package org.apache.tomcat.modules.config;

import java.io.File;
import java.io.FilePermission;
import java.io.IOException;
import java.net.URL;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.Enumeration;
import java.util.PropertyPermission;
import org.apache.tomcat.core.BaseInterceptor;
import org.apache.tomcat.core.Context;
import org.apache.tomcat.core.ContextManager;
import org.apache.tomcat.core.TomcatException;
import org.apache.tomcat.util.io.FileUtil;

/* loaded from: input_file:org/apache/tomcat/modules/config/PolicyInterceptor.class */
public class PolicyInterceptor extends PolicyLoader {
    String securityManagerClass = "java.lang.SecurityManager";
    String policyFile = null;

    @Override // org.apache.tomcat.modules.config.PolicyLoader
    public void setSecurityManagerClass(String str) {
        this.securityManagerClass = str;
    }

    @Override // org.apache.tomcat.modules.config.PolicyLoader
    public void setPolicyFile(String str) {
        this.policyFile = str;
    }

    @Override // org.apache.tomcat.modules.config.PolicyLoader
    public void addInterceptor(ContextManager contextManager, Context context, BaseInterceptor baseInterceptor) throws TomcatException {
    }

    public void engineInit(ContextManager contextManager) throws TomcatException {
        initSecurityManager(contextManager);
    }

    public void initSecurityManager(ContextManager contextManager) throws TomcatException {
        if (System.getSecurityManager() != null) {
            return;
        }
        try {
            if (null == System.getProperty("java.security.policy")) {
                log("Setting java.security.policy. This may fail on some VMs, please set it as a system property before starting tomcat");
                if (this.policyFile == null) {
                    this.policyFile = "conf/tomcat.policy";
                }
                try {
                    this.policyFile = (FileUtil.isAbsolute(this.policyFile) ? new File(this.policyFile) : new File(new StringBuffer().append(contextManager.getHome()).append(File.separator).append(this.policyFile).toString())).getCanonicalPath();
                } catch (IOException e) {
                }
                if (((BaseInterceptor) this).debug > 0) {
                    log(new StringBuffer().append("Setting policy file to ").append(this.policyFile).append(" tomcat.home= ").append(System.getProperty("tomcat.home")).toString());
                }
                System.setProperty("java.security.policy", this.policyFile);
            }
            Object newInstance = Class.forName(this.securityManagerClass).newInstance();
            Policy.getPolicy().refresh();
            System.setSecurityManager((SecurityManager) newInstance);
            log("SANDBOX mode enabled");
            if (!"java.lang.SecurityManager".equals(this.securityManagerClass)) {
                log(new StringBuffer().append("Security Manager=").append(this.securityManagerClass).toString());
            }
        } catch (ClassNotFoundException e2) {
            log(new StringBuffer().append("SecurityManager Class not found: ").append(this.securityManagerClass).toString(), 1);
        } catch (Exception e3) {
            e3.printStackTrace();
            log(new StringBuffer().append("SecurityManager Class could not be loaded: ").append(this.securityManagerClass).toString(), 1);
        }
    }

    protected void addDefaultPermissions(Context context, String str, Permissions permissions) {
        if (context.isTrusted()) {
            if (((BaseInterceptor) this).debug > 0) {
                log(new StringBuffer().append("All permissions for ").append(context).toString());
            }
            permissions.add(new AllPermission());
            return;
        }
        permissions.add(new FilePermission(new StringBuffer().append(str).append(File.separator).append("-").toString(), "read"));
        permissions.add(new FilePermission(new StringBuffer().append(str).append(File.separator).append("-").toString(), "write"));
        permissions.add(new FilePermission(new StringBuffer().append(context.getWorkDir()).append(File.separator).append("-").toString(), "read"));
        permissions.add(new FilePermission(new StringBuffer().append(context.getWorkDir()).append(File.separator).append("-").toString(), "write"));
        permissions.add(new FilePermission(new StringBuffer().append(((BaseInterceptor) this).cm.getInstallDir()).append(File.separator).append("lib").append(File.separator).append("common").append(File.separator).append("-").toString(), "read"));
        permissions.add(new FilePermission(new StringBuffer().append(((BaseInterceptor) this).cm.getInstallDir()).append(File.separator).append("lib").append(File.separator).append("apps").append(File.separator).append("-").toString(), "read"));
        permissions.add(new RuntimePermission("getClassLoader"));
        permissions.add(new PropertyPermission("line.separator", "read"));
        permissions.add(new PropertyPermission("file.separator", "read"));
        permissions.add(new PropertyPermission("path.separator", "read"));
        if (((BaseInterceptor) this).debug > 0 || context.getDebug() > 0) {
            context.log(new StringBuffer().append("permissions ").append(permissions).toString());
        }
    }

    public void contextInit(Context context) throws TomcatException {
        context.getContextManager();
        String absolutePath = context.getAbsolutePath();
        try {
            File file = new File(absolutePath);
            CodeSource codeSource = new CodeSource(new URL(new StringBuffer().append("file:").append(file.getAbsolutePath()).toString()), (Certificate[]) null);
            Permissions permissions = new Permissions();
            addDefaultPermissions(context, file.getAbsolutePath(), permissions);
            Policy.getPolicy().refresh();
            PermissionCollection permissions2 = Policy.getPolicy().getPermissions(codeSource);
            if (permissions2 != null) {
                Enumeration<Permission> elements = permissions2.elements();
                while (elements.hasMoreElements()) {
                    permissions.add(elements.nextElement());
                }
            }
            context.setAttribute("org.apache.tomcat.protection_domain", new ProtectionDomain(codeSource, permissions));
        } catch (Exception e) {
            log(new StringBuffer().append("Security init for Context ").append(absolutePath).append(" failed").toString(), e);
        }
    }
}
