package com.liferay.portal.security.pacl.checker;

import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.Validator;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.Permission;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.apache.abdera.util.Constants;
import org.eclipse.persistence.sessions.SessionProfiler;

/* loaded from: input_file:WEB-INF/lib/portal-impl.jar:com/liferay/portal/security/pacl/checker/SocketChecker.class */
public class SocketChecker extends BaseChecker {
    private static Log _log = LogFactoryUtil.getLog(SocketChecker.class);
    private Map<String, Set<Integer>> _acceptHostsAndPorts = new HashMap();
    private Map<String, Set<Integer>> _connectHostsAndPorts = new HashMap();
    private Set<Integer> _listenPorts = new HashSet();

    @Override // com.liferay.portal.security.pacl.checker.Checker
    public void afterPropertiesSet() {
        initAcceptHostsAndPorts();
        initConnectHostsAndPorts();
        initListenPorts();
    }

    @Override // com.liferay.portal.security.pacl.checker.Checker
    public void checkPermission(Permission permission) {
        String actions = permission.getActions();
        String name = permission.getName();
        int indexOf = name.indexOf(":");
        String substring = indexOf != -1 ? name.substring(0, indexOf) : "localhost";
        int integer = GetterUtil.getInteger(name.substring(indexOf + 1));
        if (integer == -1) {
            if (_log.isDebugEnabled()) {
                _log.debug("Always allow resolving of host " + substring);
            }
        } else if (actions.contains(Constants.LN_ACCEPT)) {
            if (hasAccept(substring, integer)) {
                return;
            }
            throwSecurityException(_log, "Attempted to accept from host " + substring + " on port " + integer);
        } else if (actions.contains(SessionProfiler.CONNECT)) {
            if (hasConnect(substring, integer)) {
                return;
            }
            throwSecurityException(_log, "Attempted to connect to host " + substring + " on port " + integer);
        } else {
            if (!actions.contains("listen") || hasListen(integer)) {
                return;
            }
            throwSecurityException(_log, "Attempted to listen on port " + integer);
        }
    }

    protected boolean hasAccept(String str, int i) {
        Set<Integer> set = this._acceptHostsAndPorts.get(str);
        if (set == null) {
            return false;
        }
        return set.contains(Integer.valueOf(i));
    }

    protected boolean hasConnect(String str, int i) {
        Set<Integer> set = this._connectHostsAndPorts.get(str);
        if (set == null) {
            return false;
        }
        return set.contains(Integer.valueOf(i));
    }

    protected boolean hasListen(int i) {
        return this._listenPorts.contains(Integer.valueOf(i));
    }

    protected void initAcceptHostsAndPorts() {
        for (String str : getPropertyArray("security-manager-sockets-accept")) {
            initHostsAndPorts(str, true);
        }
    }

    protected void initConnectHostsAndPorts() {
        for (String str : getPropertyArray("security-manager-sockets-connect")) {
            initHostsAndPorts(str, false);
        }
    }

    protected void initHostsAndPorts(String str, boolean z) {
        String str2 = Constants.LN_ACCEPT;
        if (!z) {
            str2 = SessionProfiler.CONNECT;
        }
        int indexOf = str.indexOf(":");
        if (indexOf == -1) {
            if (_log.isWarnEnabled()) {
                _log.warn("Unable to determine socket " + str2 + " host and port from " + str + " because it is missing a colon delimeter");
                return;
            }
            return;
        }
        String substring = str.substring(0, indexOf);
        if (!Validator.isDomain(substring)) {
            if (_log.isWarnEnabled()) {
                _log.warn("Socket " + str2 + " host " + substring + " is not a valid domain");
                return;
            }
            return;
        }
        String substring2 = str.substring(indexOf + 1);
        int integer = GetterUtil.getInteger(substring2);
        if (integer <= 0) {
            if (_log.isWarnEnabled()) {
                _log.warn("Socket " + str2 + " port " + substring2 + " is less than or equal to 0");
                return;
            }
            return;
        }
        try {
            InetAddress[] allByName = InetAddress.getAllByName(substring);
            Map<String, Set<Integer>> map = this._acceptHostsAndPorts;
            if (!z) {
                map = this._connectHostsAndPorts;
            }
            for (InetAddress inetAddress : allByName) {
                Set<Integer> set = map.get(inetAddress.getHostAddress());
                if (set == null) {
                    set = new HashSet();
                    if (_log.isDebugEnabled()) {
                        _log.debug("Allowing socket " + str2 + " host " + substring + " with IP " + inetAddress.getHostAddress() + " on port " + integer);
                    }
                    map.put(inetAddress.getHostAddress(), set);
                }
                set.add(Integer.valueOf(integer));
            }
        } catch (UnknownHostException unused) {
            if (_log.isWarnEnabled()) {
                _log.warn("Unable to resolve host " + substring);
            }
        }
    }

    protected void initListenPorts() {
        for (String str : getPropertyArray("security-manager-sockets-listen")) {
            initListenPorts(str);
        }
    }

    protected void initListenPorts(String str) {
        int indexOf = str.indexOf("-");
        if (indexOf == -1) {
            if (!Validator.isNumber(str)) {
                if (_log.isWarnEnabled()) {
                    _log.warn("Socket listen port " + str + " is not a number");
                    return;
                }
                return;
            } else {
                int integer = GetterUtil.getInteger(str);
                if (_log.isDebugEnabled()) {
                    _log.debug("Allowing socket listen port " + integer);
                }
                this._listenPorts.add(Integer.valueOf(integer));
                return;
            }
        }
        String substring = str.substring(0, indexOf);
        String substring2 = str.substring(indexOf + 1);
        if (!Validator.isNumber(substring)) {
            if (_log.isWarnEnabled()) {
                _log.warn("Socket listen port " + substring + " is not a number");
                return;
            }
            return;
        }
        if (!Validator.isNumber(substring2)) {
            if (_log.isWarnEnabled()) {
                _log.warn("Socket listen port " + substring2 + " is not a number");
                return;
            }
            return;
        }
        int integer2 = GetterUtil.getInteger(substring);
        int integer3 = GetterUtil.getInteger(substring2);
        if (integer2 >= integer3) {
            if (_log.isWarnEnabled()) {
                _log.warn("Socket listen port range " + str + " is invalid");
            }
        } else {
            for (int i = integer2; i <= integer3; i++) {
                if (_log.isDebugEnabled()) {
                    _log.debug("Allowing socket listen port " + i);
                }
                this._listenPorts.add(Integer.valueOf(i));
            }
        }
    }
}
