package lucee.runtime.security;

import antlr.Version;
import lucee.commons.io.res.Resource;
import lucee.commons.io.res.type.file.FileResourceProvider;
import lucee.commons.io.res.util.ResourceUtil;
import lucee.commons.lang.ExceptionUtil;
import lucee.runtime.PageContext;
import lucee.runtime.PageContextImpl;
import lucee.runtime.config.Config;
import lucee.runtime.config.ConfigImpl;
import lucee.runtime.config.ConfigWeb;
import lucee.runtime.config.Password;
import lucee.runtime.config.PasswordImpl;
import lucee.runtime.engine.ThreadLocalPageContext;
import lucee.runtime.exp.PageException;
import lucee.runtime.exp.SecurityException;
import lucee.runtime.type.util.ArrayUtil;
import org.apache.tika.metadata.TikaMetadataKeys;

/* loaded from: input_file:core/core.lco:lucee/runtime/security/SecurityManagerImpl.class */
public final class SecurityManagerImpl implements Cloneable, SecurityManager {
    private static final Resource[] EMPTY_RESOURCE_ARRAY = new Resource[0];
    private short[] accesses;
    private Resource rootDirectory;
    private Resource[] customFileAccess;

    private SecurityManagerImpl() {
        this.accesses = new short[22];
        this.customFileAccess = EMPTY_RESOURCE_ARRAY;
    }

    public SecurityManagerImpl(short s, short s2, short s3, short s4, short s5, short s6, short s7, short s8, short s9, short s10, short s11, short s12, short s13, short s14, short s15, short s16, short s17, short s18, short s19, short s20, short s21, short s22) {
        this.accesses = new short[22];
        this.customFileAccess = EMPTY_RESOURCE_ARRAY;
        this.accesses[0] = s;
        this.accesses[1] = s2;
        this.accesses[2] = s3;
        this.accesses[3] = s4;
        this.accesses[4] = s5;
        this.accesses[5] = s6;
        this.accesses[6] = s8;
        this.accesses[7] = s9;
        this.accesses[8] = s10;
        this.accesses[9] = s11;
        this.accesses[14] = s12;
        this.accesses[15] = s13;
        this.accesses[10] = s14;
        this.accesses[11] = s15;
        this.accesses[12] = s16;
        this.accesses[13] = s17;
        this.accesses[19] = s18;
        this.accesses[20] = s19;
        this.accesses[21] = s20;
        this.accesses[16] = s21;
        this.accesses[17] = s22;
        this.accesses[18] = s7;
    }

    public static SecurityManager getOpenSecurityManager() {
        return new SecurityManagerImpl((short) 2, (short) 2, (short) 2, (short) 2, (short) 2, (short) 2, (short) 2, (short) 2, (short) 2, (short) 2, (short) 2, (short) 2, (short) 2, (short) 2, (short) 2, (short) 2, (short) 2, (short) 2, (short) 2, (short) 2, (short) 1, (short) 2);
    }

    @Override // lucee.runtime.security.SecurityManager
    public short getAccess(int i) {
        return this.accesses[i];
    }

    public void setAccess(int i, short s) {
        this.accesses[i] = s;
    }

    @Override // lucee.runtime.security.SecurityManager
    public short getAccess(String str) throws SecurityException {
        return getAccess(toIntAccessType(str));
    }

    private static int toIntAccessType(String str) throws SecurityException {
        String lowerCase = str.trim().toLowerCase();
        if (lowerCase.equals("setting")) {
            return 0;
        }
        if (lowerCase.equals("file")) {
            return 1;
        }
        if (lowerCase.equals("direct_java_access")) {
            return 2;
        }
        if (lowerCase.equals("mail")) {
            return 3;
        }
        if (lowerCase.equals("datasource")) {
            return 4;
        }
        if (lowerCase.equals("mapping")) {
            return 5;
        }
        if (lowerCase.equals("remote")) {
            return 18;
        }
        if (lowerCase.equals("custom_tag")) {
            return 6;
        }
        if (lowerCase.equals("cfx_setting")) {
            return 7;
        }
        if (lowerCase.equals("cfx_usage")) {
            return 8;
        }
        if (lowerCase.equals("debugging")) {
            return 9;
        }
        if (lowerCase.equals("tag_execute")) {
            return 10;
        }
        if (lowerCase.equals("tag_import")) {
            return 11;
        }
        if (lowerCase.equals("tag_object")) {
            return 12;
        }
        if (lowerCase.equals("tag_registry")) {
            return 13;
        }
        if (lowerCase.equals("search")) {
            return 14;
        }
        if (lowerCase.equals("cache")) {
            return 19;
        }
        if (lowerCase.equals("gateway")) {
            return 20;
        }
        if (lowerCase.equals("orm")) {
            return 21;
        }
        if (lowerCase.startsWith("scheduled_task")) {
            return 15;
        }
        throw new SecurityException("invalid access type [" + lowerCase + "]", "valid access types are [setting,file,direct_java_access,mail,datasource,mapping,custom_tag,cfx_settingcfx_usage,debugging]");
    }

    public static short toShortAccessValue(String str) throws SecurityException {
        String lowerCase = str.trim().toLowerCase();
        if (lowerCase.equals("all")) {
            return (short) 2;
        }
        if (lowerCase.equals("local")) {
            return (short) 1;
        }
        if (lowerCase.equals("none") || lowerCase.equals("no")) {
            return (short) 0;
        }
        if (lowerCase.equals("yes")) {
            return (short) 2;
        }
        if (lowerCase.equals("1")) {
            return (short) 11;
        }
        if (lowerCase.equals("2")) {
            return (short) 12;
        }
        if (lowerCase.equals("3")) {
            return (short) 13;
        }
        if (lowerCase.equals("4")) {
            return (short) 14;
        }
        if (lowerCase.equals("5")) {
            return (short) 15;
        }
        if (lowerCase.equals(Version.patchlevel)) {
            return (short) 16;
        }
        if (lowerCase.equals(Version.subversion)) {
            return (short) 17;
        }
        if (lowerCase.equals("8")) {
            return (short) 18;
        }
        if (lowerCase.equals("9")) {
            return (short) 19;
        }
        if (lowerCase.equals("10")) {
            return (short) 20;
        }
        throw new SecurityException("invalid access value [" + lowerCase + "]", "valid access values are [all,local,no,none,yes,1,...,10]");
    }

    public static short toShortAccessRWValue(String str) throws SecurityException {
        String lowerCase = str.trim().toLowerCase();
        if (lowerCase.equals("open")) {
            return (short) 1;
        }
        if (lowerCase.equals("close")) {
            return (short) 3;
        }
        if (lowerCase.equals(TikaMetadataKeys.PROTECTED)) {
            return (short) 2;
        }
        throw new SecurityException("invalid access value [" + lowerCase + "]", "valid access values are [open,protected,close]");
    }

    public static short toShortAccessValue(String str, short s) {
        String lowerCase = str.trim().toLowerCase();
        if (lowerCase.equals("no")) {
            return (short) 0;
        }
        if (lowerCase.equals("yes") || lowerCase.equals("all")) {
            return (short) 2;
        }
        if (lowerCase.equals("local")) {
            return (short) 1;
        }
        if (lowerCase.equals("none")) {
            return (short) 0;
        }
        if (lowerCase.equals("1")) {
            return (short) 11;
        }
        if (lowerCase.equals("2")) {
            return (short) 12;
        }
        if (lowerCase.equals("3")) {
            return (short) 13;
        }
        if (lowerCase.equals("4")) {
            return (short) 14;
        }
        if (lowerCase.equals("5")) {
            return (short) 15;
        }
        if (lowerCase.equals(Version.patchlevel)) {
            return (short) 16;
        }
        if (lowerCase.equals(Version.subversion)) {
            return (short) 17;
        }
        if (lowerCase.equals("8")) {
            return (short) 18;
        }
        if (lowerCase.equals("9")) {
            return (short) 19;
        }
        if (lowerCase.equals("10")) {
            return (short) 20;
        }
        if (lowerCase.equals("0")) {
            return (short) 0;
        }
        if (lowerCase.equals("-1")) {
            return (short) 2;
        }
        return s;
    }

    public static short toShortAccessRWValue(String str, short s) {
        String lowerCase = str.trim().toLowerCase();
        if (lowerCase.equals("open")) {
            return (short) 1;
        }
        if (lowerCase.equals("close")) {
            return (short) 3;
        }
        if (lowerCase.equals(TikaMetadataKeys.PROTECTED)) {
            return (short) 2;
        }
        return s;
    }

    public static String toStringAccessValue(short s) throws SecurityException {
        switch (s) {
            case 0:
                return "none";
            case 1:
                return "local";
            case 2:
                return "yes";
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
            case 10:
            default:
                throw new SecurityException("invalid access value", "valid access values are [all,local,no,none,yes,1,...,10]");
            case 11:
                return "1";
            case 12:
                return "2";
            case 13:
                return "3";
            case 14:
                return "4";
            case 15:
                return "5";
            case 16:
                return Version.patchlevel;
            case 17:
                return Version.subversion;
            case 18:
                return "8";
            case 19:
                return "9";
            case 20:
                return "10";
        }
    }

    public static String toStringAccessRWValue(short s) throws SecurityException {
        switch (s) {
            case 1:
                return "open";
            case 2:
                return TikaMetadataKeys.PROTECTED;
            case 3:
                return "close";
            default:
                throw new SecurityException("invalid access value", "valid access values are [open,close,protected]");
        }
    }

    @Override // lucee.runtime.security.SecurityManager
    public void checkFileLocation(Resource resource) throws SecurityException {
        checkFileLocation(null, resource, null);
    }

    @Override // lucee.runtime.security.SecurityManager
    public void checkFileLocation(ConfigWeb configWeb, Resource resource, String str) throws SecurityException {
        if (resource == null || !(resource.getResourceProvider() instanceof FileResourceProvider)) {
            return;
        }
        ConfigWeb configWeb2 = (ConfigWeb) ThreadLocalPageContext.getConfig(configWeb);
        Password passwordToCompare = PasswordImpl.passwordToCompare(configWeb2, true, str);
        if (getAccess(1) == 2) {
            return;
        }
        if (getAccess(1) != 1) {
            if (isValid(configWeb2, passwordToCompare)) {
                return;
            }
            if (!ArrayUtil.isEmpty(this.customFileAccess)) {
                resource = ResourceUtil.getCanonicalResourceEL(resource);
                for (int i = 0; i < this.customFileAccess.length; i++) {
                    if (ResourceUtil.isChildOf(resource, this.customFileAccess[i])) {
                        return;
                    }
                }
            }
            if (!isAdminContext()) {
                throw new SecurityException(createExceptionMessage(resource, false), "access is prohibited by security manager");
            }
            return;
        }
        Resource canonicalResourceEL = ResourceUtil.getCanonicalResourceEL(resource);
        if (this.rootDirectory == null || !ResourceUtil.isChildOf(canonicalResourceEL, this.rootDirectory)) {
            if (!ArrayUtil.isEmpty(this.customFileAccess)) {
                for (int i2 = 0; i2 < this.customFileAccess.length; i2++) {
                    if (ResourceUtil.isChildOf(canonicalResourceEL, this.customFileAccess[i2])) {
                        return;
                    }
                }
            }
            if (!isValid(configWeb2, passwordToCompare) && !isAdminContext()) {
                throw new SecurityException(createExceptionMessage(canonicalResourceEL, true), "access is prohibited by security manager");
            }
        }
    }

    private boolean isAdminContext() {
        PageContext pageContext = ThreadLocalPageContext.get();
        if (pageContext == null) {
            return false;
        }
        try {
            return "/lucee".equals(pageContext.getBasePageSource().getMapping().getVirtualLowerCase());
        } catch (Throwable th) {
            ExceptionUtil.rethrowIfNecessary(th);
            return false;
        }
    }

    private String createExceptionMessage(Resource resource, boolean z) {
        StringBuffer stringBuffer = new StringBuffer((!z || this.rootDirectory == null) ? "" : this.rootDirectory.getAbsolutePath());
        if (this.customFileAccess != null) {
            for (int i = 0; i < this.customFileAccess.length; i++) {
                if (stringBuffer.length() > 0) {
                    stringBuffer.append(" | ");
                }
                stringBuffer.append(this.customFileAccess[i].getAbsolutePath());
            }
        }
        StringBuffer stringBuffer2 = new StringBuffer("can't access [");
        stringBuffer2.append(resource.getAbsolutePath());
        stringBuffer2.append("]");
        if (stringBuffer.length() > 0) {
            stringBuffer2.append(" ");
            stringBuffer2.append(resource.isDirectory() ? "directory" : "file");
            stringBuffer2.append(" must be inside [");
            stringBuffer2.append(stringBuffer.toString());
            stringBuffer2.append("]");
        }
        return stringBuffer2.toString();
    }

    private boolean isValid(Config config, Password password) {
        if (password == null) {
            try {
                password = ((PageContextImpl) ThreadLocalPageContext.get()).getServerPassword();
            } catch (Throwable th) {
                ExceptionUtil.rethrowIfNecessary(th);
            }
        }
        Config config2 = ThreadLocalPageContext.getConfig(config);
        if (config2 == null || password == null) {
            return false;
        }
        try {
            ConfigImpl.getConfigServer(config2, password);
            return true;
        } catch (PageException e) {
            return false;
        }
    }

    @Override // lucee.runtime.security.SecurityManager
    public SecurityManager cloneSecurityManager() {
        SecurityManagerImpl securityManagerImpl = new SecurityManagerImpl();
        for (int i = 0; i < this.accesses.length; i++) {
            securityManagerImpl.accesses[i] = this.accesses[i];
        }
        if (this.customFileAccess != null) {
            securityManagerImpl.customFileAccess = (Resource[]) ArrayUtil.clone(this.customFileAccess, new Resource[this.customFileAccess.length]);
        }
        securityManagerImpl.rootDirectory = this.rootDirectory;
        return securityManagerImpl;
    }

    public Object clone() {
        return cloneSecurityManager();
    }

    public Resource[] getCustomFileAccess() {
        return ArrayUtil.isEmpty(this.customFileAccess) ? EMPTY_RESOURCE_ARRAY : (Resource[]) ArrayUtil.clone(this.customFileAccess, new Resource[this.customFileAccess.length]);
    }

    public void setCustomFileAccess(Resource[] resourceArr) {
        this.customFileAccess = merge(this.customFileAccess, resourceArr);
    }

    public void setRootDirectory(Resource resource) {
        this.rootDirectory = resource;
    }

    private static Resource[] merge(Resource[] resourceArr, Resource[] resourceArr2) {
        if (ArrayUtil.isEmpty(resourceArr2)) {
            return resourceArr;
        }
        if (ArrayUtil.isEmpty(resourceArr)) {
            return resourceArr2;
        }
        Resource[] resourceArr3 = new Resource[resourceArr.length + resourceArr2.length];
        for (int i = 0; i < resourceArr.length; i++) {
            resourceArr3[i] = resourceArr[i];
        }
        for (int i2 = 0; i2 < resourceArr2.length; i2++) {
            resourceArr3[resourceArr.length + i2] = resourceArr2[i2];
        }
        return resourceArr3;
    }
}
