package com.atlassian.bamboo.specs.maven.sandbox;

import java.io.File;
import java.io.FilePermission;
import java.io.IOException;
import java.nio.file.Path;
import java.security.Permission;
import java.util.PropertyPermission;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/atlassian/bamboo/specs/maven/sandbox/LowPrivilegeThreadPermissionVerifier.class */
public class LowPrivilegeThreadPermissionVerifier extends AbstractThreadPermissionVerifier {
    private final String allowedReadDirectory;
    private final String allowedReadWriteDirectory;

    public LowPrivilegeThreadPermissionVerifier(@Nullable Path path, @Nullable Path path2) {
        this.allowedReadDirectory = toAbsolutePath(path);
        this.allowedReadWriteDirectory = toAbsolutePath(path2);
    }

    @Override // com.atlassian.bamboo.specs.maven.sandbox.AbstractThreadPermissionVerifier
    public boolean checkPermissionFor(Permission permission) {
        return isAllowedFileAccess(permission) || isPropertyAccess(permission);
    }

    private static boolean isPropertyAccess(Permission permission) {
        if (permission instanceof PropertyPermission) {
            return ((PropertyPermission) permission).getActions().equals("read");
        }
        return false;
    }

    private boolean isAllowedFileAccess(Permission permission) {
        if (!(permission instanceof FilePermission)) {
            return false;
        }
        FilePermission filePermission = (FilePermission) permission;
        try {
            String canonicalPath = toCanonicalPath(filePermission.getName());
            if (filePermission.getActions().equals("write")) {
                return this.allowedReadWriteDirectory != null && canonicalPath.startsWith(this.allowedReadWriteDirectory);
            }
            if (filePermission.getActions().equals("read")) {
                return canonicalPath.endsWith(".class") || canonicalPath.endsWith(".jar") || canonicalPath.startsWith(this.allowedReadDirectory) || canonicalPath.startsWith(this.allowedReadWriteDirectory);
            }
            return false;
        } catch (IOException e) {
            return false;
        }
    }

    private static String toCanonicalPath(String str) throws IOException {
        return new File(str).getCanonicalPath();
    }

    @Nullable
    private static String toAbsolutePath(@Nullable Path path) {
        if (path != null) {
            return path.toAbsolutePath().toString();
        }
        return null;
    }
}
