package com.liferay.portal.security.auth.http;

import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.security.auth.AuthException;
import com.liferay.portal.kernel.security.auth.http.HttpAuthManager;
import com.liferay.portal.kernel.security.auth.http.HttpAuthManagerUtil;
import com.liferay.portal.kernel.security.auth.http.HttpAuthorizationHeader;
import com.liferay.portal.kernel.security.auth.session.AuthenticatedSessionManagerUtil;
import com.liferay.portal.kernel.service.UserLocalServiceUtil;
import com.liferay.portal.kernel.util.Base64;
import com.liferay.portal.kernel.util.HttpUtil;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.UnicodeProperties;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.servlet.filters.secure.NonceUtil;
import com.liferay.portal.util.PortalInstances;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/liferay/portal/security/auth/http/HttpAuthManagerImpl.class */
public class HttpAuthManagerImpl implements HttpAuthManager {
    private static final Log _log = LogFactoryUtil.getLog(HttpAuthManagerImpl.class);

    public void generateChallenge(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpAuthorizationHeader httpAuthorizationHeader) {
        if (httpServletRequest == null) {
            throw new IllegalArgumentException("HTTP servlet request is null");
        }
        if (httpServletResponse == null) {
            throw new IllegalArgumentException("HTTP servlet response is null");
        }
        if (httpAuthorizationHeader == null || Validator.isBlank(httpAuthorizationHeader.getScheme())) {
            throw new IllegalArgumentException("HTTP authorization header scheme is null");
        }
        if (Validator.isBlank(httpAuthorizationHeader.getAuthParameter("realm"))) {
            httpAuthorizationHeader.setAuthParameter("realm", "PortalRealm");
        }
        String scheme = httpAuthorizationHeader.getScheme();
        if (StringUtil.equalsIgnoreCase(scheme, "Basic")) {
            generateBasicChallenge(httpServletRequest, httpServletResponse, httpAuthorizationHeader);
        } else {
            if (!StringUtil.equalsIgnoreCase(scheme, "Digest")) {
                throw new UnsupportedOperationException("Scheme " + scheme);
            }
            generateDigestChallenge(httpServletRequest, httpServletResponse, httpAuthorizationHeader);
        }
    }

    public long getBasicUserId(HttpServletRequest httpServletRequest) throws PortalException {
        HttpAuthorizationHeader parse = HttpAuthManagerUtil.parse(httpServletRequest);
        if (parse != null && StringUtil.equalsIgnoreCase(parse.getScheme(), "Basic")) {
            return getUserId(httpServletRequest, parse);
        }
        return 0L;
    }

    public long getDigestUserId(HttpServletRequest httpServletRequest) throws PortalException {
        HttpAuthorizationHeader parse = HttpAuthManagerUtil.parse(httpServletRequest);
        if (parse != null && StringUtil.equalsIgnoreCase(parse.getScheme(), "Digest")) {
            return getUserId(httpServletRequest, parse);
        }
        return 0L;
    }

    public long getUserId(HttpServletRequest httpServletRequest, HttpAuthorizationHeader httpAuthorizationHeader) throws PortalException {
        if (httpServletRequest == null) {
            throw new IllegalArgumentException("HTTP servlet request is null");
        }
        if (httpAuthorizationHeader == null || Validator.isBlank(httpAuthorizationHeader.getScheme())) {
            throw new IllegalArgumentException("HTTP authorization header scheme is null");
        }
        String scheme = httpAuthorizationHeader.getScheme();
        if (StringUtil.equalsIgnoreCase(scheme, "Basic")) {
            return getBasicUserId(httpServletRequest, httpAuthorizationHeader);
        }
        if (StringUtil.equalsIgnoreCase(scheme, "Digest")) {
            return getDigestUserId(httpServletRequest, httpAuthorizationHeader);
        }
        throw new UnsupportedOperationException("Scheme " + scheme);
    }

    public HttpAuthorizationHeader parse(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            throw new IllegalArgumentException("HTTP servlet request is null");
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (Validator.isBlank(header)) {
            return null;
        }
        String[] split = header.split("\\s");
        String str = split[0];
        if (StringUtil.equalsIgnoreCase(str, "Basic")) {
            return parseBasic(httpServletRequest, header, split);
        }
        if (StringUtil.equalsIgnoreCase(str, "Digest")) {
            return parseDigest(httpServletRequest, header, split);
        }
        throw new UnsupportedOperationException("Scheme " + str);
    }

    protected void generateBasicChallenge(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpAuthorizationHeader httpAuthorizationHeader) {
        httpServletResponse.setHeader("WWW-Authenticate", httpAuthorizationHeader.toString());
        httpServletResponse.setStatus(401);
    }

    protected void generateDigestChallenge(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpAuthorizationHeader httpAuthorizationHeader) {
        httpAuthorizationHeader.setAuthParameter("nonce", NonceUtil.generate(PortalInstances.getCompanyId(httpServletRequest), httpServletRequest.getRemoteAddr()));
        httpServletResponse.setHeader("WWW-Authenticate", httpAuthorizationHeader.toString());
        httpServletResponse.setStatus(401);
    }

    protected long getBasicUserId(HttpServletRequest httpServletRequest, HttpAuthorizationHeader httpAuthorizationHeader) throws PortalException {
        String authParameter = httpAuthorizationHeader.getAuthParameter("username");
        String authParameter2 = httpAuthorizationHeader.getAuthParameter("password");
        if (authParameter.endsWith("@uid")) {
            authParameter = authParameter.substring(0, authParameter.indexOf("@uid"));
        } else if (authParameter.endsWith("@sn")) {
            authParameter = authParameter.substring(0, authParameter.indexOf("@sn"));
        }
        try {
            return AuthenticatedSessionManagerUtil.getAuthenticatedUserId(httpServletRequest, authParameter, authParameter2, (String) null);
        } catch (AuthException e) {
            if (!_log.isDebugEnabled()) {
                return 0L;
            }
            _log.debug(e, e);
            return 0L;
        }
    }

    protected long getDigestUserId(HttpServletRequest httpServletRequest, HttpAuthorizationHeader httpAuthorizationHeader) throws PortalException {
        String authParameter = httpAuthorizationHeader.getAuthParameter("username");
        String authParameter2 = httpAuthorizationHeader.getAuthParameter("realm");
        String authParameter3 = httpAuthorizationHeader.getAuthParameter("nonce");
        String authParameter4 = httpAuthorizationHeader.getAuthParameter("uri");
        String authParameter5 = httpAuthorizationHeader.getAuthParameter("response");
        if (Validator.isNull(authParameter) || Validator.isNull(authParameter2) || Validator.isNull(authParameter3) || Validator.isNull(authParameter4) || Validator.isNull(authParameter5)) {
            return 0L;
        }
        String requestURI = httpServletRequest.getRequestURI();
        String queryString = httpServletRequest.getQueryString();
        if (Validator.isNotNull(queryString)) {
            requestURI = requestURI.concat("?").concat(queryString);
        }
        if (!authParameter2.equals("PortalRealm") || !authParameter4.equals(requestURI)) {
            return 0L;
        }
        if (NonceUtil.verify(authParameter3)) {
            return UserLocalServiceUtil.authenticateForDigest(PortalInstances.getCompanyId(httpServletRequest), authParameter, authParameter2, authParameter3, httpServletRequest.getMethod(), authParameter4, authParameter5);
        }
        return 0L;
    }

    protected HttpAuthorizationHeader parseBasic(HttpServletRequest httpServletRequest, String str, String[] strArr) {
        String[] split = StringUtil.split(new String(Base64.decode(strArr[1])), ':');
        String decodeURL = HttpUtil.decodeURL(split[0].trim());
        String str2 = null;
        if (split.length > 1) {
            str2 = split[1].trim();
        }
        HttpAuthorizationHeader httpAuthorizationHeader = new HttpAuthorizationHeader("Basic");
        httpAuthorizationHeader.setAuthParameter("username", decodeURL);
        httpAuthorizationHeader.setAuthParameter("password", str2);
        return httpAuthorizationHeader;
    }

    protected HttpAuthorizationHeader parseDigest(HttpServletRequest httpServletRequest, String str, String[] strArr) {
        HttpAuthorizationHeader httpAuthorizationHeader = new HttpAuthorizationHeader("Digest");
        String replace = StringUtil.replace(str.substring("Digest".length() + 1), ',', '\n');
        UnicodeProperties unicodeProperties = new UnicodeProperties();
        unicodeProperties.fastLoad(replace);
        Iterator it = unicodeProperties.entrySet().iterator();
        while (it.hasNext()) {
            String str2 = (String) ((Map.Entry) it.next()).getKey();
            httpAuthorizationHeader.setAuthParameter(str2, StringUtil.unquote(unicodeProperties.getProperty(str2)));
        }
        return httpAuthorizationHeader;
    }
}
