package org.pkl.core;

import java.io.IOException;
import java.io.UncheckedIOException;
import java.net.URI;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.function.Function;
import java.util.regex.Pattern;
import org.pkl.core.util.ErrorMessages;

/* loaded from: input_file:org/pkl/core/SecurityManagers.class */
public final class SecurityManagers {
    public static final List<Pattern> defaultAllowedModules = List.of(Pattern.compile("repl:"), Pattern.compile("file:"), Pattern.compile("jar:file:"), Pattern.compile("modulepath:"), Pattern.compile("https:"), Pattern.compile("pkl:"), Pattern.compile("package:"), Pattern.compile("projectpackage:"));
    public static final List<Pattern> defaultAllowedResources = List.of(Pattern.compile("prop:"), Pattern.compile("env:"), Pattern.compile("file:"), Pattern.compile("modulepath:"), Pattern.compile("package:"), Pattern.compile("projectpackage:"), Pattern.compile("https:"));
    public static final Function<URI, Integer> defaultTrustLevels = SecurityManagers::getDefaultTrustLevel;
    public static final SecurityManager defaultManager = new Standard(defaultAllowedModules, defaultAllowedResources, defaultTrustLevels, null);

    /* loaded from: input_file:org/pkl/core/SecurityManagers$Standard.class */
    private static class Standard implements SecurityManager {
        private final List<Pattern> allowedModules;
        private final List<Pattern> allowedResources;
        private final Function<URI, Integer> trustLevels;
        private final Path rootDir;

        Standard(List<Pattern> list, List<Pattern> list2, Function<URI, Integer> function, Path path) {
            this.allowedModules = list;
            this.allowedResources = list2;
            this.trustLevels = function;
            this.rootDir = normalizePath(path);
        }

        @Override // org.pkl.core.SecurityManager
        public void checkResolveModule(URI uri) throws SecurityManagerException {
            checkRead(uri, this.allowedModules, "moduleNotInAllowList");
        }

        @Override // org.pkl.core.SecurityManager
        public void checkResolveResource(URI uri) throws SecurityManagerException {
            checkRead(uri, this.allowedResources, "resourceNotInAllowList");
        }

        @Override // org.pkl.core.SecurityManager
        public void checkReadResource(URI uri) throws SecurityManagerException {
            checkRead(uri, this.allowedResources, "resourceNotInAllowList");
        }

        @Override // org.pkl.core.SecurityManager
        public void checkImportModule(URI uri, URI uri2) throws SecurityManagerException {
            if (this.trustLevels.apply(uri).intValue() < this.trustLevels.apply(uri2).intValue()) {
                throw new SecurityManagerException(ErrorMessages.create("insufficientModuleTrustLevel", uri2, uri));
            }
        }

        private Path normalizePath(Path path) {
            if (path == null) {
                return null;
            }
            try {
                return Files.exists(path, new LinkOption[0]) ? path.toRealPath(new LinkOption[0]) : path.toAbsolutePath();
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        }

        private void checkRead(URI uri, List<Pattern> list, String str) throws SecurityManagerException {
            Iterator<Pattern> it = list.iterator();
            while (it.hasNext()) {
                if (it.next().matcher(uri.toString()).lookingAt()) {
                    checkIsUnderRootDir(uri, str);
                    return;
                }
            }
            throw new SecurityManagerException(ErrorMessages.create(str, uri));
        }

        private void checkIsUnderRootDir(URI uri, String str) throws SecurityManagerException {
            Path realPath;
            if (!uri.isAbsolute()) {
                throw new AssertionError("Expected absolute URI but got: " + uri);
            }
            if (this.rootDir == null || !uri.getScheme().equals("file")) {
                return;
            }
            Path of = Path.of(uri);
            if (Files.exists(of, new LinkOption[0])) {
                try {
                    realPath = of.toRealPath(new LinkOption[0]);
                } catch (IOException e) {
                    throw new UncheckedIOException(e);
                }
            } else {
                realPath = of.normalize();
            }
            if (!realPath.startsWith(this.rootDir)) {
                throw new SecurityManagerException(ErrorMessages.create(str, uri));
            }
        }
    }

    /* loaded from: input_file:org/pkl/core/SecurityManagers$StandardBuilder.class */
    public static class StandardBuilder implements SecurityManagerBuilder<StandardBuilder> {
        private final List<Pattern> allowedModules = new ArrayList();
        private final List<Pattern> allowedResources = new ArrayList();
        private Path rootDir;

        private StandardBuilder() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.pkl.core.SecurityManagerBuilder
        public StandardBuilder addAllowedModule(Pattern pattern) {
            this.allowedModules.add(pattern);
            return this;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.pkl.core.SecurityManagerBuilder
        public StandardBuilder addAllowedModules(Collection<Pattern> collection) {
            this.allowedModules.addAll(collection);
            return this;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.pkl.core.SecurityManagerBuilder
        public StandardBuilder setAllowedModules(Collection<Pattern> collection) {
            this.allowedModules.clear();
            this.allowedModules.addAll(collection);
            return this;
        }

        @Override // org.pkl.core.SecurityManagerBuilder
        public List<Pattern> getAllowedModules() {
            return this.allowedModules;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.pkl.core.SecurityManagerBuilder
        public StandardBuilder addAllowedResource(Pattern pattern) {
            this.allowedResources.add(pattern);
            return this;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.pkl.core.SecurityManagerBuilder
        public StandardBuilder addAllowedResources(Collection<Pattern> collection) {
            this.allowedResources.addAll(collection);
            return this;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.pkl.core.SecurityManagerBuilder
        public StandardBuilder setAllowedResources(Collection<Pattern> collection) {
            this.allowedResources.clear();
            this.allowedResources.addAll(collection);
            return this;
        }

        @Override // org.pkl.core.SecurityManagerBuilder
        public List<Pattern> getAllowedResources() {
            return this.allowedResources;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.pkl.core.SecurityManagerBuilder
        public StandardBuilder setRootDir(Path path) {
            this.rootDir = path;
            return this;
        }

        @Override // org.pkl.core.SecurityManagerBuilder
        public Path getRootDir() {
            return this.rootDir;
        }

        @Override // org.pkl.core.SecurityManagerBuilder
        public SecurityManager build() {
            if (this.allowedResources.isEmpty() && this.allowedModules.isEmpty()) {
                throw new IllegalStateException("No security manager set.");
            }
            return new Standard(this.allowedModules, this.allowedResources, SecurityManagers.defaultTrustLevels, this.rootDir);
        }

        @Override // org.pkl.core.SecurityManagerBuilder
        public /* bridge */ /* synthetic */ StandardBuilder setAllowedResources(Collection collection) {
            return setAllowedResources((Collection<Pattern>) collection);
        }

        @Override // org.pkl.core.SecurityManagerBuilder
        public /* bridge */ /* synthetic */ StandardBuilder addAllowedResources(Collection collection) {
            return addAllowedResources((Collection<Pattern>) collection);
        }

        @Override // org.pkl.core.SecurityManagerBuilder
        public /* bridge */ /* synthetic */ StandardBuilder setAllowedModules(Collection collection) {
            return setAllowedModules((Collection<Pattern>) collection);
        }

        @Override // org.pkl.core.SecurityManagerBuilder
        public /* bridge */ /* synthetic */ StandardBuilder addAllowedModules(Collection collection) {
            return addAllowedModules((Collection<Pattern>) collection);
        }
    }

    private SecurityManagers() {
    }

    private static int getDefaultTrustLevel(URI uri) {
        String scheme = uri.getScheme();
        boolean z = -1;
        switch (scheme.hashCode()) {
            case -869337967:
                if (scheme.equals("modulepath")) {
                    z = 3;
                    break;
                }
                break;
            case 104987:
                if (scheme.equals("jar")) {
                    z = 2;
                    break;
                }
                break;
            case 111057:
                if (scheme.equals("pkl")) {
                    z = 4;
                    break;
                }
                break;
            case 3143036:
                if (scheme.equals("file")) {
                    z = true;
                    break;
                }
                break;
            case 3496815:
                if (scheme.equals("repl")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return 40;
            case true:
                return uri.getHost() == null ? 30 : 10;
            case true:
                return getDefaultTrustLevel(URI.create(uri.toString().substring(4)));
            case true:
                return 20;
            case true:
                return 0;
            default:
                return 10;
        }
    }

    public static SecurityManager standard(List<Pattern> list, List<Pattern> list2, Function<URI, Integer> function, Path path) {
        return new Standard(list, list2, function, path);
    }

    public static StandardBuilder standardBuilder() {
        return new StandardBuilder();
    }
}
