package com.liferay.multi.factor.authentication.ip.address.internal.checker;

import com.liferay.multi.factor.authentication.ip.address.internal.audit.MFAIPAddressAuditMessageBuilder;
import com.liferay.multi.factor.authentication.ip.address.internal.configuration.MFAIPAddressConfiguration;
import com.liferay.multi.factor.authentication.spi.checker.headless.HeadlessMFAChecker;
import com.liferay.osgi.util.service.Snapshot;
import com.liferay.portal.configuration.metatype.bnd.util.ConfigurableUtil;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.security.access.control.AccessControlUtil;
import com.liferay.portal.kernel.security.auth.CompanyThreadLocal;
import com.liferay.portal.kernel.service.UserLocalService;
import com.liferay.portal.kernel.util.HashMapDictionary;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;

@Component(configurationPid = {"com.liferay.multi.factor.authentication.ip.address.internal.configuration.MFAIPAddressConfiguration.scoped"}, service = {})
/* loaded from: input_file:com/liferay/multi/factor/authentication/ip/address/internal/checker/IPAddressHeadlessMFAChecker.class */
public class IPAddressHeadlessMFAChecker implements HeadlessMFAChecker {
    private static final Log _log = LogFactoryUtil.getLog(IPAddressHeadlessMFAChecker.class);
    private static final Snapshot<MFAIPAddressAuditMessageBuilder> _mfaIPAddressAuditMessageBuilderSnapshot = new Snapshot<>(IPAddressHeadlessMFAChecker.class, MFAIPAddressAuditMessageBuilder.class);
    private Set<String> _allowedIpAddressesAndNetmasks;
    private ServiceRegistration<HeadlessMFAChecker> _serviceRegistration;

    @Reference
    private UserLocalService _userLocalService;

    public boolean verifyHeadlessRequest(HttpServletRequest httpServletRequest, long j) {
        User fetchUser = this._userLocalService.fetchUser(j);
        if (fetchUser == null) {
            if (_log.isWarnEnabled()) {
                _log.warn("Requested IP address verification for nonexistent user " + j);
            }
            MFAIPAddressAuditMessageBuilder mFAIPAddressAuditMessageBuilder = (MFAIPAddressAuditMessageBuilder) _mfaIPAddressAuditMessageBuilderSnapshot.get();
            if (mFAIPAddressAuditMessageBuilder == null) {
                return false;
            }
            mFAIPAddressAuditMessageBuilder.routeAuditMessage(mFAIPAddressAuditMessageBuilder.buildNonexistentUserVerificationFailureAuditMessage(CompanyThreadLocal.getCompanyId().longValue(), j, _getClassName()));
            return false;
        }
        if (AccessControlUtil.isAccessAllowed(httpServletRequest, this._allowedIpAddressesAndNetmasks)) {
            MFAIPAddressAuditMessageBuilder mFAIPAddressAuditMessageBuilder2 = (MFAIPAddressAuditMessageBuilder) _mfaIPAddressAuditMessageBuilderSnapshot.get();
            if (mFAIPAddressAuditMessageBuilder2 == null) {
                return true;
            }
            mFAIPAddressAuditMessageBuilder2.routeAuditMessage(mFAIPAddressAuditMessageBuilder2.buildVerificationSuccessAuditMessage(fetchUser, _getClassName()));
            return true;
        }
        MFAIPAddressAuditMessageBuilder mFAIPAddressAuditMessageBuilder3 = (MFAIPAddressAuditMessageBuilder) _mfaIPAddressAuditMessageBuilderSnapshot.get();
        if (mFAIPAddressAuditMessageBuilder3 == null) {
            return false;
        }
        mFAIPAddressAuditMessageBuilder3.routeAuditMessage(mFAIPAddressAuditMessageBuilder3.buildVerificationFailureAuditMessage(fetchUser, _getClassName(), "IP is not allowed"));
        return false;
    }

    @Activate
    protected void activate(BundleContext bundleContext, Map<String, Object> map) {
        MFAIPAddressConfiguration mFAIPAddressConfiguration = (MFAIPAddressConfiguration) ConfigurableUtil.createConfigurable(MFAIPAddressConfiguration.class, map);
        if (mFAIPAddressConfiguration.enabled()) {
            this._allowedIpAddressesAndNetmasks = new HashSet(Arrays.asList(mFAIPAddressConfiguration.allowedIPAddressAndNetMask()));
            this._serviceRegistration = bundleContext.registerService(HeadlessMFAChecker.class, this, new HashMapDictionary(map));
        }
    }

    @Deactivate
    protected void deactivate() {
        if (this._serviceRegistration == null) {
            return;
        }
        this._serviceRegistration.unregister();
    }

    private String _getClassName() {
        return getClass().getName();
    }
}
