package com.liferay.portal.security.pacl.checker;

import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.ServerDetector;
import com.liferay.portal.security.pacl.PACLClassUtil;
import java.security.Permission;
import sun.reflect.Reflection;

/* loaded from: input_file:WEB-INF/lib/portal-impl.jar:com/liferay/portal/security/pacl/checker/SecurityChecker.class */
public class SecurityChecker extends BaseChecker {
    private static final String _CLASS_NAME_DISPATCH_LISTENER = "org.apache.geronimo.tomcat.listener.DispatchListener";
    private static final String _CLASS_NAME_J2EE_INSTANCE_LISTENER = "com.sun.web.server.J2EEInstanceListener";
    private static final String _CLASS_NAME_POLICY_CONTEXT_HANDLER_IMPL = "com.sun.enterprise.security.authorize.PolicyContextHandlerImpl";
    private static final String _CLASS_NAME_WAS_JSP_EXTENSION_SERVLET_WRAPPER = "com.ibm.ws.jsp.webcontainerext.ws.WASJSPExtensionServletWrapper";
    private static Log _log = LogFactoryUtil.getLog(SecurityChecker.class);

    @Override // com.liferay.portal.security.pacl.checker.Checker
    public void afterPropertiesSet() {
    }

    @Override // com.liferay.portal.security.pacl.checker.Checker
    public void checkPermission(Permission permission) {
        String name = permission.getName();
        if (name.equals("getPolicy")) {
            if (hasGetPolicy()) {
                return;
            }
            throwSecurityException(_log, "Attempted to get the policy");
        } else if (name.equals("setPolicy")) {
            if (hasSetPolicy()) {
                return;
            }
            throwSecurityException(_log, "Attempted to set the policy");
        } else {
            if (_log.isDebugEnabled()) {
                Thread.dumpStack();
            }
            throwSecurityException(_log, "Attempted to " + permission.getName() + " on " + permission.getActions());
        }
    }

    protected boolean hasGetPolicy() {
        Class<?> callerClass = Reflection.getCallerClass(8);
        if (isGlassfishJ2EEInstanceListener(callerClass.getEnclosingClass()) && CheckerUtil.isAccessControllerDoPrivileged(9)) {
            logGetPolicy(callerClass, 8);
            return true;
        }
        if (!isWebSphereWASJSPExtensionServletWrapper(callerClass)) {
            return false;
        }
        logGetPolicy(callerClass, 8);
        return true;
    }

    protected boolean hasSetPolicy() {
        Class<?> callerClass = Reflection.getCallerClass(6);
        if (isGlassfishPolicyContextHandlerImpl(callerClass)) {
            logSetPolicy(callerClass, 6);
            return true;
        }
        Class<?> callerClass2 = Reflection.getCallerClass(7);
        if (!isGeronimoDispatchListener(callerClass2)) {
            return false;
        }
        logSetPolicy(callerClass2, 7);
        return true;
    }

    protected boolean isGeronimoDispatchListener(Class<?> cls) {
        if (ServerDetector.isGeronimo() && cls != null && cls.getName().equals(_CLASS_NAME_DISPATCH_LISTENER)) {
            return PACLClassUtil.getClassLocation(cls).contains("/repository/org/apache/geronimo/modules/geronimo-tomcat6/");
        }
        return false;
    }

    protected boolean isGlassfishJ2EEInstanceListener(Class<?> cls) {
        if (ServerDetector.isGlassfish() && cls != null && cls.getName().equals(_CLASS_NAME_J2EE_INSTANCE_LISTENER)) {
            return PACLClassUtil.getClassLocation(cls).startsWith("bundle://");
        }
        return false;
    }

    protected boolean isGlassfishPolicyContextHandlerImpl(Class<?> cls) {
        if (ServerDetector.isGlassfish() && cls != null && cls.getName().equals(_CLASS_NAME_POLICY_CONTEXT_HANDLER_IMPL)) {
            return PACLClassUtil.getClassLocation(cls).startsWith("bundle://");
        }
        return false;
    }

    protected boolean isWebSphereWASJSPExtensionServletWrapper(Class<?> cls) {
        if (ServerDetector.isWebSphere() && cls.getName().equals(_CLASS_NAME_WAS_JSP_EXTENSION_SERVLET_WRAPPER)) {
            return PACLClassUtil.getClassLocation(cls).startsWith("bundleresource://");
        }
        return false;
    }

    protected void logGetPolicy(Class<?> cls, int i) {
        if (_log.isInfoEnabled()) {
            _log.info("Allowing frame " + i + " with caller " + cls + " to get the policy");
        }
    }

    protected void logSetPolicy(Class<?> cls, int i) {
        if (_log.isInfoEnabled()) {
            _log.info("Allowing frame " + i + " with caller " + cls + " to set the policy");
        }
    }
}
