package net.datenwerke.sandbox;

import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.io.File;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nullable;
import net.datenwerke.sandbox.SandboxService;
import net.datenwerke.sandbox.annotations.EnableSandboxing;
import net.datenwerke.sandbox.exception.SandboxConfigurationException;
import net.datenwerke.sandbox.exception.SandboxException;
import net.datenwerke.sandbox.exception.SandboxedTaskKilledException;
import net.datenwerke.sandbox.handlers.BadThreadKillHandler;
import net.datenwerke.sandbox.handlers.ContextRegisteredHandler;
import net.datenwerke.sandbox.handlers.SandboxHandler;
import net.datenwerke.sandbox.jvm.JvmFreelancer;
import net.datenwerke.sandbox.jvm.JvmPool;
import net.datenwerke.sandbox.jvm.JvmPoolConfigImpl;
import net.datenwerke.sandbox.jvm.JvmPoolImpl;
import net.datenwerke.sandbox.jvm.JvmSandboxTask;
import net.datenwerke.sandbox.jvm.exceptions.JvmKilledUnsafeThreadRuntimeException;
import net.datenwerke.sandbox.securitypermissions.SandboxRuntimePermission;
import net.datenwerke.transloader.DefaultTransloader;
import net.datenwerke.transloader.configure.CloningStrategy;

@Singleton
/* loaded from: input_file:net/datenwerke/sandbox/SandboxServiceImpl.class */
public class SandboxServiceImpl implements SandboxService {
    private final Logger logger;
    private static SandboxService INSTANCE;
    protected final SandboxCleanupService cleanupService;
    protected final boolean enabled;
    protected Map<String, SandboxContext> registeredContexts;
    protected JvmPool jvmPool;
    private Set<SandboxHandler> handlers;
    protected final ConcurrentLinkedQueue<SandboxMonitoredThread> monitorQueue;
    private int monitorCnt;
    private SandboxMonitorDaemon monitorDaemon;
    private Thread monitorDaemonThread;
    private SandboxMonitorWatchdog monitorWatchdog;
    private Thread monitorWatchdogThread;
    private long monitorDaemonCheckInterval;
    private long monitorWatchdogCheckInterval;

    public SandboxServiceImpl() {
        this(true, new SandboxCleanupServiceImpl(), new JvmPoolImpl(new JvmPoolConfigImpl(1, 1)));
    }

    public SandboxServiceImpl(File file) {
        this(true, new SandboxCleanupServiceImpl(), new JvmPoolImpl(new JvmPoolConfigImpl(1, 1, "-Xbootclasspath/p:" + file.getAbsolutePath())));
    }

    @Inject
    public SandboxServiceImpl(@EnableSandboxing boolean z, SandboxCleanupService sandboxCleanupService, @Nullable JvmPool jvmPool) {
        this.logger = Logger.getLogger(getClass().getName());
        this.registeredContexts = new Hashtable();
        this.handlers = new HashSet();
        this.monitorCnt = 1;
        this.monitorDaemonCheckInterval = 10L;
        this.monitorWatchdogCheckInterval = 10000L;
        this.enabled = z;
        this.cleanupService = sandboxCleanupService;
        this.jvmPool = jvmPool;
        if (INSTANCE != null) {
            throw new IllegalStateException("SandboxService already instantiated");
        }
        INSTANCE = this;
        if (z) {
            enable();
        }
        this.monitorQueue = new ConcurrentLinkedQueue<>();
        startMonitorDaemon();
        Runtime.getRuntime().addShutdownHook(new Thread() { // from class: net.datenwerke.sandbox.SandboxServiceImpl.1
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                SandboxServiceImpl.this.shutdown();
            }
        });
    }

    private final void enable() {
        if (System.getSecurityManager() instanceof SandboxSecurityManager) {
            return;
        }
        try {
            System.setSecurityManager(SandboxSecurityManager.newInstance(this));
        } catch (Exception e) {
            throw new RuntimeException("Could not initialize security manager: ", e);
        }
    }

    public static SandboxService getInstance() {
        if (INSTANCE == null) {
            new SandboxServiceImpl();
        }
        return INSTANCE;
    }

    public static SandboxService getInstance(File file) {
        if (INSTANCE == null) {
            new SandboxServiceImpl(file);
        }
        return INSTANCE;
    }

    public static SandboxService initLocalSandboxService() {
        if (INSTANCE != null) {
            throw new IllegalStateException("already initialized");
        }
        return new SandboxServiceImpl(true, new SandboxCleanupServiceImpl(), null);
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public void setCodesourceSecurityChecks(boolean z) {
        SandboxSecurityManager sandboxSecurityManager = (SandboxSecurityManager) System.getSecurityManager();
        if (sandboxSecurityManager != null) {
            sandboxSecurityManager.setCodesourceSecurityChecks(z);
        }
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public boolean getCodesourceSecurityChecks() {
        SandboxSecurityManager sandboxSecurityManager = (SandboxSecurityManager) System.getSecurityManager();
        if (sandboxSecurityManager != null) {
            return sandboxSecurityManager.isCodesourceSecurityChecks();
        }
        return false;
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public void startMonitorDaemon() {
        if (isMonitorDaemonActive()) {
            return;
        }
        if (this.monitorDaemon != null) {
            this.monitorDaemon.shutdown();
        }
        this.monitorDaemon = new SandboxMonitorDaemon(this, this.monitorQueue);
        this.monitorDaemon.setCheckInterval(this.monitorDaemonCheckInterval);
        this.monitorDaemonThread = Executors.defaultThreadFactory().newThread(this.monitorDaemon);
        this.monitorDaemonThread.setDaemon(true);
        Thread thread = this.monitorDaemonThread;
        StringBuilder sb = new StringBuilder("sandboxMonitor-");
        int i = this.monitorCnt;
        this.monitorCnt = i + 1;
        thread.setName(sb.append(i).toString());
        this.monitorDaemonThread.start();
        startMonitorWatchdog();
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public boolean isMonitorDaemonActive() {
        return (this.monitorDaemonThread == null || !this.monitorDaemonThread.isAlive() || this.monitorDaemon == null || this.monitorDaemon.isShutdown()) ? false : true;
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public void shutdownMonitorDaemon() {
        if (this.monitorDaemon != null) {
            this.monitorDaemon.shutdown();
        }
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public void startMonitorWatchdog() {
        if (isMonitorWatchdogActive()) {
            return;
        }
        if (this.monitorWatchdog != null) {
            this.monitorWatchdog.shutdown();
        }
        this.monitorWatchdog = new SandboxMonitorWatchdog(this);
        this.monitorWatchdog.setCheckInterval(this.monitorWatchdogCheckInterval);
        this.monitorWatchdogThread = Executors.defaultThreadFactory().newThread(this.monitorWatchdog);
        this.monitorWatchdogThread.setDaemon(true);
        this.monitorWatchdogThread.setName("sandboxMonitorWatchdog");
        this.monitorWatchdogThread.start();
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public boolean isMonitorWatchdogActive() {
        return (this.monitorWatchdogThread == null || !this.monitorWatchdogThread.isAlive() || this.monitorWatchdog.isShutdown()) ? false : true;
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public void shutdownMonitorWatchdog() {
        if (this.monitorWatchdog != null) {
            this.monitorWatchdog.shutdown();
        }
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public long getMonitorDaemonCheckInterval() {
        return this.monitorDaemonCheckInterval;
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public void setMonitorDaemonCheckInterval(long j) {
        this.monitorDaemonCheckInterval = j;
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public long getMonitorWatchdogCheckInterval() {
        return this.monitorWatchdogCheckInterval;
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public void setMonitorWatchdogCheckInterval(long j) {
        this.monitorWatchdogCheckInterval = j;
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public void shutdown() {
        shutdownJvmPool();
        shutdownMonitorWatchdog();
        shutdownMonitorDaemon();
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public SandboxSecurityManager getManager() {
        if (isActive()) {
            return (SandboxSecurityManager) System.getSecurityManager();
        }
        return null;
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public boolean isActive() {
        return this.enabled;
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public String restrict() {
        if (!isActive()) {
            return null;
        }
        String uuid = UUID.randomUUID().toString();
        getManager().restrictAccess(uuid, new SandboxContext());
        return uuid;
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public synchronized String restrict(String str) {
        SandboxContext sandboxContext = this.registeredContexts.get(str);
        if (sandboxContext == null) {
            sandboxContext = new SandboxContext();
        }
        return restrict(sandboxContext);
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public synchronized String restrict(String str, String str2) {
        if (!isActive()) {
            return str;
        }
        SandboxContext sandboxContext = this.registeredContexts.get(str2);
        if (sandboxContext == null) {
            sandboxContext = new SandboxContext();
        }
        return restrict(str, sandboxContext);
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public String restrict(SandboxContext sandboxContext) {
        String uuid = UUID.randomUUID().toString();
        restrict(uuid, sandboxContext);
        return uuid;
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public String restrict(String str, SandboxContext sandboxContext) {
        if (!isActive()) {
            return null;
        }
        getManager().restrictAccess(str, sandboxContext);
        return str;
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public JvmFreelancer acquireFreelancer() throws InterruptedException {
        return this.jvmPool.acquireFreelancer();
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public JvmFreelancer acquireFreelancer(long j, TimeUnit timeUnit) throws InterruptedException {
        return this.jvmPool.acquireFreelancer(j, timeUnit);
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public void releaseFreelancer(JvmFreelancer jvmFreelancer) {
        this.jvmPool.releaseFreelancer(jvmFreelancer);
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public void shutdownJvmPool() {
        if (this.jvmPool != null) {
            this.jvmPool.shutdown();
        }
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public void restartJvmPool() {
        if (this.jvmPool != null) {
            this.jvmPool.restart();
        }
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public void initJvmPool(JvmPool jvmPool) {
        shutdownJvmPool();
        this.jvmPool = jvmPool;
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public boolean isRestricted() {
        return isActive() && getManager().isRestricted();
    }

    public SandboxSecurityManager getSecurityManager() {
        return (SandboxSecurityManager) System.getSecurityManager();
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public synchronized void registerContext(String str, SandboxContext sandboxContext) {
        getSecurityManager().checkPermission(new SandboxRuntimePermission("registerSandboxContext"));
        Iterator it = getHandlers(ContextRegisteredHandler.class).iterator();
        while (it.hasNext()) {
            ((ContextRegisteredHandler) it.next()).contextRegistered(str, sandboxContext);
        }
        this.registeredContexts.put(str, sandboxContext);
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public void releaseRestriction(String str) {
        if (isActive()) {
            getManager().releaseRestriction(str);
        }
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public SandboxLoader initClassLoader(String str) {
        return initClassLoader(getContext(str));
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public SandboxLoader initClassLoader(SandboxContext sandboxContext) {
        return initClassLoader(getClass().getClassLoader(), sandboxContext);
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public SandboxLoader initClassLoader(ClassLoader classLoader, String str) {
        return initClassLoader(classLoader, getContext(str));
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public SandboxLoader initClassLoader(ClassLoader classLoader, SandboxContext sandboxContext) {
        SandboxLoader sandboxLoader = new SandboxLoader(classLoader);
        sandboxLoader.init(sandboxContext);
        return sandboxLoader;
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public SandboxContext getContext(String str) {
        getSecurityManager().checkPermission(new SandboxRuntimePermission("getSandboxContext"));
        if (this.registeredContexts.containsKey(str)) {
            return this.registeredContexts.get(str);
        }
        return null;
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public <V> SandboxedCallResult<V> runSandboxed(Class<? extends SandboxedEnvironment> cls, SandboxContext sandboxContext, Object... objArr) {
        return runSandboxed(cls, sandboxContext, initClassLoader(sandboxContext), objArr);
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public <V> SandboxedCallResult<V> runSandboxed(Class<? extends SandboxedEnvironment> cls, SandboxContext sandboxContext, ClassLoader classLoader, Object... objArr) {
        return run(cls, sandboxContext, classLoader, false, objArr);
    }

    protected <V> SandboxedCallResult<V> run(Class<? extends SandboxedEnvironment> cls, SandboxContext sandboxContext, ClassLoader classLoader, boolean z, Object[] objArr) {
        Object invoke;
        if (cls == null) {
            return null;
        }
        if (isRemoteService() && sandboxContext.isDebug()) {
            this.logger.log(Level.INFO, "run remote");
        }
        try {
            if (!isRemoteService() && sandboxContext.isRunRemote() && this.jvmPool != null) {
                invoke = this.jvmPool.addTask(new JvmSandboxTask(cls, sandboxContext, z, objArr)).get().getRaw();
            } else if (sandboxContext.isRunInThread()) {
                SandboxedThread sandboxedThread = new SandboxedThread(this, getCalleableMethod(cls, classLoader), getCalleableInstance(cls, classLoader, objArr), sandboxContext, z);
                sandboxedThread.setContextClassLoader(classLoader);
                this.monitorQueue.add(new SandboxMonitoredThread(Thread.currentThread(), sandboxedThread, sandboxContext));
                try {
                    sandboxedThread.start();
                    sandboxedThread.join();
                } catch (InterruptedException unused) {
                }
                if (!sandboxedThread.isSuccess()) {
                    if (isRemoteService() && sandboxedThread.isKilled() && !sandboxedThread.isKilledSafely()) {
                        throw new JvmKilledUnsafeThreadRuntimeException();
                    }
                    throw sandboxedThread.getException();
                }
                invoke = sandboxedThread.getResult();
            } else {
                Method calleableMethod = getCalleableMethod(cls, classLoader);
                Object calleableInstance = getCalleableInstance(cls, classLoader, objArr);
                if (z) {
                    invoke = calleableMethod.invoke(calleableInstance, new Object[0]);
                } else {
                    String restrict = restrict(sandboxContext);
                    try {
                        invoke = calleableMethod.invoke(calleableInstance, new Object[0]);
                    } finally {
                        releaseRestriction(restrict);
                    }
                }
            }
            return new SandboxedCallResultImpl(invoke);
        } catch (Exception e) {
            if (e instanceof JvmKilledUnsafeThreadRuntimeException) {
                throw ((JvmKilledUnsafeThreadRuntimeException) e);
            }
            if (e instanceof SandboxException) {
                throw ((SandboxException) e);
            }
            if (!(e instanceof InvocationTargetException) || e.getCause() == null) {
                throw new SandboxException(e);
            }
            throw new SandboxException(String.valueOf(e.getCause().getClass().getName()) + ": " + e.getCause().getMessage(), e);
        }
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public boolean isRemoteService() {
        return false;
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public boolean hasRemoteAgents() {
        return this.jvmPool != null;
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public <V> SandboxedCallResult<V> runInContext(Class<? extends SandboxedEnvironment> cls, SandboxContext sandboxContext, Object... objArr) {
        return runInContext(cls, sandboxContext, initClassLoader(sandboxContext), objArr);
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public <V> SandboxedCallResult<V> runInContext(Class<? extends SandboxedEnvironment> cls, SandboxContext sandboxContext, ClassLoader classLoader, Object... objArr) {
        return run(cls, sandboxContext, classLoader, true, objArr);
    }

    protected Method getCalleableMethod(Class<?> cls, ClassLoader classLoader) throws ClassNotFoundException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException {
        Method method = Class.forName(cls.getName(), true, classLoader).getMethod("execute", new Class[0]);
        method.setAccessible(true);
        return method;
    }

    protected Object getCalleableInstance(Class<?> cls, ClassLoader classLoader, Object... objArr) throws ClassNotFoundException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException {
        Constructor<?> declaredConstructor;
        Class<?> cls2 = Class.forName(cls.getName(), true, classLoader);
        Object[] objArr2 = null;
        if (objArr == null || objArr.length == 0) {
            declaredConstructor = cls2.getDeclaredConstructor(null);
        } else {
            int length = objArr.length;
            Class<?>[] clsArr = new Class[length];
            objArr2 = new Object[length];
            for (int i = 0; i < length; i++) {
                Object obj = objArr[i];
                if (obj instanceof SandboxService.TypedArgument) {
                    clsArr[i] = Class.forName(((SandboxService.TypedArgument) obj).getType().getName(), true, classLoader);
                    if (((SandboxService.TypedArgument) obj).isBridge()) {
                        objArr2[i] = bridge(((SandboxService.TypedArgument) obj).getValue(), classLoader);
                    } else {
                        objArr2[i] = ((SandboxService.TypedArgument) obj).getValue();
                    }
                } else {
                    clsArr[i] = Class.forName(obj.getClass().getName(), true, classLoader);
                    objArr2[i] = obj;
                }
            }
            try {
                declaredConstructor = cls2.getDeclaredConstructor(clsArr);
            } catch (NoSuchMethodException e) {
                throw new SandboxConfigurationException(String.valueOf(e.getMessage()) + ": Could not load constructor for the SandboxedEnvironment object. I tried to find a constructor with the following types: " + clsArr + " Is there a classloader problem?", e);
            }
        }
        declaredConstructor.setAccessible(true);
        if (objArr2 == null) {
            return declaredConstructor.newInstance(new Object[0]);
        }
        try {
            return declaredConstructor.newInstance(objArr2);
        } catch (IllegalArgumentException e2) {
            StringBuffer stringBuffer = new StringBuffer("[");
            for (Object obj2 : objArr2) {
                stringBuffer.append(obj2).append(", ");
            }
            stringBuffer.append("]");
            throw new SandboxConfigurationException(String.valueOf(e2.getMessage()) + ": Could not instantiate the SandboxedEnvironment object. Is there a classloader problem? The SandboxedEnvironment's constructor expects " + declaredConstructor + " but I got: " + ((Object) stringBuffer), e2);
        }
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public Object bridge(Object obj) {
        return bridge(obj, getClass().getClassLoader());
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public Object bridge(Object obj, ClassLoader classLoader) {
        if (obj == null) {
            return null;
        }
        return (obj.getClass().getClassLoader() == null && classLoader == null) ? obj : (obj.getClass().getClassLoader() == null || !obj.getClass().getClassLoader().equals(classLoader)) ? new DefaultTransloader(CloningStrategy.newMinimalInstance()).wrap(obj).cloneWith(classLoader) : obj;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void kill(SandboxMonitoredThread sandboxMonitoredThread, SandboxedTaskKilledException sandboxedTaskKilledException) {
        boolean z = false;
        try {
            BadKillInfo kill = this.cleanupService.kill(sandboxMonitoredThread, sandboxedTaskKilledException);
            if (kill == null) {
                z = true;
            } else {
                Iterator it = getHandlers(BadThreadKillHandler.class).iterator();
                while (it.hasNext()) {
                    ((BadThreadKillHandler) it.next()).badThreadKilled(kill);
                }
            }
        } catch (Exception unused) {
        }
        if (z || isRemoteService()) {
            return;
        }
        this.logger.log(Level.SEVERE, "killed potentially unsafe thread");
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public synchronized void attachHandler(SandboxHandler sandboxHandler) {
        getSecurityManager().checkPermission(new SandboxRuntimePermission("attachHandler"));
        this.handlers.add(sandboxHandler);
    }

    @Override // net.datenwerke.sandbox.SandboxService
    public synchronized boolean dettachHandler(SandboxHandler sandboxHandler) {
        getSecurityManager().checkPermission(new SandboxRuntimePermission("dettachHandler"));
        return this.handlers.remove(sandboxHandler);
    }

    protected synchronized <H extends SandboxHandler> Collection<H> getHandlers(Class<H> cls) {
        HashSet hashSet = new HashSet();
        for (SandboxHandler sandboxHandler : this.handlers) {
            if (cls.isAssignableFrom(sandboxHandler.getClass())) {
                hashSet.add(sandboxHandler);
            }
        }
        return hashSet;
    }

    protected void finalize() throws Throwable {
        super.finalize();
        shutdownJvmPool();
    }
}
