package com.dremio.jdbc.shaded.com.dremio.security;

import com.dremio.jdbc.shaded.com.dremio.config.DremioConfig;
import com.dremio.jdbc.shaded.com.google.common.collect.ImmutableSet;
import com.dremio.jdbc.shaded.com.google.errorprone.annotations.FormatMethod;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.channels.Channels;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.NoSuchFileException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions;
import java.security.GeneralSecurityException;
import java.util.EnumSet;
import java.util.Set;

/* loaded from: input_file:com/dremio/jdbc/shaded/com/dremio/security/SecurityFolder.class */
public final class SecurityFolder {
    private static final String SECURITY_DIRECTORY = "security";
    public static final Set<PosixFilePermission> SECURITY_DIRECTORY_PERMISSIONS = EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE);
    public static final Set<PosixFilePermission> SECURITY_FILE_PERMISSIONS = EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE);
    private final Path securityDirectory;

    /* loaded from: input_file:com/dremio/jdbc/shaded/com/dremio/security/SecurityFolder$OpenOption.class */
    public enum OpenOption {
        CREATE_OR_WRITE,
        CREATE_ONLY,
        NO_CREATE
    }

    public static SecurityFolder of(DremioConfig dremioConfig) throws GeneralSecurityException, IOException {
        Path path = Paths.get(dremioConfig.getString(DremioConfig.LOCAL_WRITE_PATH_STRING), SECURITY_DIRECTORY);
        Files.createDirectories(path, PosixFilePermissions.asFileAttribute(SECURITY_DIRECTORY_PERMISSIONS));
        return new SecurityFolder(path);
    }

    private SecurityFolder(Path path) throws GeneralSecurityException, IOException {
        this.securityDirectory = checkDirectoryPermissions(path);
    }

    public boolean exists(String str) {
        return Files.exists(this.securityDirectory.resolve(str), new LinkOption[0]);
    }

    public static boolean exists(DremioConfig dremioConfig, String str) {
        return Files.exists(Paths.get(dremioConfig.getString(DremioConfig.LOCAL_WRITE_PATH_STRING), SECURITY_DIRECTORY, str), new LinkOption[0]);
    }

    public static boolean securityFolderExists(DremioConfig dremioConfig) {
        return Files.exists(Paths.get(dremioConfig.getString(DremioConfig.LOCAL_WRITE_PATH_STRING), SECURITY_DIRECTORY), new LinkOption[0]);
    }

    public Path resolve(String str) {
        return this.securityDirectory.resolve(str);
    }

    public Path getSecurityDirectory() {
        return this.securityDirectory;
    }

    public OutputStream newSecureOutputStream(String str, OpenOption openOption) throws GeneralSecurityException, IOException {
        Path resolve = this.securityDirectory.resolve(str);
        boolean exists = Files.exists(resolve, new LinkOption[0]);
        if (!exists && openOption == OpenOption.NO_CREATE) {
            throw new NoSuchFileException(resolve.toString());
        }
        if (!exists) {
            return Channels.newOutputStream(Files.newByteChannel(resolve, ImmutableSet.of(StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE), PosixFilePermissions.asFileAttribute(SECURITY_FILE_PERMISSIONS)));
        }
        checkFilePermissions(resolve);
        return Files.newOutputStream(resolve, openOption == OpenOption.CREATE_ONLY ? new java.nio.file.OpenOption[]{StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE, StandardOpenOption.TRUNCATE_EXISTING} : new java.nio.file.OpenOption[]{StandardOpenOption.WRITE, StandardOpenOption.TRUNCATE_EXISTING});
    }

    public InputStream newSecureInputStream(String str) throws GeneralSecurityException, IOException {
        Path resolve = this.securityDirectory.resolve(str);
        checkFilePermissions(resolve);
        return Files.newInputStream(resolve, new java.nio.file.OpenOption[0]);
    }

    private static Path checkDirectoryPermissions(Path path) throws GeneralSecurityException, IOException {
        return checkPathPermissions(path, "Directory", SECURITY_DIRECTORY_PERMISSIONS);
    }

    private static Path checkFilePermissions(Path path) throws GeneralSecurityException, IOException {
        return checkPathPermissions(path, "File", SECURITY_FILE_PERMISSIONS);
    }

    private static Path checkPathPermissions(Path path, String str, Set<PosixFilePermission> set) throws GeneralSecurityException, IOException {
        checkSecurity(set.equals(Files.getPosixFilePermissions(path, new LinkOption[0])), "%s %s is not accessible to owner only", str, path);
        return path;
    }

    @FormatMethod
    private static void checkSecurity(boolean z, String str, Object... objArr) throws GeneralSecurityException {
        if (!z) {
            throw new GeneralSecurityException(String.format(str, objArr));
        }
    }
}
