package org.elasticsearch.entitlement.initialization;

import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import org.elasticsearch.core.Booleans;
import org.elasticsearch.entitlement.runtime.policy.PathLookup;
import org.elasticsearch.entitlement.runtime.policy.Platform;
import org.elasticsearch.entitlement.runtime.policy.Policy;
import org.elasticsearch.entitlement.runtime.policy.PolicyUtils;
import org.elasticsearch.entitlement.runtime.policy.Scope;
import org.elasticsearch.entitlement.runtime.policy.entitlements.CreateClassLoaderEntitlement;
import org.elasticsearch.entitlement.runtime.policy.entitlements.Entitlement;
import org.elasticsearch.entitlement.runtime.policy.entitlements.ExitVMEntitlement;
import org.elasticsearch.entitlement.runtime.policy.entitlements.FilesEntitlement;
import org.elasticsearch.entitlement.runtime.policy.entitlements.InboundNetworkEntitlement;
import org.elasticsearch.entitlement.runtime.policy.entitlements.LoadNativeLibrariesEntitlement;
import org.elasticsearch.entitlement.runtime.policy.entitlements.ManageThreadsEntitlement;
import org.elasticsearch.entitlement.runtime.policy.entitlements.OutboundNetworkEntitlement;
import org.elasticsearch.entitlement.runtime.policy.entitlements.ReadStoreAttributesEntitlement;
import org.elasticsearch.entitlement.runtime.policy.entitlements.SetHttpsConnectionPropertiesEntitlement;
import org.elasticsearch.entitlement.runtime.policy.entitlements.WriteSystemPropertiesEntitlement;

/* loaded from: input_file:org/elasticsearch/entitlement/initialization/HardcodedEntitlements.class */
class HardcodedEntitlements {
    HardcodedEntitlements() {
    }

    private static List<Scope> createServerEntitlements(Path path) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Collections.addAll(arrayList2, FilesEntitlement.FileData.ofBaseDirPath(PathLookup.BaseDir.PLUGINS, FilesEntitlement.Mode.READ), FilesEntitlement.FileData.ofBaseDirPath(PathLookup.BaseDir.MODULES, FilesEntitlement.Mode.READ), FilesEntitlement.FileData.ofBaseDirPath(PathLookup.BaseDir.CONFIG, FilesEntitlement.Mode.READ), FilesEntitlement.FileData.ofBaseDirPath(PathLookup.BaseDir.LOGS, FilesEntitlement.Mode.READ_WRITE), FilesEntitlement.FileData.ofBaseDirPath(PathLookup.BaseDir.LIB, FilesEntitlement.Mode.READ), FilesEntitlement.FileData.ofBaseDirPath(PathLookup.BaseDir.DATA, FilesEntitlement.Mode.READ_WRITE), FilesEntitlement.FileData.ofBaseDirPath(PathLookup.BaseDir.SHARED_REPO, FilesEntitlement.Mode.READ_WRITE), FilesEntitlement.FileData.ofRelativePath(Path.of("operator/settings.json", new String[0]), PathLookup.BaseDir.CONFIG, FilesEntitlement.Mode.READ_WRITE).withExclusive(true), FilesEntitlement.FileData.ofPath(Path.of("/etc/os-release", new String[0]), FilesEntitlement.Mode.READ).withPlatform(Platform.LINUX), FilesEntitlement.FileData.ofPath(Path.of("/etc/system-release", new String[0]), FilesEntitlement.Mode.READ).withPlatform(Platform.LINUX), FilesEntitlement.FileData.ofPath(Path.of("/usr/lib/os-release", new String[0]), FilesEntitlement.Mode.READ).withPlatform(Platform.LINUX), FilesEntitlement.FileData.ofPath(Path.of("/proc/sys/vm/max_map_count", new String[0]), FilesEntitlement.Mode.READ).withPlatform(Platform.LINUX), FilesEntitlement.FileData.ofPath(Path.of("/proc/meminfo", new String[0]), FilesEntitlement.Mode.READ).withPlatform(Platform.LINUX), FilesEntitlement.FileData.ofPath(Path.of("/proc/loadavg", new String[0]), FilesEntitlement.Mode.READ).withPlatform(Platform.LINUX), FilesEntitlement.FileData.ofPath(Path.of("/proc/self/cgroup", new String[0]), FilesEntitlement.Mode.READ).withPlatform(Platform.LINUX), FilesEntitlement.FileData.ofPath(Path.of("/sys/fs/cgroup/", new String[0]), FilesEntitlement.Mode.READ).withPlatform(Platform.LINUX), FilesEntitlement.FileData.ofPath(Path.of("/proc/self/mountinfo", new String[0]), FilesEntitlement.Mode.READ).withPlatform(Platform.LINUX), FilesEntitlement.FileData.ofPath(Path.of("/proc/diskstats", new String[0]), FilesEntitlement.Mode.READ).withPlatform(Platform.LINUX));
        if (path != null) {
            arrayList2.add(FilesEntitlement.FileData.ofPath(path, FilesEntitlement.Mode.READ_WRITE));
        }
        Collections.addAll(arrayList, new Scope("org.elasticsearch.base", List.of(new CreateClassLoaderEntitlement(), new FilesEntitlement(List.of(FilesEntitlement.FileData.ofBaseDirPath(PathLookup.BaseDir.SHARED_REPO, FilesEntitlement.Mode.READ_WRITE), FilesEntitlement.FileData.ofBaseDirPath(PathLookup.BaseDir.DATA, FilesEntitlement.Mode.READ_WRITE))))), new Scope("org.elasticsearch.xcontent", List.of(new CreateClassLoaderEntitlement())), new Scope("org.elasticsearch.server", List.of(new ExitVMEntitlement(), new ReadStoreAttributesEntitlement(), new CreateClassLoaderEntitlement(), new InboundNetworkEntitlement(), new LoadNativeLibrariesEntitlement(), new ManageThreadsEntitlement(), new FilesEntitlement(arrayList2))), new Scope("java.desktop", List.of(new LoadNativeLibrariesEntitlement())), new Scope("org.apache.httpcomponents.httpclient", List.of(new OutboundNetworkEntitlement())), new Scope("org.apache.lucene.core", List.of(new LoadNativeLibrariesEntitlement(), new ManageThreadsEntitlement(), new FilesEntitlement(List.of(FilesEntitlement.FileData.ofBaseDirPath(PathLookup.BaseDir.CONFIG, FilesEntitlement.Mode.READ), FilesEntitlement.FileData.ofBaseDirPath(PathLookup.BaseDir.DATA, FilesEntitlement.Mode.READ_WRITE))))), new Scope("org.apache.lucene.misc", List.of(new FilesEntitlement(List.of(FilesEntitlement.FileData.ofBaseDirPath(PathLookup.BaseDir.DATA, FilesEntitlement.Mode.READ_WRITE))), new ReadStoreAttributesEntitlement())), new Scope("org.apache.logging.log4j.core", List.of(new ManageThreadsEntitlement(), new FilesEntitlement(List.of(FilesEntitlement.FileData.ofBaseDirPath(PathLookup.BaseDir.LOGS, FilesEntitlement.Mode.READ_WRITE))))), new Scope("org.elasticsearch.nativeaccess", List.of(new LoadNativeLibrariesEntitlement(), new FilesEntitlement(List.of(FilesEntitlement.FileData.ofBaseDirPath(PathLookup.BaseDir.DATA, FilesEntitlement.Mode.READ_WRITE))))));
        if (Booleans.parseBoolean(System.getProperty("org.bouncycastle.fips.approved_only"), false)) {
            String property = System.getProperty("javax.net.ssl.trustStore");
            Collections.addAll(arrayList, new Scope("org.bouncycastle.fips.tls", List.of(new FilesEntitlement(List.of(FilesEntitlement.FileData.ofPath(property != null ? Path.of(property, new String[0]) : Path.of(System.getProperty("java.home"), new String[0]).resolve("lib/security/jssecacerts"), FilesEntitlement.Mode.READ))), new ManageThreadsEntitlement(), new OutboundNetworkEntitlement())), new Scope("org.bouncycastle.fips.core", List.of(new FilesEntitlement(List.of(FilesEntitlement.FileData.ofBaseDirPath(PathLookup.BaseDir.LIB, FilesEntitlement.Mode.READ))), new ManageThreadsEntitlement())));
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Policy serverPolicy(Path path, Policy policy) {
        List<Scope> createServerEntitlements = createServerEntitlements(path);
        return new Policy("server", policy == null ? createServerEntitlements : PolicyUtils.mergeScopes(createServerEntitlements, policy.scopes()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<Entitlement> agentEntitlements() {
        return List.of(new CreateClassLoaderEntitlement(), new ManageThreadsEntitlement(), new SetHttpsConnectionPropertiesEntitlement(), new OutboundNetworkEntitlement(), new WriteSystemPropertiesEntitlement((Set<String>) Set.of("AsyncProfiler.safemode")), new LoadNativeLibrariesEntitlement(), new FilesEntitlement(List.of(FilesEntitlement.FileData.ofBaseDirPath(PathLookup.BaseDir.LOGS, FilesEntitlement.Mode.READ_WRITE), FilesEntitlement.FileData.ofPath(Path.of("/proc/meminfo", new String[0]), FilesEntitlement.Mode.READ), FilesEntitlement.FileData.ofPath(Path.of("/sys/fs/cgroup/", new String[0]), FilesEntitlement.Mode.READ))));
    }
}
