package org.elasticsearch.plugins;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.NoSuchAlgorithmException;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.URIParameter;
import java.security.UnresolvedPermission;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import java.util.stream.Collectors;
import org.elasticsearch.cli.Terminal;
import org.elasticsearch.cli.UserException;
import org.elasticsearch.core.internal.io.IOUtils;
import org.elasticsearch.transport.RemoteClusterAware;

/* loaded from: input_file:elasticsearch-7.10.2.jar:org/elasticsearch/plugins/PluginSecurity.class */
class PluginSecurity {
    PluginSecurity() {
    }

    static void confirmPolicyExceptions(Terminal terminal, Set<String> set, boolean z) throws UserException {
        ArrayList arrayList = new ArrayList(set);
        if (arrayList.isEmpty()) {
            terminal.println(Terminal.Verbosity.VERBOSE, "plugin has a policy file with no additional permissions");
            return;
        }
        Collections.sort(arrayList);
        terminal.errorPrintln(Terminal.Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
        terminal.errorPrintln(Terminal.Verbosity.NORMAL, "@     WARNING: plugin requires additional permissions     @");
        terminal.errorPrintln(Terminal.Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            terminal.errorPrintln(Terminal.Verbosity.NORMAL, "* " + ((String) it.next()));
        }
        terminal.errorPrintln(Terminal.Verbosity.NORMAL, "See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html");
        terminal.errorPrintln(Terminal.Verbosity.NORMAL, "for descriptions of what these permissions allow and the associated risks.");
        prompt(terminal, z);
    }

    private static void prompt(Terminal terminal, boolean z) throws UserException {
        if (z) {
            return;
        }
        terminal.println(Terminal.Verbosity.NORMAL, RemoteClusterAware.LOCAL_CLUSTER_GROUP_KEY);
        if (!terminal.readText("Continue with installation? [y/N]").equalsIgnoreCase("y")) {
            throw new UserException(65, "installation aborted by user");
        }
    }

    static String formatPermission(Permission permission) {
        StringBuilder sb = new StringBuilder();
        sb.append(permission instanceof UnresolvedPermission ? ((UnresolvedPermission) permission).getUnresolvedType() : permission.getClass().getName());
        String unresolvedName = permission instanceof UnresolvedPermission ? ((UnresolvedPermission) permission).getUnresolvedName() : permission.getName();
        if (unresolvedName != null && unresolvedName.length() > 0) {
            sb.append(' ');
            sb.append(unresolvedName);
        }
        String unresolvedActions = permission instanceof UnresolvedPermission ? ((UnresolvedPermission) permission).getUnresolvedActions() : permission.getActions();
        if (unresolvedActions != null && unresolvedActions.length() > 0) {
            sb.append(' ');
            sb.append(unresolvedActions);
        }
        return sb.toString();
    }

    public static Set<String> parsePermissions(Path path, Path path2) throws IOException {
        Path createTempFile = Files.createTempFile(path2, "empty", "tmp", new FileAttribute[0]);
        try {
            Policy policy = Policy.getInstance("JavaPolicy", new URIParameter(createTempFile.toUri()));
            IOUtils.rm(createTempFile);
            try {
                PermissionCollection permissions = Policy.getInstance("JavaPolicy", new URIParameter(path.toUri())).getPermissions(PluginSecurity.class.getProtectionDomain());
                if (permissions == Policy.UNSUPPORTED_EMPTY_COLLECTION) {
                    throw new UnsupportedOperationException("JavaPolicy implementation does not support retrieving permissions");
                }
                Permissions permissions2 = new Permissions();
                Iterator it = Collections.list(permissions.elements()).iterator();
                while (it.hasNext()) {
                    Permission permission = (Permission) it.next();
                    if (!policy.implies(PluginSecurity.class.getProtectionDomain(), permission)) {
                        permissions2.add(permission);
                    }
                }
                return (Set) Collections.list(permissions2.elements()).stream().map(PluginSecurity::formatPermission).collect(Collectors.toSet());
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }
}
