package com.liferay.portal.security.auth;

import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.Portlet;
import com.liferay.portal.kernel.portlet.LiferayPortletURL;
import com.liferay.portal.kernel.portlet.PortletIdCodec;
import com.liferay.portal.kernel.security.auth.BaseAuthTokenWhitelist;
import com.liferay.portal.kernel.service.LayoutLocalServiceUtil;
import com.liferay.portal.kernel.service.PortletLocalServiceUtil;
import com.liferay.portal.kernel.util.PortalUtil;
import com.liferay.portal.kernel.util.PropsKeys;
import com.liferay.portal.kernel.util.Validator;
import java.util.Collections;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/liferay/portal/security/auth/StrutsPortletAuthTokenWhitelist.class */
public class StrutsPortletAuthTokenWhitelist extends BaseAuthTokenWhitelist {
    private static final Log _log = LogFactoryUtil.getLog((Class<?>) StrutsPortletAuthTokenWhitelist.class);
    private final Set<String> _portletCSRFWhitelist = Collections.newSetFromMap(new ConcurrentHashMap());
    private final Set<String> _portletInvocationWhitelist = Collections.newSetFromMap(new ConcurrentHashMap());

    public StrutsPortletAuthTokenWhitelist() {
        trackWhitelistServices(PropsKeys.AUTH_TOKEN_IGNORE_ACTIONS, this._portletCSRFWhitelist);
        registerPortalProperty(PropsKeys.AUTH_TOKEN_IGNORE_ACTIONS);
        trackWhitelistServices(PropsKeys.PORTLET_ADD_DEFAULT_RESOURCE_CHECK_WHITELIST_ACTIONS, this._portletInvocationWhitelist);
        registerPortalProperty(PropsKeys.PORTLET_ADD_DEFAULT_RESOURCE_CHECK_WHITELIST_ACTIONS);
    }

    @Override // com.liferay.portal.kernel.security.auth.BaseAuthTokenWhitelist, com.liferay.portal.kernel.security.auth.AuthTokenWhitelist
    public boolean isPortletCSRFWhitelisted(HttpServletRequest httpServletRequest, Portlet portlet) {
        String portletId = portlet.getPortletId();
        String parameter = httpServletRequest.getParameter(PortalUtil.getPortletNamespace(portletId).concat("struts_action"));
        return Validator.isNotNull(parameter) && this._portletCSRFWhitelist.contains(parameter) && isValidStrutsAction(portlet.getCompanyId(), PortletIdCodec.decodePortletName(portletId), parameter);
    }

    @Override // com.liferay.portal.kernel.security.auth.BaseAuthTokenWhitelist, com.liferay.portal.kernel.security.auth.AuthTokenWhitelist
    public boolean isPortletInvocationWhitelisted(HttpServletRequest httpServletRequest, Portlet portlet) {
        String portletId = portlet.getPortletId();
        String parameter = httpServletRequest.getParameter(PortalUtil.getPortletNamespace(portletId).concat("struts_action"));
        if (Validator.isNull(parameter)) {
            parameter = httpServletRequest.getParameter("struts_action");
        }
        return Validator.isNotNull(parameter) && this._portletInvocationWhitelist.contains(parameter) && isValidStrutsAction(portlet.getCompanyId(), portletId, parameter);
    }

    @Override // com.liferay.portal.kernel.security.auth.BaseAuthTokenWhitelist, com.liferay.portal.kernel.security.auth.AuthTokenWhitelist
    public boolean isPortletURLCSRFWhitelisted(LiferayPortletURL liferayPortletURL) {
        String parameter = liferayPortletURL.getParameter("struts_action");
        if (Validator.isBlank(parameter) || !this._portletCSRFWhitelist.contains(parameter)) {
            return false;
        }
        long plid = liferayPortletURL.getPlid();
        if (LayoutLocalServiceUtil.fetchLayout(plid) != null) {
            return isValidStrutsAction(0L, PortletIdCodec.decodePortletName(liferayPortletURL.getPortletId()), parameter);
        }
        if (!_log.isDebugEnabled()) {
            return false;
        }
        _log.debug("Unable to load layout " + plid);
        return false;
    }

    @Override // com.liferay.portal.kernel.security.auth.BaseAuthTokenWhitelist, com.liferay.portal.kernel.security.auth.AuthTokenWhitelist
    public boolean isPortletURLPortletInvocationWhitelisted(LiferayPortletURL liferayPortletURL) {
        String parameter = liferayPortletURL.getParameter("struts_action");
        if (Validator.isBlank(parameter) || !this._portletInvocationWhitelist.contains(parameter)) {
            return false;
        }
        long plid = liferayPortletURL.getPlid();
        if (LayoutLocalServiceUtil.fetchLayout(plid) != null) {
            return isValidStrutsAction(0L, liferayPortletURL.getPortletId(), parameter);
        }
        if (!_log.isDebugEnabled()) {
            return false;
        }
        _log.debug("Unable to load layout " + plid);
        return false;
    }

    protected boolean isValidStrutsAction(long j, String str, String str2) {
        try {
            Portlet portletById = PortletLocalServiceUtil.getPortletById(j, str);
            if (portletById == null) {
                return false;
            }
            String substring = str2.substring(1, str2.lastIndexOf(47));
            if (substring.equals(portletById.getStrutsPath())) {
                return true;
            }
            return substring.equals(portletById.getParentStrutsPath());
        } catch (Exception e) {
            if (!_log.isDebugEnabled()) {
                return false;
            }
            _log.debug(e, e);
            return false;
        }
    }
}
