001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.portlet.LiferayPortletURL;
018    import com.liferay.portal.kernel.security.pacl.permission.PortalRuntimePermission;
019    import com.liferay.portal.model.Portlet;
020    import com.liferay.registry.collections.ServiceTrackerCollections;
021    import com.liferay.registry.collections.ServiceTrackerList;
022    
023    import java.util.HashSet;
024    import java.util.Set;
025    
026    import javax.servlet.http.HttpServletRequest;
027    
028    /**
029     * @author Tomas Polesovsky
030     * @author Raymond Aug??
031     */
032    public class AuthTokenWhitelistUtil {
033    
034            /**
035             * @deprecated As of 7.0.0, with no direct replacement
036             */
037            @Deprecated
038            public static AuthTokenWhitelist getAuthTokenWhitelist() {
039                    PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
040    
041                    if (_authTokenWhitelists.size() > 0) {
042                            return _authTokenWhitelists.get(0);
043                    }
044    
045                    return null;
046            }
047    
048            /**
049             * @deprecated As of 7.0.0, with no direct replacement
050             */
051            @Deprecated
052            public static Set<String> getPortletCSRFWhitelist() {
053                    PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
054    
055                    Set<String> portletCSRFWhitelist = new HashSet<>();
056    
057                    for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
058                            portletCSRFWhitelist.addAll(
059                                    authTokenWhitelist.getPortletCSRFWhitelist());
060                    }
061    
062                    return portletCSRFWhitelist;
063            }
064    
065            /**
066             * @deprecated As of 7.0.0, with no direct replacement
067             */
068            @Deprecated
069            public static Set<String> getPortletCSRFWhitelistActions() {
070                    PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
071    
072                    Set<String> portletCSRFWhitelistActions = new HashSet<>();
073    
074                    for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
075                            portletCSRFWhitelistActions.addAll(
076                                    authTokenWhitelist.getPortletCSRFWhitelistActions());
077                    }
078    
079                    return portletCSRFWhitelistActions;
080            }
081    
082            /**
083             * @deprecated As of 7.0.0, with no direct replacement
084             */
085            @Deprecated
086            public static Set<String> getPortletInvocationWhitelist() {
087                    PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
088    
089                    Set<String> portletInvocationWhitelist = new HashSet<>();
090    
091                    for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
092                            portletInvocationWhitelist.addAll(
093                                    authTokenWhitelist.getPortletInvocationWhitelist());
094                    }
095    
096                    return portletInvocationWhitelist;
097            }
098    
099            /**
100             * @deprecated As of 7.0.0, with no direct replacement
101             */
102            @Deprecated
103            public static Set<String> getPortletInvocationWhitelistActions() {
104                    PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
105    
106                    Set<String> portletInvocationWhitelistActions = new HashSet<>();
107    
108                    for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
109                            portletInvocationWhitelistActions.addAll(
110                                    authTokenWhitelist.getPortletInvocationWhitelistActions());
111                    }
112    
113                    return portletInvocationWhitelistActions;
114            }
115    
116            /**
117             * @deprecated As of 7.0.0, replaced by {@link
118             *             #isOriginCSRFWhitelisted(long, String)}
119             */
120            @Deprecated
121            public static boolean isCSRFOrigintWhitelisted(
122                    long companyId, String origin) {
123    
124                    return isOriginCSRFWhitelisted(companyId, origin);
125            }
126    
127            public static boolean isOriginCSRFWhitelisted(
128                    long companyId, String origin) {
129    
130                    PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
131    
132                    for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
133                            if (authTokenWhitelist.isOriginCSRFWhitelisted(companyId, origin)) {
134                                    return true;
135                            }
136                    }
137    
138                    return false;
139            }
140    
141            public static boolean isPortletCSRFWhitelisted(
142                    HttpServletRequest request, Portlet portlet) {
143    
144                    PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
145    
146                    for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
147                            if (authTokenWhitelist.isPortletCSRFWhitelisted(request, portlet)) {
148                                    return true;
149                            }
150                    }
151    
152                    return false;
153            }
154    
155            /**
156             * @deprecated As of 7.0.0, replaced by {@link
157             *             #isPortletCSRFWhitelisted(HttpServletRequest, Portlet)}
158             */
159            @Deprecated
160            public static boolean isPortletCSRFWhitelisted(
161                    long companyId, String portletId, String strutsAction) {
162    
163                    PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
164    
165                    for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
166                            if (authTokenWhitelist.isPortletCSRFWhitelisted(
167                                            companyId, portletId, strutsAction)) {
168    
169                                    return true;
170                            }
171                    }
172    
173                    return false;
174            }
175    
176            public static boolean isPortletInvocationWhitelisted(
177                    HttpServletRequest request, Portlet portlet) {
178    
179                    PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
180    
181                    for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
182                            if (authTokenWhitelist.isPortletInvocationWhitelisted(
183                                            request, portlet)) {
184    
185                                    return true;
186                            }
187                    }
188    
189                    return false;
190            }
191    
192            /**
193             * @deprecated As of 7.0.0, replaced by {@link
194             *             #isPortletInvocationWhitelisted(HttpServletRequest, Portlet)}
195             */
196            @Deprecated
197            public static boolean isPortletInvocationWhitelisted(
198                    long companyId, String portletId, String strutsAction) {
199    
200                    PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
201    
202                    for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
203                            if (authTokenWhitelist.isPortletInvocationWhitelisted(
204                                            companyId, portletId, strutsAction)) {
205    
206                                    return true;
207                            }
208                    }
209    
210                    return false;
211            }
212    
213            public static boolean isPortletURLCSRFWhitelisted(
214                    LiferayPortletURL liferayPortletURL) {
215    
216                    PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
217    
218                    for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
219                            if (authTokenWhitelist.isPortletURLCSRFWhitelisted(
220                                            liferayPortletURL)) {
221    
222                                    return true;
223                            }
224                    }
225    
226                    return false;
227            }
228    
229            public static boolean isPortletURLPortletInvocationWhitelisted(
230                    LiferayPortletURL liferayPortletURL) {
231    
232                    PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
233    
234                    for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
235                            if (authTokenWhitelist.isPortletURLPortletInvocationWhitelisted(
236                                            liferayPortletURL)) {
237    
238                                    return true;
239                            }
240                    }
241    
242                    return false;
243            }
244    
245            public static boolean isValidSharedSecret(String sharedSecret) {
246                    PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
247    
248                    for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
249                            if (authTokenWhitelist.isValidSharedSecret(sharedSecret)) {
250                                    return true;
251                            }
252                    }
253    
254                    return false;
255            }
256    
257            /**
258             * @deprecated As of 7.0.0, with no direct replacement
259             */
260            @Deprecated
261            public static Set<String> resetOriginCSRFWhitelist() {
262                    PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
263    
264                    Set<String> originCSRFWhitelist = new HashSet<>();
265    
266                    for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
267                            originCSRFWhitelist.addAll(
268                                    authTokenWhitelist.resetOriginCSRFWhitelist());
269                    }
270    
271                    return originCSRFWhitelist;
272            }
273    
274            /**
275             * @deprecated As of 7.0.0, with no direct replacement
276             */
277            @Deprecated
278            public static Set<String> resetPortletCSRFWhitelist() {
279                    PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
280    
281                    Set<String> portletCSRFWhitelist = new HashSet<>();
282    
283                    for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
284                            portletCSRFWhitelist.addAll(
285                                    authTokenWhitelist.resetPortletCSRFWhitelist());
286                    }
287    
288                    return portletCSRFWhitelist;
289            }
290    
291            /**
292             * @deprecated As of 7.0.0, with no direct replacement
293             */
294            @Deprecated
295            public static Set<String> resetPortletInvocationWhitelist() {
296                    PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
297    
298                    Set<String> portletInvocationWhitelist = new HashSet<>();
299    
300                    for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
301                            portletInvocationWhitelist.addAll(
302                                    authTokenWhitelist.resetPortletInvocationWhitelist());
303                    }
304    
305                    return portletInvocationWhitelist;
306            }
307    
308            /**
309             * @deprecated As of 7.0.0, with no direct replacement
310             */
311            @Deprecated
312            public static Set<String> resetPortletInvocationWhitelistActions() {
313                    PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
314    
315                    Set<String> portletInvocationWhitelistActions = new HashSet<>();
316    
317                    for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
318                            portletInvocationWhitelistActions.addAll(
319                                    authTokenWhitelist.resetPortletInvocationWhitelistActions());
320                    }
321    
322                    return portletInvocationWhitelistActions;
323            }
324    
325            /**
326             * @deprecated As of 7.0.0, replaced with no direct replacement
327             */
328            @Deprecated
329            public void setAuthTokenWhitelist(AuthTokenWhitelist authTokenWhitelist) {
330            }
331    
332            private static final ServiceTrackerList<AuthTokenWhitelist>
333                    _authTokenWhitelists = ServiceTrackerCollections.openList(
334                            AuthTokenWhitelist.class);
335    
336    }