package com.liferay.portal.security.auth.session;

import com.liferay.petra.encryptor.Encryptor;
import com.liferay.portal.events.EventsProcessorUtil;
import com.liferay.portal.kernel.cluster.ClusterExecutorUtil;
import com.liferay.portal.kernel.cluster.ClusterNode;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.json.JSONFactoryUtil;
import com.liferay.portal.kernel.json.JSONObject;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.messaging.MessageBusUtil;
import com.liferay.portal.kernel.model.Company;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.model.UserTracker;
import com.liferay.portal.kernel.security.auth.AuthException;
import com.liferay.portal.kernel.security.auth.AuthenticatedUserUUIDStoreUtil;
import com.liferay.portal.kernel.security.auth.session.AuthenticatedSessionManager;
import com.liferay.portal.kernel.service.CompanyLocalServiceUtil;
import com.liferay.portal.kernel.service.UserLocalServiceUtil;
import com.liferay.portal.kernel.util.CookieKeys;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.PortalUtil;
import com.liferay.portal.kernel.util.StringBundler;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.liveusers.LiveUsers;
import com.liferay.portal.util.PropsValues;
import com.liferay.portlet.usersadmin.search.UserDisplayTerms;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/liferay/portal/security/auth/session/AuthenticatedSessionManagerImpl.class */
public class AuthenticatedSessionManagerImpl implements AuthenticatedSessionManager {
    private static final Log _log = LogFactoryUtil.getLog(AuthenticatedSessionManagerImpl.class);

    public long getAuthenticatedUserId(HttpServletRequest httpServletRequest, String str, String str2, String str3) throws PortalException {
        return _getAuthenticatedUser(httpServletRequest, str, str2, str3).getUserId();
    }

    public void login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, boolean z, String str3) throws Exception {
        Boolean bool;
        String str4;
        HttpServletRequest originalServletRequest = PortalUtil.getOriginalServletRequest(httpServletRequest);
        String queryString = originalServletRequest.getQueryString();
        if (Validator.isNotNull(queryString) && queryString.contains("password=")) {
            str4 = "password=";
            String portletId = PortalUtil.getPortletId(originalServletRequest);
            int indexOf = queryString.indexOf(portletId != null ? PortalUtil.getPortletNamespace(portletId) + str4 : "password=");
            if (indexOf == 0 || (indexOf > 0 && queryString.charAt(indexOf - 1) == '&')) {
                if (_log.isWarnEnabled()) {
                    String header = originalServletRequest.getHeader("Referer");
                    StringBundler stringBundler = new StringBundler(4);
                    stringBundler.append("Ignoring login attempt because the password ");
                    stringBundler.append("parameter was found for the request with the ");
                    stringBundler.append("referer header: ");
                    stringBundler.append(header);
                    _log.warn(stringBundler.toString());
                    return;
                }
                return;
            }
        }
        CookieKeys.validateSupportCookie(originalServletRequest);
        HttpSession session = originalServletRequest.getSession();
        Company company = PortalUtil.getCompany(originalServletRequest);
        User _getAuthenticatedUser = _getAuthenticatedUser(originalServletRequest, str, str2, str3);
        if (!PropsValues.AUTH_SIMULTANEOUS_LOGINS) {
            signOutSimultaneousLogins(_getAuthenticatedUser.getUserId());
        }
        if (PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) {
            session = renewSession(originalServletRequest, session);
        }
        String domain = CookieKeys.getDomain(originalServletRequest);
        if (Validator.isNull(domain)) {
            domain = null;
        }
        String valueOf = String.valueOf(_getAuthenticatedUser.getUserId());
        session.setAttribute("j_username", valueOf);
        if (PropsValues.PORTAL_JAAS_PLAIN_PASSWORD) {
            session.setAttribute("j_password", str2);
        } else {
            session.setAttribute("j_password", _getAuthenticatedUser.getPassword());
        }
        session.setAttribute("j_remoteuser", valueOf);
        if (PropsValues.SESSION_STORE_PASSWORD) {
            session.setAttribute("USER_PASSWORD", str2);
        }
        Cookie cookie = new Cookie("COMPANY_ID", String.valueOf(company.getCompanyId()));
        if (domain != null) {
            cookie.setDomain(domain);
        }
        cookie.setPath("/");
        Cookie cookie2 = new Cookie("ID", Encryptor.encrypt(company.getKeyObj(), valueOf));
        if (domain != null) {
            cookie2.setDomain(domain);
        }
        cookie2.setPath("/");
        int i = PropsValues.COMPANY_SECURITY_AUTO_LOGIN_MAX_AGE;
        if (PropsValues.SESSION_DISABLED) {
            z = true;
        }
        if (z) {
            cookie.setMaxAge(i);
            cookie2.setMaxAge(i);
        } else {
            cookie.setMaxAge(-1);
            cookie2.setMaxAge(-1);
        }
        boolean isSecure = originalServletRequest.isSecure();
        if (isSecure && !PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS && !StringUtil.equalsIgnoreCase("https", PropsValues.WEB_SERVER_PROTOCOL) && ((bool = (Boolean) session.getAttribute("HTTPS_INITIAL")) == null || !bool.booleanValue())) {
            isSecure = false;
        }
        CookieKeys.addCookie(originalServletRequest, httpServletResponse, cookie, isSecure);
        CookieKeys.addCookie(originalServletRequest, httpServletResponse, cookie2, isSecure);
        if (z) {
            Cookie cookie3 = new Cookie("LOGIN", str);
            if (domain != null) {
                cookie3.setDomain(domain);
            }
            cookie3.setMaxAge(i);
            cookie3.setPath("/");
            CookieKeys.addCookie(originalServletRequest, httpServletResponse, cookie3, isSecure);
            Cookie cookie4 = new Cookie("PASSWORD", Encryptor.encrypt(company.getKeyObj(), str2));
            if (domain != null) {
                cookie4.setDomain(domain);
            }
            cookie4.setMaxAge(i);
            cookie4.setPath("/");
            CookieKeys.addCookie(originalServletRequest, httpServletResponse, cookie4, isSecure);
            Cookie cookie5 = new Cookie("REMEMBER_ME", Boolean.TRUE.toString());
            if (domain != null) {
                cookie5.setDomain(domain);
            }
            cookie5.setMaxAge(i);
            cookie5.setPath("/");
            CookieKeys.addCookie(originalServletRequest, httpServletResponse, cookie5, isSecure);
            Cookie cookie6 = new Cookie("SCREEN_NAME", Encryptor.encrypt(company.getKeyObj(), _getAuthenticatedUser.getScreenName()));
            if (domain != null) {
                cookie6.setDomain(domain);
            }
            cookie6.setMaxAge(i);
            cookie6.setPath("/");
            CookieKeys.addCookie(originalServletRequest, httpServletResponse, cookie6, isSecure);
        }
        if (PropsValues.AUTH_USER_UUID_STORE_ENABLED) {
            String concat = valueOf.concat(".").concat(String.valueOf(System.nanoTime()));
            Cookie cookie7 = new Cookie("USER_UUID", Encryptor.encrypt(company.getKeyObj(), concat));
            cookie7.setPath("/");
            session.setAttribute("USER_UUID", concat);
            if (z) {
                cookie7.setMaxAge(i);
            } else {
                cookie7.setMaxAge(-1);
            }
            CookieKeys.addCookie(originalServletRequest, httpServletResponse, cookie7, isSecure);
            AuthenticatedUserUUIDStoreUtil.register(concat);
        }
    }

    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        HttpSession session = httpServletRequest.getSession();
        EventsProcessorUtil.process("logout.events.pre", PropsValues.LOGOUT_EVENTS_PRE, httpServletRequest, httpServletResponse);
        String domain = CookieKeys.getDomain(httpServletRequest);
        if (Validator.isNull(domain)) {
            domain = null;
        }
        boolean z = GetterUtil.getBoolean(CookieKeys.getCookie(httpServletRequest, "REMEMBER_ME", false));
        CookieKeys.deleteCookies(httpServletRequest, httpServletResponse, domain, new String[]{"COMPANY_ID", "GUEST_LANGUAGE_ID", "ID", "PASSWORD", "REMEMBER_ME"});
        if (!z) {
            CookieKeys.deleteCookies(httpServletRequest, httpServletResponse, domain, new String[]{"LOGIN"});
        }
        try {
            session.invalidate();
        } catch (Exception e) {
        }
        EventsProcessorUtil.process("logout.events.post", PropsValues.LOGOUT_EVENTS_POST, httpServletRequest, httpServletResponse);
    }

    public HttpSession renewSession(HttpServletRequest httpServletRequest, HttpSession httpSession) throws Exception {
        String[] strArr = PropsValues.SESSION_PHISHING_PROTECTED_ATTRIBUTES;
        HashMap hashMap = new HashMap();
        for (String str : strArr) {
            Object attribute = httpSession.getAttribute(str);
            if (attribute != null) {
                hashMap.put(str, attribute);
            }
        }
        httpSession.invalidate();
        HttpSession session = httpServletRequest.getSession(true);
        for (String str2 : strArr) {
            Object obj = hashMap.get(str2);
            if (obj != null) {
                session.setAttribute(str2, obj);
            }
        }
        return session;
    }

    public void signOutSimultaneousLogins(long j) throws Exception {
        long companyIdByUserId = CompanyLocalServiceUtil.getCompanyIdByUserId(j);
        for (UserTracker userTracker : new ArrayList(LiveUsers.getSessionUsers(companyIdByUserId).values())) {
            if (j == userTracker.getUserId()) {
                JSONObject createJSONObject = JSONFactoryUtil.createJSONObject();
                ClusterNode localClusterNode = ClusterExecutorUtil.getLocalClusterNode();
                if (localClusterNode != null) {
                    createJSONObject.put("clusterNodeId", localClusterNode.getClusterNodeId());
                }
                createJSONObject.put("command", "signOut");
                createJSONObject.put("companyId", companyIdByUserId);
                createJSONObject.put("sessionId", userTracker.getSessionId());
                createJSONObject.put("userId", j);
                MessageBusUtil.sendMessage("liferay/live_users", createJSONObject.toString());
            }
        }
    }

    private User _getAuthenticatedUser(HttpServletRequest httpServletRequest, String str, String str2, String str3) throws PortalException {
        if (httpServletRequest.getRequestURI().startsWith(PortalUtil.getPathContext().concat("/api/liferay"))) {
            throw new AuthException();
        }
        Company company = PortalUtil.getCompany(httpServletRequest);
        HashMap hashMap = new HashMap();
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str4 = (String) headerNames.nextElement();
            Enumeration headers = httpServletRequest.getHeaders(str4);
            ArrayList arrayList = new ArrayList();
            while (headers.hasMoreElements()) {
                arrayList.add((String) headers.nextElement());
            }
            hashMap.put(str4, arrayList.toArray(new String[0]));
        }
        Map parameterMap = httpServletRequest.getParameterMap();
        HashMap hashMap2 = new HashMap();
        if (Validator.isNull(str3)) {
            str3 = company.getAuthType();
        }
        int i = -1;
        if (str3.equals(UserDisplayTerms.EMAIL_ADDRESS)) {
            i = UserLocalServiceUtil.authenticateByEmailAddress(company.getCompanyId(), str, str2, hashMap, parameterMap, hashMap2);
        } else if (str3.equals(UserDisplayTerms.SCREEN_NAME)) {
            i = UserLocalServiceUtil.authenticateByScreenName(company.getCompanyId(), str, str2, hashMap, parameterMap, hashMap2);
        } else if (str3.equals("userId")) {
            i = UserLocalServiceUtil.authenticateByUserId(company.getCompanyId(), GetterUtil.getLong(str), str2, hashMap, parameterMap, hashMap2);
        }
        User user = (User) hashMap2.get("user");
        if (i == 1) {
            return user;
        }
        if (user != null) {
            user = UserLocalServiceUtil.fetchUser(user.getUserId());
        }
        if (user != null) {
            UserLocalServiceUtil.checkLockout(user);
        }
        throw new AuthException();
    }
}
