package defpackage;

import java.io.FilePermission;
import java.net.SocketPermission;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.AllPermission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.PropertyPermission;

/* loaded from: input_file:SecureCapsule.class */
public class SecureCapsule extends Capsule {
    private static final String PROP_SECURITY_POLICY = "capsule.security.policy";
    private static final String PROP_JAVA_SECURITY_POLICY = "java.security.policy";
    private static final String PROP_JAVA_SECURITY_MANAGER = "java.security.manager";
    private static final String ENV_CAPSULE_REPOS = "CAPSULE_REPOS";
    private static final String ENV_CAPSULE_LOCAL_REPO = "CAPSULE_LOCAL_REPO";
    private final Path jarFile;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:SecureCapsule$CapletLoader.class */
    public static class CapletLoader extends ClassLoader {
        public CapletLoader(ClassLoader classLoader) {
            super(classLoader);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:SecureCapsule$SandboxSecurityPolicy.class */
    public class SandboxSecurityPolicy extends Policy {
        private SandboxSecurityPolicy() {
        }

        @Override // java.security.Policy
        public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
            return isWrapped(protectionDomain) ? pluginPermissions() : applicationPermissions();
        }

        private boolean isWrapped(ProtectionDomain protectionDomain) {
            return protectionDomain.getClassLoader() instanceof CapletLoader;
        }

        private PermissionCollection pluginPermissions() {
            Permissions permissions = new Permissions();
            permissions.add(new PropertyPermission("*", "read"));
            permissions.add(new FilePermission(SecureCapsule.this.getAppDir().toString(), "read"));
            permissions.add(new RuntimePermission("getenv.CAPSULE_REPOS"));
            permissions.add(new RuntimePermission("getenv.CAPSULE_LOCAL_REPO"));
            permissions.add(new SocketPermission("https://repo1.maven.org/", "connect"));
            return permissions;
        }

        private PermissionCollection applicationPermissions() {
            Permissions permissions = new Permissions();
            permissions.add(new AllPermission());
            return permissions;
        }
    }

    public SecureCapsule(Path path) {
        super(path);
        initSecurity();
        this.jarFile = getJarFile();
    }

    public SecureCapsule(Capsule capsule) {
        super(capsule);
        initSecurity();
        this.jarFile = getJarFile();
    }

    private void initSecurity() {
        Policy.setPolicy(new SandboxSecurityPolicy());
        System.setSecurityManager(new SecurityManager());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // defpackage.Capsule
    public Capsule loadTargetCapsule(ClassLoader classLoader, Path path) {
        return super.loadTargetCapsule(new CapletLoader(classLoader), path);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Type inference failed for: r0v6, types: [T, java.util.Map, java.util.HashMap] */
    @Override // defpackage.Capsule
    public <T> T attribute(Map.Entry<String, T> entry) {
        if (ATTR_SYSTEM_PROPERTIES != entry) {
            return ATTR_SECURITY_POLICY == entry ? (T) getPolicyFile() : (T) super.attribute(entry);
        }
        ?? r0 = (T) new HashMap((Map) super.attribute(ATTR_SYSTEM_PROPERTIES));
        r0.put(PROP_JAVA_SECURITY_MANAGER, "");
        r0.put(PROP_JAVA_SECURITY_POLICY, getPolicyFile());
        return r0;
    }

    private String getPolicyFile() {
        return getProperty(PROP_SECURITY_POLICY) != null ? getProperty(PROP_SECURITY_POLICY) : toJarUrl("security.policy");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // defpackage.Capsule
    public ProcessBuilder prelaunch(List<String> list, List<String> list2) {
        ProcessBuilder prelaunch = super.prelaunch(list, list2);
        Path path = Paths.get(prelaunch.command().get(0), new String[0]);
        verify((path.startsWith(appDir()) || path.startsWith(getWritableAppCache())) ? false : true, "Local command: " + path);
        return prelaunch;
    }

    private void verify(boolean z, String str) {
        if (!z) {
            throw new SecurityException(str);
        }
    }

    private String toJarUrl(String str) {
        return "jar:file:" + this.jarFile.toAbsolutePath() + "!/" + str;
    }
}
