package com.google.appengine.tools.development.devappserver2;

import com.google.appengine.repackaged.com.google.common.collect.ImmutableMap;
import com.google.appengine.tools.development.AppContext;
import com.google.appengine.tools.development.DevAppServer;
import com.google.appengine.tools.development.agent.AppEngineDevAgent;
import com.google.apphosting.utils.security.SecurityManagerInstaller;
import java.io.File;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.net.SocketPermission;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.PropertyPermission;
import java.util.regex.Pattern;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/google/appengine/tools/development/devappserver2/DevAppServer2Factory.class */
public class DevAppServer2Factory {
    private static final Class<?>[] DEV_APPSERVER_CTOR_ARG_TYPES = {File.class, File.class, File.class, File.class, String.class, Integer.TYPE, Boolean.TYPE, Map.class};

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/google/appengine/tools/development/devappserver2/DevAppServer2Factory$CustomSecurityManager.class */
    public static class CustomSecurityManager extends SecurityManager {
        private static final String KEYCHAIN_JNILIB = "/libkeychain.jnilib";
        private final DevAppServer devAppServer;
        private static final RuntimePermission PERMISSION_MODIFY_THREAD_GROUP = new RuntimePermission("modifyThreadGroup");
        private static final RuntimePermission PERMISSION_MODIFY_THREAD = new RuntimePermission("modifyThread");
        private static final Object PERMISSION_LOCK = new Object();
        private static final ImmutableMap<String, String> METHOD_WHITELIST = ImmutableMap.of("sun.security.ssl.SSLSocketImpl$NotifyHandshakeThread", "<init>", "com.mysql.jdbc.AbandonedConnectionCleanupThread", "<init>", "com.mysql.jdbc.NonRegisteringDriver", "*", "com.google.appengine.tools.development.devappserver2.RemoteApiDelegate", "makeAsyncCall");

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:com/google/appengine/tools/development/devappserver2/DevAppServer2Factory$CustomSecurityManager$StackTraceAnalyzer.class */
        public static class StackTraceAnalyzer {
            private final StackTraceElement[] frames;
            private static final Pattern IGNORE_CLASS_IN_STACK;

            private StackTraceAnalyzer() {
                this.frames = Thread.currentThread().getStackTrace();
            }

            private boolean isThisOrOuterClass(StackTraceElement stackTraceElement) {
                return CustomSecurityManager.class.getName().equals(stackTraceElement.getClassName()) || getClass().getName().equals(stackTraceElement.getClassName());
            }

            StackTraceElement getCallerFrame() {
                for (int i = 1; i < this.frames.length; i++) {
                    if (!"checkAccess".equals(this.frames[i].getMethodName()) && !isThisOrOuterClass(this.frames[i])) {
                        return this.frames[i];
                    }
                }
                throw new IllegalStateException("Unable to determine calling frame.");
            }

            StackTraceElement getFirstRelevantCallerFrame() {
                for (int i = 1; i < this.frames.length; i++) {
                    if (!IGNORE_CLASS_IN_STACK.matcher(this.frames[i].getClassName()).matches()) {
                        return this.frames[i];
                    }
                }
                throw new IllegalStateException("Unable to determine calling frame.");
            }

            static {
                String quote = Pattern.quote(CustomSecurityManager.class.getName());
                String quote2 = Pattern.quote(StackTraceAnalyzer.class.getName());
                IGNORE_CLASS_IN_STACK = Pattern.compile(new StringBuilder(128 + String.valueOf(quote).length() + String.valueOf(quote2).length()).append("java\\.lang\\.Thread(Group)?|java\\.util\\.concurrent\\..*|com\\.google\\.appengine\\.repackaged\\.org\\.apache\\.commons\\.httpclient\\..*|").append(quote).append("|").append(quote2).toString());
            }
        }

        CustomSecurityManager(DevAppServer devAppServer) {
            this.devAppServer = devAppServer;
        }

        boolean appHasPermissionNonThreadCallerFrame(StackTraceElement stackTraceElement) {
            String str = METHOD_WHITELIST.get(stackTraceElement.getClassName());
            return "*".equals(str) || stackTraceElement.getMethodName().equals(str);
        }

        private synchronized boolean appHasPermission(Permission permission) {
            synchronized (PERMISSION_LOCK) {
                AppContext currentAppContext = this.devAppServer.getCurrentAppContext();
                if (currentAppContext.getUserPermissions().implies(permission) || currentAppContext.getApplicationPermissions().implies(permission)) {
                    return true;
                }
                if (PERMISSION_MODIFY_THREAD_GROUP.equals(permission) || PERMISSION_MODIFY_THREAD.equals(permission)) {
                    StackTraceAnalyzer stackTraceAnalyzer = new StackTraceAnalyzer();
                    if (PERMISSION_MODIFY_THREAD.equals(permission)) {
                        StackTraceElement callerFrame = stackTraceAnalyzer.getCallerFrame();
                        if ("java.util.concurrent.ThreadPoolExecutor".equals(callerFrame.getClassName())) {
                            return true;
                        }
                        if ("java.lang.Thread".equals(callerFrame.getClassName()) && "interrupt".equals(callerFrame.getMethodName())) {
                            return true;
                        }
                        if ("java.lang.Thread".equals(callerFrame.getClassName()) && "setUncaughtExceptionHandler".equals(callerFrame.getMethodName())) {
                            return true;
                        }
                    }
                    if (appHasPermissionNonThreadCallerFrame(stackTraceAnalyzer.getFirstRelevantCallerFrame())) {
                        return true;
                    }
                }
                if (permission instanceof SocketPermission) {
                    return true;
                }
                return "read".equals(permission.getActions()) && permission.getName().endsWith(KEYCHAIN_JNILIB);
            }
        }

        @Override // java.lang.SecurityManager
        public void checkPermission(Permission permission) {
            if ((permission instanceof PropertyPermission) || !isDevAppServerThread() || appHasPermission(permission)) {
                return;
            }
            super.checkPermission(permission);
        }

        @Override // java.lang.SecurityManager
        public void checkPermission(Permission permission, Object obj) {
            if (!isDevAppServerThread() || appHasPermission(permission)) {
                return;
            }
            super.checkPermission(permission, obj);
        }

        @Override // java.lang.SecurityManager
        public void checkAccess(ThreadGroup threadGroup) {
            if (threadGroup == null) {
                throw new NullPointerException("thread group can't be null");
            }
            checkPermission(PERMISSION_MODIFY_THREAD_GROUP);
        }

        @Override // java.lang.SecurityManager
        public void checkAccess(Thread thread) {
            if (thread == null) {
                throw new NullPointerException("thread can't be null");
            }
            checkPermission(PERMISSION_MODIFY_THREAD);
        }

        private boolean isDevAppServerThread() {
            String str;
            String valueOf = String.valueOf(Thread.currentThread().getName());
            if (valueOf.length() != 0) {
                str = "devappserver-thread-".concat(valueOf);
            } else {
                str = r1;
                String str2 = new String("devappserver-thread-");
            }
            return Boolean.getBoolean(str) && this.devAppServer.getCurrentAppContext() != null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DevAppServer createDevAppServer(final File file, final File file2, final File file3, final File file4, final String str, final int i, final boolean z, final boolean z2, final Map<String, ?> map, final boolean z3) {
        return (DevAppServer) AccessController.doPrivileged(new PrivilegedAction<DevAppServer>() { // from class: com.google.appengine.tools.development.devappserver2.DevAppServer2Factory.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public DevAppServer run() {
                return DevAppServer2Factory.this.doCreateDevAppServer(file, file2, file3, file4, str, i, z, z2, map, z3);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public DevAppServer doCreateDevAppServer(File file, File file2, File file3, File file4, String str, int i, boolean z, boolean z2, Map<String, ?> map, boolean z3) {
        if (!z3) {
            testAgentIsInstalled();
        }
        try {
            Class<?> cls = Class.forName(DevAppServer2Impl.class.getName(), false, DevAppServer2ClassLoader.newClassLoader(getClass().getClassLoader()));
            if (z2) {
                SecurityManagerInstaller.install(false, getPrivilegedJars(cls));
            }
            Constructor<?> declaredConstructor = cls.getDeclaredConstructor(DEV_APPSERVER_CTOR_ARG_TYPES);
            declaredConstructor.setAccessible(true);
            DevAppServer devAppServer = (DevAppServer) declaredConstructor.newInstance(file, file2, file3, file4, str, Integer.valueOf(i), Boolean.valueOf(z), map);
            if (z2) {
                System.setSecurityManager(new CustomSecurityManager(devAppServer));
            }
            return devAppServer;
        } catch (Exception e) {
            Exception exc = e;
            if (e instanceof InvocationTargetException) {
                exc = e.getCause();
            }
            throw new RuntimeException("Unable to create a DevAppServer", exc);
        }
    }

    private static URL[] getPrivilegedJars(Class<?> cls) {
        CodeSource codeSource;
        URL location;
        HashSet hashSet = new HashSet();
        Iterator it = Arrays.asList(cls, DevAppServer2Factory.class, SecurityManagerInstaller.class).iterator();
        while (it.hasNext()) {
            ProtectionDomain protectionDomain = ((Class) it.next()).getProtectionDomain();
            if (protectionDomain != null && (codeSource = protectionDomain.getCodeSource()) != null && (location = codeSource.getLocation()) != null) {
                hashSet.add(location);
            }
        }
        return (URL[]) hashSet.toArray(new URL[hashSet.size()]);
    }

    private void testAgentIsInstalled() {
        try {
            AppEngineDevAgent.getAgent();
        } catch (Throwable th) {
            throw new RuntimeException("Unable to locate the App Engine agent. Please use dev_appserver, KickStart,  or set the jvm flag: \"-javaagent:<sdk_root>/lib/agent/appengine-agent.jar\"", th);
        }
    }
}
