package org.elasticsearch.xpack.extensions;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.net.URLDecoder;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.FileAttribute;
import java.security.AccessController;
import java.security.NoSuchAlgorithmException;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.URIParameter;
import java.security.UnresolvedPermission;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import joptsimple.OptionSet;
import joptsimple.OptionSpec;
import org.apache.lucene.util.IOUtils;
import org.elasticsearch.SpecialPermission;
import org.elasticsearch.bootstrap.JarHell;
import org.elasticsearch.cli.SettingCommand;
import org.elasticsearch.cli.Terminal;
import org.elasticsearch.cli.UserException;
import org.elasticsearch.common.io.FileSystemUtils;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.node.internal.InternalSettingsPreparer;
import org.elasticsearch.xpack.XPackPlugin;

/* loaded from: input_file:org/elasticsearch/xpack/extensions/InstallXPackExtensionCommand.class */
final class InstallXPackExtensionCommand extends SettingCommand {
    private final OptionSpec<Void> batchOption;
    private final OptionSpec<String> arguments;

    /* JADX INFO: Access modifiers changed from: package-private */
    public InstallXPackExtensionCommand() {
        super("Install an extension");
        this.batchOption = this.parser.acceptsAll(Arrays.asList("b", "batch"), "Enable batch mode explicitly, automatic confirmation of security permission");
        this.arguments = this.parser.nonOptions("extension id");
    }

    protected void execute(Terminal terminal, OptionSet optionSet, Map<String, String> map) throws Exception {
        List values = this.arguments.values(optionSet);
        if (values.size() != 1) {
            throw new UserException(64, "Must supply a single extension id argument");
        }
        execute(terminal, (String) values.get(0), optionSet.has(this.batchOption) || System.console() == null, map);
    }

    void execute(Terminal terminal, String str, boolean z, Map<String, String> map) throws Exception {
        Environment prepareEnvironment = InternalSettingsPreparer.prepareEnvironment(Settings.EMPTY, terminal, map);
        if (!Files.exists(XPackPlugin.resolveXPackExtensionsFile(prepareEnvironment), new LinkOption[0])) {
            terminal.println("xpack extensions directory [" + XPackPlugin.resolveXPackExtensionsFile(prepareEnvironment) + "] does not exist. Creating...");
            Files.createDirectories(XPackPlugin.resolveXPackExtensionsFile(prepareEnvironment), new FileAttribute[0]);
        }
        install(terminal, unzip(download(terminal, str, prepareEnvironment.tmpFile()), XPackPlugin.resolveXPackExtensionsFile(prepareEnvironment)), prepareEnvironment, z);
    }

    private Path download(Terminal terminal, String str, Path path) throws Exception {
        terminal.println("-> Downloading " + URLDecoder.decode(str, "UTF-8"));
        URL url = new URL(str);
        Path createTempFile = Files.createTempFile(path, null, ".zip", new FileAttribute[0]);
        InputStream openStream = url.openStream();
        Throwable th = null;
        try {
            try {
                Files.copy(openStream, createTempFile, StandardCopyOption.REPLACE_EXISTING);
                if (openStream != null) {
                    if (0 != 0) {
                        try {
                            openStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        openStream.close();
                    }
                }
                return createTempFile;
            } finally {
            }
        } catch (Throwable th3) {
            if (openStream != null) {
                if (th != null) {
                    try {
                        openStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openStream.close();
                }
            }
            throw th3;
        }
    }

    private Path unzip(Path path, Path path2) throws IOException, UserException {
        Path createTempDirectory = Files.createTempDirectory(path2, ".installing-", new FileAttribute[0]);
        Files.createDirectories(createTempDirectory, new FileAttribute[0]);
        ZipInputStream zipInputStream = new ZipInputStream(Files.newInputStream(path, new OpenOption[0]));
        Throwable th = null;
        try {
            byte[] bArr = new byte[8192];
            while (true) {
                ZipEntry nextEntry = zipInputStream.getNextEntry();
                if (nextEntry == null) {
                    break;
                }
                Path resolve = createTempDirectory.resolve(nextEntry.getName());
                Files.createDirectories(resolve.getParent(), new FileAttribute[0]);
                if (!nextEntry.isDirectory()) {
                    OutputStream newOutputStream = Files.newOutputStream(resolve, new OpenOption[0]);
                    Throwable th2 = null;
                    while (true) {
                        try {
                            try {
                                int read = zipInputStream.read(bArr);
                                if (read < 0) {
                                    break;
                                }
                                newOutputStream.write(bArr, 0, read);
                            } finally {
                            }
                        } catch (Throwable th3) {
                            if (newOutputStream != null) {
                                if (th2 != null) {
                                    try {
                                        newOutputStream.close();
                                    } catch (Throwable th4) {
                                        th2.addSuppressed(th4);
                                    }
                                } else {
                                    newOutputStream.close();
                                }
                            }
                            throw th3;
                        }
                    }
                    if (newOutputStream != null) {
                        if (0 != 0) {
                            try {
                                newOutputStream.close();
                            } catch (Throwable th5) {
                                th2.addSuppressed(th5);
                            }
                        } else {
                            newOutputStream.close();
                        }
                    }
                }
                zipInputStream.closeEntry();
            }
            Files.delete(path);
            return createTempDirectory;
        } finally {
            if (zipInputStream != null) {
                if (0 != 0) {
                    try {
                        zipInputStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    zipInputStream.close();
                }
            }
        }
    }

    private XPackExtensionInfo verify(Terminal terminal, Path path, Environment environment, boolean z) throws Exception {
        XPackExtensionInfo readFromProperties = XPackExtensionInfo.readFromProperties(path);
        terminal.println(Terminal.Verbosity.VERBOSE, readFromProperties.toString());
        jarHellCheck(path);
        Path resolve = path.resolve(XPackExtensionInfo.XPACK_EXTENSION_POLICY);
        if (Files.exists(resolve, new LinkOption[0])) {
            readPolicy(resolve, terminal, environment, z);
        }
        return readFromProperties;
    }

    private void jarHellCheck(Path path) throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(Arrays.asList(JarHell.parseClassPath()));
        for (Path path2 : FileSystemUtils.files(path, "*.jar")) {
            arrayList.add(path2.toUri().toURL());
        }
        JarHell.checkJarHell((URL[]) arrayList.toArray(new URL[arrayList.size()]));
    }

    private void install(Terminal terminal, Path path, Environment environment, boolean z) throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(path);
        try {
            XPackExtensionInfo verify = verify(terminal, path, environment, z);
            Path resolve = XPackPlugin.resolveXPackExtensionsFile(environment).resolve(verify.getName());
            if (Files.exists(resolve, new LinkOption[0])) {
                throw new UserException(64, "extension directory " + resolve.toAbsolutePath() + " already exists. To update the extension, uninstall it first using 'remove " + verify.getName() + "' command");
            }
            Files.move(path, resolve, StandardCopyOption.ATOMIC_MOVE);
            terminal.println("-> Installed " + verify.getName());
        } catch (Exception e) {
            try {
                IOUtils.rm((Path[]) arrayList.toArray(new Path[0]));
            } catch (IOException e2) {
                e.addSuppressed(e2);
            }
            throw e;
        }
    }

    static String formatPermission(Permission permission) {
        StringBuilder sb = new StringBuilder();
        sb.append(permission instanceof UnresolvedPermission ? ((UnresolvedPermission) permission).getUnresolvedType() : permission.getClass().getName());
        String unresolvedName = permission instanceof UnresolvedPermission ? ((UnresolvedPermission) permission).getUnresolvedName() : permission.getName();
        if (unresolvedName != null && unresolvedName.length() > 0) {
            sb.append(' ');
            sb.append(unresolvedName);
        }
        String unresolvedActions = permission instanceof UnresolvedPermission ? ((UnresolvedPermission) permission).getUnresolvedActions() : permission.getActions();
        if (unresolvedActions != null && unresolvedActions.length() > 0) {
            sb.append(' ');
            sb.append(unresolvedActions);
        }
        return sb.toString();
    }

    static PermissionCollection parsePermissions(Path path, Path path2) throws IOException {
        Path createTempFile = Files.createTempFile(path2, "empty", "tmp", new FileAttribute[0]);
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new SpecialPermission());
        }
        Policy policy = (Policy) AccessController.doPrivileged(() -> {
            try {
                return Policy.getInstance("JavaPolicy", new URIParameter(createTempFile.toUri()));
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        });
        IOUtils.rm(new Path[]{createTempFile});
        PermissionCollection permissions = ((Policy) AccessController.doPrivileged(() -> {
            try {
                return Policy.getInstance("JavaPolicy", new URIParameter(path.toUri()));
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        })).getPermissions(XPackExtensionSecurity.class.getProtectionDomain());
        if (permissions == Policy.UNSUPPORTED_EMPTY_COLLECTION) {
            throw new UnsupportedOperationException("JavaPolicy implementation does not support retrieving permissions");
        }
        Permissions permissions2 = new Permissions();
        Iterator it = Collections.list(permissions.elements()).iterator();
        while (it.hasNext()) {
            Permission permission = (Permission) it.next();
            if (!policy.implies(XPackExtensionSecurity.class.getProtectionDomain(), permission)) {
                permissions2.add(permission);
            }
        }
        permissions2.setReadOnly();
        return permissions2;
    }

    static void readPolicy(Path path, Terminal terminal, Environment environment, boolean z) throws IOException {
        ArrayList list = Collections.list(parsePermissions(path, environment.tmpFile()).elements());
        if (list.isEmpty()) {
            terminal.println(Terminal.Verbosity.VERBOSE, "extension has a policy file with no additional permissions");
            return;
        }
        Collections.sort(list, new Comparator<Permission>() { // from class: org.elasticsearch.xpack.extensions.InstallXPackExtensionCommand.1
            @Override // java.util.Comparator
            public int compare(Permission permission, Permission permission2) {
                int compareTo = permission.getClass().getName().compareTo(permission2.getClass().getName());
                if (compareTo == 0) {
                    String name = permission.getName();
                    String name2 = permission2.getName();
                    if (name == null) {
                        name = "";
                    }
                    if (name2 == null) {
                        name2 = "";
                    }
                    compareTo = name.compareTo(name2);
                    if (compareTo == 0) {
                        String actions = permission.getActions();
                        String actions2 = permission2.getActions();
                        if (actions == null) {
                            actions = "";
                        }
                        if (actions2 == null) {
                            actions2 = "";
                        }
                        compareTo = actions.compareTo(actions2);
                    }
                }
                return compareTo;
            }
        });
        terminal.println(Terminal.Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
        terminal.println(Terminal.Verbosity.NORMAL, "@     WARNING: x-pack extension requires additional permissions     @");
        terminal.println(Terminal.Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
        Iterator it = list.iterator();
        while (it.hasNext()) {
            terminal.println(Terminal.Verbosity.NORMAL, "* " + formatPermission((Permission) it.next()));
        }
        terminal.println(Terminal.Verbosity.NORMAL, "See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html");
        terminal.println(Terminal.Verbosity.NORMAL, "for descriptions of what these permissions allow and the associated risks.");
        if (z) {
            return;
        }
        terminal.println(Terminal.Verbosity.NORMAL, "");
        if (!terminal.readText("Continue with installation? [y/N]").equalsIgnoreCase("y")) {
            throw new RuntimeException("installation aborted by user");
        }
    }
}
