package org.apache.hugegraph.unit.core;

import com.google.common.collect.ImmutableMap;
import java.io.File;
import java.io.FileDescriptor;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.lang.ProcessBuilder;
import java.net.ConnectException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeoutException;
import org.apache.hugegraph.HugeException;
import org.apache.hugegraph.HugeFactory;
import org.apache.hugegraph.HugeGraph;
import org.apache.hugegraph.auth.HugeFactoryAuthProxy;
import org.apache.hugegraph.job.GremlinJob;
import org.apache.hugegraph.job.JobBuilder;
import org.apache.hugegraph.masterelection.GlobalMasterInfo;
import org.apache.hugegraph.security.HugeSecurityManager;
import org.apache.hugegraph.task.HugeTask;
import org.apache.hugegraph.testutil.Assert;
import org.apache.hugegraph.unit.FakeObjects;
import org.apache.hugegraph.util.JsonUtil;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;

/* loaded from: input_file:org/apache/hugegraph/unit/core/SecurityManagerTest.class */
public class SecurityManagerTest {
    private static HugeGraph graph;
    private static final HugeSecurityManager sm = new HugeSecurityManager();

    @BeforeClass
    public static void init() {
        graph = loadGraph(false);
        runGremlinJob("1 + 1");
        System.setSecurityManager(new HugeSecurityManager());
    }

    @AfterClass
    public static void clear() throws Exception {
        System.setSecurityManager(null);
        graph.clearBackend();
        graph.close();
        HugeFactory.shutdown(30L);
    }

    @Ignore("Enable it after 1.5.0")
    public void testProcessImplMethodAccess() throws Exception {
        new HugeFactoryAuthProxy();
        Class<?> cls = Class.forName("java.lang.ProcessImpl");
        Assert.assertThrows(NoSuchMethodException.class, () -> {
            cls.getDeclaredMethod("start", String[].class, Map.class, String.class, ProcessBuilder.Redirect[].class, Boolean.TYPE);
        });
    }

    @Ignore("Enable it after 1.5.0")
    public void testThreadFieldAccess() throws Exception {
        new HugeFactoryAuthProxy();
        Class<?> cls = Class.forName("java.lang.Thread");
        Assert.assertThrows(NoSuchFieldException.class, () -> {
            cls.getDeclaredField("name");
        });
    }

    @Test
    public void testNormal() {
        Assert.assertEquals("[]", runGremlinJob("g.V()"));
        Assert.assertEquals("3", runGremlinJob("1 + 2"));
    }

    @Test
    public void testPermission() {
        assertError(runGremlinJob("System.setSecurityManager(null)"), "Not allowed to access denied permission via Gremlin");
    }

    @Test
    public void testClassLoader() {
        assertError(runGremlinJob("System.getSecurityManager().checkCreateClassLoader()"), "Not allowed to create class loader via Gremlin");
    }

    @Test
    public void testThread() {
        new Thread();
        assertError(runGremlinJob("new Thread()"), "Not allowed to access thread group via Gremlin");
        Thread.currentThread().checkAccess();
        assertError(runGremlinJob("Thread.currentThread().stop()"), "Not allowed to access thread via Gremlin");
    }

    @Test
    public void testExit() {
        assertError(runGremlinJob("System.exit(-1)"), "Not allowed to call System.exit() via Gremlin");
    }

    @Test
    public void testFile() {
        try {
            FileInputStream fileInputStream = new FileInputStream("");
            Throwable th = null;
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    fileInputStream.close();
                }
            }
        } catch (IOException e) {
        }
        assertError(runGremlinJob("new FileInputStream(new File(\"\"))"), "Not allowed to read file via Gremlin");
        String str = System.getProperty("user.dir") + "/a.groovy";
        try {
            FileInputStream fileInputStream2 = new FileInputStream(str);
            Throwable th3 = null;
            if (fileInputStream2 != null) {
                if (0 != 0) {
                    try {
                        fileInputStream2.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                } else {
                    fileInputStream2.close();
                }
            }
        } catch (IOException e2) {
        }
        assertError(runGremlinJob(String.format("new FileInputStream(new File(\"%s\"))", str)), "(No such file or directory)");
        new FileInputStream(FileDescriptor.in);
        assertError(runGremlinJob("new FileInputStream(FileDescriptor.in)"), "Not allowed to read fd via Gremlin");
        sm.checkRead("", new Object());
        assertError(runGremlinJob("System.getSecurityManager().checkRead(\"\", new Object())"), "Not allowed to read file via Gremlin");
        try {
            FileOutputStream fileOutputStream = new FileOutputStream("");
            Throwable th5 = null;
            if (fileOutputStream != null) {
                if (0 != 0) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th6) {
                        th5.addSuppressed(th6);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
        } catch (IOException e3) {
        }
        assertError(runGremlinJob("new FileOutputStream(new File(\"\"))"), "Not allowed to write file via Gremlin");
        new FileOutputStream(FileDescriptor.out);
        assertError(runGremlinJob("new FileOutputStream(FileDescriptor.out)"), "Not allowed to write fd via Gremlin");
        new File("").delete();
        assertError(runGremlinJob("new File(\"\").delete()"), "Not allowed to delete file via Gremlin");
        new File("").getAbsolutePath();
        assertError(runGremlinJob("new File(\"\").getAbsolutePath()"), "Not allowed to access system property(user.dir) via Gremlin");
    }

    @Test
    public void testSocket() throws IOException {
        Socket socket;
        Throwable th;
        try {
            ServerSocket serverSocket = new ServerSocket(8200);
            Throwable th2 = null;
            if (serverSocket != null) {
                if (0 != 0) {
                    try {
                        serverSocket.close();
                    } catch (Throwable th3) {
                        th2.addSuppressed(th3);
                    }
                } else {
                    serverSocket.close();
                }
            }
        } catch (IOException e) {
        }
        assertError(runGremlinJob("new ServerSocket(8200)"), "Not allowed to listen socket via Gremlin");
        sm.checkAccept("localhost", 8200);
        assertError(runGremlinJob("System.getSecurityManager().checkAccept(\"localhost\", 8200)"), "Not allowed to accept socket via Gremlin");
        try {
            socket = new Socket();
            th = null;
        } catch (ConnectException e2) {
        }
        try {
            try {
                socket.connect(new InetSocketAddress("localhost", 8200));
                if (socket != null) {
                    if (0 != 0) {
                        try {
                            socket.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        socket.close();
                    }
                }
                assertError(runGremlinJob("new Socket().connect(new InetSocketAddress(\"localhost\", 8200))"), "Not allowed to connect socket via Gremlin");
                sm.checkConnect("localhost", 8200, new Object());
                assertError(runGremlinJob("System.getSecurityManager().checkConnect(\"localhost\", 8200, new Object())"), "Not allowed to connect socket via Gremlin");
                sm.checkMulticast(InetAddress.getByAddress(new byte[]{0, 0, 0, 0}));
                assertError(runGremlinJob("bs = [0, 0, 0, 0] as byte[];System.getSecurityManager().checkMulticast(InetAddress.getByAddress(bs))"), "Not allowed to multicast via Gremlin");
                sm.checkMulticast(InetAddress.getByAddress(new byte[]{0, 0, 0, 0}), (byte) 1);
                assertError(runGremlinJob("bs = [0, 0, 0, 0] as byte[]; ttl = (byte) 1;System.getSecurityManager().checkMulticast(InetAddress.getByAddress(bs), ttl)"), "Not allowed to multicast via Gremlin");
                sm.checkSetFactory();
                assertError(runGremlinJob("System.getSecurityManager().checkSetFactory()"), "Not allowed to set socket factory via Gremlin");
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testExec() throws IOException, InterruptedException {
        Runtime.getRuntime().exec("ls").waitFor();
        assertError(runGremlinJob("process=Runtime.getRuntime().exec('ls'); process.waitFor()"), "Not allowed to execute command via Gremlin");
    }

    @Test
    public void testLink() {
        try {
            System.loadLibrary("hugegraph.jar");
        } catch (UnsatisfiedLinkError e) {
        }
        assertError(runGremlinJob("Runtime.getRuntime().loadLibrary(\"test.jar\")"), "Not allowed to link library via Gremlin");
    }

    @Test
    public void testProperties() {
        System.getProperties();
        assertError(runGremlinJob("System.getProperties()"), "Not allowed to access system properties via Gremlin");
        System.getProperty("java.version");
        assertError(runGremlinJob("System.getProperty(\"java.version\")"), "Not allowed to access system property(java.version) via Gremlin");
    }

    @Test
    public void testPrintJobAccess() {
        sm.checkPrintJobAccess();
        assertError(runGremlinJob("System.getSecurityManager().checkPrintJobAccess()"), "Not allowed to print job via Gremlin");
    }

    @Test
    public void testPackageDefinition() {
        sm.checkPackageDefinition("org.apache.hugegraph.util");
    }

    @Test
    public void testSecurityAccess() {
        sm.checkSecurityAccess("link");
    }

    private static void assertError(String str, String str2) {
        Assert.assertTrue(str, str.endsWith(str2) || str.contains(str2));
    }

    private static String runGremlinJob(String str) {
        JobBuilder of = JobBuilder.of(graph);
        HashMap hashMap = new HashMap();
        hashMap.put("gremlin", str);
        hashMap.put("bindings", ImmutableMap.of());
        hashMap.put("language", "gremlin-groovy");
        hashMap.put("aliases", ImmutableMap.of());
        of.name("test-gremlin-job").input(JsonUtil.toJson(hashMap)).job(new GremlinJob());
        HugeTask schedule = of.schedule();
        try {
            schedule = graph.taskScheduler().waitUntilTaskCompleted(schedule.id(), 10L);
            return schedule.result();
        } catch (TimeoutException e) {
            throw new HugeException("Wait for task timeout: %s", e, new Object[]{schedule});
        }
    }

    private static HugeGraph loadGraph(boolean z) {
        HugeGraph open = HugeFactory.open(FakeObjects.newConfig());
        if (z) {
            open.clearBackend();
        }
        open.initBackend();
        open.serverStarted(GlobalMasterInfo.master("server1"));
        return open;
    }
}
