package org.elasticsearch.plugins;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.NoSuchAlgorithmException;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.URIParameter;
import java.security.UnresolvedPermission;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.function.Supplier;
import org.apache.lucene.util.IOUtils;
import org.elasticsearch.cli.Terminal;

/* loaded from: input_file:BOOT-INF/lib/elasticsearch-5.5.2.jar:org/elasticsearch/plugins/PluginSecurity.class */
class PluginSecurity {
    PluginSecurity() {
    }

    static void readPolicy(PluginInfo pluginInfo, Path path, Terminal terminal, Supplier<Path> supplier, boolean z) throws IOException {
        ArrayList list = Collections.list(parsePermissions(terminal, path, supplier.get()).elements());
        if (list.isEmpty()) {
            terminal.println(Terminal.Verbosity.VERBOSE, "plugin has a policy file with no additional permissions");
        } else {
            Collections.sort(list, new Comparator<Permission>() { // from class: org.elasticsearch.plugins.PluginSecurity.1
                @Override // java.util.Comparator
                public int compare(Permission permission, Permission permission2) {
                    int compareTo = permission.getClass().getName().compareTo(permission2.getClass().getName());
                    if (compareTo == 0) {
                        String name = permission.getName();
                        String name2 = permission2.getName();
                        if (name == null) {
                            name = "";
                        }
                        if (name2 == null) {
                            name2 = "";
                        }
                        compareTo = name.compareTo(name2);
                        if (compareTo == 0) {
                            String actions = permission.getActions();
                            String actions2 = permission2.getActions();
                            if (actions == null) {
                                actions = "";
                            }
                            if (actions2 == null) {
                                actions2 = "";
                            }
                            compareTo = actions.compareTo(actions2);
                        }
                    }
                    return compareTo;
                }
            });
            terminal.println(Terminal.Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
            terminal.println(Terminal.Verbosity.NORMAL, "@     WARNING: plugin requires additional permissions     @");
            terminal.println(Terminal.Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
            Iterator it = list.iterator();
            while (it.hasNext()) {
                terminal.println(Terminal.Verbosity.NORMAL, "* " + formatPermission((Permission) it.next()));
            }
            terminal.println(Terminal.Verbosity.NORMAL, "See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html");
            terminal.println(Terminal.Verbosity.NORMAL, "for descriptions of what these permissions allow and the associated risks.");
            prompt(terminal, z);
        }
        if (pluginInfo.hasNativeController()) {
            terminal.println(Terminal.Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
            terminal.println(Terminal.Verbosity.NORMAL, "@        WARNING: plugin forks a native controller        @");
            terminal.println(Terminal.Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
            terminal.println(Terminal.Verbosity.NORMAL, "This plugin launches a native controller that is not subject to the Java");
            terminal.println(Terminal.Verbosity.NORMAL, "security manager nor to system call filters.");
            prompt(terminal, z);
        }
    }

    private static void prompt(Terminal terminal, boolean z) {
        if (z) {
            return;
        }
        terminal.println(Terminal.Verbosity.NORMAL, "");
        if (!terminal.readText("Continue with installation? [y/N]").equalsIgnoreCase("y")) {
            throw new RuntimeException("installation aborted by user");
        }
    }

    static String formatPermission(Permission permission) {
        StringBuilder sb = new StringBuilder();
        sb.append(permission instanceof UnresolvedPermission ? ((UnresolvedPermission) permission).getUnresolvedType() : permission.getClass().getName());
        String unresolvedName = permission instanceof UnresolvedPermission ? ((UnresolvedPermission) permission).getUnresolvedName() : permission.getName();
        if (unresolvedName != null && unresolvedName.length() > 0) {
            sb.append(' ');
            sb.append(unresolvedName);
        }
        String unresolvedActions = permission instanceof UnresolvedPermission ? ((UnresolvedPermission) permission).getUnresolvedActions() : permission.getActions();
        if (unresolvedActions != null && unresolvedActions.length() > 0) {
            sb.append(' ');
            sb.append(unresolvedActions);
        }
        return sb.toString();
    }

    static PermissionCollection parsePermissions(Terminal terminal, Path path, Path path2) throws IOException {
        Path createTempFile = Files.createTempFile(path2, "empty", "tmp", new FileAttribute[0]);
        try {
            Policy policy = Policy.getInstance("JavaPolicy", new URIParameter(createTempFile.toUri()));
            IOUtils.rm(createTempFile);
            try {
                PermissionCollection permissions = Policy.getInstance("JavaPolicy", new URIParameter(path.toUri())).getPermissions(PluginSecurity.class.getProtectionDomain());
                if (permissions == Policy.UNSUPPORTED_EMPTY_COLLECTION) {
                    throw new UnsupportedOperationException("JavaPolicy implementation does not support retrieving permissions");
                }
                Permissions permissions2 = new Permissions();
                Iterator it = Collections.list(permissions.elements()).iterator();
                while (it.hasNext()) {
                    Permission permission = (Permission) it.next();
                    if (!policy.implies(PluginSecurity.class.getProtectionDomain(), permission)) {
                        permissions2.add(permission);
                    }
                }
                permissions2.setReadOnly();
                return permissions2;
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }
}
