package com.liferay.portal.security.pacl;

import com.liferay.portal.kernel.util.WeakValueConcurrentHashMap;
import com.liferay.portal.security.pacl.PACLUtil;
import com.liferay.portal.util.Portal;
import java.lang.reflect.Field;
import java.security.AccessController;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.servlet.Servlet;

/* loaded from: input_file:WEB-INF/lib/portal-pacl.jar:com/liferay/portal/security/pacl/PortalPolicy.class */
public class PortalPolicy extends Policy {
    private static AllPermission _allPermission = new AllPermission();
    private Field _field;
    private PACLPolicy _paclPolicy = PACLPolicyManager.getDefaultPACLPolicy();
    private ConcurrentMap<Object, PermissionCollection> _permissionCollections = new WeakValueConcurrentHashMap();
    private Policy _policy;
    private Map<Object, PermissionCollection> _rootPermissionCollections;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/portal-pacl.jar:com/liferay/portal/security/pacl/PortalPolicy$FieldPrivilegedExceptionAction.class */
    public class FieldPrivilegedExceptionAction implements PrivilegedExceptionAction<Field> {
        private FieldPrivilegedExceptionAction() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedExceptionAction
        public Field run() throws Exception {
            Field declaredField = ProtectionDomain.class.getDeclaredField("key");
            declaredField.setAccessible(true);
            return declaredField;
        }

        /* synthetic */ FieldPrivilegedExceptionAction(PortalPolicy portalPolicy, FieldPrivilegedExceptionAction fieldPrivilegedExceptionAction) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/portal-pacl.jar:com/liferay/portal/security/pacl/PortalPolicy$ProtectionDomainsPrivilegedExceptionAction.class */
    public class ProtectionDomainsPrivilegedExceptionAction implements PrivilegedExceptionAction<List<ProtectionDomain>> {
        private ProtectionDomainsPrivilegedExceptionAction() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedExceptionAction
        public List<ProtectionDomain> run() throws Exception {
            ArrayList arrayList = new ArrayList();
            arrayList.add(getClass().getProtectionDomain());
            arrayList.add(Object.class.getProtectionDomain());
            arrayList.add(Portal.class.getProtectionDomain());
            arrayList.add(Servlet.class.getProtectionDomain());
            return arrayList;
        }

        /* synthetic */ ProtectionDomainsPrivilegedExceptionAction(PortalPolicy portalPolicy, ProtectionDomainsPrivilegedExceptionAction protectionDomainsPrivilegedExceptionAction) {
            this();
        }
    }

    public PortalPolicy(Policy policy) {
        this._policy = policy;
        try {
            _init();
        } catch (PrivilegedActionException e) {
            throw new IllegalStateException("Liferay needs to be able to change the accessibility of the 'key' field in " + ProtectionDomain.class.getName() + " as well as get the protection domains of classes", e.getException());
        }
    }

    @Override // java.security.Policy
    public Policy.Parameters getParameters() {
        Policy.Parameters parameters = null;
        if (this._policy != null) {
            parameters = this._policy.getParameters();
        }
        return parameters;
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        PermissionCollection permissionCollection = null;
        if (this._policy != null) {
            permissionCollection = this._policy.getPermissions(codeSource);
        }
        if (permissionCollection == null) {
            permissionCollection = new Permissions();
        }
        return permissionCollection;
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        if (protectionDomain == null) {
            return new Permissions();
        }
        PermissionCollection _getPermissionCollection = _getPermissionCollection(_getKey(protectionDomain));
        if (_getPermissionCollection != null) {
            return _getPermissionCollection;
        }
        PermissionCollection permissions = getPermissions(protectionDomain.getCodeSource());
        if (permissions == null) {
            permissions = new Permissions();
        }
        if (this._policy != null) {
            _addExtraPermissions(permissions, this._policy.getPermissions(protectionDomain));
        }
        _addExtraPermissions(permissions, protectionDomain.getPermissions());
        PACLPolicy pACLPolicy = PACLPolicyManager.getPACLPolicy(protectionDomain.getClassLoader());
        if (pACLPolicy != null) {
            return new PortalPermissionCollection(pACLPolicy, permissions);
        }
        permissions.add(_allPermission);
        return permissions;
    }

    @Override // java.security.Policy
    public Provider getProvider() {
        Provider provider = null;
        if (this._policy != null) {
            provider = this._policy.getProvider();
        }
        return provider;
    }

    @Override // java.security.Policy
    public String getType() {
        String str = null;
        if (this._policy != null) {
            str = this._policy.getType();
        }
        return str;
    }

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        if (!(permission instanceof PACLUtil.Permission) && (protectionDomain.getClassLoader() == null || !PACLPolicyManager.isActive() || !this._paclPolicy.isCheckablePermission(permission))) {
            return _checkWithParentPolicy(protectionDomain, permission);
        }
        Object _getKey = _getKey(protectionDomain);
        PermissionCollection _getPermissionCollection = _getPermissionCollection(_getKey);
        if (_getPermissionCollection != null) {
            if (_getPermissionCollection.implies(permission) || _checkWithPACLPolicyPolicy(protectionDomain, permission, _getPermissionCollection)) {
                return _checkWithParentPolicy(protectionDomain, permission);
            }
            return false;
        }
        PermissionCollection permissions = getPermissions(protectionDomain);
        this._permissionCollections.putIfAbsent(_getKey, permissions);
        if (permissions.implies(permission) || _checkWithPACLPolicyPolicy(protectionDomain, permission, permissions)) {
            return _checkWithParentPolicy(protectionDomain, permission);
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v3, types: [java.util.concurrent.ConcurrentMap<java.lang.Object, java.security.PermissionCollection>] */
    /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v9 */
    @Override // java.security.Policy
    public void refresh() {
        if (this._policy != null) {
            this._policy.refresh();
        }
        ?? r0 = this._permissionCollections;
        synchronized (r0) {
            this._permissionCollections.clear();
            this._permissionCollections.putAll(this._rootPermissionCollections);
            r0 = r0;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1 */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    private void _addExtraPermissions(PermissionCollection permissionCollection, PermissionCollection permissionCollection2) {
        if (permissionCollection2 == null) {
            return;
        }
        ?? r0 = permissionCollection2;
        synchronized (r0) {
            Enumeration<Permission> elements = permissionCollection2.elements();
            while (elements.hasMoreElements()) {
                permissionCollection.add(elements.nextElement());
            }
            r0 = r0;
        }
    }

    private boolean _checkWithPACLPolicyPolicy(ProtectionDomain protectionDomain, Permission permission, PermissionCollection permissionCollection) {
        if (!(permissionCollection instanceof PortalPermissionCollection)) {
            return false;
        }
        PortalPermissionCollection portalPermissionCollection = (PortalPermissionCollection) permissionCollection;
        Policy policy = portalPermissionCollection.getPolicy();
        ClassLoader classLoader = portalPermissionCollection.getClassLoader();
        if (policy == null || classLoader != protectionDomain.getClassLoader()) {
            return false;
        }
        return policy.implies(protectionDomain, permission);
    }

    private boolean _checkWithParentPolicy(ProtectionDomain protectionDomain, Permission permission) {
        if (this._policy != null) {
            return this._policy.implies(protectionDomain, permission);
        }
        return true;
    }

    private Object _getKey(ProtectionDomain protectionDomain) {
        try {
            return this._field.get(protectionDomain);
        } catch (Exception unused) {
            return Integer.valueOf(protectionDomain.toString().hashCode());
        }
    }

    private PermissionCollection _getPermissionCollection(Object obj) {
        PermissionCollection permissionCollection = this._permissionCollections.get(obj);
        if (permissionCollection == null) {
            permissionCollection = this._rootPermissionCollections.get(obj);
            if (permissionCollection != null) {
                this._permissionCollections.putIfAbsent(obj, permissionCollection);
            }
        }
        return permissionCollection;
    }

    private void _init() throws PrivilegedActionException {
        this._field = (Field) AccessController.doPrivileged(new FieldPrivilegedExceptionAction(this, null));
        List list = (List) AccessController.doPrivileged(new ProtectionDomainsPrivilegedExceptionAction(this, null));
        Permissions permissions = new Permissions();
        permissions.add(_allPermission);
        this._rootPermissionCollections = new ConcurrentHashMap();
        Iterator it2 = list.iterator();
        while (it2.hasNext()) {
            this._rootPermissionCollections.put(_getKey((ProtectionDomain) it2.next()), permissions);
        }
        this._rootPermissionCollections = Collections.unmodifiableMap(this._rootPermissionCollections);
    }
}
