package com.liferay.portlet;

import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.portlet.ActionResult;
import com.liferay.portal.kernel.portlet.PortletContainer;
import com.liferay.portal.kernel.portlet.PortletContainerException;
import com.liferay.portal.kernel.portlet.PortletContainerUtil;
import com.liferay.portal.kernel.portlet.PortletModeFactory;
import com.liferay.portal.kernel.portlet.PortletSecurity;
import com.liferay.portal.kernel.resiliency.spi.SPIUtil;
import com.liferay.portal.kernel.security.pacl.DoPrivileged;
import com.liferay.portal.kernel.servlet.TempAttributesServletRequest;
import com.liferay.portal.kernel.struts.LastPath;
import com.liferay.portal.kernel.util.ArrayUtil;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.model.Group;
import com.liferay.portal.model.Layout;
import com.liferay.portal.model.LayoutTypePortlet;
import com.liferay.portal.model.Portlet;
import com.liferay.portal.security.auth.AuthTokenUtil;
import com.liferay.portal.security.auth.PrincipalException;
import com.liferay.portal.security.permission.PermissionChecker;
import com.liferay.portal.security.permission.PermissionThreadLocal;
import com.liferay.portal.service.permission.GroupPermissionUtil;
import com.liferay.portal.service.permission.LayoutPermissionUtil;
import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
import com.liferay.portal.service.permission.OrganizationPermissionUtil;
import com.liferay.portal.service.permission.PortletPermissionUtil;
import com.liferay.portal.theme.ThemeDisplay;
import com.liferay.portal.util.PortalUtil;
import com.liferay.portal.util.PropsValues;
import java.util.Iterator;
import java.util.List;
import javax.portlet.Event;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@DoPrivileged
/* loaded from: input_file:com/liferay/portlet/SecurityPortletContainerWrapper.class */
public class SecurityPortletContainerWrapper implements PortletContainer {
    private static Log _log = LogFactoryUtil.getLog(SecurityPortletContainerWrapper.class);
    private PortletContainer _portletContainer;
    private PortletSecurity _portletSecurity;

    public static PortletContainer createSecurityPortletContainerWrapper(PortletContainer portletContainer, PortletSecurity portletSecurity) {
        if (!SPIUtil.isSPI()) {
            portletContainer = new SecurityPortletContainerWrapper(portletContainer, portletSecurity);
        }
        return portletContainer;
    }

    public SecurityPortletContainerWrapper(PortletContainer portletContainer, PortletSecurity portletSecurity) {
        this._portletContainer = portletContainer;
        this._portletSecurity = portletSecurity;
    }

    public void preparePortlet(HttpServletRequest httpServletRequest, Portlet portlet) throws PortletContainerException {
        this._portletContainer.preparePortlet(httpServletRequest, portlet);
    }

    public ActionResult processAction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Portlet portlet) throws PortletContainerException {
        try {
            checkAction(getOwnerLayoutRequestWrapper(httpServletRequest, portlet), portlet);
            return this._portletContainer.processAction(httpServletRequest, httpServletResponse, portlet);
        } catch (PortletContainerException e) {
            throw e;
        } catch (Exception e2) {
            throw new PortletContainerException(e2);
        } catch (PrincipalException e3) {
            return processActionException(httpServletRequest, httpServletResponse, portlet, e3);
        }
    }

    public List<Event> processEvent(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Portlet portlet, Layout layout, Event event) throws PortletContainerException {
        return this._portletContainer.processEvent(httpServletRequest, httpServletResponse, portlet, layout, event);
    }

    public void render(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Portlet portlet) throws PortletContainerException {
        try {
            checkRender(httpServletRequest, portlet);
            this._portletContainer.render(httpServletRequest, httpServletResponse, portlet);
        } catch (PrincipalException unused) {
            processRenderException(httpServletRequest, httpServletResponse, portlet);
        } catch (PortletContainerException e) {
            throw e;
        } catch (Exception e2) {
            throw new PortletContainerException(e2);
        }
    }

    public void serveResource(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Portlet portlet) throws PortletContainerException {
        try {
            checkResource(getOwnerLayoutRequestWrapper(httpServletRequest, portlet), portlet);
            this._portletContainer.serveResource(httpServletRequest, httpServletResponse, portlet);
        } catch (Exception e) {
            throw new PortletContainerException(e);
        } catch (PrincipalException e2) {
            processServeResourceException(httpServletRequest, httpServletResponse, portlet, e2);
        } catch (PortletContainerException e3) {
            throw e3;
        }
    }

    protected void check(HttpServletRequest httpServletRequest, Portlet portlet) throws Exception {
        if (portlet == null) {
            return;
        }
        if (((Layout) httpServletRequest.getAttribute("LAYOUT")).isTypeControlPanel()) {
            isAccessAllowedToControlPanelPortlet(httpServletRequest, portlet);
            return;
        }
        if (isAccessAllowedToLayoutPortlet(httpServletRequest, portlet)) {
            PortalUtil.addPortletDefaultResource(httpServletRequest, portlet);
            if (hasAccessPermission(httpServletRequest, portlet)) {
                return;
            }
        }
        throw new PrincipalException();
    }

    protected void checkAction(HttpServletRequest httpServletRequest, Portlet portlet) throws Exception {
        checkCSRFProtection(httpServletRequest, portlet);
        check(httpServletRequest, portlet);
    }

    protected void checkCSRFProtection(HttpServletRequest httpServletRequest, Portlet portlet) throws PortalException {
        if (PropsValues.AUTH_TOKEN_CHECK_ENABLED && GetterUtil.getBoolean((String) portlet.getInitParams().get("check-auth-token"), true)) {
            AuthTokenUtil.check(httpServletRequest);
        }
    }

    protected void checkRender(HttpServletRequest httpServletRequest, Portlet portlet) throws Exception {
        check(httpServletRequest, portlet);
    }

    protected void checkResource(HttpServletRequest httpServletRequest, Portlet portlet) throws Exception {
        check(httpServletRequest, portlet);
    }

    protected String getOriginalURL(HttpServletRequest httpServletRequest) {
        LastPath lastPath = (LastPath) httpServletRequest.getAttribute("LAST_PATH");
        return lastPath == null ? String.valueOf(httpServletRequest.getRequestURI()) : PortalUtil.getPortalURL(httpServletRequest).concat(lastPath.getContextPath()).concat(lastPath.getPath());
    }

    protected HttpServletRequest getOwnerLayoutRequestWrapper(HttpServletRequest httpServletRequest, Portlet portlet) throws Exception {
        if (!PropsValues.PORTLET_EVENT_DISTRIBUTION_LAYOUT_SET || PropsValues.PORTLET_CROSS_LAYOUT_INVOCATION_MODE.equals("render")) {
            return httpServletRequest;
        }
        Layout layout = null;
        LayoutTypePortlet layoutTypePortlet = null;
        ThemeDisplay themeDisplay = (ThemeDisplay) httpServletRequest.getAttribute("LIFERAY_SHARED_THEME_DISPLAY");
        Iterator it = PortletContainerUtil.getLayoutTypePortlets((Layout) httpServletRequest.getAttribute("LAYOUT")).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            LayoutTypePortlet layoutTypePortlet2 = (LayoutTypePortlet) it.next();
            if (layoutTypePortlet2.hasPortletId(portlet.getPortletId())) {
                layoutTypePortlet = layoutTypePortlet2;
                layout = layoutTypePortlet2.getLayout();
                break;
            }
        }
        if (layout != null && !themeDisplay.getLayout().equals(layout)) {
            ThemeDisplay themeDisplay2 = (ThemeDisplay) themeDisplay.clone();
            themeDisplay2.setLayout(layout);
            themeDisplay2.setLayoutTypePortlet(layoutTypePortlet);
            TempAttributesServletRequest tempAttributesServletRequest = new TempAttributesServletRequest(httpServletRequest);
            tempAttributesServletRequest.setTempAttribute("LAYOUT", layout);
            tempAttributesServletRequest.setTempAttribute("LIFERAY_SHARED_THEME_DISPLAY", themeDisplay2);
            return tempAttributesServletRequest;
        }
        return httpServletRequest;
    }

    protected boolean hasAccessPermission(HttpServletRequest httpServletRequest, Portlet portlet) throws PortalException, SystemException {
        PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker();
        ThemeDisplay themeDisplay = (ThemeDisplay) httpServletRequest.getAttribute("LIFERAY_SHARED_THEME_DISPLAY");
        return PortletPermissionUtil.hasAccessPermission(permissionChecker, themeDisplay.getScopeGroupId(), (Layout) httpServletRequest.getAttribute("LAYOUT"), portlet, PortletModeFactory.getPortletMode(ParamUtil.getString(httpServletRequest, "p_p_mode")));
    }

    protected void isAccessAllowedToControlPanelPortlet(HttpServletRequest httpServletRequest, Portlet portlet) throws PortalException, SystemException {
        if (!portlet.isSystem() && !PortletPermissionUtil.hasControlPanelAccessPermission(PermissionThreadLocal.getPermissionChecker(), ((ThemeDisplay) httpServletRequest.getAttribute("LIFERAY_SHARED_THEME_DISPLAY")).getScopeGroupId(), portlet) && !isAccessGrantedByRuntimePortlet(httpServletRequest, portlet) && !isAccessGrantedByPortletAuthenticationToken(httpServletRequest, portlet)) {
            throw new PrincipalException();
        }
    }

    protected boolean isAccessAllowedToLayoutPortlet(HttpServletRequest httpServletRequest, Portlet portlet) throws PortalException, SystemException {
        return isAccessGrantedByRuntimePortlet(httpServletRequest, portlet) || isAccessGrantedByPortletOnPage(httpServletRequest, portlet) || isLayoutConfigurationAllowed(httpServletRequest, portlet) || isAccessGrantedByPortletAuthenticationToken(httpServletRequest, portlet);
    }

    protected boolean isAccessGrantedByPortletAuthenticationToken(HttpServletRequest httpServletRequest, Portlet portlet) {
        ThemeDisplay themeDisplay = (ThemeDisplay) httpServletRequest.getAttribute("LIFERAY_SHARED_THEME_DISPLAY");
        String portletId = portlet.getPortletId();
        if (!portlet.isAddDefaultResource()) {
            return false;
        }
        if (!PropsValues.PORTLET_ADD_DEFAULT_RESOURCE_CHECK_ENABLED || this._portletSecurity.getWhitelist().contains(portletId)) {
            return true;
        }
        String string = ParamUtil.getString(httpServletRequest, String.valueOf(PortalUtil.getPortletNamespace(portletId)) + "struts_action");
        if (Validator.isNull(string)) {
            string = ParamUtil.getString(httpServletRequest, "struts_action");
        }
        if (this._portletSecurity.getWhitelistActions().contains(string)) {
            return true;
        }
        String string2 = ParamUtil.getString(httpServletRequest, "p_p_auth");
        if (Validator.isNull(string2)) {
            string2 = ParamUtil.getString(PortalUtil.getOriginalServletRequest(httpServletRequest), "p_p_auth");
        }
        if (Validator.isNotNull(string2)) {
            return string2.equals(AuthTokenUtil.getToken(httpServletRequest, themeDisplay.getPlid(), portletId));
        }
        return false;
    }

    protected boolean isAccessGrantedByPortletOnPage(HttpServletRequest httpServletRequest, Portlet portlet) throws PortalException, SystemException {
        ThemeDisplay themeDisplay = (ThemeDisplay) httpServletRequest.getAttribute("LIFERAY_SHARED_THEME_DISPLAY");
        Layout layout = themeDisplay.getLayout();
        String portletId = portlet.getPortletId();
        if (layout.isTypePanel() && isPanelSelectedPortlet(themeDisplay, portletId)) {
            return true;
        }
        LayoutTypePortlet layoutTypePortlet = themeDisplay.getLayoutTypePortlet();
        return layoutTypePortlet != null && layoutTypePortlet.hasPortletId(portletId);
    }

    protected boolean isAccessGrantedByRuntimePortlet(HttpServletRequest httpServletRequest, Portlet portlet) {
        Boolean bool = (Boolean) httpServletRequest.getAttribute("RENDER_PORTLET_RESOURCE");
        return bool != null && bool.booleanValue();
    }

    protected boolean isLayoutConfigurationAllowed(HttpServletRequest httpServletRequest, Portlet portlet) throws PortalException, SystemException {
        ThemeDisplay themeDisplay = (ThemeDisplay) httpServletRequest.getAttribute("LIFERAY_SHARED_THEME_DISPLAY");
        if (!themeDisplay.isSignedIn() || !portlet.getPortletId().equals("88")) {
            return false;
        }
        PermissionChecker permissionChecker = themeDisplay.getPermissionChecker();
        Layout layout = themeDisplay.getLayout();
        Group group = layout.getGroup();
        if (group.isSite() && (LayoutPermissionUtil.contains(permissionChecker, layout, "CUSTOMIZE") || LayoutPermissionUtil.contains(permissionChecker, layout, "UPDATE"))) {
            return true;
        }
        return group.isCompany() ? permissionChecker.isCompanyAdmin() : group.isLayoutPrototype() ? LayoutPrototypePermissionUtil.contains(permissionChecker, group.getClassPK(), "UPDATE") : group.isLayoutSetPrototype() ? LayoutSetPrototypePermissionUtil.contains(permissionChecker, group.getClassPK(), "UPDATE") : group.isOrganization() ? OrganizationPermissionUtil.contains(permissionChecker, group.getOrganizationId(), "UPDATE") : group.isUserGroup() ? GroupPermissionUtil.contains(permissionChecker, themeDisplay.getScopeGroupId(), "UPDATE") : group.isUser();
    }

    protected boolean isPanelSelectedPortlet(ThemeDisplay themeDisplay, String str) {
        String typeSettingsProperty = themeDisplay.getLayout().getTypeSettingsProperty("panelSelectedPortlets");
        if (Validator.isNotNull(typeSettingsProperty)) {
            return ArrayUtil.contains(StringUtil.split(typeSettingsProperty), str);
        }
        return false;
    }

    protected ActionResult processActionException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Portlet portlet, PrincipalException principalException) {
        if (_log.isDebugEnabled()) {
            _log.debug(principalException);
        }
        _log.warn("Reject process action for " + getOriginalURL(httpServletRequest) + " on " + portlet.getPortletId());
        return ActionResult.EMPTY_ACTION_RESULT;
    }

    protected void processRenderException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Portlet portlet) throws PortletContainerException {
        String str = null;
        if (portlet.isShowPortletAccessDenied()) {
            str = "/html/portal/portlet_access_denied.jsp";
        }
        if (str != null) {
            try {
                httpServletRequest.getRequestDispatcher(str).include(httpServletRequest, httpServletResponse);
            } catch (Exception e) {
                throw new PortletContainerException(e);
            }
        }
    }

    protected void processServeResourceException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Portlet portlet, PrincipalException principalException) {
        if (_log.isDebugEnabled()) {
            _log.debug(principalException);
        }
        String originalURL = getOriginalURL(httpServletRequest);
        httpServletResponse.setHeader("Cache-Control", "private, no-cache, no-store, must-revalidate");
        httpServletResponse.setStatus(400);
        _log.warn("Reject serveResource for " + originalURL + " on " + portlet.getPortletId());
    }
}
