package delight.nashornsandbox.internal;

import delight.nashornsandbox.NashornSandbox;
import delight.nashornsandbox.SecuredJsCache;
import delight.nashornsandbox.exceptions.ScriptCPUAbuseException;
import delight.nashornsandbox.exceptions.ScriptMemoryAbuseException;
import java.io.Writer;
import java.lang.reflect.InvocationTargetException;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.script.Bindings;
import javax.script.CompiledScript;
import javax.script.Invocable;
import javax.script.ScriptContext;
import javax.script.ScriptEngine;
import javax.script.ScriptException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:delight/nashornsandbox/internal/NashornSandboxImpl.class */
public class NashornSandboxImpl implements NashornSandbox {
    static final Logger LOG = LoggerFactory.getLogger(NashornSandbox.class);
    protected final SandboxClassFilter sandboxClassFilter;
    protected final ScriptEngine scriptEngine;
    protected long maxCPUTime;
    protected long maxMemory;
    protected ExecutorService executor;
    protected boolean allowPrintFunctions;
    protected boolean allowReadFunctions;
    protected boolean allowLoadFunctions;
    protected boolean allowExitFunctions;
    protected boolean allowGlobalsObjects;
    protected boolean allowNoBraces;
    protected JsEvaluator evaluator;
    protected JsSanitizer sanitizer;
    protected AtomicBoolean engineAsserted;
    protected Invocable lazyInvocable;
    protected int maxPreparedStatements;
    protected SecuredJsCache suppliedCache;
    protected Bindings cached;

    public NashornSandboxImpl() {
        this(new String[0]);
    }

    public NashornSandboxImpl(String... strArr) {
        this(null, strArr);
    }

    public NashornSandboxImpl(ScriptEngine scriptEngine, String... strArr) {
        this.maxCPUTime = 0L;
        this.maxMemory = 0L;
        this.allowPrintFunctions = false;
        this.allowReadFunctions = false;
        this.allowLoadFunctions = false;
        this.allowExitFunctions = false;
        this.allowGlobalsObjects = false;
        this.allowNoBraces = true;
        for (String str : strArr) {
            if (str.equals("--no-java")) {
                throw new IllegalArgumentException("The engine parameter --no-java is not supported. Using it would interfere with the injected code to test for infinite loops.");
            }
        }
        this.sandboxClassFilter = createSandboxClassFilter();
        this.scriptEngine = scriptEngine == null ? createNashornScriptEngineFactory(strArr) : scriptEngine;
        this.maxPreparedStatements = 0;
        allow(InterruptTest.class);
        this.engineAsserted = new AtomicBoolean(false);
    }

    private SandboxClassFilter createSandboxClassFilter() {
        return NashornDetection.createSandboxClassFilter();
    }

    public ScriptEngine createNashornScriptEngineFactory(String... strArr) {
        try {
            Object nashornScriptEngineFactory = NashornDetection.getNashornScriptEngineFactory();
            Class<?> classFilterClass = NashornDetection.getClassFilterClass();
            return (ScriptEngine) nashornScriptEngineFactory.getClass().getDeclaredMethod("getScriptEngine", String[].class, ClassLoader.class, classFilterClass).invoke(nashornScriptEngineFactory, strArr, getClass().getClassLoader(), classFilterClass.cast(this.sandboxClassFilter));
        } catch (IllegalAccessException | NoSuchMethodException | InvocationTargetException e) {
            throw new RuntimeException(e);
        }
    }

    private synchronized void assertScriptEngine() {
        try {
            if (!this.engineAsserted.get()) {
                produceSecureBindings();
            } else if (!engineBindingUnchanged()) {
                resetEngineBindings();
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private boolean engineBindingUnchanged() {
        Bindings bindings = this.scriptEngine.getBindings(100);
        for (Map.Entry entry : this.cached.entrySet()) {
            if (!bindings.containsKey(entry.getKey()) || !Objects.equals(bindings.get(entry.getKey()), entry.getValue())) {
                return false;
            }
        }
        return true;
    }

    private void produceSecureBindings() {
        try {
            StringBuilder sb = new StringBuilder();
            this.cached = this.scriptEngine.getBindings(100);
            sanitizeBindings(this.cached);
            if (!this.allowExitFunctions) {
                sb.append("var quit=function(){};var exit=function(){};");
            }
            if (!this.allowPrintFunctions) {
                sb.append("var print=function(){};var echo = function(){};");
            }
            if (!this.allowReadFunctions) {
                sb.append("var readFully=function(){};").append("var readLine=function(){};");
            }
            if (!this.allowLoadFunctions) {
                sb.append("var load=function(){};var loadWithNewGlobal=function(){};");
            }
            if (!this.allowGlobalsObjects) {
                sb.append("var $ARG=null;var $ENV=null;var $EXEC=null;");
                sb.append("var $OPTIONS=null;var $OUT=null;var $ERR=null;var $EXIT=null;");
            }
            this.scriptEngine.eval(sb.toString());
            resetEngineBindings();
            this.engineAsserted.set(true);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected void resetEngineBindings() {
        Bindings createBindings = createBindings();
        sanitizeBindings(createBindings);
        createBindings.putAll(this.cached);
        this.scriptEngine.setBindings(createBindings, 100);
    }

    protected void sanitizeBindings(Bindings bindings) {
        if (!this.allowExitFunctions) {
            bindings.remove("quit");
            bindings.remove("exit");
        }
        if (!this.allowPrintFunctions) {
            bindings.remove("print");
            bindings.remove("echo");
        }
        if (!this.allowReadFunctions) {
            bindings.remove("readFully");
            bindings.remove("readLine");
        }
        if (this.allowLoadFunctions) {
            return;
        }
        bindings.remove("load");
        bindings.remove("loadWithNewGlobal");
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public Object eval(String str) throws ScriptCPUAbuseException, ScriptException {
        return eval(str, (ScriptContext) null, (Bindings) null);
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public Object eval(String str, Bindings bindings) throws ScriptCPUAbuseException, ScriptException {
        return eval(str, (ScriptContext) null, bindings);
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public Object eval(String str, ScriptContext scriptContext) throws ScriptCPUAbuseException, ScriptException {
        return eval(str, scriptContext, (Bindings) null);
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public Object eval(String str, ScriptContext scriptContext, Bindings bindings) throws ScriptCPUAbuseException, ScriptException {
        assertScriptEngine();
        JsSanitizer sanitizer = getSanitizer();
        return executeSandboxedOperation(new EvaluateOperation(scriptContext == null ? "Object.defineProperty(this, 'engine', {});Object.defineProperty(this, 'context', {});delete this.__noSuchProperty__;" + sanitizer.secureJs(str) : sanitizer.secureJs(str), scriptContext, secureBindings(bindings)));
    }

    protected Bindings secureBindings(Bindings bindings) {
        if (bindings == null) {
            return null;
        }
        bindings.putAll(this.cached);
        return bindings;
    }

    protected Object executeSandboxedOperation(ScriptEngineOperation scriptEngineOperation) throws ScriptCPUAbuseException, ScriptException {
        assertScriptEngine();
        try {
            try {
                if (this.maxCPUTime == 0 && this.maxMemory == 0) {
                    return scriptEngineOperation.executeScriptEngineOperation(this.scriptEngine);
                }
                checkExecutorPresence();
                JsEvaluator evaluator = getEvaluator(scriptEngineOperation);
                this.executor.execute(evaluator);
                evaluator.runMonitor();
                if (evaluator.isCPULimitExceeded()) {
                    throw new ScriptCPUAbuseException("Script used more than the allowed [" + this.maxCPUTime + " ms] of CPU time.", evaluator.isScriptKilled(), evaluator.getException());
                }
                if (evaluator.isMemoryLimitExceeded()) {
                    throw new ScriptMemoryAbuseException("Script used more than the allowed [" + this.maxMemory + " B] of memory.", evaluator.isScriptKilled(), evaluator.getException());
                }
                if (evaluator.getException() != null) {
                    throw evaluator.getException();
                }
                return evaluator.getResult();
            } catch (RuntimeException | ScriptException e) {
                throw e;
            }
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private JsEvaluator getEvaluator(ScriptEngineOperation scriptEngineOperation) {
        return new JsEvaluator(this.scriptEngine, this.maxCPUTime, this.maxMemory, scriptEngineOperation);
    }

    private void checkExecutorPresence() {
        if (this.executor == null) {
            throw new IllegalStateException("When a CPU time or memory limit is set, an executor needs to be provided by calling .setExecutor(...)");
        }
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public void setMaxCPUTime(long j) {
        this.maxCPUTime = j;
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public void setMaxMemory(long j) {
        this.maxMemory = j;
    }

    protected JsSanitizer getSanitizer() {
        if (this.sanitizer == null) {
            if (this.suppliedCache == null) {
                this.sanitizer = new JsSanitizer(this.scriptEngine, this.maxPreparedStatements, this.allowNoBraces);
            } else {
                this.sanitizer = new JsSanitizer(this.scriptEngine, this.allowNoBraces, this.suppliedCache);
            }
        }
        return this.sanitizer;
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public void allow(Class<?> cls) {
        this.sandboxClassFilter.add(cls);
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public void disallow(Class<?> cls) {
        this.sandboxClassFilter.remove(cls);
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public boolean isAllowed(Class<?> cls) {
        return this.sandboxClassFilter.contains(cls);
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public void disallowAllClasses() {
        this.sandboxClassFilter.clear();
        allow(InterruptTest.class);
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public void inject(String str, Object obj) {
        if (obj != null && !this.sandboxClassFilter.contains(obj.getClass())) {
            allow(obj.getClass());
        }
        this.scriptEngine.put(str, obj);
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public void setExecutor(ExecutorService executorService) {
        this.executor = executorService;
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public ExecutorService getExecutor() {
        return this.executor;
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public Object get(String str) {
        return this.scriptEngine.get(str);
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public void allowPrintFunctions(boolean z) {
        if (this.engineAsserted.get()) {
            throw new IllegalStateException("Please set this property before calling eval.");
        }
        this.allowPrintFunctions = z;
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public void allowReadFunctions(boolean z) {
        if (this.engineAsserted.get()) {
            throw new IllegalStateException("Please set this property before calling eval.");
        }
        this.allowReadFunctions = z;
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public void allowLoadFunctions(boolean z) {
        if (this.engineAsserted.get()) {
            throw new IllegalStateException("Please set this property before calling eval.");
        }
        this.allowLoadFunctions = z;
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public void allowExitFunctions(boolean z) {
        if (this.engineAsserted.get()) {
            throw new IllegalStateException("Please set this property before calling eval.");
        }
        this.allowExitFunctions = z;
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public void allowGlobalsObjects(boolean z) {
        if (this.engineAsserted.get()) {
            throw new IllegalStateException("Please set this property before calling eval.");
        }
        this.allowGlobalsObjects = z;
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public void allowNoBraces(boolean z) {
        if (this.allowNoBraces != z) {
            this.sanitizer = null;
        }
        this.allowNoBraces = z;
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public void setWriter(Writer writer) {
        this.scriptEngine.getContext().setWriter(writer);
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public void setMaxPreparedStatements(int i) {
        if (this.maxPreparedStatements != i) {
            this.sanitizer = null;
        }
        this.maxPreparedStatements = i;
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public Bindings createBindings() {
        return this.scriptEngine.createBindings();
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public Invocable getSandboxedInvocable() {
        return (this.maxMemory == 0 && this.maxCPUTime == 0) ? this.scriptEngine : getLazySandboxedInvocable();
    }

    private Invocable getLazySandboxedInvocable() {
        if (this.lazyInvocable == null) {
            this.lazyInvocable = new Invocable() { // from class: delight.nashornsandbox.internal.NashornSandboxImpl.1
                public Object invokeMethod(Object obj, String str, Object... objArr) throws ScriptException, NoSuchMethodException {
                    try {
                        return NashornSandboxImpl.this.executeSandboxedOperation(new InvokeOperation(obj, str, objArr));
                    } catch (ScriptException e) {
                        throw e;
                    } catch (Exception e2) {
                        throw new ScriptException(e2);
                    }
                }

                public Object invokeFunction(String str, Object... objArr) throws ScriptException, NoSuchMethodException {
                    try {
                        return NashornSandboxImpl.this.executeSandboxedOperation(new InvokeOperation(null, str, objArr));
                    } catch (ScriptException e) {
                        throw e;
                    } catch (Exception e2) {
                        throw new ScriptException(e2);
                    }
                }

                public <T> T getInterface(Object obj, Class<T> cls) {
                    throw new IllegalStateException("Not yet implemented");
                }

                public <T> T getInterface(Class<T> cls) {
                    throw new IllegalStateException("Not yet implemented");
                }
            };
        }
        return this.lazyInvocable;
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public void setScriptCache(SecuredJsCache securedJsCache) {
        this.suppliedCache = securedJsCache;
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public CompiledScript compile(String str) throws ScriptException {
        assertScriptEngine();
        return this.scriptEngine.compile(getSanitizer().secureJs(str));
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public Object eval(CompiledScript compiledScript) throws ScriptCPUAbuseException, ScriptException {
        return eval(compiledScript, (ScriptContext) null, (Bindings) null);
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public Object eval(CompiledScript compiledScript, Bindings bindings) throws ScriptCPUAbuseException, ScriptException {
        return eval(compiledScript, (ScriptContext) null, bindings);
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public Object eval(CompiledScript compiledScript, ScriptContext scriptContext) throws ScriptCPUAbuseException, ScriptException {
        return eval(compiledScript, scriptContext, (Bindings) null);
    }

    @Override // delight.nashornsandbox.NashornSandbox
    public Object eval(CompiledScript compiledScript, ScriptContext scriptContext, Bindings bindings) throws ScriptCPUAbuseException, ScriptException {
        assertScriptEngine();
        return executeSandboxedOperation(new EvaluateCompiledOperation(compiledScript, scriptContext, secureBindings(bindings)));
    }
}
