package io.confluent.ksql.security;

import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.util.Stack;

/* loaded from: input_file:io/confluent/ksql/security/ExtensionSecurityManager.class */
public final class ExtensionSecurityManager extends SecurityManager {
    public static final ExtensionSecurityManager INSTANCE = new ExtensionSecurityManager();
    private static final ThreadLocal<Stack<Boolean>> UDF_IS_EXECUTING = new ThreadLocal<>();

    private ExtensionSecurityManager() {
        Policy.setPolicy(new Policy() { // from class: io.confluent.ksql.security.ExtensionSecurityManager.1
            @Override // java.security.Policy
            public PermissionCollection getPermissions(CodeSource codeSource) {
                Permissions permissions = new Permissions();
                permissions.add(new AllPermission());
                return permissions;
            }

            @Override // java.security.Policy
            public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
                return getPermissions(protectionDomain.getCodeSource());
            }

            @Override // java.security.Policy
            public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
                return true;
            }
        });
    }

    public synchronized void pushInUdf() {
        if (UDF_IS_EXECUTING.get() == null) {
            UDF_IS_EXECUTING.set(new Stack<>());
        }
        UDF_IS_EXECUTING.get().push(true);
    }

    public void popOutUdf() {
        Stack<Boolean> stack = UDF_IS_EXECUTING.get();
        if (stack == null || stack.isEmpty()) {
            return;
        }
        stack.pop();
    }

    @Override // java.lang.SecurityManager
    public void checkExit(int i) {
        if (inUdfExecution()) {
            throw new SecurityException("A UDF attempted to call System.exit");
        }
        super.checkExit(i);
    }

    @Override // java.lang.SecurityManager
    public void checkExec(String str) {
        if (inUdfExecution()) {
            throw new SecurityException("A UDF attempted to execute the following cmd: " + str);
        }
        super.checkExec(str);
    }

    private boolean inUdfExecution() {
        Stack<Boolean> stack = UDF_IS_EXECUTING.get();
        return (stack == null || stack.isEmpty()) ? false : true;
    }
}
