package com.liferay.portal.security.lang;

import com.liferay.portal.jndi.pacl.PACLInitialContextFactoryBuilder;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.security.pacl.permission.PortalHookPermission;
import com.liferay.portal.kernel.security.pacl.permission.PortalRuntimePermission;
import com.liferay.portal.kernel.servlet.taglib.FileAvailabilityUtil;
import com.liferay.portal.kernel.util.JavaDetector;
import com.liferay.portal.security.pacl.PACLClassUtil;
import com.liferay.portal.security.pacl.PACLPolicy;
import com.liferay.portal.security.pacl.PACLPolicyManager;
import com.liferay.portal.security.pacl.checker.CheckerUtil;
import java.lang.reflect.Field;
import java.security.Permission;
import javax.naming.spi.InitialContextFactoryBuilder;
import javax.naming.spi.NamingManager;

/* loaded from: input_file:WEB-INF/lib/portal-impl.jar:com/liferay/portal/security/lang/PortalSecurityManager.class */
public class PortalSecurityManager extends SecurityManager {
    private static Log _log = LogFactoryUtil.getLog(PortalSecurityManager.class.getName());
    private SecurityManager _parentSecurityManager = System.getSecurityManager();

    public PortalSecurityManager() {
        initClasses();
        try {
            initInitialContextFactoryBuilder();
        } catch (Exception e) {
            if (_log.isInfoEnabled()) {
                _log.info("Unable to override the initial context factory builder because one already exists. JNDI security is not enabled.");
            }
            if (_log.isWarnEnabled()) {
                _log.warn(e, e);
            }
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission) {
        checkPermission(permission, null);
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission, Object obj) {
        if (!PACLPolicyManager.isActive() || !PortalSecurityManagerThreadLocal.isEnabled()) {
            parentCheckPermission(permission, obj);
            return;
        }
        if (!PACLPolicyManager.getDefaultPACLPolicy().isCheckablePermission(permission)) {
            parentCheckPermission(permission, obj);
            return;
        }
        PACLPolicy pACLPolicy = getPACLPolicy(permission);
        if (pACLPolicy == null || !pACLPolicy.isActive()) {
            parentCheckPermission(permission, obj);
        } else {
            pACLPolicy.checkPermission(permission);
            parentCheckPermission(permission, obj);
        }
    }

    protected PACLPolicy getPACLPolicy(Permission permission) {
        PACLPolicy pACLPolicy = PortalSecurityManagerThreadLocal.getPACLPolicy();
        if (pACLPolicy != null) {
            return pACLPolicy;
        }
        if (!(permission instanceof PortalHookPermission)) {
            return ((permission instanceof PortalRuntimePermission) && ((PortalRuntimePermission) permission).getName().equals("expandoBridge")) ? PACLClassUtil.getPACLPolicyByReflection(true, _log.isDebugEnabled()) : PACLClassUtil.getPACLPolicyByReflection(false, _log.isDebugEnabled());
        }
        PACLPolicy pACLPolicy2 = PACLPolicyManager.getPACLPolicy(((PortalHookPermission) permission).getClassLoader());
        if (pACLPolicy2 == null) {
            pACLPolicy2 = PACLPolicyManager.getDefaultPACLPolicy();
        }
        return pACLPolicy2;
    }

    protected void initClasses() {
        _log.debug("Loading " + FileAvailabilityUtil.class.getName());
        _log.debug("Loading " + PortalHookPermission.class.getName());
        CheckerUtil.isAccessControllerDoPrivileged(0);
        PACLClassUtil.getPACLPolicyByReflection(false, false);
    }

    protected void initInitialContextFactoryBuilder() throws Exception {
        if (!NamingManager.hasInitialContextFactoryBuilder()) {
            PACLInitialContextFactoryBuilder pACLInitialContextFactoryBuilder = new PACLInitialContextFactoryBuilder();
            if (_log.isInfoEnabled()) {
                _log.info("Overriding the initial context factory builder");
            }
            NamingManager.setInitialContextFactoryBuilder(pACLInitialContextFactoryBuilder);
        }
        Field declaredField = NamingManager.class.getDeclaredField(JavaDetector.isIBM() ? "icfb" : "initctx_factory_builder");
        declaredField.setAccessible(true);
        InitialContextFactoryBuilder initialContextFactoryBuilder = (InitialContextFactoryBuilder) declaredField.get(null);
        if (initialContextFactoryBuilder instanceof PACLInitialContextFactoryBuilder) {
            return;
        }
        PACLInitialContextFactoryBuilder pACLInitialContextFactoryBuilder2 = new PACLInitialContextFactoryBuilder();
        pACLInitialContextFactoryBuilder2.setInitialContextFactoryBuilder(initialContextFactoryBuilder);
        declaredField.set(null, pACLInitialContextFactoryBuilder2);
        if (_log.isInfoEnabled()) {
            _log.info("Overriding the initial context factory builder using reflection");
        }
    }

    protected void parentCheckPermission(Permission permission, Object obj) {
        if (this._parentSecurityManager != null) {
            if (obj == null) {
                obj = getSecurityContext();
            }
            this._parentSecurityManager.checkPermission(permission, obj);
        }
    }
}
