package net.sf.robocode.host.security;

import java.awt.AWTPermission;
import java.io.File;
import java.io.FilePermission;
import java.io.IOException;
import java.net.MalformedURLException;
import java.security.AccessController;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.PropertyPermission;
import java.util.Set;
import java.util.StringTokenizer;
import net.sf.robocode.core.Container;
import net.sf.robocode.host.IHostedThread;
import net.sf.robocode.host.IThreadManager;
import net.sf.robocode.host.io.RobotFileSystemManager;
import net.sf.robocode.io.Logger;
import net.sf.robocode.repository.IRepositoryManager;
import org.picocontainer.Characteristics;

/* loaded from: input_file:libs/robocode.host-1.8.3.0.jar:net/sf/robocode/host/security/RobocodeSecurityPolicy.class */
public class RobocodeSecurityPolicy extends Policy {
    private static final boolean isSecutityOn;
    private static final boolean isFileReadSecutityOff;
    private static final boolean isExperimental;
    private final Set<String> allowedPackages = new HashSet();
    private final Policy parentPolicy = Policy.getPolicy();
    private final PermissionCollection allPermissions = new Permissions();
    private Set<String> untrustedCodeUrls;
    private final IThreadManager threadManager;

    public RobocodeSecurityPolicy(IThreadManager iThreadManager) {
        this.allPermissions.add(new AllPermission());
        this.threadManager = iThreadManager;
        this.allowedPackages.add("robocode.util");
        this.allowedPackages.add("robocode.robotinterfaces");
        this.allowedPackages.add("robocode.robotpaint");
        this.allowedPackages.add("robocode.robocodeGL");
        if (isExperimental) {
            this.allowedPackages.add("robocode.robotinterfaces.peer");
        }
        initUrls();
        if (isSecutityOn) {
            Policy.setPolicy(this);
        }
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        return getPermissions(protectionDomain.getCodeSource());
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(final CodeSource codeSource) {
        if (isSecutityOn) {
            return this.untrustedCodeUrls.contains(codeSource.getLocation().toString()) ? new Permissions() : (PermissionCollection) AccessController.doPrivileged(new PrivilegedAction<PermissionCollection>() { // from class: net.sf.robocode.host.security.RobocodeSecurityPolicy.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public PermissionCollection run() {
                    return RobocodeSecurityPolicy.this.parentPolicy.getPermissions(codeSource);
                }
            });
        }
        return this.allPermissions;
    }

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, final Permission permission) {
        if (!isSecutityOn) {
            return true;
        }
        if (this.untrustedCodeUrls.contains(protectionDomain.getCodeSource().getLocation().toString())) {
            return ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: net.sf.robocode.host.security.RobocodeSecurityPolicy.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Boolean run() {
                    return Boolean.valueOf(RobocodeSecurityPolicy.this.impliesRobot(permission));
                }
            })).booleanValue();
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean impliesRobot(Permission permission) {
        String actions = permission.getActions();
        String name = permission.getName();
        if ((permission instanceof FilePermission) && actions.equals("read") && isFileReadSecutityOff) {
            return true;
        }
        if ((permission instanceof PropertyPermission) && actions.equals("read")) {
            return true;
        }
        if ((permission instanceof RobocodePermission) && (name.equals("System.out") || name.equals("System.err") || name.equals("System.in"))) {
            return true;
        }
        IHostedThread loadedOrLoadingRobotProxy = this.threadManager.getLoadedOrLoadingRobotProxy(Thread.currentThread());
        if (loadedOrLoadingRobotProxy == null) {
            Logger.logError("Preventing unknown thread " + Thread.currentThread().getName() + " from access: " + permission);
            return false;
        }
        if (permission instanceof AWTPermission) {
            loadedOrLoadingRobotProxy.punishSecurityViolation("Preventing " + loadedOrLoadingRobotProxy.getStatics().getName() + " from access: " + permission);
            throw new ThreadDeath();
        }
        if (permission instanceof FilePermission) {
            FilePermission filePermission = (FilePermission) permission;
            RobotFileSystemManager robotFileSystemManager = loadedOrLoadingRobotProxy.getRobotFileSystemManager();
            if (filePermission.getActions().equals("read")) {
                return impliesRobotFileRead(loadedOrLoadingRobotProxy, robotFileSystemManager, filePermission);
            }
            if (filePermission.getActions().equals("write")) {
                return impliesRobotFileWrite(loadedOrLoadingRobotProxy, robotFileSystemManager, filePermission);
            }
            if (filePermission.getActions().equals("delete")) {
                return impliesRobotFileDelete(loadedOrLoadingRobotProxy, robotFileSystemManager, filePermission);
            }
        }
        if ((permission instanceof RuntimePermission) && name.startsWith("accessClassInPackage.")) {
            return impliesRobotPackageAccess(loadedOrLoadingRobotProxy, name.substring(21));
        }
        loadedOrLoadingRobotProxy.punishSecurityViolation("Preventing " + loadedOrLoadingRobotProxy.getStatics().getName() + " from access: " + permission);
        return false;
    }

    private boolean impliesRobotPackageAccess(IHostedThread iHostedThread, String str) {
        if ((!str.startsWith("robocode.control") && !str.startsWith("net.sf.robocode")) || this.allowedPackages.contains(str)) {
            return true;
        }
        iHostedThread.punishSecurityViolation("Preventing " + Thread.currentThread().getName() + " from access to the internal Robocode package: " + str);
        return false;
    }

    private boolean impliesRobotFileDelete(IHostedThread iHostedThread, RobotFileSystemManager robotFileSystemManager, FilePermission filePermission) {
        if (robotFileSystemManager.getWritableDirectory() == null) {
            iHostedThread.punishSecurityViolation("Preventing " + iHostedThread.getStatics().getName() + " from access: " + filePermission + ". Robots that are not in a package may not delete any files.");
            return false;
        }
        if (robotFileSystemManager.isWritable(filePermission.getName()) || robotFileSystemManager.getWritableDirectory().toString().equals(filePermission.getName())) {
            return true;
        }
        iHostedThread.punishSecurityViolation("Preventing " + iHostedThread.getStatics().getName() + " from access: " + filePermission + ". You may only delete files in your own data directory: " + robotFileSystemManager.getWritableDirectory());
        return false;
    }

    private boolean impliesRobotFileWrite(IHostedThread iHostedThread, RobotFileSystemManager robotFileSystemManager, FilePermission filePermission) {
        if (!this.threadManager.checkRobotFileStream()) {
            iHostedThread.punishSecurityViolation("Preventing " + iHostedThread.getStatics().getName() + " from access: " + filePermission + ". You must use a RobocodeOutputStream.");
            return false;
        }
        if (robotFileSystemManager.getWritableDirectory() == null) {
            iHostedThread.punishSecurityViolation("Preventing " + iHostedThread.getStatics().getName() + " from access: " + filePermission + ". Robots that are not in a package may not write any files.");
            return false;
        }
        if (robotFileSystemManager.isWritable(filePermission.getName()) || robotFileSystemManager.getWritableDirectory().toString().equals(filePermission.getName())) {
            return true;
        }
        iHostedThread.punishSecurityViolation("Preventing " + iHostedThread.getStatics().getName() + " from access: " + filePermission + ". You may only write files in your own data directory: " + robotFileSystemManager.getWritableDirectory());
        return false;
    }

    private boolean impliesRobotFileRead(IHostedThread iHostedThread, RobotFileSystemManager robotFileSystemManager, FilePermission filePermission) {
        if (robotFileSystemManager.getReadableDirectory() == null) {
            iHostedThread.punishSecurityViolation("Preventing " + iHostedThread.getStatics().getName() + " from access: " + filePermission + ". Robots that are not in a package may not read any files.");
            return false;
        }
        if (robotFileSystemManager.isWritable(filePermission.getName()) || robotFileSystemManager.isReadable(filePermission.getName())) {
            return true;
        }
        iHostedThread.punishSecurityViolation("Preventing " + iHostedThread.getStatics().getName() + " from access: " + filePermission + ". You may only read files in your own root package directory.");
        return false;
    }

    @Override // java.security.Policy
    public void refresh() {
        initUrls();
        this.parentPolicy.refresh();
    }

    private void initUrls() {
        this.untrustedCodeUrls = new HashSet();
        this.untrustedCodeUrls.add(RobotClassLoader.untrustedURL);
        StringTokenizer stringTokenizer = new StringTokenizer(System.getProperty("robocode.class.path"), File.pathSeparator);
        try {
            ArrayList arrayList = new ArrayList();
            IRepositoryManager iRepositoryManager = (IRepositoryManager) Container.getComponent(IRepositoryManager.class);
            if (iRepositoryManager != null) {
                arrayList.add(iRepositoryManager.getRobotsDirectory().toURI().toString());
                Iterator<File> it = iRepositoryManager.getDevelDirectories().iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next().toURI().toString());
                }
            }
            while (stringTokenizer.hasMoreTokens()) {
                String uri = new File(stringTokenizer.nextToken()).getCanonicalFile().toURI().toString();
                if (arrayList.contains(uri) && !this.untrustedCodeUrls.contains(uri)) {
                    this.untrustedCodeUrls.add(uri);
                }
            }
        } catch (MalformedURLException e) {
            Logger.logError(e);
        } catch (IOException e2) {
            Logger.logError(e2);
        }
    }

    static {
        isSecutityOn = !System.getProperty("NOSECURITY", Characteristics.FALSE).equals(Characteristics.TRUE);
        isFileReadSecutityOff = System.getProperty("OVERRIDEFILEREADSECURITY", Characteristics.FALSE).equals(Characteristics.TRUE);
        isExperimental = System.getProperty("EXPERIMENTAL", Characteristics.FALSE).equals(Characteristics.TRUE);
    }
}
