package org.opensearch.javaagent.bootstrap;

import java.lang.StackWalker;
import java.security.Permission;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.function.BiFunction;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/* loaded from: input_file:org/opensearch/javaagent/bootstrap/AgentPolicy.class */
public class AgentPolicy {
    private static final Logger LOGGER = Logger.getLogger(AgentPolicy.class.getName());
    private static volatile Policy policy;
    private static volatile Set<String> trustedHosts;
    private static volatile Set<String> trustedFileSystems;
    private static volatile BiFunction<Class<?>, Collection<Class<?>>, Boolean> classesThatCanExit;

    /* loaded from: input_file:org/opensearch/javaagent/bootstrap/AgentPolicy$AnyCanExit.class */
    public static final class AnyCanExit implements BiFunction<Class<?>, Collection<Class<?>>, Boolean> {
        private final String[] classesThatCanExit;

        public AnyCanExit(String[] strArr) {
            this.classesThatCanExit = strArr;
        }

        @Override // java.util.function.BiFunction
        public Boolean apply(Class<?> cls, Collection<Class<?>> collection) {
            for (Class<?> cls2 : collection) {
                for (String str : this.classesThatCanExit) {
                    if (cls2.getName().matches(str)) {
                        return true;
                    }
                }
            }
            return false;
        }
    }

    /* loaded from: input_file:org/opensearch/javaagent/bootstrap/AgentPolicy$CallerCanExit.class */
    public static final class CallerCanExit implements BiFunction<Class<?>, Stream<Class<?>>, Boolean> {
        private final String[] classesThatCanExit;

        public CallerCanExit(String[] strArr) {
            this.classesThatCanExit = strArr;
        }

        @Override // java.util.function.BiFunction
        public Boolean apply(Class<?> cls, Stream<Class<?>> stream) {
            for (String str : this.classesThatCanExit) {
                if (cls.getName().equalsIgnoreCase(str)) {
                    return true;
                }
            }
            return false;
        }
    }

    /* loaded from: input_file:org/opensearch/javaagent/bootstrap/AgentPolicy$NoneCanExit.class */
    public static final class NoneCanExit implements BiFunction<Class<?>, Collection<Class<?>>, Boolean> {
        @Override // java.util.function.BiFunction
        public Boolean apply(Class<?> cls, Collection<Class<?>> collection) {
            return true;
        }
    }

    private AgentPolicy() {
    }

    public static void setPolicy(Policy policy2) {
        setPolicy(policy2, Set.of(), Set.of(), new NoneCanExit());
    }

    public static void setPolicy(Policy policy2, Set<String> set, Set<String> set2, BiFunction<Class<?>, Collection<Class<?>>, Boolean> biFunction) {
        if (policy != null) {
            throw new SecurityException("The Policy has been set already: " + String.valueOf(policy));
        }
        policy = policy2;
        trustedHosts = Collections.unmodifiableSet(set);
        trustedFileSystems = Collections.unmodifiableSet(set2);
        classesThatCanExit = biFunction;
        LOGGER.info("Policy attached successfully: " + String.valueOf(policy2));
    }

    public static void checkPermission(Permission permission) {
        Iterator it = ((List) StackWalker.getInstance(StackWalker.Option.RETAIN_CLASS_REFERENCE).walk(stream -> {
            return (List) stream.map((v0) -> {
                return v0.getDeclaringClass();
            }).map((v0) -> {
                return v0.getProtectionDomain();
            }).distinct().collect(Collectors.toList());
        })).iterator();
        while (it.hasNext()) {
            if (!policy.implies((ProtectionDomain) it.next(), permission)) {
                throw new SecurityException("Denied access: " + String.valueOf(permission));
            }
        }
    }

    public static Policy getPolicy() {
        return policy;
    }

    public static boolean isTrustedHost(String str) {
        return trustedHosts.contains(str);
    }

    public static boolean isTrustedFileSystem(String str) {
        return trustedFileSystems.contains(str);
    }

    public static boolean isChainThatCanExit(Class<?> cls, Collection<Class<?>> collection) {
        return classesThatCanExit.apply(cls, collection).booleanValue();
    }
}
