package com.liferay.portal.security.auth;

import com.liferay.portal.kernel.security.pacl.DoPrivileged;
import com.liferay.portal.kernel.util.SetUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.model.Portlet;
import com.liferay.portal.model.PortletConstants;
import com.liferay.portal.service.PortletLocalServiceUtil;
import com.liferay.portal.util.PropsValues;
import com.liferay.util.Encryptor;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;

@DoPrivileged
/* loaded from: input_file:com/liferay/portal/security/auth/AuthTokenWhitelistImpl.class */
public class AuthTokenWhitelistImpl implements AuthTokenWhitelist {
    private Set<String> _originCSRFWhitelist;
    private Set<String> _portletCSRFWhitelist;
    private Set<String> _portletCSRFWhitelistActions;
    private Set<String> _portletInvocationWhitelist;
    private Set<String> _portletInvocationWhitelistActions;

    public AuthTokenWhitelistImpl() {
        resetOriginCSRFWhitelist();
        resetPortletCSRFWhitelist();
        resetPortletCSRFWhitelistActions();
        resetPortletInvocationWhitelist();
        resetPortletInvocationWhitelistActions();
    }

    public Set<String> getOriginCSRFWhitelist() {
        return this._originCSRFWhitelist;
    }

    public Set<String> getPortletCSRFWhitelist() {
        return this._portletCSRFWhitelist;
    }

    public Set<String> getPortletCSRFWhitelistActions() {
        return this._portletCSRFWhitelistActions;
    }

    public Set<String> getPortletInvocationWhitelist() {
        return this._portletInvocationWhitelist;
    }

    public Set<String> getPortletInvocationWhitelistActions() {
        return this._portletInvocationWhitelistActions;
    }

    public boolean isOriginCSRFWhitelisted(long j, String str) {
        Iterator<String> it = getOriginCSRFWhitelist().iterator();
        while (it.hasNext()) {
            if (str.startsWith(it.next())) {
                return true;
            }
        }
        return false;
    }

    public boolean isPortletCSRFWhitelisted(long j, String str, String str2) {
        String rootPortletId = PortletConstants.getRootPortletId(str);
        if (getPortletCSRFWhitelist().contains(rootPortletId)) {
            return true;
        }
        return Validator.isNotNull(str2) && getPortletCSRFWhitelistActions().contains(str2) && isValidStrutsAction(j, rootPortletId, str2);
    }

    public boolean isPortletInvocationWhitelisted(long j, String str, String str2) {
        if (getPortletInvocationWhitelist().contains(str)) {
            return true;
        }
        return Validator.isNotNull(str2) && getPortletInvocationWhitelistActions().contains(str2) && isValidStrutsAction(j, str, str2);
    }

    public boolean isValidSharedSecret(String str) {
        if (Validator.isNull(str) || Validator.isNull(PropsValues.AUTH_TOKEN_SHARED_SECRET)) {
            return false;
        }
        return str.equals(Encryptor.digest(PropsValues.AUTH_TOKEN_SHARED_SECRET));
    }

    public Set<String> resetOriginCSRFWhitelist() {
        this._originCSRFWhitelist = SetUtil.fromArray(PropsValues.AUTH_TOKEN_IGNORE_ORIGINS);
        this._originCSRFWhitelist = Collections.unmodifiableSet(this._originCSRFWhitelist);
        return this._originCSRFWhitelist;
    }

    public Set<String> resetPortletCSRFWhitelist() {
        this._portletCSRFWhitelist = SetUtil.fromArray(PropsValues.AUTH_TOKEN_IGNORE_PORTLETS);
        this._portletCSRFWhitelist = Collections.unmodifiableSet(this._portletCSRFWhitelist);
        return this._portletCSRFWhitelist;
    }

    public Set<String> resetPortletCSRFWhitelistActions() {
        this._portletCSRFWhitelistActions = SetUtil.fromArray(PropsValues.AUTH_TOKEN_IGNORE_ACTIONS);
        this._portletCSRFWhitelistActions = Collections.unmodifiableSet(this._portletCSRFWhitelistActions);
        return this._portletCSRFWhitelistActions;
    }

    public Set<String> resetPortletInvocationWhitelist() {
        this._portletInvocationWhitelist = SetUtil.fromArray(PropsValues.PORTLET_ADD_DEFAULT_RESOURCE_CHECK_WHITELIST);
        this._portletInvocationWhitelist = Collections.unmodifiableSet(this._portletInvocationWhitelist);
        return this._portletInvocationWhitelist;
    }

    public Set<String> resetPortletInvocationWhitelistActions() {
        this._portletInvocationWhitelistActions = SetUtil.fromArray(PropsValues.PORTLET_ADD_DEFAULT_RESOURCE_CHECK_WHITELIST_ACTIONS);
        this._portletInvocationWhitelistActions = Collections.unmodifiableSet(this._portletInvocationWhitelistActions);
        return this._portletInvocationWhitelistActions;
    }

    protected boolean isValidStrutsAction(long j, String str, String str2) {
        try {
            Portlet portletById = PortletLocalServiceUtil.getPortletById(j, str);
            if (portletById == null) {
                return false;
            }
            String substring = str2.substring(1, str2.lastIndexOf(47));
            if (substring.equals(portletById.getStrutsPath())) {
                return true;
            }
            return substring.equals(portletById.getParentStrutsPath());
        } catch (Exception unused) {
            return false;
        }
    }
}
