package io.gravitee.policy.groovy.sandbox;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import groovy.lang.Binding;
import groovy.lang.GroovyCodeSource;
import groovy.lang.GroovyShell;
import io.gravitee.policy.groovy.GroovyPolicy;
import io.gravitee.policy.groovy.utils.Sha1;
import java.time.Duration;
import org.apache.groovy.json.internal.FastStringUtils;
import org.codehaus.groovy.control.CompilationFailedException;
import org.codehaus.groovy.control.CompilerConfiguration;
import org.codehaus.groovy.control.customizers.CompilationCustomizer;
import org.codehaus.groovy.control.customizers.SecureASTCustomizer;
import org.codehaus.groovy.runtime.InvokerHelper;
import org.kohsuke.groovy.sandbox.GroovyInterceptor;
import org.kohsuke.groovy.sandbox.SandboxTransformer;

/* loaded from: input_file:io/gravitee/policy/groovy/sandbox/SecuredGroovyShell.class */
public class SecuredGroovyShell {
    private static final int CODE_CACHE_EXPIRATION_HOURS = 1;
    private final GroovyShell groovyShell;
    private final Cache<String, Class<?>> sources = CacheBuilder.newBuilder().expireAfterAccess(Duration.ofHours(1)).build();
    private final GroovyInterceptor groovyInterceptor;

    public SecuredGroovyShell() {
        CompilerConfiguration compilerConfiguration = new CompilerConfiguration();
        compilerConfiguration.addCompilationCustomizers(new CompilationCustomizer[]{new SandboxTransformer()});
        compilerConfiguration.addCompilationCustomizers(new CompilationCustomizer[]{new SecuredAnnotationCustomizer()});
        CompilationCustomizer secureASTCustomizer = new SecureASTCustomizer();
        secureASTCustomizer.setPackageAllowed(false);
        compilerConfiguration.addCompilationCustomizers(new CompilationCustomizer[]{secureASTCustomizer});
        this.groovyShell = new GroovyShell(compilerConfiguration);
        this.groovyInterceptor = new SecuredInterceptor();
    }

    public <T> T evaluate(String str, Binding binding) {
        try {
            this.groovyInterceptor.register();
            T t = (T) InvokerHelper.createScript(getOrCreate(str), binding).run();
            this.groovyInterceptor.unregister();
            return t;
        } catch (Throwable th) {
            this.groovyInterceptor.unregister();
            throw th;
        }
    }

    private Class<?> getOrCreate(String str) throws CompilationFailedException {
        String sha1 = Sha1.sha1(str);
        try {
            return (Class) this.sources.get(sha1, () -> {
                return this.groovyShell.getClassLoader().parseClass(new GroovyCodeSource(str, sha1, "/groovy/shell"), true);
            });
        } catch (Exception e) {
            CompilationFailedException cause = e.getCause();
            if (cause instanceof CompilationFailedException) {
                throw cause;
            }
            if (cause instanceof SecurityException) {
                throw ((SecurityException) cause);
            }
            throw new RuntimeException("Unable to compile script", e);
        }
    }

    static {
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        Thread.currentThread().setContextClassLoader(GroovyPolicy.class.getClassLoader());
        FastStringUtils.toCharArray("hack");
        Thread.currentThread().setContextClassLoader(contextClassLoader);
    }
}
