package com.liferay.portal.security.auth;

import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.Base64;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.model.Company;
import com.liferay.portal.model.User;
import com.liferay.portal.security.auth.AuthVerifierResult;
import com.liferay.portal.service.UserLocalServiceUtil;
import com.liferay.portal.service.http.TunnelUtil;
import com.liferay.portal.util.PortalUtil;
import com.liferay.util.Encryptor;
import com.liferay.util.EncryptorException;
import java.security.InvalidKeyException;
import java.util.Properties;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/liferay/portal/security/auth/TunnelingServletAuthVerifier.class */
public class TunnelingServletAuthVerifier implements AuthVerifier {
    private static Log _log = LogFactoryUtil.getLog(TunnelingServletAuthVerifier.class);

    public String getAuthType() {
        return "BASIC";
    }

    public AuthVerifierResult verify(AccessControlContext accessControlContext, Properties properties) throws AuthException {
        AuthVerifierResult authVerifierResult = new AuthVerifierResult();
        String[] verify = verify(accessControlContext.getRequest());
        if (verify != null) {
            authVerifierResult.setPassword(verify[1]);
            authVerifierResult.setState(AuthVerifierResult.State.SUCCESS);
            authVerifierResult.setUserId(Long.valueOf(verify[0]).longValue());
        }
        return authVerifierResult;
    }

    protected String[] verify(HttpServletRequest httpServletRequest) throws AuthException {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            return null;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(header);
        if (!stringTokenizer.hasMoreTokens() || !StringUtil.equalsIgnoreCase(stringTokenizer.nextToken(), "BASIC")) {
            return null;
        }
        String nextToken = stringTokenizer.nextToken();
        if (_log.isDebugEnabled()) {
            _log.debug("Encoded credentials " + nextToken);
        }
        String str = new String(Base64.decode(nextToken));
        if (_log.isDebugEnabled()) {
            _log.debug("Decoded credentials " + str);
        }
        int indexOf = str.indexOf(58);
        if (indexOf == -1) {
            return null;
        }
        String string = GetterUtil.getString(str.substring(0, indexOf));
        String substring = str.substring(indexOf + 1);
        try {
            if (!substring.equals(Encryptor.encrypt(TunnelUtil.getSharedSecretKey(), string))) {
                throw new AuthException("Tunneling servlet shared secrets do not match");
            }
            User user = null;
            try {
                user = UserLocalServiceUtil.fetchUser(GetterUtil.getLong(string));
                if (user == null) {
                    Company company = PortalUtil.getCompany(httpServletRequest);
                    user = UserLocalServiceUtil.fetchUserByEmailAddress(company.getCompanyId(), string);
                    if (user == null) {
                        user = UserLocalServiceUtil.fetchUserByScreenName(company.getCompanyId(), string);
                    }
                }
            } catch (SystemException e) {
                if (_log.isWarnEnabled()) {
                    _log.warn("Unable to find user", e);
                }
            } catch (PortalException e2) {
                if (_log.isWarnEnabled()) {
                    _log.warn("Unable to find company", e2);
                }
            }
            if (user == null) {
                throw new AuthException();
            }
            return new String[]{String.valueOf(user.getUserId()), substring};
        } catch (EncryptorException e3) {
            throw new AuthException("Unable to decrypt login.", e3);
        } catch (InvalidKeyException e4) {
            throw new AuthException(e4);
        }
    }
}
