package com.liferay.portal.security.pacl.checker;

import com.liferay.portal.kernel.configuration.Filter;
import com.liferay.portal.kernel.deploy.DeployManagerUtil;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.servlet.ServletContextPool;
import com.liferay.portal.kernel.servlet.WebDirDetector;
import com.liferay.portal.kernel.util.ArrayUtil;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.PathUtil;
import com.liferay.portal.kernel.util.ReleaseInfo;
import com.liferay.portal.kernel.util.ServerDetector;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.UniqueList;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.spring.context.PortalContextLoaderListener;
import com.liferay.portal.util.PropsUtil;
import com.liferay.portal.util.PropsValues;
import java.io.File;
import java.io.FilePermission;
import java.io.IOException;
import java.net.JarURLConnection;
import java.net.URL;
import java.security.Permission;
import java.security.Permissions;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletContext;

/* loaded from: input_file:com/liferay/portal/security/pacl/checker/FileChecker.class */
public class FileChecker extends BaseChecker {
    private static final String _ENV_PREFIX = "${env:";
    private static Log _log = LogFactoryUtil.getLog(FileChecker.class);
    private String[] _defaultReadPathsFromArray;
    private String[] _defaultReadPathsToArray;
    private String _globalSharedLibDir = PropsValues.LIFERAY_LIB_GLOBAL_SHARED_DIR;
    private Permissions _permissions = new Permissions();
    private String _portalDir = PropsValues.LIFERAY_WEB_PORTAL_DIR;
    private String _rootDir;
    private String _workDir;

    @Override // com.liferay.portal.security.pacl.checker.Checker
    public void afterPropertiesSet() {
        try {
            this._rootDir = WebDirDetector.getRootDir(getClassLoader());
        } catch (Exception unused) {
        }
        if (_log.isDebugEnabled()) {
            _log.debug("Root directory " + this._rootDir);
        }
        ServletContext servletContext = ServletContextPool.get(getServletContextName());
        if (servletContext != null) {
            this._workDir = ((File) servletContext.getAttribute("javax.servlet.context.tempdir")).getAbsolutePath();
            if (_log.isDebugEnabled()) {
                _log.debug("Work directory " + this._workDir);
            }
        }
        this._defaultReadPathsFromArray = new String[]{"${/}", "${auto.deploy.installed.dir}", "${catalina.base}", "${com.sun.aas.instanceRoot}", "${com.sun.aas.installRoot}", "${file.separator}", "${java.io.tmpdir}", "${java.home}", "${jboss.home.dir}", "${jetty.home}", "${jonas.base}", "${liferay.web.portal.dir}", "${liferay.home}", "${line.separator}", "${org.apache.geronimo.home.dir}", "${path.separator}", "${plugin.servlet.context.name}", "${release.info.version}", "${resin.home}", "${user.dir}", "${user.home}", "${user.name}", "${weblogic.domain.dir}", "${websphere.cell}", "${websphere.profile.dir}", "//"};
        String str = "";
        try {
            if (DeployManagerUtil.getDeployManager() != null) {
                str = DeployManagerUtil.getInstalledDir();
            }
        } catch (Exception e) {
            _log.error(e, e);
        }
        this._defaultReadPathsToArray = new String[]{System.getProperty("file.separator"), str, System.getProperty("catalina.base"), System.getProperty("com.sun.aas.instanceRoot"), System.getProperty("com.sun.aas.installRoot"), System.getProperty("file.separator"), System.getProperty("java.io.tmpdir"), System.getenv("JAVA_HOME"), System.getProperty("jboss.home.dir"), System.getProperty("jetty.home"), System.getProperty("jonas.base"), this._portalDir, PropsValues.LIFERAY_HOME, System.getProperty("line.separator"), System.getProperty("org.apache.geronimo.home.dir"), System.getProperty("path.separator"), getServletContextName(), ReleaseInfo.getVersion(), System.getProperty("resin.home"), System.getProperty("user.dir"), System.getProperty("user.home"), System.getProperty("user.name"), System.getenv("DOMAIN_HOME"), System.getenv("WAS_CELL"), System.getProperty("server.root"), "/"};
        if (_log.isDebugEnabled()) {
            _log.debug("Default read paths replace with " + StringUtil.merge(this._defaultReadPathsToArray));
        }
        initPermissions();
    }

    @Override // com.liferay.portal.security.pacl.checker.BaseChecker, com.liferay.portal.security.pacl.checker.Checker
    public AuthorizationProperty generateAuthorizationProperty(Object... objArr) {
        String str;
        if (objArr == null || objArr.length != 1 || !(objArr[0] instanceof Permission)) {
            return null;
        }
        Permission permission = (Permission) objArr[0];
        String actions = permission.getActions();
        if (actions.equals("delete")) {
            str = "security-manager-files-delete";
        } else if (actions.equals("execute")) {
            str = "security-manager-files-execute";
        } else if (actions.equals("read")) {
            str = "security-manager-files-read";
        } else {
            if (!actions.equals("write")) {
                return null;
            }
            str = "security-manager-files-write";
        }
        AuthorizationProperty authorizationProperty = new AuthorizationProperty();
        authorizationProperty.setKey(str);
        authorizationProperty.setValue(permission.getName());
        return authorizationProperty;
    }

    public String getRootDir() {
        return this._rootDir;
    }

    @Override // com.liferay.portal.security.pacl.checker.Checker
    public boolean implies(Permission permission) {
        if (this._permissions.implies(permission)) {
            return true;
        }
        logSecurityException(_log, "Attempted to " + permission.getActions() + " on file " + permission.getName());
        return false;
    }

    protected void addCanonicalPath(List<String> list, String str) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String next = it.next();
            if (next.startsWith(str) && next.length() > str.length()) {
                it.remove();
            } else if (str.startsWith(next)) {
                return;
            }
        }
        String replace = StringUtil.replace(str, "\\", "/");
        if (replace.endsWith("/")) {
            replace = String.valueOf(replace) + "-";
        }
        list.add(replace);
    }

    protected void addCanonicalPaths(List<String> list, File file) throws IOException {
        addCanonicalPath(list, String.valueOf(file.getCanonicalPath()) + "/");
        File[] listFiles = file.listFiles();
        if (ArrayUtil.isEmpty(listFiles)) {
            return;
        }
        for (File file2 : listFiles) {
            if (file2.isDirectory()) {
                addCanonicalPaths(list, file2);
            } else {
                addCanonicalPath(list, String.valueOf(new File(file2.getCanonicalPath()).getParentFile().getPath()) + "/");
            }
        }
    }

    protected void addDefaultReadPaths(List<String> list, String str) {
        for (String str2 : PropsUtil.getArray("portal.security.manager.file.checker.default.read.paths", new Filter(str))) {
            list.add(StringUtil.replace(str2, this._defaultReadPathsFromArray, this._defaultReadPathsToArray));
        }
    }

    protected void addPermission(String str, String str2) {
        if (_log.isDebugEnabled()) {
            _log.debug("Allowing " + str2 + " on " + str);
        }
        this._permissions.add(new FilePermission(PathUtil.toUnixPath(str), str2));
        this._permissions.add(new FilePermission(PathUtil.toWindowsPath(str), str2));
    }

    protected void getPermissions(String str, String str2) {
        String property = getProperty(str);
        if (property != null) {
            int indexOf = property.indexOf(_ENV_PREFIX);
            while (true) {
                int i = indexOf;
                if (i < 0) {
                    break;
                }
                int indexOf2 = property.indexOf("}", i);
                String substring = property.substring(i + 6, indexOf2);
                String string = GetterUtil.getString(System.getenv(substring));
                String str3 = _ENV_PREFIX + substring + "}";
                if (!ArrayUtil.contains(this._defaultReadPathsFromArray, str3)) {
                    this._defaultReadPathsFromArray = (String[]) ArrayUtil.append(this._defaultReadPathsFromArray, str3);
                    this._defaultReadPathsToArray = (String[]) ArrayUtil.append(this._defaultReadPathsToArray, string);
                }
                indexOf = property.indexOf(_ENV_PREFIX, indexOf2 + 1);
            }
            String replace = StringUtil.replace(property, this._defaultReadPathsFromArray, this._defaultReadPathsToArray);
            String[] split = StringUtil.split(replace);
            if (replace.contains("${comma}")) {
                for (int i2 = 0; i2 < split.length; i2++) {
                    split[i2] = StringUtil.replace(split[i2], "${comma}", ",");
                }
            }
            for (String str4 : split) {
                addPermission(str4, str2);
            }
        }
        ServletContext servletContext = ServletContextPool.get(PortalContextLoaderListener.getPortalServlerContextName());
        if (!str2.equals("execute") && this._workDir != null) {
            addPermission(this._workDir, str2);
            addPermission(String.valueOf(this._workDir) + "/-", str2);
            if (ServerDetector.isWebLogic()) {
                addPermission(String.valueOf(this._workDir) + "/../-", str2);
            }
            if (servletContext != null) {
                String absolutePath = ((File) servletContext.getAttribute("javax.servlet.context.tempdir")).getAbsolutePath();
                if (_log.isDebugEnabled()) {
                    _log.debug("Temp directory " + absolutePath);
                }
                if (str2.equals("read")) {
                    addPermission(absolutePath, str2);
                }
                addPermission(String.valueOf(absolutePath) + "/-", str2);
            }
        }
        if (str2.equals("read")) {
            UniqueList uniqueList = new UniqueList();
            try {
                addCanonicalPaths(uniqueList, new File(String.valueOf(System.getProperty("java.home")) + "/lib"));
                Enumeration<URL> resources = ClassLoader.getSystemClassLoader().getResources("META-INF/MANIFEST.MF");
                while (resources.hasMoreElements()) {
                    URL nextElement = resources.nextElement();
                    if (nextElement.openConnection() instanceof JarURLConnection) {
                        String file = ((JarURLConnection) nextElement.openConnection()).getJarFileURL().getFile();
                        int lastIndexOf = file.lastIndexOf(File.separatorChar);
                        if (lastIndexOf != -1) {
                            file = file.substring(0, lastIndexOf + 1);
                        }
                        if (ServerDetector.isJBoss7()) {
                            if (file.startsWith(System.getProperty("jboss.home.dir"))) {
                            }
                        }
                        if (ServerDetector.isJetty()) {
                            if (file.startsWith(System.getProperty("jetty.home"))) {
                            }
                        }
                        if (ServerDetector.isResin()) {
                            if (file.startsWith(System.getProperty("resin.home"))) {
                            }
                        }
                        addCanonicalPath(uniqueList, file);
                    }
                }
            } catch (IOException e) {
                _log.error(e, e);
            }
            if (Validator.isNotNull(this._globalSharedLibDir)) {
                uniqueList.add(String.valueOf(this._globalSharedLibDir) + "-");
            }
            if (this._rootDir != null) {
                uniqueList.add(this._rootDir);
                uniqueList.add(String.valueOf(this._rootDir) + "-");
            }
            addDefaultReadPaths(uniqueList, ServerDetector.getServerId());
            Iterator<String> it = uniqueList.iterator();
            while (it.hasNext()) {
                addPermission(it.next(), str2);
            }
        }
    }

    protected void initPermissions() {
        getPermissions("security-manager-files-delete", "delete");
        getPermissions("security-manager-files-execute", "execute");
        getPermissions("security-manager-files-read", "read");
        getPermissions("security-manager-files-write", "write");
    }
}
