package org.correomqtt.plugin.manager;

import java.io.FilePermission;
import java.lang.reflect.ReflectPermission;
import java.security.AllPermission;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.security.SecurityPermission;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;

/* loaded from: input_file:org/correomqtt/plugin/manager/PluginSecurityPolicy.class */
public class PluginSecurityPolicy extends Policy {
    private static final Permission[] FORBIDDEN_PERMISSIONS = {new RuntimePermission("createClassLoader"), new RuntimePermission("accessClassInPackage.sun"), new RuntimePermission("setSecurityManager"), new ReflectPermission("suppressAccessChecks"), new SecurityPermission("setPolicy"), new SecurityPermission("setProperty.package.access")};
    private HashMap<String, Permissions> pluginPermissions = new HashMap<>();

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addPluginPermissions(String str, Permissions permissions) {
        if (!this.pluginPermissions.containsKey(str)) {
            this.pluginPermissions.put(str, removeForbiddenPermissions(str, permissions));
            return;
        }
        Permissions permissions2 = this.pluginPermissions.get(str);
        Iterator<Permission> asIterator = removeForbiddenPermissions(str, permissions).elements().asIterator();
        while (asIterator.hasNext()) {
            permissions2.add(asIterator.next());
        }
    }

    public static Permissions removeForbiddenPermissions(String str, Permissions permissions) {
        Permissions permissions2 = new Permissions();
        Iterator<Permission> asIterator = permissions.elements().asIterator();
        while (asIterator.hasNext()) {
            Permission next = asIterator.next();
            if (isPermissionAllowed(next)) {
                permissions2.add(next);
            }
        }
        return permissions2;
    }

    private static boolean isPermissionAllowed(Permission permission) {
        if ((permission instanceof FilePermission) && permission.getActions().contains("execute")) {
            return false;
        }
        return Arrays.stream(FORBIDDEN_PERMISSIONS).noneMatch(permission2 -> {
            return permission2.getClass().equals(permission.getClass()) && permission2.getName().equals(permission.getName());
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addPluginPermission(String str, Permission permission) {
        Permissions permissions = new Permissions();
        permissions.add(permission);
        addPluginPermissions(str, permissions);
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        return isPlugin(protectionDomain) ? pluginPermissions(((PermissionPluginClassLoader) protectionDomain.getClassLoader()).getPluginId()) : applicationPermissions();
    }

    private boolean isPlugin(ProtectionDomain protectionDomain) {
        return protectionDomain.getClassLoader() instanceof PermissionPluginClassLoader;
    }

    private PermissionCollection pluginPermissions(String str) {
        return this.pluginPermissions.getOrDefault(str, new Permissions());
    }

    private PermissionCollection applicationPermissions() {
        Permissions permissions = new Permissions();
        permissions.add(new AllPermission());
        return permissions;
    }
}
