package com.liferay.portal.servlet;

import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.security.access.control.AccessControlThreadLocal;
import com.liferay.portal.kernel.security.permission.PermissionChecker;
import com.liferay.portal.kernel.security.permission.PermissionThreadLocal;
import com.liferay.portal.kernel.util.MethodHandler;
import com.liferay.portal.kernel.util.ObjectValuePair;
import com.liferay.portal.kernel.util.PortalUtil;
import com.liferay.portal.kernel.util.ProtectedClassLoaderObjectInputStream;
import java.io.IOException;
import java.io.ObjectOutputStream;
import java.lang.reflect.InvocationTargetException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/liferay/portal/servlet/TunnelServlet.class */
public class TunnelServlet extends HttpServlet {
    private static final Log _log = LogFactoryUtil.getLog((Class<?>) TunnelServlet.class);

    @Override // javax.servlet.http.HttpServlet
    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker();
        if (permissionChecker == null || !permissionChecker.isSignedIn()) {
            if (_log.isWarnEnabled()) {
                _log.warn("Unauthenticated access is forbidden");
            }
            httpServletResponse.setStatus(403);
            return;
        }
        try {
            ProtectedClassLoaderObjectInputStream protectedClassLoaderObjectInputStream = new ProtectedClassLoaderObjectInputStream(httpServletRequest.getInputStream(), Thread.currentThread().getContextClassLoader());
            Object obj = null;
            boolean isRemoteAccess = AccessControlThreadLocal.isRemoteAccess();
            try {
                try {
                    AccessControlThreadLocal.setRemoteAccess(true);
                    MethodHandler methodHandler = (MethodHandler) ((ObjectValuePair) protectedClassLoaderObjectInputStream.readObject()).getValue();
                    if (methodHandler != null) {
                        if (!isValidRequest(methodHandler.getMethodKey().getDeclaringClass())) {
                            AccessControlThreadLocal.setRemoteAccess(isRemoteAccess);
                            return;
                        }
                        obj = methodHandler.invoke();
                    }
                    AccessControlThreadLocal.setRemoteAccess(isRemoteAccess);
                } catch (Throwable th) {
                    AccessControlThreadLocal.setRemoteAccess(isRemoteAccess);
                    throw th;
                }
            } catch (InvocationTargetException e) {
                obj = e.getCause();
                if (!(obj instanceof PortalException)) {
                    _log.error(e, e);
                    obj = obj != null ? new SystemException(((Throwable) obj).getMessage()) : new SystemException();
                }
                AccessControlThreadLocal.setRemoteAccess(isRemoteAccess);
            } catch (Exception e2) {
                _log.error(e2, e2);
                AccessControlThreadLocal.setRemoteAccess(isRemoteAccess);
            }
            if (obj != null) {
                try {
                    ObjectOutputStream objectOutputStream = new ObjectOutputStream(httpServletResponse.getOutputStream());
                    Throwable th2 = null;
                    try {
                        try {
                            objectOutputStream.writeObject(obj);
                            if (objectOutputStream != null) {
                                if (0 != 0) {
                                    try {
                                        objectOutputStream.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    objectOutputStream.close();
                                }
                            }
                        } finally {
                        }
                    } catch (Throwable th4) {
                        th2 = th4;
                        throw th4;
                    }
                } catch (IOException e3) {
                    _log.error(e3, e3);
                    throw e3;
                }
            }
        } catch (IOException e4) {
            if (_log.isWarnEnabled()) {
                _log.warn(e4, e4);
            }
        }
    }

    @Override // javax.servlet.http.HttpServlet
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        PortalUtil.sendError(404, new IllegalArgumentException("The GET method is not supported"), httpServletRequest, httpServletResponse);
    }

    protected boolean isValidRequest(Class<?> cls) {
        String name = cls.getName();
        return name.contains(".service.") && name.endsWith("ServiceUtil") && !name.endsWith("LocalServiceUtil");
    }
}
