package com.liferay.portal.security.auth;

import com.liferay.petra.reflect.ReflectionUtil;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.Layout;
import com.liferay.portal.kernel.model.Portlet;
import com.liferay.portal.kernel.portlet.LiferayPortletURL;
import com.liferay.portal.kernel.security.auth.AuthToken;
import com.liferay.portal.kernel.security.auth.AuthTokenWhitelistUtil;
import com.liferay.portal.kernel.security.auth.PrincipalException;
import com.liferay.portal.kernel.service.LayoutLocalServiceUtil;
import com.liferay.portal.kernel.service.PortletLocalServiceUtil;
import com.liferay.portal.kernel.service.permission.PortletPermissionUtil;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.PortalUtil;
import com.liferay.portal.kernel.util.PwdGenerator;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.util.PropsValues;
import com.liferay.portlet.SecurityPortletContainerWrapper;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/liferay/portal/security/auth/SessionAuthToken.class */
public class SessionAuthToken implements AuthToken {
    private static final String _CSRF = "#CSRF";
    private static final Log _log = LogFactoryUtil.getLog(SessionAuthToken.class);

    public void addCSRFToken(HttpServletRequest httpServletRequest, LiferayPortletURL liferayPortletURL) {
        if (PropsValues.AUTH_TOKEN_CHECK_ENABLED && liferayPortletURL.getLifecycle().equals("ACTION_PHASE") && !AuthTokenWhitelistUtil.isPortletURLCSRFWhitelisted(liferayPortletURL)) {
            liferayPortletURL.setParameter("p_auth", getToken(httpServletRequest));
        }
    }

    public void addPortletInvocationToken(HttpServletRequest httpServletRequest, LiferayPortletURL liferayPortletURL) {
        if (PropsValues.PORTLET_ADD_DEFAULT_RESOURCE_CHECK_ENABLED) {
            long companyId = PortalUtil.getCompanyId(httpServletRequest);
            String portletId = liferayPortletURL.getPortletId();
            Portlet portletById = PortletLocalServiceUtil.getPortletById(companyId, portletId);
            if (portletById == null || !portletById.isAddDefaultResource() || AuthTokenWhitelistUtil.isPortletURLPortletInvocationWhitelisted(liferayPortletURL)) {
                return;
            }
            long plid = liferayPortletURL.getPlid();
            try {
                if (LayoutLocalServiceUtil.getLayout(plid).getLayoutType().hasPortletId(portletId)) {
                    return;
                }
            } catch (Exception e) {
                if (_log.isDebugEnabled()) {
                    _log.debug(e.getMessage(), e);
                }
            }
            liferayPortletURL.setParameter("p_p_auth", getToken(httpServletRequest, plid, portletId));
        }
    }

    @Deprecated
    public void check(HttpServletRequest httpServletRequest) throws PrincipalException {
        checkCSRFToken(httpServletRequest, SecurityPortletContainerWrapper.class.getName());
    }

    public void checkCSRFToken(HttpServletRequest httpServletRequest, String str) throws PrincipalException {
        if (PropsValues.AUTH_TOKEN_CHECK_ENABLED && !AuthTokenWhitelistUtil.isValidSharedSecret(ParamUtil.getString(httpServletRequest, "p_auth_secret"))) {
            long companyId = PortalUtil.getCompanyId(httpServletRequest);
            if (AuthTokenWhitelistUtil.isOriginCSRFWhitelisted(companyId, str)) {
                return;
            }
            if (str.equals(SecurityPortletContainerWrapper.class.getName()) && AuthTokenWhitelistUtil.isPortletCSRFWhitelisted(httpServletRequest, PortletLocalServiceUtil.getPortletById(companyId, ParamUtil.getString(httpServletRequest, "p_p_id")))) {
                return;
            }
            String string = ParamUtil.getString(httpServletRequest, "p_auth");
            if (Validator.isNull(string)) {
                string = GetterUtil.getString(httpServletRequest.getHeader("X-CSRF-Token"));
            }
            if (!string.equals(getSessionAuthenticationToken(httpServletRequest, _CSRF, false))) {
                throw new PrincipalException.MustBeAuthenticated(PortalUtil.getUserId(httpServletRequest));
            }
        }
    }

    public String getToken(HttpServletRequest httpServletRequest) {
        return getSessionAuthenticationToken(httpServletRequest, _CSRF, true);
    }

    public String getToken(HttpServletRequest httpServletRequest, long j, String str) {
        return getSessionAuthenticationToken(httpServletRequest, PortletPermissionUtil.getPrimaryKey(j, str), true);
    }

    public boolean isValidPortletInvocationToken(HttpServletRequest httpServletRequest, Layout layout, Portlet portlet) {
        if (AuthTokenWhitelistUtil.isPortletInvocationWhitelisted(httpServletRequest, portlet)) {
            return true;
        }
        long plid = layout.getPlid();
        String portletId = portlet.getPortletId();
        String string = ParamUtil.getString(httpServletRequest, "p_p_auth");
        if (Validator.isNull(string)) {
            string = ParamUtil.getString(PortalUtil.getOriginalServletRequest(httpServletRequest), "p_p_auth");
        }
        if (!Validator.isNotNull(string)) {
            return false;
        }
        String sessionAuthenticationToken = getSessionAuthenticationToken(httpServletRequest, PortletPermissionUtil.getPrimaryKey(plid, portletId), false);
        return Validator.isNotNull(sessionAuthenticationToken) && sessionAuthenticationToken.equals(string);
    }

    @Deprecated
    public boolean isValidPortletInvocationToken(HttpServletRequest httpServletRequest, long j, String str, String str2, String str3) {
        try {
            return isValidPortletInvocationToken(httpServletRequest, LayoutLocalServiceUtil.getLayout(j), PortletLocalServiceUtil.getPortletById(str));
        } catch (PortalException e) {
            ReflectionUtil.throwException(e);
            return false;
        }
    }

    protected String getSessionAuthenticationToken(HttpServletRequest httpServletRequest, String str, boolean z) {
        String str2 = null;
        HttpServletRequest httpServletRequest2 = httpServletRequest;
        HttpSession httpSession = null;
        String concat = "LIFERAY_SHARED_AUTHENTICATION_TOKEN".concat(str);
        while (httpServletRequest2 instanceof HttpServletRequestWrapper) {
            httpSession = httpServletRequest2.getSession();
            str2 = (String) httpSession.getAttribute(concat);
            if (Validator.isNotNull(str2)) {
                break;
            }
            httpServletRequest2 = (HttpServletRequest) ((HttpServletRequestWrapper) httpServletRequest2).getRequest();
        }
        if (httpSession == null) {
            httpSession = httpServletRequest2.getSession();
            str2 = (String) httpSession.getAttribute(concat);
        }
        if (z && Validator.isNull(str2)) {
            str2 = PwdGenerator.getPassword(PropsValues.AUTH_TOKEN_LENGTH);
            httpSession.setAttribute(concat, str2);
        }
        return str2;
    }
}
