package com.liferay.portal.security.pacl.checker;

import com.liferay.portal.kernel.executor.PortalExecutorManagerUtil;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.messaging.BaseAsyncDestination;
import com.liferay.portal.kernel.security.pacl.permission.PortalRuntimePermission;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.Validator;
import java.security.Permission;
import java.util.Iterator;
import java.util.Set;
import java.util.TreeSet;
import sun.reflect.Reflection;

/* loaded from: input_file:WEB-INF/lib/portal-impl.jar:com/liferay/portal/security/pacl/checker/PortalRuntimeChecker.class */
public class PortalRuntimeChecker extends BaseChecker {
    private static Log _log = LogFactoryUtil.getLog(PortalRuntimeChecker.class);
    private Set<String> _expandoBridgeClassNames;
    private Set<String> _getBeanPropertyClassNames;
    private Set<String> _searchEngineIds;
    private Set<String> _setBeanPropertyClassNames;
    private Set<String> _threadPoolExecutorNames;

    @Override // com.liferay.portal.security.pacl.checker.Checker
    public void afterPropertiesSet() {
        initExpandoBridgeClassNames();
        initGetBeanPropertyClassNames();
        initSearchEngineIds();
        initSetBeanPropertyClassNames();
        initThreadPoolExecutorNames();
    }

    @Override // com.liferay.portal.security.pacl.checker.Checker
    public void checkPermission(Permission permission) {
        PortalRuntimePermission portalRuntimePermission = (PortalRuntimePermission) permission;
        String name = portalRuntimePermission.getName();
        Object subject = portalRuntimePermission.getSubject();
        String string = GetterUtil.getString(portalRuntimePermission.getProperty());
        if (name.equals("expandoBridge")) {
            String str = (String) subject;
            if (this._expandoBridgeClassNames.contains(str)) {
                return;
            }
            throwSecurityException(_log, "Attempted to get Expando bridge on " + str);
            return;
        }
        if (name.equals("getBeanProperty")) {
            Class<?> cls = (Class) subject;
            if (hasGetBeanProperty(cls, string)) {
                return;
            }
            if (Validator.isNotNull(string)) {
                throwSecurityException(_log, "Attempted to get bean property " + string + " on " + cls);
                return;
            } else {
                throwSecurityException(_log, "Attempted to get bean property on " + cls);
                return;
            }
        }
        if (name.equals("searchEngine")) {
            String str2 = (String) subject;
            if (this._searchEngineIds.contains(str2)) {
                return;
            }
            throwSecurityException(_log, "Attempted to get search engine " + str2);
            return;
        }
        if (!name.equals("setBeanProperty")) {
            if (name.equals("threadPoolExecutor")) {
                String str3 = (String) subject;
                if (this._threadPoolExecutorNames.contains(str3)) {
                    return;
                }
                throwSecurityException(_log, "Attempted to modify thread pool executor " + str3);
                return;
            }
            return;
        }
        Class<?> cls2 = (Class) subject;
        if (hasSetBeanProperty(cls2, string)) {
            return;
        }
        if (Validator.isNotNull(string)) {
            throwSecurityException(_log, "Attempted to set bean property " + string + " on " + cls2);
        } else {
            throwSecurityException(_log, "Attempted to set bean property on " + cls2);
        }
    }

    protected boolean hasGetBeanProperty(Class<?> cls, String str) {
        String name = cls.getName();
        if (this._getBeanPropertyClassNames.contains(name)) {
            return true;
        }
        if (Validator.isNotNull(str) && this._getBeanPropertyClassNames.contains(name.concat("#").concat(str))) {
            return true;
        }
        return cls == PortalExecutorManagerUtil.class && Reflection.getCallerClass(10) == BaseAsyncDestination.class;
    }

    protected boolean hasSetBeanProperty(Class<?> cls, String str) {
        String name = cls.getName();
        if (this._setBeanPropertyClassNames.contains(name)) {
            return true;
        }
        return Validator.isNotNull(str) && this._setBeanPropertyClassNames.contains(name.concat("#").concat(str));
    }

    protected void initExpandoBridgeClassNames() {
        this._expandoBridgeClassNames = getPropertySet("security-manager-expando-bridge");
        if (_log.isDebugEnabled()) {
            Iterator it2 = new TreeSet(this._expandoBridgeClassNames).iterator();
            while (it2.hasNext()) {
                _log.debug("Allowing Expando bridge on class " + ((String) it2.next()));
            }
        }
    }

    protected void initGetBeanPropertyClassNames() {
        this._getBeanPropertyClassNames = getPropertySet("security-manager-get-bean-property");
        if (_log.isDebugEnabled()) {
            Iterator it2 = new TreeSet(this._getBeanPropertyClassNames).iterator();
            while (it2.hasNext()) {
                _log.debug("Allowing get bean property on class " + ((String) it2.next()));
            }
        }
    }

    protected void initSearchEngineIds() {
        this._searchEngineIds = getPropertySet("security-manager-search-engine-ids");
        if (_log.isDebugEnabled()) {
            Iterator it2 = new TreeSet(this._searchEngineIds).iterator();
            while (it2.hasNext()) {
                _log.debug("Allowing search engine " + ((String) it2.next()));
            }
        }
    }

    protected void initSetBeanPropertyClassNames() {
        this._setBeanPropertyClassNames = getPropertySet("security-manager-set-bean-property");
        if (_log.isDebugEnabled()) {
            Iterator it2 = new TreeSet(this._setBeanPropertyClassNames).iterator();
            while (it2.hasNext()) {
                _log.debug("Allowing set bean property on class " + ((String) it2.next()));
            }
        }
    }

    protected void initThreadPoolExecutorNames() {
        this._threadPoolExecutorNames = getPropertySet("security-manager-thread-pool-executor-names");
        if (_log.isDebugEnabled()) {
            Iterator it2 = new TreeSet(this._threadPoolExecutorNames).iterator();
            while (it2.hasNext()) {
                _log.debug("Allowing thread pool executor " + ((String) it2.next()));
            }
        }
    }
}
