package com.liferay.portal.security.sso.openid.connect.internal.service.filter;

import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.servlet.BaseFilter;
import com.liferay.portal.kernel.util.Portal;
import com.liferay.portal.security.sso.openid.connect.OpenIdConnect;
import com.liferay.portal.security.sso.openid.connect.OpenIdConnectFlowState;
import com.liferay.portal.security.sso.openid.connect.OpenIdConnectServiceException;
import com.liferay.portal.security.sso.openid.connect.OpenIdConnectServiceHandler;
import com.liferay.portal.security.sso.openid.connect.OpenIdConnectSession;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(configurationPid = {"com.liferay.portal.security.sso.openid.connect.configuration.OpenIdConnectConfiguration"}, immediate = true, property = {"before-filter=Auto Login Filter", "servlet-context-name=", "servlet-filter-name=SSO OpenId Connect Filter", "url-pattern=/c/portal/login/openidconnect"}, service = {Filter.class, OpenIdConnectFilter.class})
/* loaded from: input_file:com/liferay/portal/security/sso/openid/connect/internal/service/filter/OpenIdConnectFilter.class */
public class OpenIdConnectFilter extends BaseFilter {
    private static final Log _log = LogFactoryUtil.getLog(OpenIdConnectFilter.class);

    @Reference
    private OpenIdConnect _openIdConnect;

    @Reference
    private OpenIdConnectServiceHandler _openIdConnectServiceHandler;

    @Reference
    private Portal _portal;

    public boolean isFilterEnabled(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return this._openIdConnect.isEnabled(this._portal.getCompanyId(httpServletRequest));
    }

    protected Log getLog() {
        return _log;
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        OpenIdConnectSession openIdConnectSession;
        try {
            HttpSession session = httpServletRequest.getSession(false);
            if (session == null || (openIdConnectSession = (OpenIdConnectSession) session.getAttribute("OPEN_ID_CONNECT_SESSION")) == null) {
                return;
            }
            OpenIdConnectFlowState openIdConnectFlowState = openIdConnectSession.getOpenIdConnectFlowState();
            if (OpenIdConnectFlowState.INITIALIZED.equals(openIdConnectFlowState)) {
                throw new OpenIdConnectServiceException.AuthenticationException("OpenId Connect authentication flow not started");
            }
            if (!OpenIdConnectFlowState.AUTH_COMPLETE.equals(openIdConnectFlowState) && !OpenIdConnectFlowState.PORTAL_AUTH_COMPLETE.equals(openIdConnectFlowState)) {
                this._openIdConnectServiceHandler.processAuthenticationResponse(httpServletRequest, httpServletResponse);
            } else if (_log.isDebugEnabled()) {
                _log.debug("User has already been logged in");
            }
        } catch (Exception e) {
            _log.error("Unable to process the OpenID login", e);
            this._portal.sendError(e, httpServletRequest, httpServletResponse);
        }
    }

    protected void processFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws Exception {
        processAuthenticationResponse(httpServletRequest, httpServletResponse);
        processFilter(OpenIdConnectFilter.class.getName(), httpServletRequest, httpServletResponse, filterChain);
    }
}
