package com.liferay.portal.security.pacl.checker;

import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.security.pacl.Reflection;
import java.security.Permission;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.regex.Pattern;

/* loaded from: input_file:WEB-INF/lib/portal-pacl.jar:com/liferay/portal/security/pacl/checker/RuntimeChecker.class */
public class RuntimeChecker extends BaseChecker {
    private static Log _log = LogFactoryUtil.getLog(RuntimeChecker.class);
    private boolean _accessDeclaredMembers;
    private boolean _createClassLoader;
    private List<Pattern> _environmentVariablePatterns;
    private boolean _getProtectionDomain;
    private boolean _modifyThread;
    private boolean _setContextClassLoader;

    @Override // com.liferay.portal.security.pacl.checker.Checker
    public void afterPropertiesSet() {
        initAccessDeclaredMembers();
        initCreateClassLoader();
        initEnvironmentVariables();
        initGetProtectionDomain();
        initModifyThread();
        initSetContextClassLoader();
    }

    @Override // com.liferay.portal.security.pacl.checker.BaseChecker, com.liferay.portal.security.pacl.checker.Checker
    public AuthorizationProperty generateAuthorizationProperty(Object... objArr) {
        String str;
        String str2;
        if (objArr == null || objArr.length != 1 || !(objArr[0] instanceof Permission)) {
            return null;
        }
        String name = ((Permission) objArr[0]).getName();
        if (name.startsWith("accessDeclaredMembers")) {
            str = "security-manager-access-declared-members";
            str2 = "true";
        } else if (name.startsWith("createClassLoader")) {
            str = "security-manager-create-class-loader";
            str2 = "true";
        } else if (name.startsWith("getenv")) {
            str = "security-manager-environment-variables";
            str2 = name.substring("getenv".length() + 1);
            if (str2.equals("*")) {
                str2 = "\\\\" + str2;
            }
        } else if (name.startsWith("getProtectionDomain")) {
            str = "security-manager-get-protection-domain";
            str2 = "true";
        } else if (name.equals("modifyThread")) {
            str = "security-manager-modify-thread";
            str2 = "true";
        } else {
            if (!name.equals("setContextClassLoader")) {
                return null;
            }
            str = "security-manager-set-context-class-loader";
            str2 = "true";
        }
        AuthorizationProperty authorizationProperty = new AuthorizationProperty();
        authorizationProperty.setKey(str);
        authorizationProperty.setValue(str2);
        return authorizationProperty;
    }

    @Override // com.liferay.portal.security.pacl.checker.Checker
    public boolean implies(Permission permission) {
        String name = permission.getName();
        if (name.startsWith("accessClassInPackage")) {
            String substring = name.substring(name.indexOf(".") + 1);
            if (hasAccessClassInPackage(substring)) {
                return true;
            }
            logSecurityException(_log, "Attempted to access package " + substring);
            return false;
        }
        if (name.equals("accessDeclaredMembers")) {
            if (hasAccessDeclaredMembers(permission)) {
                return true;
            }
            logSecurityException(_log, "Attempted to access declared members");
            return false;
        }
        if (name.equals("createClassLoader")) {
            if (hasCreateClassLoader(permission)) {
                return true;
            }
            logSecurityException(_log, "Attempted to create a class loader");
            return false;
        }
        if (name.equals("createSecurityManager")) {
            if (hasCreateSecurityManager(permission)) {
                return true;
            }
            logSecurityException(_log, "Attempted to create a security manager");
            return false;
        }
        if (name.startsWith("getClassLoader")) {
            if (hasGetClassLoader(permission)) {
                return true;
            }
            logSecurityException(_log, "Attempted to get class loader");
            return false;
        }
        if (name.startsWith("getProtectionDomain")) {
            if (hasGetProtectionDomain(permission)) {
                return true;
            }
            logSecurityException(_log, "Attempted to get protection domain");
            return false;
        }
        if (name.startsWith("getenv")) {
            String substring2 = name.substring(name.indexOf(".") + 1);
            if (hasGetEnv(substring2, permission)) {
                return true;
            }
            logSecurityException(_log, "Attempted to get environment name " + substring2);
            return false;
        }
        if (name.startsWith("loadLibrary")) {
            if (hasLoadLibrary(permission)) {
                return true;
            }
            logSecurityException(_log, "Attempted to load library");
            return false;
        }
        if (name.equals("modifyThread")) {
            if (hasModifyThread(permission)) {
                return true;
            }
            logSecurityException(_log, "Attempted to modify a thread");
            return false;
        }
        if (name.equals("readFileDescriptor")) {
            if (hasReadFileDescriptor(permission)) {
                return true;
            }
            logSecurityException(_log, "Attempted to read file descriptor");
            return false;
        }
        if (name.equals("setContextClassLoader")) {
            if (hasSetContextClassLoader(permission)) {
                return true;
            }
            logSecurityException(_log, "Attempted to set the context class loader");
            return false;
        }
        if (name.equals("setSecurityManager")) {
            logSecurityException(_log, "Attempted to set another security manager");
            return false;
        }
        if (name.equals("writeFileDescriptor")) {
            if (hasWriteFileDescriptor(permission)) {
                return true;
            }
            logSecurityException(_log, "Attempted to write file descriptor");
            return false;
        }
        if (_log.isDebugEnabled()) {
            Thread.dumpStack();
        }
        logSecurityException(_log, "Attempted to " + permission.getName() + " on " + permission.getActions());
        return false;
    }

    protected boolean hasAccessClassInPackage(String str) {
        str.startsWith("sun.reflect");
        return true;
    }

    protected boolean hasAccessDeclaredMembers(Permission permission) {
        return this._accessDeclaredMembers || isTrustedCaller(Reflection.getCallerClass(Reflection.getStackIndex(13, 12)), permission);
    }

    protected boolean hasCreateClassLoader(Permission permission) {
        return this._createClassLoader || isTrustedCaller(Reflection.getCallerClass(Reflection.getStackIndex(15, 11)), permission);
    }

    protected boolean hasCreateSecurityManager(Permission permission) {
        return isTrustedCaller(Reflection.getCallerClass(Reflection.getStackIndex(11, 10)), permission);
    }

    protected boolean hasGetClassLoader(Permission permission) {
        return isTrustedCaller(Reflection.getCallerClass(Reflection.getStackIndex(new int[]{11, 11, 12}, new int[]{10, 10, 10})), permission);
    }

    protected boolean hasGetEnv(String str, Permission permission) {
        Iterator<Pattern> it2 = this._environmentVariablePatterns.iterator();
        while (it2.hasNext()) {
            if (it2.next().matcher(str).matches()) {
                return true;
            }
        }
        return isTrustedCaller(Reflection.getCallerClass(Reflection.getStackIndex(11, 10)), permission);
    }

    protected boolean hasGetProtectionDomain(Permission permission) {
        return this._getProtectionDomain || isTrustedCaller(Reflection.getCallerClass(Reflection.getStackIndex(11, 10)), permission);
    }

    protected boolean hasLoadLibrary(Permission permission) {
        return isTrustedCaller(Reflection.getCallerClass(Reflection.getStackIndex(13, 12)), permission);
    }

    protected boolean hasModifyThread(Permission permission) {
        return this._modifyThread || isTrustedCaller(Reflection.getCallerClass(Reflection.getStackIndex(13, 12)), permission);
    }

    protected boolean hasReadFileDescriptor(Permission permission) {
        return isTrustedCaller(Reflection.getCallerClass(Reflection.getStackIndex(12, 11)), permission);
    }

    protected boolean hasSetContextClassLoader(Permission permission) {
        return this._setContextClassLoader || isTrustedCaller(Reflection.getCallerClass(Reflection.getStackIndex(11, 10)), permission);
    }

    protected boolean hasWriteFileDescriptor(Permission permission) {
        return isTrustedCaller(Reflection.getCallerClass(Reflection.getStackIndex(12, 11)), permission);
    }

    protected void initAccessDeclaredMembers() {
        this._accessDeclaredMembers = getPropertyBoolean("security-manager-access-declared-members");
    }

    protected void initCreateClassLoader() {
        this._createClassLoader = getPropertyBoolean("security-manager-create-class-loader");
    }

    protected void initEnvironmentVariables() {
        Set<String> propertySet = getPropertySet("security-manager-environment-variables");
        this._environmentVariablePatterns = new ArrayList(propertySet.size());
        for (String str : propertySet) {
            this._environmentVariablePatterns.add(Pattern.compile(str));
            if (_log.isDebugEnabled()) {
                _log.debug("Allowing access to environment variables that match the regular expression " + str);
            }
        }
    }

    protected void initGetProtectionDomain() {
        this._getProtectionDomain = getPropertyBoolean("security-manager-get-protection-domain");
    }

    protected void initModifyThread() {
        this._modifyThread = getPropertyBoolean("security-manager-modify-thread");
    }

    protected void initSetContextClassLoader() {
        this._setContextClassLoader = getPropertyBoolean("security-manager-set-context-class-loader");
    }
}
