package com.atlassian.bamboo.specs.maven.sandbox;

import java.io.FilePermission;
import java.nio.file.Path;
import java.security.AccessControlException;
import java.security.Permission;
import java.util.PropertyPermission;
import sun.applet.AppletSecurity;

/* loaded from: input_file:com/atlassian/bamboo/specs/maven/sandbox/LowPrivilegeThreadPermissionVerifier.class */
public class LowPrivilegeThreadPermissionVerifier implements ThreadPermissionVerifier {
    private static final SecurityManager DELEGATE = new AppletSecurity();
    private final String allowedDirectory;

    /* JADX INFO: Access modifiers changed from: package-private */
    public LowPrivilegeThreadPermissionVerifier(Path path) {
        this.allowedDirectory = path.toAbsolutePath().toString();
    }

    @Override // com.atlassian.bamboo.specs.maven.sandbox.ThreadPermissionVerifier
    public void checkPermission(Permission permission) {
        BambooSpecsSecurityManager.log("Checking: " + permission);
        try {
            DELEGATE.checkPermission(permission);
        } catch (AccessControlException e) {
            if (!isAllowedForLowPrivilege(permission)) {
                throw e;
            }
            BambooSpecsSecurityManager.log("Allowing " + permission + " for low privilege");
        }
    }

    @Override // com.atlassian.bamboo.specs.maven.sandbox.ThreadPermissionVerifier
    public void checkPermission(Permission permission, Object obj) {
        DELEGATE.checkPermission(permission, obj);
    }

    private boolean isAllowedForLowPrivilege(Permission permission) {
        return isAllowedFileAccess(permission) || isPropertyAccess(permission);
    }

    private static boolean isPropertyAccess(Permission permission) {
        if (permission instanceof PropertyPermission) {
            return ((PropertyPermission) permission).getActions().equals("read");
        }
        return false;
    }

    private boolean isAllowedFileAccess(Permission permission) {
        if (!(permission instanceof FilePermission)) {
            return false;
        }
        FilePermission filePermission = (FilePermission) permission;
        if (!filePermission.getActions().equals("read")) {
            return false;
        }
        String name = filePermission.getName();
        if (name.endsWith(".class") || name.endsWith(".jar")) {
            return true;
        }
        return name.startsWith(this.allowedDirectory);
    }
}
