hasNext()) {
                        if (((Policy) it2.next()).implies(protectionDomain, permission)) {
                            return true;
                        }
                    }
                    return false;
                }
            });
        }
        return Collections.unmodifiableMap(hashMap);
    }

    static Map<String, String> parsePropertiesFile(Path path) throws Exception {
        Properties properties = new Properties();
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        try {
            properties.load(newInputStream);
            if (newInputStream != null) {
                newInputStream.close();
            }
            return (Map) properties.entrySet().stream().collect(Collectors.toMap(entry -> {
                return entry.getKey().toString();
            }, entry2 -> {
                return entry2.getValue().toString();
            }));
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @SuppressForbidden(reason = "does evil stuff with paths and urls because devs and jenkins do evil stuff with paths and urls")
    static Set<URL> parseClassPathWithSymlinks() throws Exception {
        Set<URL> parseClassPath = JarHell.parseClassPath();
        Set newHashSetWithExpectedSize = Sets.newHashSetWithExpectedSize(parseClassPath.size());
        for (URL url : parseClassPath) {
            Path path = PathUtils.get(url.toURI());
            if (Files.exists(path, new LinkOption[0]) && !newHashSetWithExpectedSize.add(path.toRealPath(new LinkOption[0]).toUri().toURL())) {
                throw new IllegalStateException("Duplicate in classpath after resolving symlinks: " + url);
            }
        }
        return parseClassPath;
    }

    public static void ensureInitialized() {
    }

    public static Closeable disableTestSecurityManager() {
        if (!ESTestCase.class.getName().equals(Thread.currentThread().getStackTrace()[2].getClassName())) {
            throw new SecurityException("Cannot disable test SecurityManager directly. Use @NoSecurityManager to disable on a test suite");
        }
        SecurityManager securityManager = System.getSecurityManager();
        AccessController.doPrivileged(() -> {
            Security.setSecurityManager((SecurityManager) null);
            return null;
        });
        return () -> {
            AccessController.doPrivileged(() -> {
                Security.setSecurityManager(securityManager);
                return null;
            });
        };
    }

    static {
        Path path = PathUtils.get((String) Objects.requireNonNull(System.getProperty("java.io.tmpdir"), "please set ${java.io.tmpdir} in pom.xml"), new String[0]);
        try {
            Security.ensureDirectoryExists(path);
            Bootstrap.initializeNatives(path, ((Boolean) BootstrapSettings.MEMORY_LOCK_SETTING.get(Settings.EMPTY)).booleanValue(), Booleans.parseBoolean(System.getProperty("tests.system_call_filter", "true")), true);
            FileSystemNatives.init();
            Bootstrap.initializeProbes();
            BootstrapInfo.getSystemProperties();
            try {
                Logger logger = LogManager.getLogger(JarHell.class);
                Objects.requireNonNull(logger);
                JarHell.checkJarHell(logger::debug);
                SecureMockMaker.init();
                try {
                    MethodHandles.publicLookup().ensureInitialized(PrivilegedOperations.class);
                    IfConfig.logIfNecessary();
                    if (RandomizedTest.systemPropertyAsBoolean("tests.security.manager", true)) {
                        try {
                            Permissions permissions = new Permissions();
                            Security.addClasspathPermissions(permissions);
                            FilePermissionUtils.addDirectoryPath(permissions, "java.io.tmpdir", path, "read,readlink,write,delete", false);
                            if (Strings.hasLength(System.getProperty("tests.config"))) {
                                FilePermissionUtils.addSingleFilePath(permissions, PathUtils.get(System.getProperty("tests.config"), new String[0]), "read,readlink");
                            }
                            if (Booleans.parseBoolean(System.getProperty("tests.coverage", "false"))) {
                                Path path2 = PathUtils.get(System.getProperty("tests.coverage.dir"), new String[0]);
                                FilePermissionUtils.addSingleFilePath(permissions, path2.resolve("jacoco.exec"), "read,write");
                                FilePermissionUtils.addSingleFilePath(permissions, path2.resolve("jacoco-it.exec"), "read,write");
                            }
                            if (System.getProperty("tests.gradle") == null) {
                                permissions.add(new RuntimePermission("setIO"));
                            }
                            permissions.add(new SocketPermission("localhost:0", "listen,resolve"));
                            permissions.add(new SocketPermission("localhost:1024-", "listen,resolve"));
                            Map<String, URL> codebases = getCodebases();
                            final Policy readPolicy = PolicyUtil.readPolicy(Bootstrap.class.getResource("test-framework.policy"), codebases);
                            Policy readPolicy2 = System.getProperty("tests.gradle") != null ? PolicyUtil.readPolicy(Bootstrap.class.getResource("gradle.policy"), codebases) : codebases.containsKey("junit-rt.jar") ? PolicyUtil.readPolicy(Bootstrap.class.getResource("intellij.policy"), codebases) : PolicyUtil.readPolicy(Bootstrap.class.getResource("eclipse.policy"), codebases);
                            Permissions permissions2 = new Permissions();
                            FilePermissionUtils.addDirectoryPath(permissions2, "java.io.tmpdir-fastpath", path, "read,readlink,write,delete", true);
                            final ESPolicy eSPolicy = new ESPolicy(codebases, permissions, getPluginPermissions(), true, Security.toFilePermissions(permissions2));
                            final Policy policy = readPolicy2;
                            Policy.setPolicy(new Policy() { // from class: org.elasticsearch.bootstrap.BootstrapForTesting.1
                                @Override // java.security.Policy
                                public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
                                    return eSPolicy.implies(protectionDomain, permission) || readPolicy.implies(protectionDomain, permission) || policy.implies(protectionDomain, permission);
                                }
                            });
                            Security.prepopulateSecurityCaller();
                            Security.setSecurityManager(SecureSM.createTestSecureSM());
                            Security.selfTest();
                            Iterator it = Collections.list(BootstrapForTesting.class.getClassLoader().getResources("plugin-descriptor.properties")).iterator();
                            while (it.hasNext()) {
                                URL url = (URL) it.next();
                                Properties properties = new Properties();
                                InputStream openFileURLStream = FileSystemUtils.openFileURLStream(url);
                                try {
                                    properties.load(openFileURLStream);
                                    if (openFileURLStream != null) {
                                        openFileURLStream.close();
                                    }
                                    String property = properties.getProperty("classname");
                                    if (property != null) {
                                        Class.forName(property);
                                    }
                                } catch (Throwable th) {
                                    if (openFileURLStream != null) {
                                        try {
                                            openFileURLStream.close();
                                        } catch (Throwable th2) {
                                            th.addSuppressed(th2);
                                        }
                                    }
                                    throw th;
                                }
                            }
                        } catch (Exception e) {
                            throw new RuntimeException("unable to install test security manager", e);
                        }
                    }
                } catch (IllegalAccessException e2) {
                    throw new AssertionError(e2);
                }
            } catch (Exception e3) {
                throw new RuntimeException("found jar hell in test classpath", e3);
            }
        } catch (Exception e4) {
            throw new RuntimeException("unable to create test temp directory", e4);
        }
    }
}
