package org.apache.flink.core.security;

import java.security.Permission;
import org.apache.flink.annotation.VisibleForTesting;
import org.apache.flink.configuration.ClusterOptions;
import org.apache.flink.configuration.Configuration;
import org.apache.flink.configuration.IllegalConfigurationException;
import org.apache.flink.util.Preconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/flink/core/security/FlinkSecurityManager.class */
public class FlinkSecurityManager extends SecurityManager {
    static final Logger LOG = LoggerFactory.getLogger(FlinkSecurityManager.class);
    private static FlinkSecurityManager flinkSecurityManager;
    private final SecurityManager originalSecurityManager;
    private final ThreadLocal<Boolean> monitorUserSystemExit;
    private final ClusterOptions.UserSystemExitMode userSystemExitMode;
    private final boolean haltOnSystemExit;

    @VisibleForTesting
    FlinkSecurityManager(ClusterOptions.UserSystemExitMode userSystemExitMode, boolean z) {
        this(userSystemExitMode, z, System.getSecurityManager());
    }

    @VisibleForTesting
    FlinkSecurityManager(ClusterOptions.UserSystemExitMode userSystemExitMode, boolean z, SecurityManager securityManager) {
        this.monitorUserSystemExit = new InheritableThreadLocal();
        this.userSystemExitMode = (ClusterOptions.UserSystemExitMode) Preconditions.checkNotNull(userSystemExitMode);
        this.haltOnSystemExit = z;
        this.originalSecurityManager = securityManager;
    }

    @VisibleForTesting
    static FlinkSecurityManager fromConfiguration(Configuration configuration) {
        ClusterOptions.UserSystemExitMode userSystemExitMode = (ClusterOptions.UserSystemExitMode) configuration.get(ClusterOptions.INTERCEPT_USER_SYSTEM_EXIT);
        boolean booleanValue = ((Boolean) configuration.get(ClusterOptions.HALT_ON_FATAL_ERROR)).booleanValue();
        if (userSystemExitMode == ClusterOptions.UserSystemExitMode.DISABLED && !booleanValue) {
            return null;
        }
        LOG.info("FlinkSecurityManager is created with {} user system exit mode and {} exit", userSystemExitMode, booleanValue ? "forceful" : "graceful");
        return new FlinkSecurityManager(userSystemExitMode, booleanValue);
    }

    public static void setFromConfiguration(Configuration configuration) {
        FlinkSecurityManager fromConfiguration = fromConfiguration(configuration);
        if (fromConfiguration != null) {
            try {
                System.setSecurityManager(fromConfiguration);
            } catch (Exception e) {
                throw new IllegalConfigurationException(String.format("Could not register security manager due to no permission to set a SecurityManager. Either update your existing SecurityManager to allow the permission or do not use security manager features (e.g., '%s: %s', '%s: %s')", ClusterOptions.INTERCEPT_USER_SYSTEM_EXIT.key(), ClusterOptions.INTERCEPT_USER_SYSTEM_EXIT.defaultValue(), ClusterOptions.HALT_ON_FATAL_ERROR.key(), ClusterOptions.HALT_ON_FATAL_ERROR.defaultValue(), e));
            }
        }
        flinkSecurityManager = fromConfiguration;
    }

    public static void monitorUserSystemExitForCurrentThread() {
        if (flinkSecurityManager != null) {
            flinkSecurityManager.monitorUserSystemExit();
        }
    }

    public static void unmonitorUserSystemExitForCurrentThread() {
        if (flinkSecurityManager != null) {
            flinkSecurityManager.unmonitorUserSystemExit();
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission) {
        if (this.originalSecurityManager != null) {
            this.originalSecurityManager.checkPermission(permission);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission, Object obj) {
        if (this.originalSecurityManager != null) {
            this.originalSecurityManager.checkPermission(permission, obj);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkExit(int i) {
        if (userSystemExitMonitored()) {
            switch (this.userSystemExitMode) {
                case DISABLED:
                    break;
                case LOG:
                    LOG.warn("Exiting JVM with status {} is monitored: The system will exit due to this call.", Integer.valueOf(i), new UserSystemExitException());
                    break;
                case THROW:
                    throw new UserSystemExitException();
                default:
                    LOG.warn("No valid check exit mode configured: {}", this.userSystemExitMode);
                    break;
            }
        }
        if (this.originalSecurityManager != null) {
            this.originalSecurityManager.checkExit(i);
        }
        if (this.haltOnSystemExit) {
            Runtime.getRuntime().halt(i);
        }
    }

    @VisibleForTesting
    void monitorUserSystemExit() {
        this.monitorUserSystemExit.set(true);
    }

    @VisibleForTesting
    void unmonitorUserSystemExit() {
        this.monitorUserSystemExit.set(false);
    }

    @VisibleForTesting
    boolean userSystemExitMonitored() {
        return Boolean.TRUE.equals(this.monitorUserSystemExit.get());
    }

    public static void forceProcessExit(int i) {
        System.setSecurityManager(null);
        if (flinkSecurityManager == null || !flinkSecurityManager.haltOnSystemExit) {
            System.exit(i);
        } else {
            Runtime.getRuntime().halt(i);
        }
    }
}
