package com.liferay.portal.servlet.filters.secure;

import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.HttpUtil;
import com.liferay.portal.kernel.util.StringBundler;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.model.User;
import com.liferay.portal.security.auth.AuthSettingsUtil;
import com.liferay.portal.security.auth.CompanyThreadLocal;
import com.liferay.portal.security.auth.PrincipalThreadLocal;
import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
import com.liferay.portal.security.permission.PermissionThreadLocal;
import com.liferay.portal.service.UserLocalServiceUtil;
import com.liferay.portal.servlet.filters.BasePortalFilter;
import com.liferay.portal.util.PortalInstances;
import com.liferay.portal.util.PortalUtil;
import com.liferay.portal.util.PropsUtil;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.osgi.service.upnp.UPnPException;

/* loaded from: input_file:com/liferay/portal/servlet/filters/secure/SecureFilter.class */
public class SecureFilter extends BasePortalFilter {
    private static final String _BASIC_REALM = "Basic realm=\"PortalRealm\"";
    private static final String _DIGEST_REALM = "Digest realm=\"PortalRealm\"";
    private boolean _basicAuthEnabled;
    private boolean _digestAuthEnabled;
    private Set<String> _hostsAllowed = new HashSet();
    private boolean _httpsRequired;
    private boolean _usePermissionChecker;
    private static final String _AUTHENTICATED_USER = SecureFilter.class + "_AUTHENTICATED_USER";
    private static Log _log = LogFactoryUtil.getLog(SecureFilter.class);

    public void init(FilterConfig filterConfig) {
        String[] array;
        super.init(filterConfig);
        this._basicAuthEnabled = GetterUtil.getBoolean(filterConfig.getInitParameter("basic_auth"));
        this._digestAuthEnabled = GetterUtil.getBoolean(filterConfig.getInitParameter("digest_auth"));
        String initParameter = filterConfig.getInitParameter("portal_property_prefix");
        if (Validator.isNull(initParameter)) {
            array = StringUtil.split(filterConfig.getInitParameter("hosts.allowed"));
            this._httpsRequired = GetterUtil.getBoolean(filterConfig.getInitParameter("https.required"));
        } else {
            array = PropsUtil.getArray(String.valueOf(initParameter) + "hosts.allowed");
            this._httpsRequired = GetterUtil.getBoolean(PropsUtil.get(String.valueOf(initParameter) + "https.required"));
        }
        for (String str : array) {
            this._hostsAllowed.add(str);
        }
        this._usePermissionChecker = GetterUtil.getBoolean(filterConfig.getInitParameter("use_permission_checker"));
    }

    protected HttpServletRequest basicAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        HttpServletRequest credentials;
        HttpSession session = httpServletRequest.getSession();
        long j = GetterUtil.getLong((String) session.getAttribute(_AUTHENTICATED_USER));
        if (j > 0) {
            credentials = new ProtectedServletRequest(httpServletRequest, String.valueOf(j), "BASIC");
            initThreadLocals(credentials);
        } else {
            try {
                j = PortalUtil.getBasicAuthUserId(httpServletRequest);
            } catch (Exception e) {
                _log.error(e, e);
            }
            if (j <= 0) {
                httpServletResponse.setHeader("WWW-Authenticate", _BASIC_REALM);
                httpServletResponse.setStatus(UPnPException.INVALID_ACTION);
                return null;
            }
            credentials = setCredentials(httpServletRequest, session, j, "BASIC");
        }
        return credentials;
    }

    protected HttpServletRequest digestAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        HttpServletRequest credentials;
        HttpSession session = httpServletRequest.getSession();
        long j = GetterUtil.getLong((String) session.getAttribute(_AUTHENTICATED_USER));
        if (j > 0) {
            credentials = new ProtectedServletRequest(httpServletRequest, String.valueOf(j), "DIGEST");
            initThreadLocals(credentials);
        } else {
            try {
                j = PortalUtil.getDigestAuthUserId(httpServletRequest);
            } catch (Exception e) {
                _log.error(e, e);
            }
            if (j <= 0) {
                String generate = NonceUtil.generate(PortalInstances.getCompanyId(httpServletRequest), httpServletRequest.getRemoteAddr());
                StringBundler stringBundler = new StringBundler(4);
                stringBundler.append(_DIGEST_REALM);
                stringBundler.append(", nonce=\"");
                stringBundler.append(generate);
                stringBundler.append("\"");
                httpServletResponse.setHeader("WWW-Authenticate", stringBundler.toString());
                httpServletResponse.setStatus(UPnPException.INVALID_ACTION);
                return null;
            }
            credentials = setCredentials(httpServletRequest, session, j, "DIGEST");
        }
        return credentials;
    }

    protected void initThreadLocals(HttpServletRequest httpServletRequest) throws Exception {
        initThreadLocals((User) httpServletRequest.getSession().getAttribute("USER"));
        PrincipalThreadLocal.setPassword(PortalUtil.getUserPassword(httpServletRequest));
    }

    protected void initThreadLocals(User user) throws Exception {
        CompanyThreadLocal.setCompanyId(Long.valueOf(user.getCompanyId()));
        PrincipalThreadLocal.setName(user.getUserId());
        if (this._usePermissionChecker && PermissionThreadLocal.getPermissionChecker() == null) {
            PermissionThreadLocal.setPermissionChecker(PermissionCheckerFactoryUtil.create(user));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws Exception {
        String remoteAddr = httpServletRequest.getRemoteAddr();
        if (!AuthSettingsUtil.isAccessAllowed(httpServletRequest, this._hostsAllowed)) {
            if (_log.isWarnEnabled()) {
                _log.warn("Access denied for " + remoteAddr);
            }
            httpServletResponse.sendError(UPnPException.INVALID_SEQUENCE_NUMBER, "Access denied for " + remoteAddr);
            return;
        }
        if (_log.isDebugEnabled()) {
            _log.debug("Access allowed for " + remoteAddr);
        }
        if (_log.isDebugEnabled()) {
            if (this._httpsRequired) {
                _log.debug("https is required");
            } else {
                _log.debug("https is not required");
            }
        }
        if (this._httpsRequired && !httpServletRequest.isSecure()) {
            if (_log.isDebugEnabled()) {
                _log.debug("Securing " + HttpUtil.getCompleteURL(httpServletRequest));
            }
            StringBundler stringBundler = new StringBundler(5);
            stringBundler.append("https://");
            stringBundler.append(httpServletRequest.getServerName());
            stringBundler.append(httpServletRequest.getServletPath());
            if (Validator.isNotNull(httpServletRequest.getQueryString())) {
                stringBundler.append("?");
                stringBundler.append(httpServletRequest.getQueryString());
            }
            if (_log.isDebugEnabled()) {
                _log.debug("Redirect to " + stringBundler);
            }
            httpServletResponse.sendRedirect(stringBundler.toString());
            return;
        }
        if (_log.isDebugEnabled()) {
            _log.debug("Not securing " + HttpUtil.getCompleteURL(httpServletRequest));
        }
        User user = PortalUtil.getUser(httpServletRequest);
        if (user == null) {
            user = PortalUtil.initUser(httpServletRequest);
        }
        initThreadLocals(user);
        if (!user.isDefaultUser()) {
            httpServletRequest = setCredentials(httpServletRequest, httpServletRequest.getSession(), user.getUserId(), null);
        } else if (this._digestAuthEnabled) {
            httpServletRequest = digestAuth(httpServletRequest, httpServletResponse);
        } else if (this._basicAuthEnabled) {
            httpServletRequest = basicAuth(httpServletRequest, httpServletResponse);
        }
        if (httpServletRequest != null) {
            processFilter(getClass(), httpServletRequest, httpServletResponse, filterChain);
        }
    }

    protected HttpServletRequest setCredentials(HttpServletRequest httpServletRequest, HttpSession httpSession, long j, String str) throws Exception {
        User user = UserLocalServiceUtil.getUser(j);
        String valueOf = String.valueOf(j);
        ProtectedServletRequest protectedServletRequest = new ProtectedServletRequest(httpServletRequest, valueOf, str);
        httpSession.setAttribute("USER", user);
        httpSession.setAttribute(_AUTHENTICATED_USER, valueOf);
        initThreadLocals((HttpServletRequest) protectedServletRequest);
        return protectedServletRequest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setUsePermissionChecker(boolean z) {
        this._usePermissionChecker = z;
    }
}
