package com.liferay.portal.security.auth;

import com.liferay.portal.kernel.concurrent.ConcurrentHashSet;
import com.liferay.portal.kernel.model.Portlet;
import com.liferay.portal.kernel.portlet.LiferayPortletURL;
import com.liferay.portal.kernel.portlet.PortletIdCodec;
import com.liferay.portal.kernel.portlet.bridges.mvc.MVCActionCommand;
import com.liferay.portal.kernel.portlet.bridges.mvc.MVCRenderCommand;
import com.liferay.portal.kernel.portlet.bridges.mvc.MVCResourceCommand;
import com.liferay.portal.kernel.security.auth.BaseAuthTokenWhitelist;
import com.liferay.portal.kernel.security.pacl.DoPrivileged;
import com.liferay.portal.kernel.theme.ThemeDisplay;
import com.liferay.portal.kernel.util.PortalUtil;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.registry.Registry;
import com.liferay.registry.RegistryUtil;
import com.liferay.registry.ServiceReference;
import com.liferay.registry.ServiceTracker;
import com.liferay.registry.ServiceTrackerCustomizer;
import com.liferay.registry.util.StringPlus;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;

@DoPrivileged
/* loaded from: input_file:WEB-INF/lib/portal-impl.jar:com/liferay/portal/security/auth/MVCPortletAuthTokenWhitelist.class */
public class MVCPortletAuthTokenWhitelist extends BaseAuthTokenWhitelist {
    private final Set<String> _portletCSRFWhitelist = new ConcurrentHashSet();
    private final Set<String> _portletInvocationWhitelistAction = new ConcurrentHashSet();
    private final Set<String> _portletInvocationWhitelistRender = new ConcurrentHashSet();
    private final Set<String> _portletInvocationWhitelistResource = new ConcurrentHashSet();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/portal-impl.jar:com/liferay/portal/security/auth/MVCPortletAuthTokenWhitelist$TokenWhitelistTrackerCustomizer.class */
    public class TokenWhitelistTrackerCustomizer implements ServiceTrackerCustomizer<Object, Object> {
        private final Set<String> _whitelist;

        public TokenWhitelistTrackerCustomizer(Set<String> set) {
            this._whitelist = set;
        }

        public Object addingService(ServiceReference<Object> serviceReference) {
            ArrayList arrayList = new ArrayList();
            List asList = StringPlus.asList(serviceReference.getProperty("mvc.command.name"));
            for (String str : StringPlus.asList(serviceReference.getProperty("javax.portlet.name"))) {
                Iterator it = asList.iterator();
                while (it.hasNext()) {
                    arrayList.add(MVCPortletAuthTokenWhitelist.this.getWhitelistValue(str, (String) it.next()));
                }
            }
            this._whitelist.addAll(arrayList);
            return arrayList;
        }

        public void modifiedService(ServiceReference<Object> serviceReference, Object obj) {
            removedService(serviceReference, obj);
            addingService(serviceReference);
        }

        public void removedService(ServiceReference<Object> serviceReference, Object obj) {
            this._whitelist.removeAll((Collection) obj);
        }
    }

    public MVCPortletAuthTokenWhitelist() {
        trackWhitelistServices("auth.token.ignore.mvc.action", MVCActionCommand.class, this._portletCSRFWhitelist);
        trackWhitelistServices("portlet.add.default.resource.check.whitelist.mvc.action", MVCActionCommand.class, this._portletInvocationWhitelistAction);
        trackWhitelistServices("portlet.add.default.resource.check.whitelist.mvc.action", MVCRenderCommand.class, this._portletInvocationWhitelistRender);
        trackWhitelistServices("portlet.add.default.resource.check.whitelist.mvc.action", MVCResourceCommand.class, this._portletInvocationWhitelistResource);
    }

    public boolean isPortletCSRFWhitelisted(HttpServletRequest httpServletRequest, Portlet portlet) {
        String portletId = portlet.getPortletId();
        return _containsAll(portletId, this._portletCSRFWhitelist, getMVCActionCommandNames(httpServletRequest, portletId));
    }

    public boolean isPortletInvocationWhitelisted(HttpServletRequest httpServletRequest, Portlet portlet) {
        String portletId = portlet.getPortletId();
        ThemeDisplay themeDisplay = (ThemeDisplay) httpServletRequest.getAttribute("LIFERAY_SHARED_THEME_DISPLAY");
        if (themeDisplay.isLifecycleAction()) {
            return _containsAll(portletId, this._portletInvocationWhitelistAction, getMVCActionCommandNames(httpServletRequest, portletId));
        }
        if (themeDisplay.isLifecycleRender()) {
            return _contains(portletId, this._portletInvocationWhitelistRender, httpServletRequest.getParameter(PortalUtil.getPortletNamespace(portletId).concat("mvcRenderCommandName")));
        }
        if (!themeDisplay.isLifecycleResource() || !portletId.equals(httpServletRequest.getParameter("p_p_id"))) {
            return false;
        }
        return _contains(portletId, this._portletInvocationWhitelistResource, httpServletRequest.getParameter("p_p_resource_id"));
    }

    public boolean isPortletURLCSRFWhitelisted(LiferayPortletURL liferayPortletURL) {
        return _containsAll(liferayPortletURL.getPortletId(), this._portletCSRFWhitelist, getMVCActionCommandNames(liferayPortletURL));
    }

    public boolean isPortletURLPortletInvocationWhitelisted(LiferayPortletURL liferayPortletURL) {
        String portletId = liferayPortletURL.getPortletId();
        String lifecycle = liferayPortletURL.getLifecycle();
        if (lifecycle.equals("ACTION_PHASE")) {
            return _containsAll(portletId, this._portletInvocationWhitelistAction, getMVCActionCommandNames(liferayPortletURL));
        }
        if (lifecycle.equals("RENDER_PHASE")) {
            return _contains(portletId, this._portletInvocationWhitelistRender, liferayPortletURL.getParameter("mvcRenderCommandName"));
        }
        if (!lifecycle.equals("RESOURCE_PHASE")) {
            return false;
        }
        return _contains(portletId, this._portletInvocationWhitelistResource, liferayPortletURL.getResourceID());
    }

    protected String[] getMVCActionCommandNames(HttpServletRequest httpServletRequest, String str) {
        return StringUtil.split(StringUtil.merge(httpServletRequest.getParameterValues(PortalUtil.getPortletNamespace(str).concat("javax.portlet.action"))));
    }

    protected String[] getMVCActionCommandNames(LiferayPortletURL liferayPortletURL) {
        return StringUtil.split(StringUtil.merge((String[]) liferayPortletURL.getParameterMap().get("javax.portlet.action")));
    }

    protected String getWhitelistValue(String str, String str2) {
        return str.concat("#").concat(str2);
    }

    protected void trackWhitelistServices(String str, Class<?> cls, Set<String> set) {
        Registry registry = RegistryUtil.getRegistry();
        ServiceTracker trackServices = registry.trackServices(registry.getFilter("(&(&(" + str + "=*)(javax.portlet.name=*))(objectClass=" + cls.getName() + "))"), new TokenWhitelistTrackerCustomizer(set));
        trackServices.open();
        this.serviceTrackers.add(trackServices);
    }

    private boolean _contains(String str, Set<String> set, String str2) {
        if (Validator.isBlank(str2)) {
            return false;
        }
        return set.contains(getWhitelistValue(PortletIdCodec.decodePortletName(str), str2));
    }

    private boolean _containsAll(String str, Set<String> set, String[] strArr) {
        if (strArr.length == 0) {
            return false;
        }
        String decodePortletName = PortletIdCodec.decodePortletName(str);
        for (String str2 : strArr) {
            if (!set.contains(getWhitelistValue(decodePortletName, str2))) {
                return false;
            }
        }
        return true;
    }
}
