package org.jkiss.dbeaver.utils;

import java.io.File;
import java.io.FilePermission;
import java.lang.reflect.ReflectPermission;
import java.net.NetPermission;
import java.net.SocketPermission;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permission;
import java.security.Permissions;
import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.PropertyPermission;
import java.util.concurrent.Callable;
import org.jkiss.dbeaver.model.DBPDataSourceContainer;
import org.jkiss.dbeaver.model.connection.DBPDriver;
import org.jkiss.dbeaver.model.connection.DBPDriverLibrary;
import org.jkiss.dbeaver.runtime.DBWorkbench;
import org.osgi.framework.AdminPermission;

/* loaded from: input_file:org/jkiss/dbeaver/utils/SecurityManagerUtils.class */
public class SecurityManagerUtils {
    private static final List<Permission> DEFAULT_PERMISSIONS = List.of(new SocketPermission("*", "connect"), new NetPermission("*"), new ReflectPermission("*"), new AdminPermission(), new RuntimePermission("accessDeclaredMembers"), new PropertyPermission("*", "read"), new RuntimePermission("getClassLoader"), new RuntimePermission("createClassLoader"), new RuntimePermission("getenv.*"));

    public static List<Permission> getDefaultPermissions() {
        return new ArrayList(DEFAULT_PERMISSIONS);
    }

    public static <T> T executeWithAccessControlContext(AccessControlContext accessControlContext, Callable<T> callable) throws Throwable {
        try {
            return (T) AccessController.doPrivileged(() -> {
                try {
                    return callable.call();
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }, accessControlContext);
        } catch (Throwable th) {
            Throwable th2 = th;
            if ((th2 instanceof RuntimeException) && th2.getCause() != null) {
                th2 = th2.getCause();
            }
            throw th2;
        }
    }

    public static AccessControlContext controlContextOf(List<Permission> list) {
        Permissions permissions = new Permissions();
        Iterator<Permission> it = list.iterator();
        while (it.hasNext()) {
            permissions.add(it.next());
        }
        permissions.setReadOnly();
        return new AccessControlContext(new ProtectionDomain[]{new ProtectionDomain(null, permissions)});
    }

    public static <T> T wrapDriverActions(DBPDataSourceContainer dBPDataSourceContainer, Callable<T> callable) throws Throwable {
        DBPDriver driver = dBPDataSourceContainer.getDriver();
        if (System.getSecurityManager() == null || !DBWorkbench.getPlatform().getApplication().isMultiuser() || !dBPDataSourceContainer.isAccessCheckRequired()) {
            return callable.call();
        }
        List<Permission> defaultPermissions = getDefaultPermissions();
        defaultPermissions.addAll(getDriverFilesPermissions(driver));
        return (T) executeWithAccessControlContext(controlContextOf(defaultPermissions), callable);
    }

    private static List<Permission> getDriverFilesPermissions(DBPDriver dBPDriver) {
        ArrayList arrayList = new ArrayList();
        Iterator<? extends DBPDriverLibrary> it = dBPDriver.getDriverLibraries().iterator();
        while (it.hasNext()) {
            Path localFile = it.next().getLocalFile();
            if (localFile != null) {
                String path = localFile.toString();
                String path2 = localFile.toAbsolutePath().toString();
                if (Files.isDirectory(localFile, new LinkOption[0])) {
                    arrayList.add(new FilePermission(path, "read"));
                    arrayList.add(new FilePermission(path2, "read"));
                    path2 = path2 + File.separator + "*";
                    path = path + File.separator + "*";
                }
                arrayList.add(new FilePermission(path, "read"));
                arrayList.add(new FilePermission(path2, "read"));
            }
        }
        return arrayList;
    }
}
