package org.elasticsearch.xpack.extensions;

import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.DirectoryStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.security.AccessController;
import java.security.NoSuchAlgorithmException;
import java.security.Policy;
import java.security.URIParameter;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.elasticsearch.SpecialPermission;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;

/* loaded from: input_file:org/elasticsearch/xpack/extensions/XPackExtensionSecurity.class */
final class XPackExtensionSecurity {
    private XPackExtensionSecurity() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void configure(Path path) throws IOException {
        Map<String, Policy> extensionsPermissions = getExtensionsPermissions(path);
        if (extensionsPermissions.size() > 0) {
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                securityManager.checkPermission(new SpecialPermission());
            }
            AccessController.doPrivileged(() -> {
                Policy.setPolicy(new XPackExtensionPolicy(Policy.getPolicy(), extensionsPermissions));
                return null;
            });
        }
    }

    @SuppressForbidden(reason = "proper use of URL")
    static Map<String, Policy> getExtensionsPermissions(Path path) throws IOException {
        HashMap hashMap = new HashMap();
        ArrayList<Path> arrayList = new ArrayList();
        if (Files.exists(path, new LinkOption[0])) {
            DirectoryStream<Path> newDirectoryStream = Files.newDirectoryStream(path);
            Throwable th = null;
            try {
                try {
                    Iterator<Path> it = newDirectoryStream.iterator();
                    while (it.hasNext()) {
                        arrayList.add(it.next());
                    }
                    if (newDirectoryStream != null) {
                        if (0 != 0) {
                            try {
                                newDirectoryStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newDirectoryStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (newDirectoryStream != null) {
                    if (th != null) {
                        try {
                            newDirectoryStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        newDirectoryStream.close();
                    }
                }
                throw th3;
            }
        }
        for (Path path2 : arrayList) {
            Path resolve = path2.resolve(XPackExtensionInfo.XPACK_EXTENSION_POLICY);
            if (Files.exists(resolve, new LinkOption[0])) {
                ArrayList<URL> arrayList2 = new ArrayList();
                DirectoryStream<Path> newDirectoryStream2 = Files.newDirectoryStream(path2, "*.jar");
                Throwable th5 = null;
                try {
                    try {
                        Iterator<Path> it2 = newDirectoryStream2.iterator();
                        while (it2.hasNext()) {
                            arrayList2.add(it2.next().toRealPath(new LinkOption[0]).toUri().toURL());
                        }
                        if (newDirectoryStream2 != null) {
                            if (0 != 0) {
                                try {
                                    newDirectoryStream2.close();
                                } catch (Throwable th6) {
                                    th5.addSuppressed(th6);
                                }
                            } else {
                                newDirectoryStream2.close();
                            }
                        }
                        Policy readPolicy = readPolicy(resolve.toUri().toURL(), (URL[]) arrayList2.toArray(new URL[arrayList2.size()]));
                        for (URL url : arrayList2) {
                            if (hashMap.put(url.getFile(), readPolicy) != null) {
                                throw new IllegalStateException("per-extension permissions already granted for jar file: " + url);
                            }
                        }
                    } finally {
                    }
                } catch (Throwable th7) {
                    if (newDirectoryStream2 != null) {
                        if (th5 != null) {
                            try {
                                newDirectoryStream2.close();
                            } catch (Throwable th8) {
                                th5.addSuppressed(th8);
                            }
                        } else {
                            newDirectoryStream2.close();
                        }
                    }
                    throw th7;
                }
            }
        }
        return Collections.unmodifiableMap(hashMap);
    }

    @SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
    static Policy readPolicy(URL url, URL[] urlArr) throws IOException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new SpecialPermission());
        }
        try {
            try {
                for (URL url2 : urlArr) {
                    String path = PathUtils.get(url2.toURI()).getFileName().toString();
                    AccessController.doPrivileged(() -> {
                        System.setProperty("codebase." + path, url2.toString());
                        return null;
                    });
                }
                URIParameter uRIParameter = new URIParameter(url.toURI());
                Policy policy = (Policy) AccessController.doPrivileged(() -> {
                    try {
                        return Policy.getInstance("JavaPolicy", uRIParameter);
                    } catch (NoSuchAlgorithmException e) {
                        throw new RuntimeException(e);
                    }
                });
                for (URL url3 : urlArr) {
                    String path2 = PathUtils.get(url3.toURI()).getFileName().toString();
                    AccessController.doPrivileged(() -> {
                        System.clearProperty("codebase." + path2);
                        return null;
                    });
                }
                return policy;
            } catch (Throwable th) {
                for (URL url4 : urlArr) {
                    String path3 = PathUtils.get(url4.toURI()).getFileName().toString();
                    AccessController.doPrivileged(() -> {
                        System.clearProperty("codebase." + path3);
                        return null;
                    });
                }
                throw th;
            }
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException("unable to parse policy file `" + url + "`", e);
        }
    }
}
