package com.liferay.portal.security.auth;

import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.SetUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.service.permission.PortletPermissionUtil;
import com.liferay.portal.util.PortalUtil;
import com.liferay.portal.util.PropsUtil;
import com.liferay.portal.util.PropsValues;
import com.liferay.util.Encryptor;
import com.liferay.util.PwdGenerator;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/liferay/portal/security/auth/SessionAuthToken.class */
public class SessionAuthToken implements AuthToken {
    private static final String _PORTAL = "PORTAL";
    private Set<String> _ignoreActions = SetUtil.fromArray(PropsUtil.getArray("auth.token.ignore.actions"));

    public void check(HttpServletRequest httpServletRequest) throws PrincipalException {
        if (isIgnoreAction(httpServletRequest)) {
            return;
        }
        String string = ParamUtil.getString(httpServletRequest, "p_auth");
        String sessionAuthenticationToken = getSessionAuthenticationToken(httpServletRequest, _PORTAL);
        String digest = Encryptor.digest(PropsValues.AUTH_TOKEN_SHARED_SECRET);
        String string2 = ParamUtil.getString(httpServletRequest, "p_auth_secret");
        if (!string.equals(sessionAuthenticationToken) && !string2.equals(digest)) {
            throw new PrincipalException("Invalid authentication token");
        }
    }

    public String getToken(HttpServletRequest httpServletRequest) {
        return getSessionAuthenticationToken(httpServletRequest, _PORTAL);
    }

    public String getToken(HttpServletRequest httpServletRequest, long j, String str) {
        return getSessionAuthenticationToken(httpServletRequest, PortletPermissionUtil.getPrimaryKey(j, str));
    }

    protected String getSessionAuthenticationToken(HttpServletRequest httpServletRequest, String str) {
        Map<String, String> sessionAuthenticationTokensMap = getSessionAuthenticationTokensMap(httpServletRequest);
        String str2 = sessionAuthenticationTokensMap.get(str);
        if (Validator.isNull(str2)) {
            str2 = PwdGenerator.getPassword();
            sessionAuthenticationTokensMap.put(str, str2);
        }
        return str2;
    }

    protected Map<String, String> getSessionAuthenticationTokensMap(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession();
        Map<String, String> map = (Map) session.getAttribute("LIFERAY_SHARED_AUTHENTICATION_TOKEN");
        if (map == null) {
            map = new HashMap();
            session.setAttribute("LIFERAY_SHARED_AUTHENTICATION_TOKEN", map);
        }
        return map;
    }

    protected boolean isIgnoreAction(HttpServletRequest httpServletRequest) {
        return isIgnoreAction(ParamUtil.getString(httpServletRequest, PortalUtil.getPortletNamespace(ParamUtil.getString(httpServletRequest, "p_p_id")) + "struts_action"));
    }

    protected boolean isIgnoreAction(String str) {
        return this._ignoreActions.contains(str);
    }
}
