package io.gravitee.policy.groovy.sandbox;

import groovy.lang.GString;
import groovy.lang.GroovyClassLoader;
import groovy.lang.Script;
import io.gravitee.common.util.EnvironmentUtils;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.InaccessibleObjectException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.reflect.ConstructorUtils;
import org.apache.commons.lang3.reflect.FieldUtils;
import org.apache.commons.lang3.reflect.MethodUtils;
import org.codehaus.groovy.runtime.DateGroovyMethods;
import org.codehaus.groovy.runtime.DefaultGroovyMethods;
import org.codehaus.groovy.runtime.EncodingGroovyMethods;
import org.codehaus.groovy.runtime.StringGroovyMethods;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.Environment;
import org.springframework.lang.Nullable;
import org.springframework.util.ClassUtils;

/* loaded from: input_file:io/gravitee/policy/groovy/sandbox/SecuredResolver.class */
public class SecuredResolver {
    static final String WHITELIST_MODE = "append";
    static final String WHITELIST_MODE_KEY = "groovy.whitelist.mode";
    static final String WHITELIST_LIST_KEY = "groovy.whitelist.list";
    static final String WHITELIST_METHOD_PREFIX = "method ";
    static final String WHITELIST_FIELD_PREFIX = "field ";
    static final String WHITELIST_CLASS_PREFIX = "class ";
    static final String WHITELIST_CONSTRUCTOR_PREFIX = "new ";
    static final String WHITELIST_ANNOTATION_PREFIX = "annotation ";
    private static SecuredResolver INSTANCE;
    private static Map<Class<?>, List<Method>> methodsByType;
    private static Map<Class<?>, List<Field>> fieldsByType;
    private static Map<Class<?>, List<Constructor<?>>> constructorsByType;
    private static Set<Class<?>> annotations;
    private static final Logger logger = LoggerFactory.getLogger(SecuredResolver.class);
    private static final Set<String> NUMBER_MATH_METHOD_NAMES = new HashSet(Arrays.asList("plus", "minus", "multiply", "div", "compareTo", "or", "and", "xor", "intdiv", "mod", "leftShift", "rightShift", "rightShiftUnsigned"));
    private static final Class<?>[] DGM_CLASSES = {DefaultGroovyMethods.class, StringGroovyMethods.class, EncodingGroovyMethods.class, DateGroovyMethods.class};
    private static final List<String> ALLOWED_ARRAY_NATIVE_METHODS = Arrays.asList("getAt", "putAt", "getLength");
    private final Map<String, Boolean> resolved = new ConcurrentHashMap();
    private final Map<Class<?>, List<Method>> methodsByTypeAndSuperTypes = new ConcurrentHashMap();

    public static synchronized void initialize(@Nullable Environment environment) {
        if (isInitialized()) {
            return;
        }
        loadWhitelist(environment);
        INSTANCE = new SecuredResolver();
    }

    public static synchronized boolean isInitialized() {
        return INSTANCE != null;
    }

    public static synchronized void destroy() {
        if (isInitialized()) {
            methodsByType.clear();
            fieldsByType.clear();
            constructorsByType.clear();
            annotations.clear();
            INSTANCE = null;
        }
    }

    public static SecuredResolver getInstance() {
        if (!isInitialized()) {
            initialize(null);
        }
        return INSTANCE;
    }

    private SecuredResolver() {
    }

    public boolean isAnnotationAllowed(String str) {
        return annotations.stream().anyMatch(cls -> {
            return cls.getCanonicalName().equals(str) || cls.getName().equals(str) || cls.getSimpleName().equals(str) || cls.getTypeName().equals(str);
        });
    }

    public boolean isConstructorAllowed(Class<?> cls, Object... objArr) {
        String key = getKey(cls, "<init>", objArr);
        if (this.resolved.containsKey(key)) {
            return this.resolved.get(key).booleanValue();
        }
        if (isGroovyScriptDefinedClass(cls)) {
            this.resolved.put(key, true);
            return true;
        }
        boolean contains = constructorsByType.getOrDefault(cls, Collections.emptyList()).contains(ConstructorUtils.getMatchingAccessibleConstructor(cls, getClasses(objArr)));
        this.resolved.put(key, Boolean.valueOf(contains));
        return contains;
    }

    public boolean isGetPropertyAllowed(Object obj, String str) {
        Class<?> cls = obj instanceof Class ? (Class) obj : obj.getClass();
        String key = getKey(obj, str, new Object[0]);
        if (this.resolved.containsKey(key)) {
            return this.resolved.get(key).booleanValue();
        }
        if (isGroovyScriptDefinedClass(cls)) {
            this.resolved.put(key, true);
            return true;
        }
        for (String str2 : new String[]{"get", "is"}) {
            if (isMethodAllowed(obj, str2 + StringUtils.capitalize(str), new Object[0])) {
                this.resolved.put(key, true);
                return true;
            }
        }
        Field declaredField = FieldUtils.getDeclaredField(cls, str);
        if (declaredField == null || !getAllowedFields(cls).contains(declaredField)) {
            return false;
        }
        this.resolved.put(key, true);
        return true;
    }

    public boolean isSetPropertyAllowed(Object obj, String str, Object obj2) {
        Class<?> cls = obj instanceof Class ? (Class) obj : obj.getClass();
        String key = getKey(obj, str, new Object[0]);
        if (this.resolved.containsKey(key)) {
            return this.resolved.get(key).booleanValue();
        }
        if (isGroovyScriptDefinedClass(cls)) {
            this.resolved.put(key, true);
            return true;
        }
        if (isMethodAllowed(obj, "set" + StringUtils.capitalize(str), obj2)) {
            this.resolved.put(key, true);
            return true;
        }
        Field declaredField = FieldUtils.getDeclaredField(cls, str);
        if (declaredField == null || !getAllowedFields(cls).contains(declaredField)) {
            return false;
        }
        this.resolved.put(key, true);
        return true;
    }

    public boolean isMethodAllowed(Object obj, String str, Object... objArr) {
        Class<?> cls = obj instanceof Class ? (Class) obj : obj.getClass();
        String key = getKey(cls, str, objArr);
        if (this.resolved.containsKey(key)) {
            return this.resolved.get(key).booleanValue();
        }
        if ((obj instanceof Number) && NUMBER_MATH_METHOD_NAMES.contains(str)) {
            this.resolved.put(key, true);
            return true;
        }
        Class<?>[] classes = getClasses(objArr);
        boolean z = isMethodAllowed(cls, str, classes) || isDGMAllowed(cls, str, classes);
        this.resolved.put(key, Boolean.valueOf(z));
        return z;
    }

    private boolean isMethodAllowed(Class<?> cls, String str, Class<?>[] clsArr) {
        if (cls == null) {
            return false;
        }
        Method matchingAccessibleMethod = getMatchingAccessibleMethod(cls, str, clsArr);
        if ((matchingAccessibleMethod != null && (isGroovyScriptDefinedMethod(matchingAccessibleMethod) || getAllowedMethods(cls).contains(matchingAccessibleMethod))) || isMethodAllowed((Class<?>) cls.getSuperclass(), str, clsArr)) {
            return true;
        }
        for (Class<?> cls2 : ClassUtils.getAllInterfacesForClass(cls)) {
            if (cls2 != cls && isMethodAllowed(cls2, str, clsArr)) {
                return true;
            }
        }
        return false;
    }

    private Method getMatchingAccessibleMethod(Class<?> cls, String str, Class<?>[] clsArr) {
        try {
            return MethodUtils.getMatchingAccessibleMethod(cls, str, clsArr);
        } catch (InaccessibleObjectException e) {
            return getMatchingAccessibleMethod(cls.getSuperclass(), str, clsArr);
        }
    }

    private boolean isDGMAllowed(Class<?> cls, String str, Class<?>[] clsArr) {
        Class<?>[] clsArr2 = new Class[clsArr.length + 1];
        clsArr2[0] = cls;
        System.arraycopy(clsArr, 0, clsArr2, 1, clsArr.length);
        if (cls.isArray() && ALLOWED_ARRAY_NATIVE_METHODS.contains(str)) {
            return true;
        }
        for (Class<?> cls2 : DGM_CLASSES) {
            Method matchingAccessibleMethod = getMatchingAccessibleMethod(cls2, str, clsArr2);
            if (matchingAccessibleMethod != null && getAllowedMethods(cls2).contains(matchingAccessibleMethod)) {
                return true;
            }
        }
        return false;
    }

    private boolean isGroovyScriptDefinedClass(Class<?> cls) {
        return (cls.getClassLoader() instanceof GroovyClassLoader) && !Script.class.isAssignableFrom(cls);
    }

    private boolean isGroovyScriptDefinedMethod(Method method) {
        Class<?> declaringClass = method.getDeclaringClass();
        return (declaringClass.getClassLoader() instanceof GroovyClassLoader) && declaringClass != Script.class;
    }

    private List<Method> getAllowedMethods(Class<?> cls) {
        if (this.methodsByTypeAndSuperTypes.containsKey(cls)) {
            return this.methodsByTypeAndSuperTypes.get(cls);
        }
        List<Method> orDefault = methodsByType.getOrDefault(cls, Collections.emptyList());
        if (cls.getSuperclass() != null) {
            orDefault = (List) Stream.concat(orDefault.stream(), getAllowedMethods(cls.getSuperclass()).stream()).collect(Collectors.toList());
        }
        for (Class<?> cls2 : cls.getInterfaces()) {
            orDefault = (List) Stream.concat(orDefault.stream(), getAllowedMethods(cls2).stream()).collect(Collectors.toList());
        }
        this.methodsByTypeAndSuperTypes.put(cls, orDefault);
        return orDefault;
    }

    private List<Field> getAllowedFields(Class<?> cls) {
        return fieldsByType.getOrDefault(cls, Collections.emptyList());
    }

    private String getKey(Object obj, String str, Object[] objArr) {
        return (obj instanceof Class ? obj : obj.getClass()) + "#" + str + Arrays.toString(getClasses(objArr));
    }

    private Class<?>[] getClasses(Object[] objArr) {
        Class<?>[] clsArr = new Class[objArr.length];
        for (int i = 0; i < objArr.length; i++) {
            if (objArr[i] instanceof GString) {
                clsArr[i] = String.class;
            } else {
                clsArr[i] = objArr[i] != null ? objArr[i].getClass() : Object.class;
            }
        }
        return clsArr;
    }

    private static void loadWhitelist(Environment environment) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        boolean z = true;
        if (environment != null) {
            z = WHITELIST_MODE.equals(environment.getProperty(WHITELIST_MODE_KEY, WHITELIST_MODE));
            Iterator it = EnvironmentUtils.getPropertiesStartingWith((ConfigurableEnvironment) environment, WHITELIST_LIST_KEY).values().iterator();
            while (it.hasNext()) {
                parseDeclaration(String.valueOf(it.next()), arrayList, arrayList2, arrayList3, arrayList4);
            }
        }
        if (z) {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(SecuredResolver.class.getResourceAsStream("/groovy-whitelist")));
            while (true) {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    } else {
                        parseDeclaration(readLine, arrayList, arrayList2, arrayList3, arrayList4);
                    }
                } catch (IOException e) {
                    logger.error("Unable to read Groovy built-in groovy-whitelist", e);
                }
            }
        }
        methodsByType = (Map) arrayList.stream().collect(Collectors.groupingBy((v0) -> {
            return v0.getDeclaringClass();
        }));
        fieldsByType = (Map) arrayList2.stream().collect(Collectors.groupingBy((v0) -> {
            return v0.getDeclaringClass();
        }));
        constructorsByType = (Map) arrayList3.stream().collect(Collectors.groupingBy((v0) -> {
            return v0.getDeclaringClass();
        }));
        annotations = new HashSet(arrayList4);
    }

    private static void parseDeclaration(String str, List<Method> list, List<Field> list2, List<Constructor<?>> list3, List<Class<?>> list4) {
        try {
            if (str.startsWith(WHITELIST_METHOD_PREFIX)) {
                list.add(parseMethod(str));
            } else if (str.startsWith(WHITELIST_FIELD_PREFIX)) {
                list2.add(parseField(str));
            } else if (str.startsWith(WHITELIST_CONSTRUCTOR_PREFIX)) {
                list3.add(parseConstructor(str));
            } else if (str.startsWith(WHITELIST_ANNOTATION_PREFIX)) {
                list4.add(parseAnnotation(str));
            } else if (str.startsWith(WHITELIST_CLASS_PREFIX)) {
                list.addAll(parseAllMethods(str));
                list2.addAll(parseAllFields(str));
                list3.addAll(parseAllConstructors(str));
            }
        } catch (Exception e) {
            logger.warn("The Groovy whitelisted declaration [{}] cannot be loaded. Message is [{}]", str, e.toString());
        }
    }

    private static Method parseMethod(String str) throws Exception {
        String[] split = str.split(" ");
        String str2 = split[1];
        String str3 = split[2];
        String[] strArr = new String[0];
        if (split.length > 3) {
            strArr = (String[]) Arrays.copyOfRange(split, 3, split.length);
        }
        Class<?>[] clsArr = new Class[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            clsArr[i] = ClassUtils.forName(strArr[i], SecuredResolver.class.getClassLoader());
        }
        return ClassUtils.forName(str2, SecuredResolver.class.getClassLoader()).getDeclaredMethod(str3, clsArr);
    }

    private static List<Method> parseAllMethods(String str) throws Exception {
        return Arrays.asList(ClassUtils.forName(str.split(" ")[1], SecuredResolver.class.getClassLoader()).getDeclaredMethods());
    }

    private static Field parseField(String str) throws Exception {
        String[] split = str.split(" ");
        String str2 = split[1];
        return ClassUtils.forName(str2, SecuredResolver.class.getClassLoader()).getDeclaredField(split[2]);
    }

    private static List<Field> parseAllFields(String str) throws Exception {
        return Arrays.asList(ClassUtils.forName(str.split(" ")[1], SecuredResolver.class.getClassLoader()).getDeclaredFields());
    }

    private static Constructor parseConstructor(String str) throws Exception {
        String[] split = str.split(" ");
        String str2 = split[1];
        String[] strArr = new String[0];
        if (split.length > 2) {
            strArr = (String[]) Arrays.copyOfRange(split, 2, split.length);
        }
        Class<?>[] clsArr = new Class[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            clsArr[i] = ClassUtils.forName(strArr[i], SecuredResolver.class.getClassLoader());
        }
        return ClassUtils.forName(str2, SecuredResolver.class.getClassLoader()).getDeclaredConstructor(clsArr);
    }

    private static List<Constructor<?>> parseAllConstructors(String str) throws Exception {
        return Arrays.asList(ClassUtils.forName(str.split(" ")[1], SecuredResolver.class.getClassLoader()).getDeclaredConstructors());
    }

    private static Class<?> parseAnnotation(String str) throws Exception {
        return ClassUtils.forName(str.split(" ")[1], SecuredResolver.class.getClassLoader());
    }
}
