package net.datenwerke.sandbox;

import java.security.AccessControlException;
import java.security.Permission;
import java.util.Arrays;
import net.datenwerke.sandbox.securitypermissions.SandboxRuntimePermission;

/* loaded from: input_file:net/datenwerke/sandbox/SandboxSecurityManager.class */
public final class SandboxSecurityManager extends SecurityManager {
    private final InheritableThreadLocal<byte[]> restrict = new InheritableThreadLocal<>();
    private final InheritableThreadLocal<SandboxContext> contextHolder = new InheritableThreadLocal<>();
    private final ThreadLocal<Boolean> isInCheck = new ThreadLocal<>();
    private final ThreadLocal<Boolean> debug = new ThreadLocal<>();
    private final SandboxService sandboxingService;
    private boolean codesourceSecurityChecks;
    private static SandboxSecurityManager INSTANCE;

    private SandboxSecurityManager(SandboxService sandboxService) {
        this.sandboxingService = sandboxService;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SandboxSecurityManager newInstance(SandboxService sandboxService) {
        if (INSTANCE != null) {
            throw new IllegalStateException("SecurityManager cannot be instantiated twice");
        }
        INSTANCE = new SandboxSecurityManager(sandboxService);
        return INSTANCE;
    }

    public SandboxService getSandboxService() {
        return this.sandboxingService;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void restrictAccess(String str, SandboxContext sandboxContext) {
        if (this.restrict.get() != null) {
            throw new IllegalStateException();
        }
        byte[] bytes = str.getBytes();
        this.contextHolder.set(sandboxContext);
        this.restrict.set(bytes);
        if (sandboxContext.isDebug()) {
            this.debug.set(true);
        }
    }

    public boolean isRestricted() {
        return this.restrict.get() != null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void releaseRestriction(String str) {
        if (isInCheck()) {
            throw new AccessControlException("cannot release restriction during security checks");
        }
        if (!Arrays.equals(str.getBytes(), this.restrict.get())) {
            throw new AccessControlException("Wrong password");
        }
        this.restrict.set(null);
        this.contextHolder.set(null);
        this.isInCheck.set(null);
        this.debug.set(null);
    }

    private boolean isInCheck() {
        return this.isInCheck.get() != null;
    }

    private boolean isDebug() {
        return this.debug.get() != null;
    }

    private void setInCheck(boolean z) {
        if (z) {
            this.isInCheck.set(true);
        } else {
            this.isInCheck.set(null);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission) {
        if (this.codesourceSecurityChecks) {
            super.checkPermission(permission);
        }
        if (!isRestricted() || isInCheck()) {
            return;
        }
        setInCheck(true);
        try {
            SandboxContext sandboxContext = this.contextHolder.get();
            boolean isDebug = isDebug();
            if (isDebug) {
                sandboxContext.debugPermissionCheck(permission);
            }
            if (sandboxContext.isBypassPermissionAccessChecks() || sandboxContext.isPassAll()) {
                return;
            }
            if (sandboxContext.checkPermission(permission, getClassContext())) {
                return;
            }
            if (isDebug) {
                sandboxContext.debugDeniedPermission(permission, getClassContext());
            }
            throw new AccessControlException("Permission not granted: " + permission, permission);
        } finally {
            setInCheck(false);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission, Object obj) {
        if (this.codesourceSecurityChecks) {
            super.checkPermission(permission, obj);
        }
        if (isRestricted()) {
            throw new AccessControlException("Nope");
        }
    }

    public void checkClassAccess(String str) {
        if (!isRestricted() || isInCheck()) {
            return;
        }
        setInCheck(true);
        try {
            SandboxContext sandboxContext = this.contextHolder.get();
            boolean isDebug = isDebug();
            if (isDebug) {
                sandboxContext.debugCheckClassAccess(str);
            }
            if (sandboxContext.isBypassClassAccessChecks() || sandboxContext.isPassAll()) {
                return;
            }
            Class[] classContext = getClassContext();
            if (sandboxContext.checkClassAccess(str, classContext)) {
                return;
            }
            if (isDebug) {
                sandboxContext.debugDeniedClassAccess(str, classContext);
            }
            throw new AccessControlException("No class access allowed for class: " + str);
        } finally {
            setInCheck(false);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPackageAccess(String str) {
        if (this.codesourceSecurityChecks) {
            super.checkPackageAccess(str);
        }
        if (!isRestricted() || isInCheck() || "java.lang".equals(str)) {
            return;
        }
        setInCheck(true);
        try {
            SandboxContext sandboxContext = this.contextHolder.get();
            boolean isDebug = isDebug();
            if (isDebug) {
                this.contextHolder.get().debugCheckPackageAccess(str);
            }
            if (sandboxContext.isBypassPackageAccessChecks() || sandboxContext.isPassAll()) {
                return;
            }
            Class[] classContext = getClassContext();
            if (sandboxContext.checkPackageAccess(str, classContext)) {
                return;
            }
            if (isDebug) {
                sandboxContext.debugDeniedPackageAccess(str, classContext);
            }
            throw new AccessControlException("No package access allowed for package: " + str);
        } finally {
            setInCheck(false);
        }
    }

    Class[] getCurrentClassContext() {
        if (isRestricted()) {
            throw new AccessControlException("no classContext during sandbox");
        }
        return super.getClassContext();
    }

    @Override // java.lang.SecurityManager
    public void checkPackageDefinition(String str) {
        if (this.codesourceSecurityChecks) {
            super.checkPackageDefinition(str);
        }
        if (isRestricted()) {
            throw new AccessControlException("no package definition: " + str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCodesourceSecurityChecks(boolean z) {
        checkPermission(new SandboxRuntimePermission("enableCodesourceSecurity"));
        this.codesourceSecurityChecks = z;
    }

    public boolean isCodesourceSecurityChecks() {
        return this.codesourceSecurityChecks;
    }
}
