package com.intellij.ui.jcef;

import com.intellij.CommonBundle;
import com.intellij.execution.ExecutionException;
import com.intellij.execution.configurations.GeneralCommandLine;
import com.intellij.execution.process.CapturingProcessHandler;
import com.intellij.execution.process.ProcessOutput;
import com.intellij.execution.util.ExecUtil;
import com.intellij.ide.BrowserUtil;
import com.intellij.ide.IdeBundle;
import com.intellij.notification.NotificationType;
import com.intellij.notification.Notifications;
import com.intellij.openapi.actionSystem.AnAction;
import com.intellij.openapi.actionSystem.AnActionEvent;
import com.intellij.openapi.application.ApplicationManager;
import com.intellij.openapi.application.ApplicationNamesInfo;
import com.intellij.openapi.diagnostic.Logger;
import com.intellij.openapi.project.DumbAwareAction;
import com.intellij.openapi.ui.Messages;
import com.intellij.openapi.util.SystemInfoRt;
import com.intellij.openapi.util.io.FileUtil;
import com.intellij.openapi.util.registry.RegistryManager;
import com.intellij.ui.EditorNotificationPanel;
import com.intellij.ui.InlineBanner;
import com.intellij.util.LazyInitializer;
import com.intellij.util.ui.UIUtil;
import java.awt.Component;
import java.awt.GridBagConstraints;
import java.awt.GridBagLayout;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.Locale;
import javax.swing.JButton;
import javax.swing.JLabel;
import javax.swing.JPanel;
import org.freedesktop.dbus.messages.Message;
import org.jetbrains.annotations.ApiStatus;
import org.jetbrains.annotations.NotNull;

@ApiStatus.Experimental
/* loaded from: input_file:com/intellij/ui/jcef/JBCefAppArmorUtils.class */
public final class JBCefAppArmorUtils {
    private static final Logger LOG = Logger.getInstance(JBCefAppArmorUtils.class);
    private static final LazyInitializer.LazyValue<Boolean> myUnprivilegedUserNameSpacesRestricted = LazyInitializer.create(() -> {
        return Boolean.valueOf(areUnprivilegedUserNameSpacesRestrictedImpl());
    });

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/intellij/ui/jcef/JBCefAppArmorUtils$InstallAppArmorProfileAction.class */
    public static class InstallAppArmorProfileAction extends DumbAwareAction {
        private final String path;
        private final String profileContent;
        private final Runnable onComplete;

        InstallAppArmorProfileAction(String str, String str2, Runnable runnable) {
            super(IdeBundle.message("notification.content.jcef.unprivileged.userns.restricted.action.add.apparmor.profile", new Object[0]));
            this.path = str;
            this.profileContent = str2;
            this.onComplete = runnable;
        }

        @Override // com.intellij.openapi.actionSystem.AnAction
        public void actionPerformed(@NotNull AnActionEvent anActionEvent) {
            if (anActionEvent == null) {
                $$$reportNull$$$0(0);
            }
            ApplicationManager.getApplication().executeOnPooledThread(() -> {
                try {
                    JBCefAppArmorUtils.installAppArmorProfile(this.path, this.profileContent);
                    this.onComplete.run();
                    ApplicationManager.getApplication().restart();
                } catch (IOException | ExecutionException e) {
                    Notifications.Bus.notify(JBCefApp.getNotificationGroup().createNotification(IdeBundle.message("notification.content.jcef.failed.to.install.apparmor.profile", new Object[0]), e.getMessage(), NotificationType.ERROR));
                }
            });
        }

        private static /* synthetic */ void $$$reportNull$$$0(int i) {
            throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", Message.ArgumentType.DICT_ENTRY_STRING, "com/intellij/ui/jcef/JBCefAppArmorUtils$InstallAppArmorProfileAction", "actionPerformed"));
        }
    }

    public static boolean areUnprivilegedUserNamespacesRestricted() {
        return ((Boolean) myUnprivilegedUserNameSpacesRestricted.get()).booleanValue();
    }

    @NotNull
    public static InlineBanner createUnprivilegedUserNamespacesRestrictedBanner() {
        String formatted = "%s. %s".formatted(IdeBundle.message("notification.content.jcef.unprivileged.userns.restricted.title", new Object[0]), IdeBundle.message("notification.content.jcef.unprivileged.userns.restricted.message", new Object[0]));
        InlineBanner addAction = new InlineBanner(formatted, EditorNotificationPanel.Status.Error).setMessage(formatted).showCloseButton(false).addAction(IdeBundle.message("notification.content.jcef.unprivileged.userns.restricted.action.add.apparmor.profile", new Object[0]), () -> {
            installAppArmorProfile();
        }).addAction(IdeBundle.message("notification.content.jcef.unprivileged.userns.restricted.action.disable.sandbox", new Object[0]), () -> {
            RegistryManager.getInstance().get("ide.browser.jcef.sandbox.enable").setValue(false);
            ApplicationManager.getApplication().restart();
        }).addAction(IdeBundle.message("notification.content.jcef.unprivileged.userns.restricted.action.learn.more", new Object[0]), () -> {
            BrowserUtil.browse("https://youtrack.jetbrains.com/articles/JBR-A-11");
        });
        if (addAction == null) {
            $$$reportNull$$$0(0);
        }
        return addAction;
    }

    public static void showUnprivilegedUserNamespacesRestrictedDialog(Component component) {
        UIUtil.invokeLaterIfNeeded(() -> {
            switch (Messages.showDialog(component, IdeBundle.message("notification.content.jcef.enable.browser.dialog.message", new Object[0]), IdeBundle.message("notification.content.jcef.enable.browser.dialog.title", new Object[0]), new String[]{IdeBundle.message("notification.content.jcef.unprivileged.userns.restricted.action.add.apparmor.profile", new Object[0]), IdeBundle.message("notification.content.jcef.unprivileged.userns.restricted.action.disable.sandbox", new Object[0]), CommonBundle.getCancelButtonText()}, 0, Messages.getQuestionIcon())) {
                case 0:
                    installAppArmorProfile();
                    return;
                case 1:
                    RegistryManager.getInstance().get("ide.browser.jcef.sandbox.enable").setValue(false);
                    ApplicationManager.getApplication().restart();
                    return;
                default:
                    return;
            }
        });
    }

    public static JPanel getUnprivilegedUserNamespacesRestrictedStubPanel() {
        final JPanel jPanel = new JPanel(new GridBagLayout());
        GridBagConstraints gridBagConstraints = new GridBagConstraints();
        gridBagConstraints.anchor = 10;
        gridBagConstraints.gridwidth = 0;
        JLabel jLabel = new JLabel(IdeBundle.message("notification.content.jcef.browser.suspended.text", new Object[0]));
        JButton jButton = new JButton(IdeBundle.message("notification.content.jcef.enable.browser.button", new Object[0]));
        jButton.addActionListener(new ActionListener() { // from class: com.intellij.ui.jcef.JBCefAppArmorUtils.1
            public void actionPerformed(ActionEvent actionEvent) {
                JBCefAppArmorUtils.showUnprivilegedUserNamespacesRestrictedDialog(jPanel);
            }
        });
        jPanel.add(jLabel, gridBagConstraints);
        jPanel.add(jButton, gridBagConstraints);
        return jPanel;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Deprecated(forRemoval = true)
    public static boolean areUnprivilegedUserNameSpacesAllowed() {
        return !((Boolean) myUnprivilegedUserNameSpacesRestricted.get()).booleanValue();
    }

    private static boolean areUnprivilegedUserNameSpacesRestrictedImpl() {
        if (!SystemInfoRt.isLinux) {
            return false;
        }
        try {
            ProcessOutput runProcess = new CapturingProcessHandler(new GeneralCommandLine().withExePath("unshare").withParameters(new String[]{"--user", "--map-root-user", "echo"})).runProcess();
            if (runProcess.getExitCode() == 0) {
                return false;
            }
            LOG.warn("Unprivileged user namespaces check failed: " + runProcess.getStderr());
            return true;
        } catch (ExecutionException e) {
            LOG.warn("Failed to check unprivileged user namespaces restrictions(considered as restricted): " + e.getMessage());
            return true;
        }
    }

    private static String getApparmorProfile() {
        String str = (String) ProcessHandle.current().info().command().orElse(null);
        if (str != null) {
            return "# This profile is autogenerated by %s to allow running sandboxed JCEF\nabi <abi/4.0>,\ninclude <tunables/global>\n\nprofile %s flags=(unconfined) {\n  userns,\n\n  include if exists <local/chrome>\n}\n".formatted(ApplicationNamesInfo.getInstance().getFullProductNameWithEdition(), str).stripIndent();
        }
        LOG.warn("Can't generate the apparmor profile for JCEF: failed to find the executable path");
        return null;
    }

    private static String getApplicationName() {
        return (ApplicationNamesInfo.getInstance().getProductName() + "-" + ApplicationNamesInfo.getInstance().getEditionName()).toLowerCase(Locale.ROOT).replaceAll("[^a-z0-9]", "-");
    }

    private static String getApparmorProfilePath() {
        Path of = Path.of("/etc/apparmor.d", new String[0]);
        if (!Files.exists(of, new LinkOption[0]) || !Files.isDirectory(of, new LinkOption[0])) {
            LOG.warn("Can't generate the apparmor profile for CEF: /etc/apparmor.d doesn't exists");
            return null;
        }
        String applicationName = getApplicationName();
        int i = 0;
        while (i <= 1000) {
            Path resolve = of.resolve(applicationName + (i == 0 ? "" : "-" + i));
            if (!Files.exists(resolve, new LinkOption[0])) {
                return resolve.toString();
            }
            i++;
        }
        LOG.warn("Can't generate the apparmor profile for CEF: failed to find the filename");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void installAppArmorProfile() {
        ApplicationManager.getApplication().executeOnPooledThread(() -> {
            try {
                installAppArmorProfile(getApparmorProfilePath(), getApparmorProfile());
                ApplicationManager.getApplication().restart();
            } catch (IOException | ExecutionException e) {
                Notifications.Bus.notify(JBCefApp.getNotificationGroup().createNotification(IdeBundle.message("notification.content.jcef.failed.to.install.apparmor.profile", new Object[0]), e.getMessage(), NotificationType.ERROR));
            }
        });
    }

    private static void installAppArmorProfile(String str, String str2) throws IOException, ExecutionException {
        File createTempFile = FileUtil.createTempFile("apparmor_profile", (String) null, true);
        FileUtil.writeToFile(createTempFile, str2);
        File createTempFile2 = FileUtil.createTempFile("install_apparmor_profile.sh", (String) null, true);
        FileUtil.writeToFile(createTempFile2, "#!/bin/sh\nset -e\ncp %s %s\napparmor_parser -r %s\n".formatted(createTempFile, str, str).stripIndent());
        ProcessOutput execAndGetOutput = ExecUtil.execAndGetOutput(ExecUtil.sudoCommand(new GeneralCommandLine().withExePath("sh").withParameters(new String[]{createTempFile2.toString()}), IdeBundle.message("notification.content.jcef.unprivileged.userns.restricted.install.apparmor.profile.prompt", new Object[0]).formatted(ApplicationNamesInfo.getInstance().getFullProductNameWithEdition())));
        if (execAndGetOutput.getExitCode() != 0) {
            throw new ExecutionException(execAndGetOutput.getStderr());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AnAction getInstallInstallAppArmorProfileAction(Runnable runnable) {
        String apparmorProfilePath = getApparmorProfilePath();
        String apparmorProfile = getApparmorProfile();
        if (apparmorProfilePath == null || apparmorProfile == null) {
            return null;
        }
        return new InstallAppArmorProfileAction(apparmorProfilePath, apparmorProfile, runnable);
    }

    private static /* synthetic */ void $$$reportNull$$$0(int i) {
        throw new IllegalStateException(String.format("@NotNull method %s.%s must not return null", "com/intellij/ui/jcef/JBCefAppArmorUtils", "createUnprivilegedUserNamespacesRestrictedBanner"));
    }
}
