package com.wolfram.jlink;

import java.awt.AWTPermission;
import java.io.File;
import java.io.FileInputStream;
import java.io.FilePermission;
import java.io.IOException;
import java.lang.reflect.ReflectPermission;
import java.net.NetPermission;
import java.net.SocketPermission;
import java.nio.file.LinkPermission;
import java.security.Permission;
import java.util.Iterator;
import java.util.Properties;
import java.util.Vector;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.slf4j.Marker;

/* loaded from: input_file:com/wolfram/jlink/JLinkConfigurableSecurityManager.class */
public class JLinkConfigurableSecurityManager extends JLinkSecurityManager {
    private String mathematicaInstallationDir;
    private File securityConfigFile;
    private Vector<String> allowedReadDirs = new Vector<>(0);
    private Vector<String> allowedWriteDirs = new Vector<>(0);
    private Vector<String> allowedLibraryNames = new Vector<>(0);
    private Vector<SocketPermission> allowedIPs = new Vector<>(0);
    private boolean allowedLibsHasWildcard = false;
    private boolean useSecurity = true;

    public JLinkConfigurableSecurityManager(File file) throws IOException {
        this.securityConfigFile = file;
        readConfigFile();
    }

    public static void resetSecurityParameters() throws IOException {
        ((JLinkConfigurableSecurityManager) System.getSecurityManager()).readConfigFile();
    }

    public static String[] getSecurityData() {
        JLinkConfigurableSecurityManager jLinkConfigurableSecurityManager = (JLinkConfigurableSecurityManager) System.getSecurityManager();
        Vector vector = new Vector(0);
        vector.add("usesecurity");
        vector.add(jLinkConfigurableSecurityManager.useSecurity ? "true" : SchemaSymbols.ATTVAL_FALSE);
        vector.add("readdirs");
        vector.addAll(jLinkConfigurableSecurityManager.allowedReadDirs);
        vector.add("writedirs");
        vector.addAll(jLinkConfigurableSecurityManager.allowedWriteDirs);
        vector.add("libs");
        vector.addAll(jLinkConfigurableSecurityManager.allowedLibraryNames);
        vector.add("ips");
        Iterator<SocketPermission> it = jLinkConfigurableSecurityManager.allowedIPs.iterator();
        while (it.hasNext()) {
            vector.add(it.next().getName());
        }
        return (String[]) vector.toArray(new String[0]);
    }

    private void readConfigFile() throws IOException {
        this.allowedReadDirs.clear();
        this.allowedWriteDirs.clear();
        this.allowedLibraryNames.clear();
        this.allowedIPs.clear();
        this.allowedLibsHasWildcard = false;
        this.useSecurity = true;
        this.allowedReadDirs.add(this.securityConfigFile.getCanonicalPath());
        FileInputStream fileInputStream = null;
        Properties properties = new Properties();
        try {
            try {
                fileInputStream = new FileInputStream(this.securityConfigFile);
                properties.load(fileInputStream);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                    }
                }
                if (SchemaSymbols.ATTVAL_FALSE.equals(properties.getProperty("useSecurity"))) {
                    this.useSecurity = false;
                }
                addAllowedReadDirectories(properties.getProperty("allowedReadDirs"));
                addAllowedWriteDirectories(properties.getProperty("allowedWriteDirs"));
                addAllowedIPs(properties.getProperty("allowedIPs"));
                addAllowedLibs(properties.getProperty("allowedLibs"));
                this.allowedReadDirs.add(new File(System.getProperty("java.home")).getCanonicalPath());
                String property = System.getProperty("java.io.tmpdir");
                if (property != null) {
                    String canonicalPath = new File(property).getCanonicalPath();
                    this.allowedReadDirs.add(canonicalPath);
                    this.allowedWriteDirs.add(canonicalPath);
                }
            } catch (Exception e2) {
                System.err.println("FATAL ERROR: Error reading the -securityFile file");
                throw new IOException(e2);
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e3) {
                }
            }
            throw th;
        }
    }

    private void addAllowedIPs(String str) {
        if (str == null || str.equals("")) {
            return;
        }
        for (String str2 : str.split(",")) {
            this.allowedIPs.add(new SocketPermission(str2.trim(), "connect,resolve"));
        }
    }

    private void addAllowedReadDirectories(String str) {
        if (str == null || str.equals("")) {
            return;
        }
        String[] split = str.split(",");
        this.mathematicaInstallationDir = split[0].trim();
        for (String str2 : split) {
            try {
                this.allowedReadDirs.add(new File(str2.trim()).getAbsolutePath());
            } catch (Exception e) {
            }
        }
    }

    private void addAllowedWriteDirectories(String str) {
        if (str == null || str.equals("")) {
            return;
        }
        for (String str2 : str.split(",")) {
            try {
                this.allowedWriteDirs.add(new File(str2.trim()).getAbsolutePath());
            } catch (Exception e) {
            }
        }
    }

    private void addAllowedLibs(String str) {
        if (str == null || str.equals("")) {
            return;
        }
        for (String str2 : str.split(",")) {
            if (str2.trim().equals(Marker.ANY_MARKER)) {
                this.allowedLibsHasWildcard = true;
            } else {
                this.allowedLibraryNames.add(str2.trim());
            }
        }
    }

    @Override // com.wolfram.jlink.JLinkSecurityManager, java.lang.SecurityManager
    public void checkPermission(Permission permission) {
        super.checkPermission(permission);
        if (this.useSecurity) {
            String name = permission.getName();
            String actions = permission.getActions();
            if (permission instanceof RuntimePermission) {
                if ("accessDeclaredMembers".equals(name)) {
                    return;
                }
                if (!name.startsWith("loadLibrary.")) {
                    if ("setSecurityManager".equals(name) || "createSecurityManager".equals(name)) {
                        throw new SecurityException("Code called from Wolfram Cloud cannot set a SecurityManager.");
                    }
                    if (name.startsWith("exitVM") && !this.allowExit) {
                        throw new SecurityException("Java code called from the Wolfram Language cannot call System.exit().");
                    }
                    return;
                }
                String substring = name.substring(12);
                if (this.allowedLibsHasWildcard || this.allowedLibraryNames.contains(substring)) {
                    return;
                }
                String replace = substring.replace('\\', '/');
                if (Utils.isWindows() && replace.startsWith("/")) {
                    replace = replace.substring(1);
                }
                if (!replace.startsWith(this.mathematicaInstallationDir.replace('\\', '/'))) {
                    throw new SecurityException("Java code called from Wolfram Cloud cannot load the native library " + replace);
                }
                return;
            }
            if (permission instanceof FilePermission) {
                if (actions.contains("write") || actions.contains("delete")) {
                    try {
                        String canonicalPath = new File(name).getCanonicalPath();
                        Iterator<String> it = this.allowedWriteDirs.iterator();
                        while (it.hasNext()) {
                            if (canonicalPath.startsWith(it.next())) {
                                return;
                            }
                        }
                        throw new SecurityException("Writing is not permitted to file " + name);
                    } catch (Exception e) {
                        throw new SecurityException("Writing is not permitted to file " + name);
                    }
                }
                if (!actions.contains("read")) {
                    if (actions.contains("execute")) {
                        throw new SecurityException("Java code called from Wolfram Cloud cannot call exec(). File: " + name);
                    }
                    return;
                }
                try {
                    String canonicalPath2 = new File(name).getCanonicalPath();
                    Iterator<String> it2 = this.allowedReadDirs.iterator();
                    while (it2.hasNext()) {
                        if (canonicalPath2.startsWith(it2.next())) {
                            return;
                        }
                    }
                    throw new SecurityException("Reading is not permitted from file " + name);
                } catch (Exception e2) {
                    throw new SecurityException("Reading is not permitted from file " + name);
                }
            }
            if (!(permission instanceof SocketPermission)) {
                if (permission instanceof NetPermission) {
                    if (name.equals("setProxySelector")) {
                        throw new SecurityException("Java code called from Wolfram Cloud cannot set a ProxySelector.");
                    }
                    return;
                } else {
                    if (permission instanceof ReflectPermission) {
                        return;
                    }
                    if (permission instanceof AWTPermission) {
                        throw new SecurityException("Code called from Wolfram Cloud cannot use AWT features.");
                    }
                    if (permission instanceof LinkPermission) {
                        throw new SecurityException("Code called from Wolfram Cloud cannot create hard or symbolic links.");
                    }
                    return;
                }
            }
            if (!actions.contains("connect")) {
                if (actions.contains("listen") || actions.contains("accept")) {
                    throw new SecurityException("Java code called from Wolfram Cloud cannot listen on network ports.");
                }
            } else {
                if (name.startsWith("127.0.0.1")) {
                    return;
                }
                Iterator<SocketPermission> it3 = this.allowedIPs.iterator();
                while (it3.hasNext()) {
                    if (it3.next().implies(permission)) {
                        return;
                    }
                }
                throw new SecurityException("Java code called from Wolfram Cloud cannot use TCP.");
            }
        }
    }

    @Override // com.wolfram.jlink.JLinkSecurityManager, java.lang.SecurityManager
    public void checkPermission(Permission permission, Object obj) {
        checkPermission(permission);
    }
}
