package com.liferay.portal.security.pacl;

import com.liferay.portal.kernel.security.pacl.permission.CheckMemberAccessPermission;
import com.liferay.portal.kernel.security.pacl.permission.PortalHookPermission;
import com.liferay.portal.kernel.security.pacl.permission.PortalMessageBusPermission;
import com.liferay.portal.kernel.security.pacl.permission.PortalRuntimePermission;
import com.liferay.portal.kernel.security.pacl.permission.PortalServicePermission;
import com.liferay.portal.kernel.util.JavaDetector;
import com.liferay.portal.kernel.util.WeakValueConcurrentHashMap;
import com.liferay.portal.security.pacl.PACLUtil;
import java.lang.reflect.Field;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.util.Enumeration;
import java.util.concurrent.ConcurrentMap;

/* loaded from: input_file:com/liferay/portal/security/pacl/PortalPolicy.class */
public class PortalPolicy extends Policy {
    private static ThreadLocal<Boolean> _started = new ThreadLocal<Boolean>() { // from class: com.liferay.portal.security.pacl.PortalPolicy.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public Boolean initialValue() {
            return Boolean.FALSE;
        }
    };
    private Field _field;
    private Policy _policy;
    private PACLPolicy _paclPolicy = PACLPolicyManager.getDefaultPACLPolicy();
    private ConcurrentMap<Object, PermissionCollection> _permissionCollections = new WeakValueConcurrentHashMap();
    private ConcurrentMap<URLWrapper, PermissionCollection> _urlPermissionCollections = new WeakValueConcurrentHashMap();

    /* loaded from: input_file:com/liferay/portal/security/pacl/PortalPolicy$FieldPrivilegedExceptionAction.class */
    private class FieldPrivilegedExceptionAction implements PrivilegedExceptionAction<Field> {
        private FieldPrivilegedExceptionAction() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedExceptionAction
        public Field run() throws Exception {
            Field declaredField = ProtectionDomain.class.getDeclaredField("key");
            declaredField.setAccessible(true);
            return declaredField;
        }

        /* synthetic */ FieldPrivilegedExceptionAction(PortalPolicy portalPolicy, FieldPrivilegedExceptionAction fieldPrivilegedExceptionAction) {
            this();
        }
    }

    public PortalPolicy(Policy policy) throws PrivilegedActionException {
        if (policy instanceof PortalPolicy) {
            throw new IllegalArgumentException("Liferay's PortalPolicy class should not wrap itself");
        }
        this._policy = policy;
        this._field = (Field) AccessController.doPrivileged(new FieldPrivilegedExceptionAction(this, null));
    }

    public Policy getOriginalPolicy() {
        return this._policy;
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        if (codeSource == null || codeSource.getLocation() == null) {
            return new LenientPermissionCollection();
        }
        URLWrapper uRLWrapper = new URLWrapper(codeSource.getLocation());
        PermissionCollection permissionCollection = this._urlPermissionCollections.get(uRLWrapper);
        if (permissionCollection != null) {
            return permissionCollection;
        }
        PACLPolicy pACLPolicy = PACLPolicyManager.getPACLPolicy(codeSource.getLocation());
        LenientPermissionCollection portalPermissionCollection = pACLPolicy != null ? new PortalPermissionCollection(pACLPolicy) : new LenientPermissionCollection();
        this._urlPermissionCollections.put(uRLWrapper, portalPermissionCollection);
        return portalPermissionCollection;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v14, types: [java.security.PermissionCollection] */
    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        CodeSource codeSource;
        if (protectionDomain == null) {
            return new LenientPermissionCollection();
        }
        Object _getKey = _getKey(protectionDomain);
        PermissionCollection permissionCollection = null;
        if (_getKey != null) {
            permissionCollection = this._permissionCollections.get(_getKey);
        }
        if (permissionCollection == null && (codeSource = protectionDomain.getCodeSource()) != null && codeSource.getLocation() != null) {
            permissionCollection = this._urlPermissionCollections.get(new URLWrapper(codeSource.getLocation()));
        }
        if (permissionCollection != null) {
            return permissionCollection;
        }
        PACLPolicy pACLPolicy = PACLPolicyManager.getPACLPolicy(protectionDomain);
        LenientPermissionCollection portalPermissionCollection = pACLPolicy != null ? new PortalPermissionCollection(pACLPolicy) : JavaDetector.isIBM() ? this._policy.getPermissions(protectionDomain) : new LenientPermissionCollection();
        if (_getKey != null) {
            this._permissionCollections.put(_getKey, portalPermissionCollection);
        }
        return portalPermissionCollection;
    }

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        if (_started.get().booleanValue()) {
            return true;
        }
        try {
            _started.set(true);
            PermissionCollection permissionCollection = null;
            if (JavaDetector.isIBM()) {
                permissionCollection = getPermissions(protectionDomain);
                if (permissionCollection != null && !(permissionCollection instanceof PortalPermissionCollection)) {
                    Enumeration<Permission> elements = permissionCollection.elements();
                    while (elements.hasMoreElements()) {
                        if (elements.nextElement() instanceof AllPermission) {
                            _started.remove();
                            return true;
                        }
                    }
                }
            }
            if (!(permission instanceof PACLUtil.Permission) && !this._paclPolicy.isCheckablePermission(permission)) {
                boolean _checkWithParentPolicy = _checkWithParentPolicy(protectionDomain, permission);
                _started.remove();
                return _checkWithParentPolicy;
            }
            if (!JavaDetector.isIBM()) {
                permissionCollection = getPermissions(protectionDomain);
            }
            if (!(permissionCollection instanceof PortalPermissionCollection)) {
                boolean _checkWithParentPolicy2 = _checkWithParentPolicy(protectionDomain, permission);
                _started.remove();
                return _checkWithParentPolicy2;
            }
            if (!permissionCollection.implies(permission) && !_checkWithPACLPolicyPolicy(protectionDomain, permission, permissionCollection)) {
                throw new AccessControlException("Access denied " + permission, permission);
            }
            _started.remove();
            return true;
        } catch (Throwable th) {
            _started.remove();
            throw th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v3, types: [java.util.concurrent.ConcurrentMap<java.lang.Object, java.security.PermissionCollection>] */
    /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v9 */
    @Override // java.security.Policy
    public void refresh() {
        if (this._policy != null) {
            this._policy.refresh();
        }
        ?? r0 = this._permissionCollections;
        synchronized (r0) {
            this._permissionCollections.clear();
            this._urlPermissionCollections.clear();
            r0 = r0;
        }
    }

    private boolean _checkWithPACLPolicyPolicy(ProtectionDomain protectionDomain, Permission permission, PermissionCollection permissionCollection) {
        PortalPermissionCollection portalPermissionCollection = (PortalPermissionCollection) permissionCollection;
        Policy policy = portalPermissionCollection.getPolicy();
        ClassLoader classLoader = portalPermissionCollection.getClassLoader();
        if (policy == null || classLoader != protectionDomain.getClassLoader()) {
            return false;
        }
        return policy.implies(protectionDomain, permission);
    }

    private boolean _checkWithParentPolicy(ProtectionDomain protectionDomain, Permission permission) {
        if (this._policy == null || (permission instanceof CheckMemberAccessPermission) || (permission instanceof PortalHookPermission) || (permission instanceof PortalMessageBusPermission) || (permission instanceof PortalRuntimePermission) || (permission instanceof PortalServicePermission) || (permission instanceof PACLUtil.Permission)) {
            return true;
        }
        return this._policy.implies(protectionDomain, permission);
    }

    private Object _getKey(ProtectionDomain protectionDomain) {
        try {
            return this._field.get(protectionDomain);
        } catch (Exception unused) {
            return null;
        }
    }
}
