package com.liferay.portlet;

import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.Layout;
import com.liferay.portal.kernel.model.LayoutTypePortlet;
import com.liferay.portal.kernel.model.Portlet;
import com.liferay.portal.kernel.portlet.ActionResult;
import com.liferay.portal.kernel.portlet.PortletContainer;
import com.liferay.portal.kernel.portlet.PortletContainerException;
import com.liferay.portal.kernel.portlet.PortletContainerUtil;
import com.liferay.portal.kernel.security.auth.AuthTokenUtil;
import com.liferay.portal.kernel.security.auth.AuthTokenWhitelistUtil;
import com.liferay.portal.kernel.security.auth.PrincipalException;
import com.liferay.portal.kernel.servlet.HttpHeaders;
import com.liferay.portal.kernel.servlet.TempAttributesServletRequest;
import com.liferay.portal.kernel.struts.LastPath;
import com.liferay.portal.kernel.theme.ThemeDisplay;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.PortalUtil;
import com.liferay.portal.kernel.util.WebKeys;
import com.liferay.portal.util.LayoutTypeAccessPolicyTracker;
import com.liferay.portal.util.PropsValues;
import java.util.Iterator;
import java.util.List;
import javax.portlet.Event;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/liferay/portlet/SecurityPortletContainerWrapper.class */
public class SecurityPortletContainerWrapper implements PortletContainer {
    private static final Log _log = LogFactoryUtil.getLog((Class<?>) SecurityPortletContainerWrapper.class);
    private final PortletContainer _portletContainer;

    @Deprecated
    public static PortletContainer createSecurityPortletContainerWrapper(PortletContainer portletContainer) {
        return new SecurityPortletContainerWrapper(portletContainer);
    }

    public SecurityPortletContainerWrapper(PortletContainer portletContainer) {
        this._portletContainer = portletContainer;
    }

    @Override // com.liferay.portal.kernel.portlet.PortletContainer
    public void preparePortlet(HttpServletRequest httpServletRequest, Portlet portlet) throws PortletContainerException {
        this._portletContainer.preparePortlet(httpServletRequest, portlet);
    }

    @Override // com.liferay.portal.kernel.portlet.PortletContainer
    public ActionResult processAction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Portlet portlet) throws PortletContainerException {
        try {
            checkAction(getOwnerLayoutRequestWrapper(httpServletRequest, portlet), portlet);
            return this._portletContainer.processAction(httpServletRequest, httpServletResponse, portlet);
        } catch (PortletContainerException e) {
            throw e;
        } catch (PrincipalException e2) {
            return processActionException(httpServletRequest, httpServletResponse, portlet, e2);
        } catch (Exception e3) {
            throw new PortletContainerException(e3);
        }
    }

    @Override // com.liferay.portal.kernel.portlet.PortletContainer
    public List<Event> processEvent(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Portlet portlet, Layout layout, Event event) throws PortletContainerException {
        return this._portletContainer.processEvent(httpServletRequest, httpServletResponse, portlet, layout, event);
    }

    @Override // com.liferay.portal.kernel.portlet.PortletContainer
    public void processPublicRenderParameters(HttpServletRequest httpServletRequest, Layout layout) {
        this._portletContainer.processPublicRenderParameters(httpServletRequest, layout);
    }

    @Override // com.liferay.portal.kernel.portlet.PortletContainer
    public void processPublicRenderParameters(HttpServletRequest httpServletRequest, Layout layout, Portlet portlet) {
        this._portletContainer.processPublicRenderParameters(httpServletRequest, layout, portlet);
    }

    @Override // com.liferay.portal.kernel.portlet.PortletContainer
    public void render(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Portlet portlet) throws PortletContainerException {
        try {
            checkRender(httpServletRequest, portlet);
            this._portletContainer.render(httpServletRequest, httpServletResponse, portlet);
        } catch (PortletContainerException e) {
            throw e;
        } catch (PrincipalException e2) {
            if (_log.isDebugEnabled()) {
                _log.debug(e2, e2);
            }
            processRenderException(httpServletRequest, httpServletResponse, portlet);
        } catch (Exception e3) {
            throw new PortletContainerException(e3);
        }
    }

    @Override // com.liferay.portal.kernel.portlet.PortletContainer
    public void renderHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Portlet portlet) throws PortletContainerException {
        try {
            checkRender(httpServletRequest, portlet);
            this._portletContainer.renderHeaders(httpServletRequest, httpServletResponse, portlet);
        } catch (PortletContainerException e) {
            throw e;
        } catch (PrincipalException e2) {
            if (_log.isDebugEnabled()) {
                _log.debug(e2, e2);
            }
            processRenderException(httpServletRequest, httpServletResponse, portlet);
        } catch (Exception e3) {
            throw new PortletContainerException(e3);
        }
    }

    @Override // com.liferay.portal.kernel.portlet.PortletContainer
    public void serveResource(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Portlet portlet) throws PortletContainerException {
        try {
            checkResource(getOwnerLayoutRequestWrapper(httpServletRequest, portlet), portlet);
            this._portletContainer.serveResource(httpServletRequest, httpServletResponse, portlet);
        } catch (PortletContainerException e) {
            throw e;
        } catch (PrincipalException e2) {
            processServeResourceException(httpServletRequest, httpServletResponse, portlet, e2);
        } catch (Exception e3) {
            throw new PortletContainerException(e3);
        }
    }

    protected void check(HttpServletRequest httpServletRequest, Portlet portlet) throws Exception {
        if (portlet == null) {
            return;
        }
        if (!isValidPortletId(portlet.getPortletId())) {
            if (_log.isWarnEnabled()) {
                _log.warn("Invalid portlet ID " + portlet.getPortletId());
            }
            throw new PrincipalException("Invalid portlet ID " + portlet.getPortletId());
        }
        if (portlet.isUndeployedPortlet()) {
            return;
        }
        Layout layout = (Layout) httpServletRequest.getAttribute(WebKeys.LAYOUT);
        LayoutTypeAccessPolicyTracker.getLayoutTypeAccessPolicy(layout).checkAccessAllowedToPortlet(httpServletRequest, layout, portlet);
    }

    protected void checkAction(HttpServletRequest httpServletRequest, Portlet portlet) throws Exception {
        checkCSRFProtection(httpServletRequest, portlet);
        check(httpServletRequest, portlet);
    }

    protected void checkCSRFProtection(HttpServletRequest httpServletRequest, Portlet portlet) throws PortalException {
        boolean z = GetterUtil.getBoolean(portlet.getInitParams().get("check-auth-token"), true);
        if (AuthTokenWhitelistUtil.isPortletCSRFWhitelisted(httpServletRequest, portlet)) {
            z = false;
        }
        if (z) {
            AuthTokenUtil.checkCSRFToken(httpServletRequest, SecurityPortletContainerWrapper.class.getName());
        }
    }

    protected void checkRender(HttpServletRequest httpServletRequest, Portlet portlet) throws Exception {
        check(httpServletRequest, portlet);
    }

    protected void checkResource(HttpServletRequest httpServletRequest, Portlet portlet) throws Exception {
        check(httpServletRequest, portlet);
    }

    protected String getOriginalURL(HttpServletRequest httpServletRequest) {
        LastPath lastPath = (LastPath) httpServletRequest.getAttribute(WebKeys.LAST_PATH);
        return lastPath == null ? String.valueOf(httpServletRequest.getRequestURI()) : StringBundler.concat(PortalUtil.getPortalURL(httpServletRequest), lastPath.getContextPath(), lastPath.getPath());
    }

    protected HttpServletRequest getOwnerLayoutRequestWrapper(HttpServletRequest httpServletRequest, Portlet portlet) throws Exception {
        if (!PropsValues.PORTLET_EVENT_DISTRIBUTION_LAYOUT_SET || PropsValues.PORTLET_CROSS_LAYOUT_INVOCATION_MODE.equals("render")) {
            return httpServletRequest;
        }
        Layout layout = null;
        LayoutTypePortlet layoutTypePortlet = null;
        Iterator<LayoutTypePortlet> it = PortletContainerUtil.getLayoutTypePortlets((Layout) httpServletRequest.getAttribute(WebKeys.LAYOUT)).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            LayoutTypePortlet next = it.next();
            if (next.hasPortletId(portlet.getPortletId())) {
                layoutTypePortlet = next;
                layout = next.getLayout();
                break;
            }
        }
        if (layout == null) {
            return httpServletRequest;
        }
        ThemeDisplay themeDisplay = (ThemeDisplay) httpServletRequest.getAttribute(WebKeys.THEME_DISPLAY);
        if (themeDisplay.getLayout().equals(layout)) {
            return httpServletRequest;
        }
        ThemeDisplay themeDisplay2 = (ThemeDisplay) themeDisplay.clone();
        themeDisplay2.setLayout(layout);
        themeDisplay2.setLayoutTypePortlet(layoutTypePortlet);
        TempAttributesServletRequest tempAttributesServletRequest = new TempAttributesServletRequest(httpServletRequest);
        tempAttributesServletRequest.setTempAttribute(WebKeys.LAYOUT, layout);
        tempAttributesServletRequest.setTempAttribute(WebKeys.THEME_DISPLAY, themeDisplay2);
        return tempAttributesServletRequest;
    }

    protected boolean isValidPortletId(String str) {
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if ((charAt < 'a' || charAt > 'z') && ((charAt < 'A' || charAt > 'Z') && !((charAt >= '0' && charAt <= '9') || charAt == '$' || charAt == '#' || charAt == '_'))) {
                return false;
            }
        }
        return true;
    }

    protected ActionResult processActionException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Portlet portlet, PrincipalException principalException) {
        if (_log.isDebugEnabled()) {
            _log.debug(principalException, principalException);
        }
        if (_log.isWarnEnabled() && !(principalException instanceof PrincipalException.MustHaveSessionCSRFToken)) {
            _log.warn(String.format("User %s is not allowed to access URL %s and portlet %s: %s", Long.valueOf(PortalUtil.getUserId(httpServletRequest)), getOriginalURL(httpServletRequest), portlet.getPortletId(), principalException.getMessage()));
        }
        httpServletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
        return ActionResult.EMPTY_ACTION_RESULT;
    }

    protected void processRenderException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Portlet portlet) throws PortletContainerException {
        String str = null;
        if (portlet.isShowPortletAccessDenied()) {
            str = "/html/portal/portlet_access_denied.jsp";
        }
        if (str != null) {
            try {
                PortalUtil.getOriginalServletRequest(httpServletRequest).getRequestDispatcher(str).include(httpServletRequest, httpServletResponse);
            } catch (Exception e) {
                throw new PortletContainerException(e);
            }
        }
    }

    protected void processServeResourceException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Portlet portlet, PrincipalException principalException) {
        if (_log.isDebugEnabled()) {
            _log.debug(principalException, principalException);
        }
        httpServletResponse.setHeader("Cache-Control", HttpHeaders.CACHE_CONTROL_NO_CACHE_VALUE);
        httpServletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
        if (!(principalException instanceof PrincipalException.MustHaveSessionCSRFToken) && _log.isWarnEnabled()) {
            _log.warn(String.format("User %s is not allowed to serve resource for %s on %s: %s", Long.valueOf(PortalUtil.getUserId(httpServletRequest)), getOriginalURL(httpServletRequest), portlet.getPortletId(), principalException.getMessage()));
        }
    }
}
