package com.ibm.wmqfte.io.impl;

import com.ibm.wmqfte.configuration.FTEProperties;
import com.ibm.wmqfte.configuration.FTEPropertiesFactory;
import com.ibm.wmqfte.io.FTEFile;
import com.ibm.wmqfte.io.FTEFileFactory;
import com.ibm.wmqfte.io.cdbridge.CDBridgeSandbox;
import com.ibm.wmqfte.io.cdbridge.CDBridgeUtils;
import com.ibm.wmqfte.io.sandbox.FTEPathUserSandboxes;
import com.ibm.wmqfte.io.utils.CommandPath;
import com.ibm.wmqfte.ras.NLS;
import com.ibm.wmqfte.ras.RAS;
import com.ibm.wmqfte.ras.RASEnvironment;
import com.ibm.wmqfte.ras.RasDescriptor;
import com.ibm.wmqfte.ras.Trace;
import com.ibm.wmqfte.ras.TraceLevel;
import com.ibm.wmqfte.utils.FTEPlatformUtils;
import com.ibm.wmqfte.utils.FTEPropConstant;
import java.io.File;
import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;

/* loaded from: input_file:lib/com.ibm.wmqfte.common.jar:com/ibm/wmqfte/io/impl/FTESandbox.class */
public class FTESandbox {
    public static final String $sccsid = "@(#) MQMBID sn=p941-L241002 su=_IV1lJYDLEe-DRZkeHlWduQ pn=com.ibm.wmqfte.io/src/com/ibm/wmqfte/io/impl/FTESandbox.java";
    private static final RasDescriptor rd = RasDescriptor.create((Class<?>) FTESandbox.class, "com.ibm.wmqfte.io.BFGIOMessages");
    private static final String platform = System.getProperty("os.name", "");
    private static FTESandbox instance;
    protected final PathStore allowedPaths = newPathStore();
    protected final PathStore deniedPaths = newPathStore();

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:lib/com.ibm.wmqfte.common.jar:com/ibm/wmqfte/io/impl/FTESandbox$PathStore.class */
    public static class PathStore {
        private final String transferRoot;
        protected HashSet<String> paths = new HashSet<>();

        protected String getCanonicalPath(String str) throws IOException {
            File file;
            File file2 = new File(str.trim());
            if (file2.isAbsolute()) {
                file = file2;
            } else {
                if (FTEPropConstant.disabledTransferRootDef.equals(this.transferRoot)) {
                    throw new IOException(NLS.format(FTESandbox.rd, "BFGIO0128_NO_RELATIVE_SANDBOX", str));
                }
                file = new File(this.transferRoot, str);
            }
            return file.getCanonicalPath();
        }

        public PathStore() {
            if (FTEPropertiesFactory.isLoaded()) {
                this.transferRoot = FTEPropertiesFactory.getInstance().getPropertyAsString(FTEPropConstant.transferRoot_IObase);
            } else {
                this.transferRoot = FTEPropConstant.disabledTransferRootDef;
            }
        }

        public boolean add(String str) {
            if (str == null) {
                return false;
            }
            return (str.endsWith(separator()) || str.length() == 0) ? this.paths.add(str) : this.paths.add(str + separator());
        }

        public boolean containsPathTo(String str) {
            if (str == null) {
                return false;
            }
            String str2 = str + separator();
            Iterator<String> it = this.paths.iterator();
            while (it.hasNext()) {
                if (str2.startsWith(it.next())) {
                    return true;
                }
            }
            return false;
        }

        public boolean contains(String str) {
            if (str == null) {
                return false;
            }
            String str2 = str + separator();
            Iterator<String> it = this.paths.iterator();
            while (it.hasNext()) {
                if (str2.equals(it.next())) {
                    return true;
                }
            }
            return false;
        }

        public String getPath(String str, int i) {
            String str2 = null;
            int directoryDepth = directoryDepth(str + separator()) + i;
            Iterator<String> it = this.paths.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String next = it.next();
                if (next.startsWith(str) && directoryDepth(next) <= directoryDepth) {
                    str2 = next;
                    break;
                }
            }
            return str2;
        }

        protected String separator() {
            return FTEPlatformUtils.getFileSeparator();
        }

        public int size() {
            return this.paths.size();
        }

        public String getLongestPathTo(String str) {
            if (str == null) {
                return "";
            }
            String str2 = str + separator();
            String str3 = "";
            Iterator<String> it = this.paths.iterator();
            while (it.hasNext()) {
                String next = it.next();
                if (str2.startsWith(next) && next.length() > str3.length()) {
                    str3 = next;
                }
            }
            return str3;
        }

        private int directoryDepth(String str) {
            int indexOf;
            int i = 0;
            int i2 = 0;
            while (i2 < str.length() && (indexOf = str.indexOf(separator(), i2)) != -1) {
                i2 = indexOf + 1;
                i++;
            }
            return i;
        }

        public String toString() {
            return this.paths.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/com.ibm.wmqfte.common.jar:com/ibm/wmqfte/io/impl/FTESandbox$WindowsPathStore.class */
    public static class WindowsPathStore extends PathStore {
        @Override // com.ibm.wmqfte.io.impl.FTESandbox.PathStore
        protected String getCanonicalPath(String str) throws IOException {
            return super.getCanonicalPath(str).toLowerCase();
        }

        @Override // com.ibm.wmqfte.io.impl.FTESandbox.PathStore
        public boolean add(String str) {
            if (str == null) {
                return false;
            }
            return super.add(str.toLowerCase());
        }

        @Override // com.ibm.wmqfte.io.impl.FTESandbox.PathStore
        public boolean containsPathTo(String str) {
            if (str == null) {
                return false;
            }
            return super.containsPathTo(str.toLowerCase());
        }

        @Override // com.ibm.wmqfte.io.impl.FTESandbox.PathStore
        public boolean contains(String str) {
            if (str == null) {
                return false;
            }
            return super.contains(str.toLowerCase());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public FTESandbox() {
        if (rd.isFlowOn()) {
            Trace.entry(rd, "<init>", new Object[0]);
        }
        FTEProperties fTEPropertiesFactory = FTEPropertiesFactory.isLoaded() ? FTEPropertiesFactory.getInstance() : null;
        String propertyAsString = fTEPropertiesFactory == null ? null : fTEPropertiesFactory.getPropertyAsString(FTEPropConstant.sandboxRoot);
        if (propertyAsString != null) {
            for (String str : propertyAsString.split(FTEPlatformUtils.getPathSeparator())) {
                String trim = str.trim();
                boolean z = false;
                if (trim.startsWith("!")) {
                    z = true;
                    trim = trim.substring(1);
                }
                if (trim.length() != 0) {
                    try {
                        FTEFile newFTEFile = FTEFileFactory.getInstance().newFTEFile(trim);
                        if (z) {
                            this.deniedPaths.add(newFTEFile.getCanonicalPath());
                        } else {
                            this.allowedPaths.add(newFTEFile.getCanonicalPath());
                        }
                    } catch (IOException e) {
                        if (rd.isFlowOn()) {
                            Trace.data(rd, TraceLevel.MODERATE, "<init>", "Invalid path  " + trim + ", exception: " + e);
                        }
                    }
                }
            }
        }
        String[] paths = CommandPath.getInstance().getPaths();
        if (fTEPropertiesFactory != null && !fTEPropertiesFactory.getPropertyAsBoolean(FTEPropConstant.addCommandPathToSandbox)) {
            int size = this.allowedPaths.size();
            if (paths.length > 0 && size == 0) {
                if (rd.isFlowOn()) {
                    Trace.data(rd, TraceLevel.MODERATE, "<init>", "Adding commandPath to denied paths");
                }
                for (String str2 : paths) {
                    if (str2.length() > 0) {
                        try {
                            this.deniedPaths.add(FTEFileFactory.getInstance().newFTEFile(str2).getCanonicalPath());
                        } catch (IOException e2) {
                            if (rd.isFlowOn()) {
                                Trace.data(rd, TraceLevel.MODERATE, "<init>", "Invalid path  " + str2 + ", exception: " + e2);
                            }
                        }
                    }
                }
            } else if (rd.isFlowOn()) {
                Trace.data(rd, TraceLevel.MODERATE, "<init>", "commandPath has not been added to the denied paths, as an agent sandbox has already been set up with " + size + " allowed paths");
            }
        } else if (paths.length > 0) {
            for (String str3 : paths) {
                if (str3.length() > 0) {
                    addToDeniedPaths(str3);
                }
            }
        }
        String propertyAsString2 = fTEPropertiesFactory == null ? null : fTEPropertiesFactory.getPropertyAsString(FTEPropConstant.agentQMgrAuthenticationCredentialsFile);
        if (propertyAsString2 != null) {
            addToDeniedPaths(propertyAsString2);
        }
        if (this.allowedPaths.size() == 0) {
            this.allowedPaths.add("");
        }
        if (rd.isFlowOn()) {
            Trace.data(rd, TraceLevel.MODERATE, "<init>", toString());
        }
        if (rd.isFlowOn()) {
            Trace.exit(rd, "<init>");
        }
    }

    private void addToDeniedPaths(String str) {
        if (rd.isFlowOn()) {
            Trace.entry(rd, this, "addToDeniedPaths", str);
        }
        try {
            String canonicalPath = FTEFileFactory.getInstance().newFTEFile(str).getCanonicalPath();
            if (!this.allowedPaths.contains(canonicalPath)) {
                this.deniedPaths.add(canonicalPath);
            }
        } catch (IOException e) {
            if (rd.isFlowOn()) {
                Trace.data(rd, TraceLevel.MODERATE, "<init>", "Invalid path  " + str + ", exception: " + e);
            }
        }
        if (rd.isFlowOn()) {
            Trace.exit(rd, this, "addToDeniedPaths");
        }
    }

    protected PathStore newPathStore() {
        return platform.startsWith("Windows") ? new WindowsPathStore() : new PathStore();
    }

    public static FTESandbox getInstance() {
        if (instance == null || RAS.getEnvironment().equals(RASEnvironment.UNITTEST)) {
            FTEProperties fTEPropertiesFactory = FTEPropertiesFactory.isLoaded() ? FTEPropertiesFactory.getInstance() : null;
            if (fTEPropertiesFactory == null || !fTEPropertiesFactory.getPropertyAsBoolean(FTEPropConstant.perUserSandbox)) {
                if (CDBridgeUtils.isCDBridge()) {
                    instance = new CDBridgeSandbox();
                } else {
                    instance = new FTESandbox();
                }
            } else if (CDBridgeUtils.isCDBridge()) {
                instance = new CDBridgeSandbox(new FTEPathUserSandboxes());
            } else {
                instance = new FTEPathUserSandboxes();
            }
        }
        return instance;
    }

    public boolean accessForRead(String str, String str2) {
        return access(str);
    }

    public boolean accessForWrite(String str, String str2) {
        return access(str);
    }

    public String getDeniedPath(String str, int i, String str2) {
        return accessForRead(str, str2) ? this.deniedPaths.getPath(str, i) : str;
    }

    protected final boolean access(String str) {
        boolean containsPathTo;
        if (this.deniedPaths.containsPathTo(str)) {
            containsPathTo = this.deniedPaths.getLongestPathTo(str).length() < this.allowedPaths.getLongestPathTo(str).length();
        } else {
            containsPathTo = this.allowedPaths.containsPathTo(str);
        }
        return containsPathTo;
    }

    public String toString() {
        return "allowedPaths: " + this.allowedPaths + " deniedPaths: " + this.deniedPaths;
    }
}
