package com.google.apphosting.utils.security;

import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLClassLoader;
import java.security.AllPermission;
import java.security.Permission;
import java.security.Policy;
import java.util.StringTokenizer;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/google/apphosting/utils/security/SecurityManagerInstaller.class */
public class SecurityManagerInstaller {
    private static final String EXT_DIRS_PROPERTY = "java.ext.dirs";
    private static final transient Logger logger = Logger.getLogger(SecurityManagerInstaller.class.getName());
    private static boolean isInstalled = false;

    /* loaded from: input_file:com/google/apphosting/utils/security/SecurityManagerInstaller$CustomSecurityManager.class */
    private static class CustomSecurityManager extends SecurityManager {
        private static final RuntimePermission PERMISSION_MODIFY_THREAD_GROUP = new RuntimePermission("modifyThreadGroup");
        private static final RuntimePermission PERMISSION_MODIFY_THREAD = new RuntimePermission("modifyThread");

        private CustomSecurityManager() {
        }

        @Override // java.lang.SecurityManager
        public void checkAccess(ThreadGroup threadGroup) {
            if (threadGroup == null) {
                throw new NullPointerException("thread group can't be null");
            }
            checkPermission(PERMISSION_MODIFY_THREAD_GROUP);
        }

        @Override // java.lang.SecurityManager
        public void checkAccess(Thread thread) {
            if (thread == null) {
                throw new NullPointerException("thread can't be null");
            }
            checkPermission(PERMISSION_MODIFY_THREAD);
        }
    }

    public static void install(URL... urlArr) {
        if (isInstalled) {
            return;
        }
        try {
            File generatePolicyFile = generatePolicyFile(urlArr);
            if (System.getSecurityManager() != null) {
                throw new IllegalStateException("SecurityManager already installed: " + System.getSecurityManager());
            }
            System.setProperty("java.security.policy", "=" + generatePolicyFile.getPath());
            System.setSecurityManager(new CustomSecurityManager());
            Policy.getPolicy().refresh();
            isInstalled = true;
        } catch (IOException e) {
            throw new RuntimeException("Cannot generate policy file.", e);
        }
    }

    private static File generatePolicyFile(URL[] urlArr) throws IOException {
        ClassLoader classLoader = SecurityManagerInstaller.class.getClassLoader();
        if (classLoader != ClassLoader.getSystemClassLoader()) {
            throw new IllegalStateException("SecurityManagerInstaller must be loaded in the system ClassLoader; was " + classLoader);
        }
        if (!(classLoader instanceof URLClassLoader)) {
            throw new ClassCastException("System ClassLoader is " + classLoader + ", not a URLClassLoader.");
        }
        URLClassLoader uRLClassLoader = (URLClassLoader) classLoader;
        File createTempFile = File.createTempFile("test", ".policy");
        logger.info("Auto-generating policy file at: " + createTempFile);
        PrintWriter printWriter = new PrintWriter(new FileWriter(createTempFile));
        for (URL url : uRLClassLoader.getURLs()) {
            grantToUrl(url.toString(), AllPermission.class, printWriter);
        }
        for (URL url2 : urlArr) {
            grantToUrl(url2.toString(), AllPermission.class, printWriter);
        }
        grantToExtDirs(AllPermission.class, printWriter);
        printWriter.close();
        return createTempFile;
    }

    private static void grantToExtDirs(Class<? extends Permission> cls, PrintWriter printWriter) {
        StringTokenizer stringTokenizer = new StringTokenizer(System.getProperty(EXT_DIRS_PROPERTY), File.pathSeparator);
        while (stringTokenizer.hasMoreTokens()) {
            File file = new File(stringTokenizer.nextToken());
            try {
                grantToUrl(file.toURI().toURL() + "/-", cls, printWriter);
            } catch (MalformedURLException e) {
                logger.log(Level.WARNING, "Ignoring unreadable JRE extension directory: " + file, (Throwable) e);
            }
        }
    }

    private static void grantToUrl(String str, Class<? extends Permission> cls, PrintWriter printWriter) {
        String name = cls.getName();
        logger.fine("Granting " + str + " rights to use " + name);
        printWriter.println("grant codebase \"" + str + "\" {");
        printWriter.println("  permission " + name + ";");
        printWriter.println("};");
        printWriter.println();
    }
}
