package noconnect;

import com.google.common.net.InetAddresses;
import com.google.common.net.InternetDomainName;
import it.unimi.dsi.fastutil.objects.Object2ObjectLinkedOpenHashMap;
import java.io.IOException;
import java.lang.Thread;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLPermission;
import java.net.UnknownHostException;
import java.security.Permission;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Map;
import java.util.stream.Stream;
import noconnect.Config;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.Marker;
import org.apache.logging.log4j.MarkerManager;
import org.apache.logging.log4j.core.Filter;
import org.apache.logging.log4j.core.config.LoggerConfig;
import org.apache.logging.log4j.core.filter.MarkerFilter;
import org.apache.logging.log4j.util.Supplier;

/* loaded from: input_file:noconnect/URLSecMgr.class */
final class URLSecMgr extends SecurityManager {
    private static final Logger LOGGER = LogManager.getLogger("NoConnect");
    private static final Marker ALLOW_MARKER = MarkerManager.getMarker("NC_ALLOW");
    private static final Marker REJECT_MARKER = MarkerManager.getMarker("NC_REJECT");
    private static final Marker URL_MARKER = MarkerManager.getMarker("NC_URL");
    private static final Marker RESOLVE_MARKER = MarkerManager.getMarker("NC_RESOLVE");
    private static final Marker SOCKET_MARKER = MarkerManager.getMarker("NC_SOCKET");
    private static final Marker INTERFACE_MARKER = MarkerManager.getMarker("NC_INTERFACE");
    private static final Map<String, String> IP_CACHE = new Object2ObjectLinkedOpenHashMap();
    private static final String hostName = getHostName();
    private static final HashSet<InetAddress> hostAddress = getAllHostAddress();
    private final ThreadLocal<Boolean> isRecursive = ThreadLocal.withInitial(() -> {
        return Boolean.FALSE;
    });

    public URLSecMgr() {
        LoggerConfig loggerConfig = LogManager.getContext(false).getConfiguration().getLoggerConfig("NoConnect");
        Config.LogType mode = Config.getMode();
        if (EnumSet.of(Config.LogType.NONE).contains(mode)) {
            loggerConfig.addFilter(MarkerFilter.createFilter(ALLOW_MARKER.getName(), Filter.Result.DENY, Filter.Result.NEUTRAL));
            loggerConfig.addFilter(MarkerFilter.createFilter(REJECT_MARKER.getName(), Filter.Result.DENY, Filter.Result.NEUTRAL));
        }
        if (EnumSet.of(Config.LogType.NONE, Config.LogType.MINIMAL).contains(mode)) {
            loggerConfig.addFilter(MarkerFilter.createFilter(URL_MARKER.getName(), Filter.Result.DENY, Filter.Result.NEUTRAL));
        }
        if (EnumSet.of(Config.LogType.NONE, Config.LogType.MINIMAL, Config.LogType.INFO).contains(mode)) {
            loggerConfig.addFilter(MarkerFilter.createFilter(RESOLVE_MARKER.getName(), Filter.Result.DENY, Filter.Result.NEUTRAL));
            loggerConfig.addFilter(MarkerFilter.createFilter(SOCKET_MARKER.getName(), Filter.Result.DENY, Filter.Result.NEUTRAL));
        }
    }

    @Override // java.lang.SecurityManager
    public void checkConnect(String str, int i) {
        processHost(str, i);
    }

    @Override // java.lang.SecurityManager
    public void checkConnect(String str, int i, Object obj) {
        processHost(str, i);
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission) {
        processPerm(permission);
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission, Object obj) {
        processPerm(permission);
    }

    @Override // java.lang.SecurityManager
    public void checkPackageAccess(String str) {
    }

    private void processHost(String str, int i) {
        Thread.UncaughtExceptionHandler defaultUncaughtExceptionHandler = Thread.getDefaultUncaughtExceptionHandler();
        Thread.setDefaultUncaughtExceptionHandler(URLSecMgr::onUnknownError);
        boolean isInetAddress = InetAddresses.isInetAddress(str);
        InetAddress forString = isInetAddress ? InetAddresses.forString(str) : null;
        if ((isInetAddress && forString.isLoopbackAddress()) || "localhost".equals(str) || str.equals(hostName)) {
            LOGGER.trace(SOCKET_MARKER, "Ignoring localhost {} {}", new Supplier[]{() -> {
                return str;
            }, () -> {
                return Integer.valueOf(i);
            }});
            return;
        }
        boolean z = i == -1;
        if (z && isInetAddress) {
            InetAddress forString2 = InetAddresses.forString(str);
            LOGGER.trace(SOCKET_MARKER, "IP Type: {}", forString2.getClass().toString());
            boolean contains = hostAddress.contains(forString2);
            LOGGER.trace(SOCKET_MARKER, "Host: {}, IPAddr: {}, Match, {}", str, forString2, Boolean.valueOf(contains));
            if (contains) {
                LOGGER.debug(SOCKET_MARKER, "Allowed current host address {}", str);
                return;
            }
        }
        if (isInetAddress && (IP_CACHE.containsKey(str) || Config.getAllowedIPs().contains(str))) {
            if (z) {
                LOGGER.debug(ALLOW_MARKER, "Allowed IP (request) - {}:{}/{}", str, Integer.valueOf(i), IP_CACHE.getOrDefault(str, "not_cached"));
                return;
            } else {
                LOGGER.debug(ALLOW_MARKER, "Allowed IP - {}:{}/{}", str, Integer.valueOf(i), IP_CACHE.getOrDefault(str, "not_cached"));
                return;
            }
        }
        String name = Thread.currentThread().getName();
        Stream<String> stream = Config.getAllowedThread().stream();
        name.getClass();
        if (stream.anyMatch(name::startsWith)) {
            LOGGER.info(ALLOW_MARKER, "Allowed thread: [{}] - {}:{}", name, str, Integer.valueOf(i));
            return;
        }
        if (InternetDomainName.isValid(str)) {
            boolean anyMatch = Config.getAllowedHosts().stream().anyMatch(str2 -> {
                return NetworkUtil.matchesHostname(str, str2);
            });
            if (isRecursiveCall() && anyMatch) {
                return;
            }
            if (anyMatch) {
                this.isRecursive.set(Boolean.TRUE);
                try {
                    if (i != -1) {
                        LOGGER.info(ALLOW_MARKER, "Allowed Host - {}:{}", str, Integer.valueOf(i));
                    } else {
                        LOGGER.debug(RESOLVE_MARKER, "Resolve Host - {}:{}", str, Integer.valueOf(i));
                    }
                    addHostToCache(str, i);
                    this.isRecursive.set(Boolean.FALSE);
                    this.isRecursive.set(Boolean.FALSE);
                    return;
                } catch (Throwable th) {
                    this.isRecursive.set(Boolean.FALSE);
                    throw th;
                }
            }
        }
        if (Config.isAuditMode()) {
            LOGGER.info("Audit Mode, Allowing host: {}:{}", str, Integer.valueOf(i));
            return;
        }
        if (i == 53 && Config.allowAllDns()) {
            LOGGER.debug(SOCKET_MARKER, "Allow DNS {}:{}", str, Integer.valueOf(i));
            return;
        }
        if (z) {
            LOGGER.debug(REJECT_MARKER, "Denied (request) - {}:{}", str, Integer.valueOf(i));
        } else {
            LOGGER.info(REJECT_MARKER, "Denied - {}:{}", str, Integer.valueOf(i));
        }
        Thread.setDefaultUncaughtExceptionHandler(defaultUncaughtExceptionHandler);
        ExceptionUtils.rethrow(new IOException("Denied - " + str + ":" + i));
    }

    private void addHostToCache(String str, int i) {
        LOGGER.trace("Resolving Host - {}:{}", str, Integer.valueOf(i));
        InetAddress[] iPFromHost = NetworkUtil.getIPFromHost(str);
        if (iPFromHost != null) {
            Stream.of((Object[]) iPFromHost).forEach(inetAddress -> {
                if (IP_CACHE.put(inetAddress.getHostAddress(), str) == null) {
                    LOGGER.debug("Allowed {}/{} into cache", str, inetAddress.getHostAddress());
                }
            });
        }
    }

    private static String getHostName() {
        try {
            return InetAddress.getLocalHost().getHostName();
        } catch (UnknownHostException e) {
            LOGGER.error(e);
            return "localhost";
        }
    }

    private static HashSet<InetAddress> getAllHostAddress() {
        HashSet<InetAddress> hashSet = new HashSet<>();
        try {
            Collections.addAll(hashSet, InetAddress.getAllByName(InetAddress.getLocalHost().getHostName()));
            return hashSet;
        } catch (IOException e) {
            LOGGER.error(INTERFACE_MARKER, "Error while getting all host address", e);
            hashSet.add(InetAddress.getLoopbackAddress());
            return hashSet;
        }
    }

    private boolean isRecursiveCall() {
        return this.isRecursive.get().equals(Boolean.TRUE);
    }

    private void processPerm(Permission permission) {
        if (permission instanceof URLPermission) {
            try {
                URL url = new URL(permission.getName());
                Class[] classContext = getClassContext();
                if (Config.isLogCaller()) {
                    if ("https".equals(url.getProtocol())) {
                        getHTTPSCaller(classContext);
                    } else if ("http".equals(url.getProtocol())) {
                        getHTTPCaller(classContext);
                    } else {
                        getGenericCaller(classContext);
                    }
                }
                boolean z = "https".equals(url.getProtocol()) || "http".equals(url.getProtocol());
                if (z && url.getPort() == -1) {
                    LOGGER.info(URL_MARKER, "URL: {} Actions: {}", permission.getName(), permission.getActions());
                    return;
                } else if (z) {
                    LOGGER.warn(URL_MARKER, "Custom port URL: {} Actions: {}", permission.getName(), permission.getActions());
                    return;
                } else {
                    LOGGER.warn(URL_MARKER, "Non web URL scheme detected, below URL is not HTTP(S).");
                    LOGGER.warn(URL_MARKER, "URL: {} Actions: {}", permission.getName(), permission.getActions());
                    return;
                }
            } catch (MalformedURLException e) {
                LOGGER.fatal(URL_MARKER, "Exception parsing URLPermission, {}", permission.getName());
                LOGGER.fatal(URL_MARKER, "Exception parsing URL, this should never happen!", e);
            }
        }
        if ((permission instanceof RuntimePermission) && "setSecurityManager".equals(permission.getName())) {
            throw new SecurityException("Attempting to replace NoConnect Security Manager! " + permission.getActions());
        }
    }

    private void getHTTPSCaller(Class<?>[] clsArr) {
        boolean z = false;
        int i = 0;
        for (int i2 = 0; i2 < clsArr.length && i < 4; i2++) {
            String name = clsArr[i2].getName();
            if (z) {
                LOGGER.debug("Possible Caller: {} ", name);
                i++;
            } else {
                z = "sun.net.www.protocol.https.HttpsURLConnectionImpl".equals(name);
            }
        }
    }

    private void getHTTPCaller(Class<?>[] clsArr) {
        boolean z = false;
        int i = 0;
        for (int i2 = 0; i2 < clsArr.length && i < 4; i2++) {
            String name = clsArr[i2].getName();
            if (z) {
                LOGGER.debug("Possible Caller: {} ", name);
                i++;
            } else {
                z = "sun.net.www.protocol.http.HttpURLConnection".equals(name) && !"sun.net.www.protocol.http.HttpURLConnection".equals(clsArr[Math.min(i2 + 1, clsArr.length - 1)].getName());
            }
        }
    }

    private void getGenericCaller(Class<?>[] clsArr) {
        LOGGER.warn("Non web URL is requested, unable to get caller, printing all possible caller...");
        for (Class<?> cls : clsArr) {
            LOGGER.warn(cls);
        }
    }

    private static void onUnknownError(Thread thread, Throwable th) {
        LOGGER.error("Error on: {}", thread.getName(), th);
    }
}
