package com.liferay.saml.web.internal.struts;

import com.liferay.portal.kernel.json.JSONArray;
import com.liferay.portal.kernel.json.JSONFactory;
import com.liferay.portal.kernel.json.JSONObject;
import com.liferay.portal.kernel.json.JSONUtil;
import com.liferay.portal.kernel.language.Language;
import com.liferay.portal.kernel.security.auth.AuthTokenUtil;
import com.liferay.portal.kernel.struts.StrutsAction;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.ListUtil;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.Portal;
import com.liferay.portal.kernel.util.Props;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.saml.persistence.model.SamlSpIdpConnection;
import com.liferay.saml.persistence.service.SamlSpIdpConnectionLocalService;
import com.liferay.saml.runtime.configuration.SamlProviderConfigurationHelper;
import com.liferay.saml.runtime.servlet.profile.SamlSpIdpConnectionsProfile;
import com.liferay.saml.util.JspUtil;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@Component(property = {"path=/portal/saml/login"}, service = {StrutsAction.class})
/* loaded from: input_file:com/liferay/saml/web/internal/struts/SamlLoginAction.class */
public class SamlLoginAction extends BaseSamlStrutsAction {

    @Reference
    private JSONFactory _jsonFactory;

    @Reference
    private Language _language;

    @Reference
    private Portal _portal;

    @Reference
    private Props _props;

    @Reference
    private SamlProviderConfigurationHelper _samlProviderConfigurationHelper;

    @Reference
    private SamlSpIdpConnectionLocalService _samlSpIdpConnectionLocalService;

    @Reference(cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    private volatile SamlSpIdpConnectionsProfile _samlSpIdpConnectionsProfile;

    @Override // com.liferay.saml.web.internal.struts.BaseSamlStrutsAction
    public boolean isEnabled() {
        if (this._samlProviderConfigurationHelper.isRoleSp()) {
            return this._samlProviderConfigurationHelper.isEnabled();
        }
        return false;
    }

    @Override // com.liferay.saml.web.internal.struts.BaseSamlStrutsAction
    protected String doExecute(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String string = ParamUtil.getString(httpServletRequest, "idpEntityId");
        long companyId = this._portal.getCompanyId(httpServletRequest);
        if (Validator.isNotNull(string)) {
            httpServletRequest.setAttribute("SAML_SP_IDP_CONNECTION", this._samlSpIdpConnectionLocalService.getSamlSpIdpConnection(companyId, string));
            if (!GetterUtil.getBoolean(Boolean.valueOf(ParamUtil.getBoolean(httpServletRequest, "forceAuthn")))) {
                return null;
            }
            AuthTokenUtil.checkCSRFToken(httpServletRequest, SamlLoginAction.class.getName());
            httpServletRequest.setAttribute("FORCE_REAUTHENTICATION", Boolean.TRUE);
            return null;
        }
        List<SamlSpIdpConnection> filter = ListUtil.filter(this._samlSpIdpConnectionLocalService.getSamlSpIdpConnections(companyId), samlSpIdpConnection -> {
            return isEnabled(samlSpIdpConnection, httpServletRequest);
        });
        if (filter.isEmpty() && this._samlProviderConfigurationHelper.getSamlProviderConfiguration().allowShowingTheLoginPortlet()) {
            return null;
        }
        boolean z = GetterUtil.getBoolean(this._props.get("saml.idp.redirect.message.enabled"), true);
        if (z) {
            httpServletRequest.setAttribute("SAML_IDP_REDIRECT_MESSAGE", this._language.get(httpServletRequest, "redirecting-to-your-identity-provider"));
        }
        httpServletRequest.setAttribute("SAML_SSO_LOGIN_CONTEXT", _toJSONObject(filter));
        JspUtil.dispatch(httpServletRequest, httpServletResponse, "/portal/saml/select_idp.jsp", "please-select-your-identity-provider", !z);
        return null;
    }

    protected boolean isEnabled(SamlSpIdpConnection samlSpIdpConnection, HttpServletRequest httpServletRequest) {
        return this._samlSpIdpConnectionsProfile != null ? this._samlSpIdpConnectionsProfile.isEnabled(samlSpIdpConnection, httpServletRequest) : samlSpIdpConnection.isEnabled();
    }

    private JSONObject _toJSONObject(List<SamlSpIdpConnection> list) {
        JSONArray createJSONArray = this._jsonFactory.createJSONArray();
        for (SamlSpIdpConnection samlSpIdpConnection : list) {
            createJSONArray.put(JSONUtil.put("enabled", Boolean.valueOf(samlSpIdpConnection.isEnabled())).put("entityId", samlSpIdpConnection.getSamlIdpEntityId()).put("name", samlSpIdpConnection.getName()));
        }
        return JSONUtil.put("relevantIdpConnections", createJSONArray);
    }
}
