package com.liferay.portal.security.pacl.checker;

import com.liferay.portal.bean.BeanLocatorImpl;
import com.liferay.portal.dao.orm.hibernate.DynamicQueryFactoryImpl;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.portlet.PortletClassLoaderUtil;
import com.liferay.portal.kernel.security.pacl.permission.PortalRuntimePermission;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.PortalClassLoaderUtil;
import com.liferay.portal.kernel.util.SetUtil;
import com.liferay.portal.kernel.util.StringBundler;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.security.pacl.Reflection;
import com.liferay.portal.service.BaseLocalServiceImpl;
import com.liferay.portal.service.BaseServiceImpl;
import com.liferay.portal.service.persistence.impl.BasePersistenceImpl;
import com.liferay.portal.template.TemplateContextHelper;
import java.lang.reflect.Modifier;
import java.security.Permission;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.regex.Pattern;

/* loaded from: input_file:WEB-INF/lib/portal-pacl.jar:com/liferay/portal/security/pacl/checker/PortalRuntimeChecker.class */
public class PortalRuntimeChecker extends BaseChecker {
    private static final String _PORTAL_SERVLET_CONTEXT_NAME = "portal";
    private static Log _log = LogFactoryUtil.getLog(PortalRuntimeChecker.class);
    private Set<String> _classLoaderReferenceIds;
    private Set<String> _expandoBridgeClassNames;
    private List<Pattern> _portletBagPoolPortletIdPatterns;
    private Set<String> _searchEngineIds;
    private List<Pattern> _threadPoolExecutorNamePatterns;
    private Map<String, Set<String>> _getBeanPropertyClassNames = new HashMap();
    private Map<String, Set<String>> _setBeanPropertyClassNames = new HashMap();

    @Override // com.liferay.portal.security.pacl.checker.Checker
    public void afterPropertiesSet() {
        initClassLoaderReferenceIds();
        initExpandoBridgeClassNames();
        initGetBeanPropertyClassNames();
        initPortletBagPoolPortletIds();
        initSearchEngineIds();
        initSetBeanPropertyClassNames();
        initThreadPoolExecutorNames();
    }

    @Override // com.liferay.portal.security.pacl.checker.BaseChecker, com.liferay.portal.security.pacl.checker.Checker
    public AuthorizationProperty generateAuthorizationProperty(Object... objArr) {
        String str;
        if (objArr == null || objArr.length != 1 || !(objArr[0] instanceof Permission)) {
            return null;
        }
        PortalRuntimePermission portalRuntimePermission = (PortalRuntimePermission) objArr[0];
        String shortName = portalRuntimePermission.getShortName();
        String servletContextName = portalRuntimePermission.getServletContextName();
        String subject = portalRuntimePermission.getSubject();
        String property = portalRuntimePermission.getProperty();
        String str2 = subject;
        if (shortName.startsWith("getClassLoader")) {
            str = "security-manager-class-loader-reference-ids";
        } else if (shortName.equals("expandoBridge")) {
            str = "security-manager-expando-bridge";
        } else if (shortName.equals("getBeanProperty")) {
            StringBundler stringBundler = new StringBundler(4);
            stringBundler.append("security-manager-get-bean-property");
            stringBundler.append("[");
            stringBundler.append(servletContextName);
            stringBundler.append("]");
            str = stringBundler.toString();
            if (Validator.isNotNull(property)) {
                str2 = String.valueOf(str2) + "#" + property;
            }
        } else if (shortName.equals("portletBagPool")) {
            str = "security-manager-portlet-bag-pool-portlet-ids";
        } else if (shortName.equals("searchEngine")) {
            str = "security-manager-search-engine-ids";
        } else if (shortName.equals("setBeanProperty")) {
            StringBundler stringBundler2 = new StringBundler(4);
            stringBundler2.append("security-manager-set-bean-property");
            stringBundler2.append("[");
            stringBundler2.append(servletContextName);
            stringBundler2.append("]");
            str = stringBundler2.toString();
            if (Validator.isNotNull(property)) {
                str2 = String.valueOf(str2) + "#" + property;
            }
        } else {
            if (!shortName.equals("threadPoolExecutor")) {
                return null;
            }
            str = "security-manager-thread-pool-executor-names";
        }
        AuthorizationProperty authorizationProperty = new AuthorizationProperty();
        authorizationProperty.setKey(str);
        authorizationProperty.setValue(str2);
        return authorizationProperty;
    }

    @Override // com.liferay.portal.security.pacl.checker.Checker
    public boolean implies(Permission permission) {
        PortalRuntimePermission portalRuntimePermission = (PortalRuntimePermission) permission;
        String shortName = portalRuntimePermission.getShortName();
        String subject = portalRuntimePermission.getSubject();
        String servletContextName = portalRuntimePermission.getServletContextName();
        String string = GetterUtil.getString(portalRuntimePermission.getProperty());
        if (shortName.equals("expandoBridge")) {
            if (this._expandoBridgeClassNames.contains(subject)) {
                return true;
            }
            logSecurityException(_log, "Attempted to get Expando bridge on " + subject);
            return false;
        }
        if (shortName.equals("getBeanProperty")) {
            if (hasGetBeanProperty(servletContextName, subject, string, permission)) {
                return true;
            }
            if (Validator.isNotNull(string)) {
                logSecurityException(_log, "Attempted to get bean property " + string + " on " + subject + " from " + servletContextName);
                return false;
            }
            logSecurityException(_log, "Attempted to get bean property on " + subject + " from " + servletContextName);
            return false;
        }
        if (shortName.startsWith("getClassLoader")) {
            if (hasGetClassLoader(subject, permission)) {
                return true;
            }
            logSecurityException(_log, "Attempted to get class loader " + subject);
            return false;
        }
        if (shortName.equals("portletBagPool")) {
            if (hasPortletBagPoolPortletId(subject)) {
                return true;
            }
            logSecurityException(_log, "Attempted to handle portlet bag pool portlet ID " + subject);
            return false;
        }
        if (shortName.equals("searchEngine")) {
            if (this._searchEngineIds.contains(subject)) {
                return true;
            }
            logSecurityException(_log, "Attempted to get search engine " + subject);
            return false;
        }
        if (!shortName.equals("setBeanProperty")) {
            if (!shortName.equals("threadPoolExecutor") || hasThreadPoolExecutorNames(subject)) {
                return true;
            }
            logSecurityException(_log, "Attempted to modify thread pool executor " + subject);
            return false;
        }
        if (hasSetBeanProperty(servletContextName, subject, string)) {
            return true;
        }
        if (Validator.isNotNull(string)) {
            logSecurityException(_log, "Attempted to set bean property " + string + " on " + subject + " from " + servletContextName);
            return false;
        }
        logSecurityException(_log, "Attempted to set bean property on " + subject + " from " + servletContextName);
        return false;
    }

    protected boolean hasGetBeanProperty(String str, String str2, String str3, Permission permission) {
        if (str.equals(getServletContextName())) {
            return true;
        }
        int stackIndex = Reflection.getStackIndex(13, 12);
        Class<?> callerClass = Reflection.getCallerClass(stackIndex);
        if (isTrustedCaller(callerClass, permission)) {
            int i = stackIndex + 1;
            if (callerClass.equals(BeanLocatorImpl.class)) {
                i += 2;
            }
            Class<?> callerClass2 = Reflection.getCallerClass(i);
            if (!callerClass2.equals(TemplateContextHelper.class) && isTrustedCaller(callerClass2, permission)) {
                return true;
            }
        }
        Set<String> set = this._getBeanPropertyClassNames.get(str);
        if (set == null) {
            return false;
        }
        if (set.contains(str2)) {
            return true;
        }
        return Validator.isNotNull(str3) && set.contains(str2.concat("#").concat(str3));
    }

    protected boolean hasGetClassLoader(String str, Permission permission) {
        int stackIndex = Reflection.getStackIndex(12, 11);
        if (this._classLoaderReferenceIds.contains(str)) {
            return true;
        }
        Class<?> callerClass = Reflection.getCallerClass(stackIndex);
        String name = callerClass.getName();
        if (name.equals(PortalClassLoaderUtil.class.getName()) || name.equals(PortletClassLoaderUtil.class.getName())) {
            callerClass = Reflection.getCallerClass(stackIndex + 1);
        } else if (name.equals(DynamicQueryFactoryImpl.class.getName())) {
            callerClass = Reflection.getCallerClass(stackIndex + 3);
        }
        if (isTrustedCaller(callerClass, permission)) {
            return true;
        }
        Class<? super Object> superclass = callerClass.getSuperclass();
        if (Modifier.isAbstract(callerClass.getModifiers())) {
            return superclass.equals(BaseLocalServiceImpl.class) || superclass.equals(BasePersistenceImpl.class) || superclass.equals(BaseServiceImpl.class);
        }
        return false;
    }

    protected boolean hasPortletBagPoolPortletId(String str) {
        Iterator<Pattern> it2 = this._portletBagPoolPortletIdPatterns.iterator();
        while (it2.hasNext()) {
            if (it2.next().matcher(str).matches()) {
                return true;
            }
        }
        return false;
    }

    protected boolean hasSetBeanProperty(String str, String str2, String str3) {
        if (str.equals(getServletContextName())) {
            return true;
        }
        Set<String> set = this._setBeanPropertyClassNames.get(str);
        if (set == null) {
            return false;
        }
        if (set.contains(str2)) {
            return true;
        }
        return Validator.isNotNull(str3) && set.contains(str2.concat("#").concat(str3));
    }

    protected boolean hasThreadPoolExecutorNames(String str) {
        Iterator<Pattern> it2 = this._threadPoolExecutorNamePatterns.iterator();
        while (it2.hasNext()) {
            if (it2.next().matcher(str).matches()) {
                return true;
            }
        }
        return false;
    }

    protected void initClassLoaderReferenceIds() {
        this._classLoaderReferenceIds = getPropertySet("security-manager-class-loader-reference-ids");
        if (_log.isDebugEnabled()) {
            Iterator it2 = new TreeSet(this._classLoaderReferenceIds).iterator();
            while (it2.hasNext()) {
                _log.debug("Allowing access to class loader for reference " + ((String) it2.next()));
            }
        }
    }

    protected void initExpandoBridgeClassNames() {
        this._expandoBridgeClassNames = getPropertySet("security-manager-expando-bridge");
        if (_log.isDebugEnabled()) {
            Iterator it2 = new TreeSet(this._expandoBridgeClassNames).iterator();
            while (it2.hasNext()) {
                _log.debug("Allowing Expando bridge on class " + ((String) it2.next()));
            }
        }
    }

    protected void initGetBeanPropertyClassNames() {
        for (Map.Entry entry : getProperties().entrySet()) {
            String str = (String) entry.getKey();
            String str2 = (String) entry.getValue();
            if (str.startsWith("security-manager-get-bean-property[")) {
                int indexOf = str.indexOf("[");
                String substring = str.substring(indexOf + 1, str.indexOf("]", indexOf));
                Set<String> fromArray = SetUtil.fromArray(StringUtil.split(str2));
                this._getBeanPropertyClassNames.put(substring, fromArray);
                if (_log.isDebugEnabled() && !substring.equals("portal")) {
                    Iterator it2 = new TreeSet(fromArray).iterator();
                    while (it2.hasNext()) {
                        _log.debug("Allowing get bean property from " + substring + " on class " + ((String) it2.next()));
                    }
                }
            }
        }
        Set<String> set = this._getBeanPropertyClassNames.get("portal");
        if (set == null) {
            set = getPropertySet("security-manager-get-bean-property");
        } else {
            set.addAll(getPropertySet("security-manager-get-bean-property"));
        }
        this._getBeanPropertyClassNames.put("portal", set);
        if (_log.isDebugEnabled()) {
            Iterator it3 = new TreeSet(set).iterator();
            while (it3.hasNext()) {
                _log.debug("Allowing get bean property from portal on class " + ((String) it3.next()));
            }
        }
    }

    protected void initPortletBagPoolPortletIds() {
        Set<String> propertySet = getPropertySet("security-manager-portlet-bag-pool-portlet-ids");
        this._portletBagPoolPortletIdPatterns = new ArrayList(propertySet.size());
        for (String str : propertySet) {
            this._portletBagPoolPortletIdPatterns.add(Pattern.compile(str));
            if (_log.isDebugEnabled()) {
                _log.debug("Allowing portlet bag pool portlet IDs that match the regular expression " + str);
            }
        }
    }

    protected void initSearchEngineIds() {
        this._searchEngineIds = getPropertySet("security-manager-search-engine-ids");
        if (_log.isDebugEnabled()) {
            Iterator it2 = new TreeSet(this._searchEngineIds).iterator();
            while (it2.hasNext()) {
                _log.debug("Allowing search engine " + ((String) it2.next()));
            }
        }
    }

    protected void initSetBeanPropertyClassNames() {
        for (Map.Entry entry : getProperties().entrySet()) {
            String str = (String) entry.getKey();
            String str2 = (String) entry.getValue();
            if (str.startsWith("security-manager-set-bean-property[")) {
                int indexOf = str.indexOf("[");
                String substring = str.substring(indexOf + 1, str.indexOf("]", indexOf));
                Set<String> fromArray = SetUtil.fromArray(StringUtil.split(str2));
                this._setBeanPropertyClassNames.put(substring, fromArray);
                if (_log.isDebugEnabled() && !substring.equals("portal")) {
                    Iterator it2 = new TreeSet(fromArray).iterator();
                    while (it2.hasNext()) {
                        _log.debug("Allowing set bean property from " + substring + " on class " + ((String) it2.next()));
                    }
                }
            }
        }
        Set<String> set = this._setBeanPropertyClassNames.get("portal");
        if (set == null) {
            set = getPropertySet("security-manager-set-bean-property");
        } else {
            set.addAll(getPropertySet("security-manager-set-bean-property"));
        }
        this._setBeanPropertyClassNames.put("portal", set);
        if (_log.isDebugEnabled()) {
            Iterator it3 = new TreeSet(set).iterator();
            while (it3.hasNext()) {
                _log.debug("Allowing set bean property from portal on class " + ((String) it3.next()));
            }
        }
    }

    protected void initThreadPoolExecutorNames() {
        Set<String> propertySet = getPropertySet("security-manager-thread-pool-executor-names");
        this._threadPoolExecutorNamePatterns = new ArrayList(propertySet.size());
        for (String str : propertySet) {
            this._threadPoolExecutorNamePatterns.add(Pattern.compile(str));
            if (_log.isDebugEnabled()) {
                _log.debug("Allowing thread pool executors that match the regular expression " + str);
            }
        }
    }
}
