package org.elasticsearch.entitlement.bootstrap;

import com.sun.tools.attach.AgentInitializationException;
import com.sun.tools.attach.AgentLoadException;
import com.sun.tools.attach.AttachNotSupportedException;
import com.sun.tools.attach.VirtualMachine;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.reflect.InvocationTargetException;
import java.lang.runtime.ObjectMethods;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.Function;
import java.util.stream.Stream;
import org.elasticsearch.core.CheckedConsumer;
import org.elasticsearch.core.CheckedSupplier;
import org.elasticsearch.core.SuppressForbidden;
import org.elasticsearch.entitlement.initialization.EntitlementInitialization;
import org.elasticsearch.entitlement.runtime.api.NotEntitledException;
import org.elasticsearch.entitlement.runtime.policy.Policy;
import org.elasticsearch.logging.LogManager;
import org.elasticsearch.logging.Logger;

/* loaded from: input_file:org/elasticsearch/entitlement/bootstrap/EntitlementBootstrap.class */
public class EntitlementBootstrap {
    private static BootstrapArgs bootstrapArgs;
    private static final Logger logger = LogManager.getLogger(EntitlementBootstrap.class);

    /* loaded from: input_file:org/elasticsearch/entitlement/bootstrap/EntitlementBootstrap$BootstrapArgs.class */
    public static final class BootstrapArgs extends Record {
        private final Map<String, Policy> pluginPolicies;
        private final Function<Class<?>, String> pluginResolver;
        private final Path[] dataDirs;
        private final Path configDir;
        private final Path tempDir;

        public BootstrapArgs(Map<String, Policy> map, Function<Class<?>, String> function, Path[] pathArr, Path path, Path path2) {
            Objects.requireNonNull(map);
            Objects.requireNonNull(function);
            Objects.requireNonNull(pathArr);
            if (pathArr.length == 0) {
                throw new IllegalArgumentException("must provide at least one data directory");
            }
            Objects.requireNonNull(path);
            Objects.requireNonNull(path2);
            this.pluginPolicies = map;
            this.pluginResolver = function;
            this.dataDirs = pathArr;
            this.configDir = path;
            this.tempDir = path2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, BootstrapArgs.class), BootstrapArgs.class, "pluginPolicies;pluginResolver;dataDirs;configDir;tempDir", "FIELD:Lorg/elasticsearch/entitlement/bootstrap/EntitlementBootstrap$BootstrapArgs;->pluginPolicies:Ljava/util/Map;", "FIELD:Lorg/elasticsearch/entitlement/bootstrap/EntitlementBootstrap$BootstrapArgs;->pluginResolver:Ljava/util/function/Function;", "FIELD:Lorg/elasticsearch/entitlement/bootstrap/EntitlementBootstrap$BootstrapArgs;->dataDirs:[Ljava/nio/file/Path;", "FIELD:Lorg/elasticsearch/entitlement/bootstrap/EntitlementBootstrap$BootstrapArgs;->configDir:Ljava/nio/file/Path;", "FIELD:Lorg/elasticsearch/entitlement/bootstrap/EntitlementBootstrap$BootstrapArgs;->tempDir:Ljava/nio/file/Path;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, BootstrapArgs.class), BootstrapArgs.class, "pluginPolicies;pluginResolver;dataDirs;configDir;tempDir", "FIELD:Lorg/elasticsearch/entitlement/bootstrap/EntitlementBootstrap$BootstrapArgs;->pluginPolicies:Ljava/util/Map;", "FIELD:Lorg/elasticsearch/entitlement/bootstrap/EntitlementBootstrap$BootstrapArgs;->pluginResolver:Ljava/util/function/Function;", "FIELD:Lorg/elasticsearch/entitlement/bootstrap/EntitlementBootstrap$BootstrapArgs;->dataDirs:[Ljava/nio/file/Path;", "FIELD:Lorg/elasticsearch/entitlement/bootstrap/EntitlementBootstrap$BootstrapArgs;->configDir:Ljava/nio/file/Path;", "FIELD:Lorg/elasticsearch/entitlement/bootstrap/EntitlementBootstrap$BootstrapArgs;->tempDir:Ljava/nio/file/Path;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, BootstrapArgs.class, Object.class), BootstrapArgs.class, "pluginPolicies;pluginResolver;dataDirs;configDir;tempDir", "FIELD:Lorg/elasticsearch/entitlement/bootstrap/EntitlementBootstrap$BootstrapArgs;->pluginPolicies:Ljava/util/Map;", "FIELD:Lorg/elasticsearch/entitlement/bootstrap/EntitlementBootstrap$BootstrapArgs;->pluginResolver:Ljava/util/function/Function;", "FIELD:Lorg/elasticsearch/entitlement/bootstrap/EntitlementBootstrap$BootstrapArgs;->dataDirs:[Ljava/nio/file/Path;", "FIELD:Lorg/elasticsearch/entitlement/bootstrap/EntitlementBootstrap$BootstrapArgs;->configDir:Ljava/nio/file/Path;", "FIELD:Lorg/elasticsearch/entitlement/bootstrap/EntitlementBootstrap$BootstrapArgs;->tempDir:Ljava/nio/file/Path;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public Map<String, Policy> pluginPolicies() {
            return this.pluginPolicies;
        }

        public Function<Class<?>, String> pluginResolver() {
            return this.pluginResolver;
        }

        public Path[] dataDirs() {
            return this.dataDirs;
        }

        public Path configDir() {
            return this.configDir;
        }

        public Path tempDir() {
            return this.tempDir;
        }
    }

    public static BootstrapArgs bootstrapArgs() {
        return bootstrapArgs;
    }

    public static void bootstrap(Map<String, Policy> map, Function<Class<?>, String> function, Path[] pathArr, Path path, Path path2) {
        logger.debug("Loading entitlement agent");
        if (bootstrapArgs != null) {
            throw new IllegalStateException("plugin data is already set");
        }
        bootstrapArgs = new BootstrapArgs(map, function, pathArr, path, path2);
        exportInitializationToAgent();
        loadAgent(findAgentJar());
        selfTest();
    }

    @SuppressForbidden(reason = "The VirtualMachine API is the only way to attach a java agent dynamically")
    private static void loadAgent(String str) {
        try {
            VirtualMachine attach = VirtualMachine.attach(Long.toString(ProcessHandle.current().pid()));
            try {
                attach.loadAgent(str);
                attach.detach();
            } catch (Throwable th) {
                attach.detach();
                throw th;
            }
        } catch (AttachNotSupportedException | IOException | AgentLoadException | AgentInitializationException e) {
            throw new IllegalStateException("Unable to attach entitlement agent", e);
        }
    }

    private static void exportInitializationToAgent() {
        EntitlementInitialization.class.getModule().addExports(EntitlementInitialization.class.getPackageName(), ClassLoader.getSystemClassLoader().getUnnamedModule());
    }

    private static String findAgentJar() {
        String property = System.getProperty("es.entitlement.agentJar");
        if (property != null) {
            return property;
        }
        Path of = Path.of("lib", "entitlement-agent");
        if (!Files.exists(of, new LinkOption[0])) {
            throw new IllegalStateException("Directory for entitlement jar does not exist: " + String.valueOf(of));
        }
        try {
            Stream<Path> list = Files.list(of);
            try {
                List<Path> list2 = list.limit(2L).toList();
                if (list2.size() != 1) {
                    throw new IllegalStateException("Expected one jar in " + String.valueOf(of) + "; found " + list2.size());
                }
                String path = list2.get(0).toString();
                if (list != null) {
                    list.close();
                }
                return path;
            } finally {
            }
        } catch (IOException e) {
            throw new IllegalStateException("Failed to list entitlement jars in: " + String.valueOf(of), e);
        }
    }

    private static void selfTest() {
        ensureCannotStartProcess((v0) -> {
            v0.start();
        });
        ensureCanCreateTempFile(EntitlementBootstrap::createTempFile);
        ensureCannotStartProcess(EntitlementBootstrap::reflectiveStartProcess);
        ensureCanCreateTempFile(EntitlementBootstrap::reflectiveCreateTempFile);
    }

    private static void ensureCannotStartProcess(CheckedConsumer<ProcessBuilder, ?> checkedConsumer) {
        try {
            checkedConsumer.accept(new ProcessBuilder(""));
            throw new IllegalStateException("Entitlement protection self-test was incorrectly permitted");
        } catch (NotEntitledException e) {
            logger.debug("Success: Entitlement protection correctly prevented process creation");
        } catch (Exception e2) {
            throw new IllegalStateException("Failed entitlement protection self-test", e2);
        }
    }

    @SuppressForbidden(reason = "accesses jvm default tempdir as a self-test")
    private static void ensureCanCreateTempFile(CheckedSupplier<Path, ?> checkedSupplier) {
        try {
            Path path = (Path) checkedSupplier.get();
            path.toFile().deleteOnExit();
            try {
                Files.delete(path);
            } catch (IOException e) {
            }
            logger.debug("Success: Entitlement protection correctly permitted temp file creation");
        } catch (NotEntitledException e2) {
            throw new IllegalStateException("Entitlement protection self-test was incorrectly forbidden", e2);
        } catch (Exception e3) {
            throw new IllegalStateException("Unable to perform entitlement protection self-test", e3);
        }
    }

    @SuppressForbidden(reason = "accesses jvm default tempdir as a self-test")
    private static Path createTempFile() throws Exception {
        return Files.createTempFile(null, null, new FileAttribute[0]);
    }

    private static void reflectiveStartProcess(ProcessBuilder processBuilder) throws Exception {
        try {
            ProcessBuilder.class.getMethod("start", new Class[0]).invoke(processBuilder, new Object[0]);
        } catch (InvocationTargetException e) {
            throw ((Exception) e.getCause());
        }
    }

    private static Path reflectiveCreateTempFile() throws Exception {
        return (Path) Files.class.getMethod("createTempFile", String.class, String.class, FileAttribute[].class).invoke(null, null, null, new FileAttribute[0]);
    }
}
