package com.liferay.sync.security.auth.verifier;

import com.google.common.collect.Lists;
import com.google.gson.JsonObject;
import com.google.gson.JsonPrimitive;
import com.liferay.portal.kernel.security.auth.AccessControlContext;
import com.liferay.portal.kernel.security.auth.AuthException;
import com.liferay.portal.kernel.security.auth.http.HttpAuthManagerUtil;
import com.liferay.portal.kernel.security.auth.http.HttpAuthorizationHeader;
import com.liferay.portal.kernel.security.auth.verifier.AuthVerifier;
import com.liferay.portal.kernel.security.auth.verifier.AuthVerifierResult;
import com.liferay.portal.kernel.service.UserLocalService;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.PwdGenerator;
import com.liferay.portal.kernel.util.Validator;
import java.util.Date;
import java.util.List;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.oauth.jsontoken.Checker;
import net.oauth.jsontoken.JsonToken;
import net.oauth.jsontoken.JsonTokenParser;
import net.oauth.jsontoken.crypto.HmacSHA256Signer;
import net.oauth.jsontoken.crypto.HmacSHA256Verifier;
import net.oauth.jsontoken.crypto.SignatureAlgorithm;
import net.oauth.jsontoken.crypto.Signer;
import net.oauth.jsontoken.crypto.Verifier;
import net.oauth.jsontoken.discovery.VerifierProvider;
import net.oauth.jsontoken.discovery.VerifierProviders;
import org.joda.time.Instant;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(immediate = true, property = {"auth.verifier.SyncAuthVerifier.urls.includes=/api/jsonws/sync.syncdevice/*,/api/jsonws/sync.syncdlobject/*"})
/* loaded from: input_file:com/liferay/sync/security/auth/verifier/SyncAuthVerifier.class */
public class SyncAuthVerifier implements AuthVerifier {
    private static final long _EXPIRATION = 3600000;
    private static final String _SECRET = PwdGenerator.getPassword();
    private static final String _TOKEN_HEADER = "Sync-JWT";
    private static JsonTokenParser _jsonTokenParser;
    private static Signer _signer;
    private UserLocalService _userLocalService;

    public String getAuthType() {
        return SyncAuthVerifier.class.getSimpleName();
    }

    public String getUserId(String str) {
        try {
            JsonToken verifyAndDeserialize = getJsonTokenParser().verifyAndDeserialize(str);
            JsonPrimitive paramAsPrimitive = verifyAndDeserialize.getParamAsPrimitive("userId");
            if (paramAsPrimitive == null) {
                return null;
            }
            long asLong = paramAsPrimitive.getAsLong();
            Date passwordModifiedDate = this._userLocalService.fetchUser(asLong).getPasswordModifiedDate();
            if (passwordModifiedDate == null || !verifyAndDeserialize.getIssuedAt().isBefore(passwordModifiedDate.getTime())) {
                return String.valueOf(asLong);
            }
            return null;
        } catch (Exception e) {
            return null;
        }
    }

    public AuthVerifierResult verify(AccessControlContext accessControlContext, Properties properties) throws AuthException {
        AuthVerifierResult authVerifierResult = new AuthVerifierResult();
        HttpServletRequest request = accessControlContext.getRequest();
        if (((String) request.getAttribute("INVOKER_FILTER_URI")).startsWith("/download/") && !request.getContextPath().equals("/o/sync")) {
            return authVerifierResult;
        }
        try {
            String[] credentials = getCredentials(request, accessControlContext.getResponse());
            if (credentials != null) {
                authVerifierResult.setPassword(credentials[1]);
                authVerifierResult.setState(AuthVerifierResult.State.SUCCESS);
                authVerifierResult.setUserId(GetterUtil.getLong(credentials[0]));
            } else {
                accessControlContext.getSettings().remove("basic_auth");
            }
            return authVerifierResult;
        } catch (Exception e) {
            throw new AuthException(e);
        }
    }

    protected String createToken(long j) {
        try {
            JsonToken jsonToken = new JsonToken(getSigner());
            Instant instant = new Instant();
            jsonToken.setExpiration(instant.plus(_EXPIRATION));
            jsonToken.setIssuedAt(instant);
            jsonToken.getPayloadAsJsonObject().addProperty("userId", Long.valueOf(j));
            try {
                return jsonToken.serializeAndSign();
            } catch (Exception e) {
                return null;
            }
        } catch (Exception e2) {
            return null;
        }
    }

    protected String[] getCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String userId;
        String header = httpServletRequest.getHeader(_TOKEN_HEADER);
        if (Validator.isNotNull(header) && (userId = getUserId(header)) != null) {
            return new String[]{userId, null};
        }
        HttpAuthorizationHeader parse = HttpAuthManagerUtil.parse(httpServletRequest);
        if (parse == null) {
            return null;
        }
        long basicUserId = HttpAuthManagerUtil.getBasicUserId(httpServletRequest);
        if (basicUserId <= 0) {
            throw new AuthException();
        }
        String createToken = createToken(basicUserId);
        if (createToken != null) {
            httpServletResponse.addHeader(_TOKEN_HEADER, createToken);
        }
        return new String[]{String.valueOf(basicUserId), parse.getAuthParameter("password")};
    }

    protected JsonTokenParser getJsonTokenParser() throws Exception {
        if (_jsonTokenParser != null) {
            return _jsonTokenParser;
        }
        final HmacSHA256Verifier hmacSHA256Verifier = new HmacSHA256Verifier(_SECRET.getBytes());
        VerifierProvider verifierProvider = new VerifierProvider() { // from class: com.liferay.sync.security.auth.verifier.SyncAuthVerifier.1
            @Override // net.oauth.jsontoken.discovery.VerifierProvider
            public List<Verifier> findVerifier(String str, String str2) {
                return Lists.newArrayList(hmacSHA256Verifier);
            }
        };
        VerifierProviders verifierProviders = new VerifierProviders();
        verifierProviders.setVerifierProvider(SignatureAlgorithm.HS256, verifierProvider);
        _jsonTokenParser = new JsonTokenParser(verifierProviders, new Checker() { // from class: com.liferay.sync.security.auth.verifier.SyncAuthVerifier.2
            @Override // net.oauth.jsontoken.Checker
            public void check(JsonObject jsonObject) {
            }
        });
        return _jsonTokenParser;
    }

    protected Signer getSigner() {
        if (_signer != null) {
            return _signer;
        }
        try {
            _signer = new HmacSHA256Signer(null, null, _SECRET.getBytes());
            return _signer;
        } catch (Exception e) {
            return null;
        }
    }

    @Reference(unbind = "-")
    protected void setUserLocalService(UserLocalService userLocalService) {
        this._userLocalService = userLocalService;
    }
}
