package net.datenwerke.sandbox;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.CodeSource;
import java.security.Permissions;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.IdentityHashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javassist.CannotCompileException;
import javassist.ClassPool;
import javassist.CtClass;
import javassist.CtMethod;
import javassist.NotFoundException;
import net.datenwerke.sandbox.securitypermissions.SandboxRuntimePermission;
import org.apache.commons.io.IOUtils;
import sun.misc.Resource;
import sun.misc.URLClassPath;

/* loaded from: input_file:net/datenwerke/sandbox/SandboxLoader.class */
public final class SandboxLoader extends ClassLoader {
    public static final String DEFAULT_CODESOURCE_PREFIX = "/java-sandbox-default-codesource";
    private final Logger logger;
    private static HashSet<String> BYPASSCLASSES = new HashSet<>();
    private final SandboxSecurityManager securityManager;
    private Map<String, SandboxLoader> subLoaderCache;
    private Map<String, SandboxLoader> subLoaderPrefixCache;
    private Map<URLClassPath, SandboxLoader> subLoaderByJar;
    private boolean debug;
    private SandboxContext context;
    private String name;
    private URLClassPath whitelistedUcp;
    private URLClassPath bypassUcp;
    private Collection<String> classesToLoadWithParent;
    private Collection<String> classesByPrefixToLoadWithParent;
    private Collection<String> classesToLoadDirectly;
    private Collection<String> classesByPrefixToLoadDirectly;
    private boolean hasSubloaders;
    private String codesource;
    private boolean removeFinalizers;
    private SandboxLoaderEnhancer enhancer;
    private ClassLoader parent;

    static {
        BYPASSCLASSES.add("net.datenwerke.sandbox.SandboxLoader");
        BYPASSCLASSES.add("net.datenwerke.sandbox.SandboxServiceImpl");
        BYPASSCLASSES.add("net.datenwerke.sandbox.SandboxedCallResult");
        BYPASSCLASSES.add("net.datenwerke.sandbox.SandboxedCallResultImpl");
        BYPASSCLASSES.add("net.datenwerke.sandbox.SandboxService");
        BYPASSCLASSES.add("net.datenwerke.sandbox.SandboxContext");
        BYPASSCLASSES.add("net.datenwerke.sandbox.handlers.SandboxHandler");
        BYPASSCLASSES.add("net.datenwerke.sandbox.handlers.BadThreadKillHandler");
        BYPASSCLASSES.add("net.datenwerke.sandbox.handlers.ContextRegisteredHandler");
        BYPASSCLASSES.add("net.datenwerke.sandbox.permissions.FileEqualsPermission");
        BYPASSCLASSES.add("net.datenwerke.sandbox.permissions.FilePermission");
        BYPASSCLASSES.add("net.datenwerke.sandbox.permissions.FilePrefixPermission");
        BYPASSCLASSES.add("net.datenwerke.sandbox.permissions.FileRegexPermission");
        BYPASSCLASSES.add("net.datenwerke.sandbox.permissions.FileSuffixPermission");
        BYPASSCLASSES.add("net.datenwerke.sandbox.permissions.StackEntry");
        BYPASSCLASSES.add("net.datenwerke.sandbox.permissions.ClassPermission");
        BYPASSCLASSES.add("net.datenwerke.sandbox.permissions.PackagePermission");
        BYPASSCLASSES.add("net.datenwerke.sandbox.permissions.SecurityPermission");
        BYPASSCLASSES.add("net.datenwerke.sandbox.util.VariableAssignment");
    }

    public SandboxLoader() {
        this(SandboxService.class.getClassLoader());
    }

    public SandboxLoader(ClassLoader classLoader) {
        this(classLoader, System.getSecurityManager());
        this.parent = classLoader;
    }

    public SandboxLoader(ClassLoader classLoader, SecurityManager securityManager) {
        super(classLoader);
        this.logger = Logger.getLogger(getClass().getName());
        this.subLoaderCache = new HashMap();
        this.subLoaderPrefixCache = new HashMap();
        this.subLoaderByJar = new HashMap();
        this.debug = false;
        this.context = new SandboxContext();
        this.name = "";
        this.classesToLoadWithParent = new HashSet();
        this.classesByPrefixToLoadWithParent = new HashSet();
        this.classesToLoadDirectly = new HashSet();
        this.classesByPrefixToLoadDirectly = new HashSet();
        this.securityManager = (SandboxSecurityManager) securityManager;
    }

    public void init(SandboxContext sandboxContext) {
        this.securityManager.checkPermission(new SandboxRuntimePermission("initSandboxLoader"));
        this.name = sandboxContext.getName();
        if (sandboxContext.getWhitelistedJars() == null || sandboxContext.getWhitelistedJars().isEmpty()) {
            this.whitelistedUcp = null;
        } else {
            this.whitelistedUcp = new URLClassPath((URL[]) sandboxContext.getWhitelistedJars().toArray(new URL[0]));
        }
        if (sandboxContext.getJarsForApplicationLoader() == null || sandboxContext.getJarsForApplicationLoader().isEmpty()) {
            this.bypassUcp = null;
        } else {
            this.bypassUcp = new URLClassPath((URL[]) sandboxContext.getJarsForApplicationLoader().toArray(new URL[0]));
        }
        this.classesToLoadWithParent = new HashSet(sandboxContext.getClassesForApplicationLoader());
        this.classesToLoadWithParent.addAll(BYPASSCLASSES);
        this.classesByPrefixToLoadWithParent = new HashSet(sandboxContext.getClassPrefixesForApplicationLoader());
        this.classesToLoadDirectly = new HashSet(sandboxContext.getClassesForSandboxLoader());
        this.classesByPrefixToLoadDirectly = new HashSet(sandboxContext.getClassPrefixesForSandboxLoader());
        this.hasSubloaders = (sandboxContext.getSubLoaderContextByClassMap().isEmpty() && sandboxContext.getSubLoaderContextByClassPrefixMap().isEmpty() && sandboxContext.getSubLoaderContextByJar().isEmpty()) ? false : true;
        if (this.hasSubloaders) {
            IdentityHashMap<SandboxContext, SandboxLoader> identityHashMap = new IdentityHashMap<>();
            for (Map.Entry<String, SandboxContext> entry : sandboxContext.getSubLoaderContextByClassMap().entrySet()) {
                this.subLoaderCache.put(entry.getKey(), initSubLoader(identityHashMap, entry.getValue()));
            }
            for (Map.Entry<String, SandboxContext> entry2 : sandboxContext.getSubLoaderContextByClassPrefixMap().entrySet()) {
                this.subLoaderPrefixCache.put(entry2.getKey(), initSubLoader(identityHashMap, entry2.getValue()));
            }
            for (Map.Entry<URL, SandboxContext> entry3 : sandboxContext.getSubLoaderContextByJar().entrySet()) {
                this.subLoaderByJar.put(new URLClassPath(new URL[]{entry3.getKey()}), initSubLoader(identityHashMap, entry3.getValue()));
            }
        }
        this.debug = sandboxContext.isDebug();
        this.codesource = sandboxContext.getCodesource();
        if (this.codesource == null) {
            this.codesource = DEFAULT_CODESOURCE_PREFIX.concat("/").concat((this.name == null || "".equals(this.name)) ? "default" : this.name).concat("/");
        }
        this.removeFinalizers = sandboxContext.isRemoveFinalizers();
        this.enhancer = sandboxContext.getLoaderEnhancer();
        this.context = sandboxContext;
    }

    private SandboxLoader initSubLoader(IdentityHashMap<SandboxContext, SandboxLoader> identityHashMap, SandboxContext sandboxContext) {
        if (identityHashMap.containsKey(sandboxContext)) {
            return identityHashMap.get(sandboxContext);
        }
        SandboxLoader sandboxLoader = new SandboxLoader(this, this.securityManager);
        sandboxLoader.init(sandboxContext);
        identityHashMap.put(sandboxContext, sandboxLoader);
        return sandboxLoader;
    }

    public SandboxContext getContext() {
        getSecurityManager().checkPermission(new SandboxRuntimePermission("getSandboxLoaderContext"));
        return this.context;
    }

    @Override // java.lang.ClassLoader
    protected Class<?> loadClass(String str, boolean z) throws ClassNotFoundException {
        Class<?> loadClass;
        Resource resource;
        SandboxLoader doGetSubLoaderByClassContext;
        if (this.debug) {
            this.logger.log(Level.INFO, String.valueOf(getName()) + "(" + System.identityHashCode(this) + ") about to load class: " + str);
        }
        if (this.enhancer != null) {
            this.enhancer.classtoBeLoaded(this, str, z);
        }
        boolean z2 = false;
        if (str.startsWith("java.") || bypassClazz(str)) {
            loadClass = super.loadClass(str, z);
            if (!str.startsWith("java.") && this.whitelistedUcp != null) {
                if (this.whitelistedUcp.getResource(str.replace('.', '/').concat(".class"), false) != null) {
                    z2 = true;
                }
            }
        } else {
            if (this.hasSubloaders && (doGetSubLoaderByClassContext = doGetSubLoaderByClassContext(str)) != null) {
                return doGetSubLoaderByClassContext.loadClass(str, z);
            }
            loadClass = findLoadedClass(str);
            if (loadClass == null) {
                try {
                    String replace = str.replace('.', '/');
                    String concat = replace.concat(".class");
                    try {
                        ProtectionDomain protectionDomain = new ProtectionDomain(new CodeSource(new URL("file", "", this.codesource.concat(replace)), (Certificate[]) null), new Permissions(), this, null);
                        int lastIndexOf = str.lastIndexOf(46);
                        if (lastIndexOf != -1) {
                            String substring = str.substring(0, lastIndexOf);
                            if (getPackage(substring) == null) {
                                definePackage(substring, null, null, null, null, null, null, null);
                            }
                        }
                        if (this.whitelistedUcp != null && (resource = this.whitelistedUcp.getResource(concat, false)) != null) {
                            byte[] enhance = enhance(str, resource.getBytes());
                            loadClass = defineClass(str, enhance, 0, enhance.length, protectionDomain);
                            z2 = true;
                        }
                        if (loadClass == null) {
                            try {
                                InputStream resourceAsStream = this.parent.getResourceAsStream(concat);
                                byte[] bArr = null;
                                if (resourceAsStream != null) {
                                    bArr = IOUtils.toByteArray(resourceAsStream);
                                }
                                if (bArr == null && this.enhancer != null) {
                                    bArr = this.enhancer.loadClass(this, str);
                                }
                                if (bArr == null) {
                                    throw new ClassNotFoundException("Could not find " + str);
                                }
                                byte[] enhance2 = enhance(str, bArr);
                                loadClass = defineClass(str, enhance2, 0, enhance2.length, protectionDomain);
                                if (resourceAsStream != null) {
                                    try {
                                        resourceAsStream.close();
                                    } catch (IOException e) {
                                        e.printStackTrace();
                                    }
                                }
                            } finally {
                            }
                        }
                        if (z) {
                            resolveClass(loadClass);
                        }
                    } catch (MalformedURLException unused) {
                        throw new RuntimeException("Could not create protection domain.");
                    }
                } catch (IOException e2) {
                    throw new ClassNotFoundException("Could not load " + str, e2);
                } catch (Exception e3) {
                    throw new ClassNotFoundException("Could not load " + str, e3);
                }
            } else if (this.whitelistedUcp != null) {
                if (this.whitelistedUcp.getResource(str.replace('.', '/').concat(".class"), false) != null) {
                    z2 = true;
                }
            }
        }
        if (!z2 && loadClass != null && this.securityManager != null) {
            this.securityManager.checkClassAccess(str);
        }
        if (this.enhancer != null) {
            this.enhancer.classLoaded(this, str, loadClass);
        }
        return loadClass;
    }

    private byte[] enhance(String str, byte[] bArr) throws IOException, RuntimeException, CannotCompileException, NotFoundException {
        if (this.removeFinalizers) {
            CtClass makeClass = new ClassPool().makeClass(new ByteArrayInputStream(bArr));
            boolean z = false;
            if (!makeClass.isInterface()) {
                CtMethod[] methods = makeClass.getMethods();
                int length = methods.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    CtMethod ctMethod = methods[i];
                    if (!"finalize".equals(ctMethod.getName()) || ctMethod.getParameterTypes().length != 0) {
                        i++;
                    } else if (!ctMethod.isEmpty()) {
                        makeClass.removeMethod(ctMethod);
                        z = true;
                    }
                }
            }
            if (z) {
                bArr = makeClass.toBytecode();
            }
        }
        if (this.enhancer != null) {
            bArr = this.enhancer.enhance(this, str, bArr);
        }
        return bArr;
    }

    public SandboxLoader getSubLoaderByClassContext(String str) {
        getSecurityManager().checkPermission(new SandboxRuntimePermission("getSubLoader"));
        return doGetSubLoaderByClassContext(str);
    }

    private SandboxLoader doGetSubLoaderByClassContext(String str) {
        String concat = str.replace('.', '/').concat(".class");
        for (Map.Entry<URLClassPath, SandboxLoader> entry : this.subLoaderByJar.entrySet()) {
            if (entry.getKey().getResource(concat, false) != null) {
                return entry.getValue();
            }
        }
        SandboxLoader sandboxLoader = this.subLoaderCache.get(str);
        if (sandboxLoader != null) {
            return sandboxLoader;
        }
        for (String str2 : this.subLoaderPrefixCache.keySet()) {
            if (str.startsWith(str2)) {
                return this.subLoaderPrefixCache.get(str2);
            }
        }
        return null;
    }

    private boolean bypassClazz(String str) {
        if (this.enhancer != null && this.enhancer.isLoadClassWithApplicationLoader(str)) {
            return true;
        }
        if (this.classesToLoadWithParent.contains(str)) {
            return !prohibitBypass(str);
        }
        Iterator<String> it = this.classesByPrefixToLoadWithParent.iterator();
        while (it.hasNext()) {
            if (str.startsWith(it.next())) {
                return !prohibitBypass(str);
            }
        }
        if (str.startsWith("java.") || this.bypassUcp == null) {
            return false;
        }
        return (this.bypassUcp.getResource(str.replace('.', '/').concat(".class"), false) == null || prohibitBypass(str)) ? false : true;
    }

    private boolean prohibitBypass(String str) {
        if (this.classesToLoadDirectly.contains(str)) {
            return true;
        }
        Iterator<String> it = this.classesByPrefixToLoadDirectly.iterator();
        while (it.hasNext()) {
            if (str.startsWith(it.next())) {
                return true;
            }
        }
        return false;
    }

    public SandboxLoader getSubloaderByName(String str) {
        getSecurityManager().checkPermission(new SandboxRuntimePermission("getSubLoader"));
        return doGetSubloaderByName(str);
    }

    private SandboxLoader doGetSubloaderByName(String str) {
        if (str.equals(getName())) {
            return this;
        }
        for (SandboxLoader sandboxLoader : this.subLoaderByJar.values()) {
            if (str.equals(sandboxLoader.getName())) {
                return sandboxLoader;
            }
        }
        for (SandboxLoader sandboxLoader2 : this.subLoaderCache.values()) {
            if (str.equals(sandboxLoader2.getName())) {
                return sandboxLoader2;
            }
        }
        for (SandboxLoader sandboxLoader3 : this.subLoaderPrefixCache.values()) {
            if (str.equals(sandboxLoader3.getName())) {
                return sandboxLoader3;
            }
        }
        Iterator<SandboxLoader> it = this.subLoaderByJar.values().iterator();
        while (it.hasNext()) {
            SandboxLoader subloaderByName = it.next().getSubloaderByName(str);
            if (subloaderByName != null) {
                return subloaderByName;
            }
        }
        Iterator<SandboxLoader> it2 = this.subLoaderCache.values().iterator();
        while (it2.hasNext()) {
            SandboxLoader subloaderByName2 = it2.next().getSubloaderByName(str);
            if (subloaderByName2 != null) {
                return subloaderByName2;
            }
        }
        Iterator<SandboxLoader> it3 = this.subLoaderPrefixCache.values().iterator();
        while (it3.hasNext()) {
            SandboxLoader subloaderByName3 = it3.next().getSubloaderByName(str);
            if (subloaderByName3 != null) {
                return subloaderByName3;
            }
        }
        return null;
    }

    public String getName() {
        return this.name;
    }

    public SandboxSecurityManager getSecurityManager() {
        this.securityManager.checkPermission(new SandboxRuntimePermission("getSecurityManager"));
        return this.securityManager;
    }

    public Class<?> defineClass(String str, byte[] bArr) {
        return defineClass(str, bArr, true);
    }

    public Class<?> defineClass(String str, byte[] bArr, boolean z) {
        this.securityManager.checkPermission(new SandboxRuntimePermission("defineClass"));
        Class<?> findLoadedClass = findLoadedClass(str);
        if (findLoadedClass != null) {
            return findLoadedClass;
        }
        if (z) {
            try {
                bArr = enhance(str, bArr);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        try {
            return defineClass(str, bArr, 0, bArr.length, new ProtectionDomain(new CodeSource(new URL("file", "", this.codesource), (Certificate[]) null), new Permissions(), this, null));
        } catch (MalformedURLException unused) {
            throw new RuntimeException("Could not create protection domain.");
        }
    }
}
