package com.liferay.portal.security.auth;

import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.security.auth.AccessControlContext;
import com.liferay.portal.kernel.security.auth.verifier.AuthVerifier;
import com.liferay.portal.kernel.security.auth.verifier.AuthVerifierConfiguration;
import com.liferay.portal.kernel.security.auth.verifier.AuthVerifierResult;
import com.liferay.portal.kernel.service.UserLocalServiceUtil;
import com.liferay.portal.kernel.util.PortalUtil;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.registry.Registry;
import com.liferay.registry.RegistryUtil;
import com.liferay.registry.ServiceReference;
import com.liferay.registry.ServiceTracker;
import com.liferay.registry.ServiceTrackerCustomizer;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.CopyOnWriteArrayList;
import javax.servlet.http.HttpServletRequest;
import jodd.util.Wildcard;

/* loaded from: input_file:com/liferay/portal/security/auth/AuthVerifierPipeline.class */
public class AuthVerifierPipeline {
    public static final String AUTH_TYPE = "auth.type";
    private static final Log _log = LogFactoryUtil.getLog(AuthVerifierPipeline.class);
    private static final AuthVerifierPipeline _authVerifierPipeline = new AuthVerifierPipeline();
    private final List<AuthVerifierConfiguration> _authVerifierConfigurations = new CopyOnWriteArrayList();
    private final ServiceTracker<AuthVerifier, AuthVerifierConfiguration> _serviceTracker;

    /* loaded from: input_file:com/liferay/portal/security/auth/AuthVerifierPipeline$AuthVerifierTrackerCustomizer.class */
    private class AuthVerifierTrackerCustomizer implements ServiceTrackerCustomizer<AuthVerifier, AuthVerifierConfiguration> {
        private AuthVerifierTrackerCustomizer() {
        }

        public AuthVerifierConfiguration addingService(ServiceReference<AuthVerifier> serviceReference) {
            AuthVerifier authVerifier = (AuthVerifier) RegistryUtil.getRegistry().getService(serviceReference);
            if (authVerifier == null) {
                return null;
            }
            Class<?> cls = authVerifier.getClass();
            AuthVerifierConfiguration authVerifierConfiguration = new AuthVerifierConfiguration();
            authVerifierConfiguration.setAuthVerifier(authVerifier);
            authVerifierConfiguration.setAuthVerifierClassName(cls.getName());
            authVerifierConfiguration.setProperties(_loadProperties(serviceReference, cls.getName()));
            if (!_validate(authVerifierConfiguration)) {
                return null;
            }
            AuthVerifierPipeline.this._authVerifierConfigurations.add(0, authVerifierConfiguration);
            return authVerifierConfiguration;
        }

        public void modifiedService(ServiceReference<AuthVerifier> serviceReference, AuthVerifierConfiguration authVerifierConfiguration) {
            AuthVerifierPipeline.this._authVerifierConfigurations.remove(authVerifierConfiguration);
            authVerifierConfiguration.setProperties(_loadProperties(serviceReference, authVerifierConfiguration.getAuthVerifierClassName()));
            if (_validate(authVerifierConfiguration)) {
                AuthVerifierPipeline.this._authVerifierConfigurations.add(0, authVerifierConfiguration);
            }
        }

        public void removedService(ServiceReference<AuthVerifier> serviceReference, AuthVerifierConfiguration authVerifierConfiguration) {
            RegistryUtil.getRegistry().ungetService(serviceReference);
            AuthVerifierPipeline.this._authVerifierConfigurations.remove(authVerifierConfiguration);
        }

        private Properties _loadProperties(ServiceReference<AuthVerifier> serviceReference, String str) {
            Properties properties = new Properties();
            String authVerifierPropertyName = AuthVerifierPipeline.getAuthVerifierPropertyName(str);
            for (Map.Entry entry : serviceReference.getProperties().entrySet()) {
                String str2 = (String) entry.getKey();
                if (str2.startsWith(authVerifierPropertyName)) {
                    str2 = str2.substring(authVerifierPropertyName.length());
                }
                properties.setProperty(str2, String.valueOf(entry.getValue()));
            }
            return properties;
        }

        private boolean _validate(AuthVerifierConfiguration authVerifierConfiguration) {
            if (StringUtil.split(authVerifierConfiguration.getProperties().getProperty("urls.includes")).length != 0) {
                return true;
            }
            if (!AuthVerifierPipeline._log.isWarnEnabled()) {
                return false;
            }
            AuthVerifierPipeline._log.warn("Auth verifier " + authVerifierConfiguration.getAuthVerifierClassName() + " does not have URLs configured");
            return false;
        }

        public /* bridge */ /* synthetic */ void removedService(ServiceReference serviceReference, Object obj) {
            removedService((ServiceReference<AuthVerifier>) serviceReference, (AuthVerifierConfiguration) obj);
        }

        public /* bridge */ /* synthetic */ void modifiedService(ServiceReference serviceReference, Object obj) {
            modifiedService((ServiceReference<AuthVerifier>) serviceReference, (AuthVerifierConfiguration) obj);
        }

        /* renamed from: addingService, reason: collision with other method in class */
        public /* bridge */ /* synthetic */ Object m566addingService(ServiceReference serviceReference) {
            return addingService((ServiceReference<AuthVerifier>) serviceReference);
        }
    }

    public static String getAuthVerifierPropertyName(String str) {
        return StringBundler.concat(new String[]{"auth.verifier.", StringUtil.extractLast(str, "."), "."});
    }

    public static AuthVerifierResult verifyRequest(AccessControlContext accessControlContext) throws PortalException {
        return _authVerifierPipeline._verifyRequest(accessControlContext);
    }

    private AuthVerifierPipeline() {
        Registry registry = RegistryUtil.getRegistry();
        this._serviceTracker = registry.trackServices(registry.getFilter("(objectClass=" + AuthVerifier.class.getName() + ")"), new AuthVerifierTrackerCustomizer());
        this._serviceTracker.open();
    }

    private AuthVerifierResult _createGuestVerificationResult(AccessControlContext accessControlContext) throws PortalException {
        AuthVerifierResult authVerifierResult = new AuthVerifierResult();
        authVerifierResult.setState(AuthVerifierResult.State.UNSUCCESSFUL);
        authVerifierResult.setUserId(UserLocalServiceUtil.getDefaultUserId(PortalUtil.getCompanyId(accessControlContext.getRequest())));
        return authVerifierResult;
    }

    private List<AuthVerifierConfiguration> _getAuthVerifierConfigurations(AccessControlContext accessControlContext) {
        HttpServletRequest request = accessControlContext.getRequest();
        ArrayList arrayList = new ArrayList();
        String requestURI = request.getRequestURI();
        String contextPath = request.getContextPath();
        if (requestURI.equals(contextPath)) {
            requestURI = requestURI + "/";
        }
        Iterator<AuthVerifierConfiguration> it = this._authVerifierConfigurations.iterator();
        while (it.hasNext()) {
            AuthVerifierConfiguration _mergeAuthVerifierConfiguration = _mergeAuthVerifierConfiguration(it.next(), accessControlContext, contextPath);
            if (_isMatchingRequestURI(_mergeAuthVerifierConfiguration, requestURI)) {
                arrayList.add(_mergeAuthVerifierConfiguration);
            }
        }
        return arrayList;
    }

    private boolean _isMatchingRequestURI(AuthVerifierConfiguration authVerifierConfiguration, String str) {
        Properties properties = authVerifierConfiguration.getProperties();
        String[] split = StringUtil.split(properties.getProperty("urls.excludes"));
        if (split.length > 0 && Wildcard.matchOne(str, split) > -1) {
            return false;
        }
        String[] split2 = StringUtil.split(properties.getProperty("urls.includes"));
        return split2.length != 0 && Wildcard.matchOne(str, split2) > -1;
    }

    private AuthVerifierConfiguration _mergeAuthVerifierConfiguration(AuthVerifierConfiguration authVerifierConfiguration, AccessControlContext accessControlContext, String str) {
        Map settings = accessControlContext.getSettings();
        String authVerifierPropertyName = getAuthVerifierPropertyName(authVerifierConfiguration.getAuthVerifierClassName());
        boolean z = false;
        Iterator it = settings.keySet().iterator();
        while (it.hasNext() && !z) {
            String str2 = (String) it.next();
            if (str2.startsWith(authVerifierPropertyName) && (settings.get(str2) instanceof String)) {
                z = true;
            }
        }
        if (!z) {
            return authVerifierConfiguration;
        }
        AuthVerifierConfiguration authVerifierConfiguration2 = new AuthVerifierConfiguration();
        authVerifierConfiguration2.setAuthVerifier(authVerifierConfiguration.getAuthVerifier());
        Properties properties = new Properties(authVerifierConfiguration.getProperties());
        for (Map.Entry entry : settings.entrySet()) {
            String str3 = (String) entry.getKey();
            if (str3.startsWith(authVerifierPropertyName)) {
                Object value = entry.getValue();
                if (value instanceof String) {
                    String substring = str3.substring(authVerifierPropertyName.length());
                    if (substring.equals("urls.includes") || substring.equals("urls.excludes")) {
                        String str4 = (String) value;
                        if (str4.charAt(0) != '/') {
                            str4 = "/" + str4;
                        }
                        properties.setProperty(substring, str + str4);
                    } else {
                        properties.setProperty(substring, (String) value);
                    }
                }
            }
        }
        authVerifierConfiguration2.setProperties(properties);
        return authVerifierConfiguration2;
    }

    private Map<String, Object> _mergeSettings(Properties properties, Map<String, Object> map) {
        HashMap hashMap = new HashMap(map);
        if (properties != null) {
            for (Map.Entry entry : properties.entrySet()) {
                hashMap.put((String) entry.getKey(), entry.getValue());
            }
        }
        return hashMap;
    }

    private AuthVerifierResult _verifyRequest(AccessControlContext accessControlContext) throws PortalException {
        if (accessControlContext == null) {
            throw new IllegalArgumentException("Access control context is null");
        }
        for (AuthVerifierConfiguration authVerifierConfiguration : _getAuthVerifierConfigurations(accessControlContext)) {
            AuthVerifier authVerifier = authVerifierConfiguration.getAuthVerifier();
            Properties properties = authVerifierConfiguration.getProperties();
            try {
                AuthVerifierResult verify = authVerifier.verify(accessControlContext, properties);
                if (verify == null) {
                    _log.error("Auth verifier " + authVerifier.getClass().getName() + " did not return an auth verifier result");
                } else if (verify.getState() != AuthVerifierResult.State.NOT_APPLICABLE) {
                    User fetchUser = UserLocalServiceUtil.fetchUser(verify.getUserId());
                    if (fetchUser != null && fetchUser.isActive()) {
                        Map<String, Object> _mergeSettings = _mergeSettings(properties, verify.getSettings());
                        _mergeSettings.put(AUTH_TYPE, authVerifier.getAuthType());
                        verify.setSettings(_mergeSettings);
                        return verify;
                    }
                    if (_log.isDebugEnabled()) {
                        Class<?> cls = authVerifier.getClass();
                        if (fetchUser == null) {
                            _log.debug(StringBundler.concat(new Object[]{"Auth verifier ", cls.getName(), " returned null user", Long.valueOf(verify.getUserId())}));
                        } else {
                            _log.debug(StringBundler.concat(new Object[]{"Auth verifier ", cls.getName(), " returned inactive user", Long.valueOf(verify.getUserId())}));
                        }
                    }
                } else {
                    continue;
                }
            } catch (Exception e) {
                if (_log.isDebugEnabled()) {
                    _log.debug("Skipping " + authVerifier.getClass().getName(), e);
                }
            }
        }
        return _createGuestVerificationResult(accessControlContext);
    }
}
