package com.atlassian.bamboo.specs.maven.sandbox;

import java.io.FilePermission;
import java.nio.file.Path;
import java.security.AccessControlException;
import java.security.Permission;
import java.util.PropertyPermission;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import sun.applet.AppletSecurity;

/* loaded from: input_file:com/atlassian/bamboo/specs/maven/sandbox/BambooSpecsSecurityManager.class */
public class BambooSpecsSecurityManager extends SecurityManager {
    private static final SecurityManager DELEGATE = new AppletSecurity();
    private static final String DEBUG_MODE = System.getProperty("specs.security.manager.debug");
    private final String allowedDirectory;
    private final Set<Thread> threadsBeingChecked = ConcurrentHashMap.newKeySet();

    public BambooSpecsSecurityManager(Path path) {
        this.allowedDirectory = path.toAbsolutePath().toString();
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission) {
        if (this.threadsBeingChecked.add(Thread.currentThread())) {
            try {
                if (AccessControlContextHackcessor.getContext(getClass()).isEmpty()) {
                    log("Allowing privileged call: " + permission);
                    this.threadsBeingChecked.remove(Thread.currentThread());
                    return;
                }
                if (PrivilegedThreads.isLowPrivilegeThread()) {
                    try {
                        checkPermissionForLowPrivilegeThread(permission);
                    } catch (AccessControlException e) {
                        log("Access denied: " + permission);
                        throw e;
                    }
                }
            } finally {
                this.threadsBeingChecked.remove(Thread.currentThread());
            }
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission, Object obj) {
        if (PrivilegedThreads.isLowPrivilegeThread()) {
            DELEGATE.checkPermission(permission, obj);
        }
    }

    private void checkPermissionForLowPrivilegeThread(Permission permission) {
        log("Checking: " + permission);
        try {
            DELEGATE.checkPermission(permission);
        } catch (AccessControlException e) {
            if (!isAllowedForLowPrivilege(permission, this.allowedDirectory)) {
                throw e;
            }
            log("Allowing " + permission + " for low privilege");
        }
    }

    private static boolean isAllowedForLowPrivilege(Permission permission, String str) {
        if (isAllowedFileAccess(permission, str)) {
            return true;
        }
        return isPropertyAccess(permission);
    }

    private static boolean isPropertyAccess(Permission permission) {
        if (permission instanceof PropertyPermission) {
            return ((PropertyPermission) permission).getActions().equals("read");
        }
        return false;
    }

    private static boolean isAllowedFileAccess(Permission permission, String str) {
        if (!(permission instanceof FilePermission)) {
            return false;
        }
        FilePermission filePermission = (FilePermission) permission;
        if (!filePermission.getActions().equals("read")) {
            return false;
        }
        String name = filePermission.getName();
        if (name.endsWith(".class") || name.endsWith(".jar")) {
            return true;
        }
        return name.startsWith(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void addHighPrivilegeThread() {
        PrivilegedThreads.addHighPrivilegeThread();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void removeHighPrivilegeThread() {
        PrivilegedThreads.removeHighPrivilegeThread();
    }

    private static void log(String str) {
        if (DEBUG_MODE != null) {
            System.out.println(str);
        }
    }
}
