package com.liferay.portal.security.auth;

import com.liferay.petra.string.StringBundler;
import com.liferay.petra.string.StringPool;
import com.liferay.petra.url.pattern.mapper.URLPatternMapper;
import com.liferay.petra.url.pattern.mapper.URLPatternMapperFactory;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.module.util.SystemBundleUtil;
import com.liferay.portal.kernel.security.auth.AccessControlContext;
import com.liferay.portal.kernel.security.auth.verifier.AuthVerifier;
import com.liferay.portal.kernel.security.auth.verifier.AuthVerifierConfiguration;
import com.liferay.portal.kernel.security.auth.verifier.AuthVerifierResult;
import com.liferay.portal.kernel.service.UserLocalServiceUtil;
import com.liferay.portal.kernel.util.PortalUtil;
import com.liferay.portal.kernel.util.PropsKeys;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.security.auth.registry.AuthVerifierRegistry;
import com.liferay.portal.spring.context.PortalContextLoaderListener;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.function.Consumer;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceReference;
import org.osgi.util.tracker.ServiceTracker;
import org.osgi.util.tracker.ServiceTrackerCustomizer;

/* loaded from: input_file:com/liferay/portal/security/auth/AuthVerifierPipeline.class */
public class AuthVerifierPipeline {
    public static final String AUTH_TYPE = "auth.type";
    private static final Log _log = LogFactoryUtil.getLog((Class<?>) AuthVerifierPipeline.class);
    private final List<AuthVerifierConfiguration> _authVerifierConfigurations;
    private final String _contextPath;
    private volatile URLPatternMapper<List<AuthVerifierConfiguration>> _excludeURLPatternMapper;
    private volatile URLPatternMapper<List<AuthVerifierConfiguration>> _includeURLPatternMapper;

    /* loaded from: input_file:com/liferay/portal/security/auth/AuthVerifierPipeline$AuthVerifierConfigurationConsumer.class */
    private static class AuthVerifierConfigurationConsumer implements Consumer<List<AuthVerifierConfiguration>> {
        private final AccessControlContext _accessControlContext;
        private AuthVerifierResult _authVerifierResult;
        private Set<AuthVerifierConfiguration> _excludedAuthVerifierConfigurations;
        private final URLPatternMapper<List<AuthVerifierConfiguration>> _excludeURLPatternMapper;
        private final String _requestURI;

        @Override // java.util.function.Consumer
        public void accept(List<AuthVerifierConfiguration> list) {
            if (this._authVerifierResult != null) {
                return;
            }
            if (this._excludedAuthVerifierConfigurations == null) {
                this._excludedAuthVerifierConfigurations = new HashSet();
                URLPatternMapper<List<AuthVerifierConfiguration>> uRLPatternMapper = this._excludeURLPatternMapper;
                Set<AuthVerifierConfiguration> set = this._excludedAuthVerifierConfigurations;
                set.getClass();
                uRLPatternMapper.consumeValues((v1) -> {
                    r1.addAll(v1);
                }, this._requestURI);
            }
            for (AuthVerifierConfiguration authVerifierConfiguration : list) {
                if (!this._excludedAuthVerifierConfigurations.contains(authVerifierConfiguration)) {
                    this._authVerifierResult = _verifyWithAuthVerifierConfiguration(this._accessControlContext, authVerifierConfiguration);
                    if (this._authVerifierResult != null) {
                        return;
                    }
                }
            }
        }

        public AuthVerifierResult getAuthVerifierResult() {
            return this._authVerifierResult;
        }

        private AuthVerifierConfigurationConsumer(AccessControlContext accessControlContext, URLPatternMapper<List<AuthVerifierConfiguration>> uRLPatternMapper, String str) {
            this._accessControlContext = accessControlContext;
            this._excludeURLPatternMapper = uRLPatternMapper;
            this._requestURI = str;
        }

        private Map<String, Object> _mergeSettings(Properties properties, Map<String, Object> map) {
            HashMap hashMap = new HashMap(map);
            if (properties != null) {
                for (Map.Entry entry : properties.entrySet()) {
                    hashMap.put((String) entry.getKey(), entry.getValue());
                }
            }
            return hashMap;
        }

        private AuthVerifierResult _verifyWithAuthVerifierConfiguration(AccessControlContext accessControlContext, AuthVerifierConfiguration authVerifierConfiguration) {
            AuthVerifier authVerifier = AuthVerifierRegistry.getAuthVerifier(authVerifierConfiguration.getAuthVerifierClassName());
            if (authVerifier == null) {
                return null;
            }
            Properties properties = authVerifierConfiguration.getProperties();
            try {
                AuthVerifierResult verify = authVerifier.verify(accessControlContext, properties);
                if (verify == null) {
                    AuthVerifierPipeline._log.error("Auth verifier " + authVerifier.getClass().getName() + " did not return an auth verifier result");
                    return null;
                }
                if (verify.getState() == AuthVerifierResult.State.NOT_APPLICABLE) {
                    return null;
                }
                User fetchUser = UserLocalServiceUtil.fetchUser(verify.getUserId());
                if (fetchUser != null && !fetchUser.isActive()) {
                    if (AuthVerifierPipeline._log.isDebugEnabled()) {
                        AuthVerifierPipeline._log.debug(StringBundler.concat("Auth verifier ", authVerifier.getClass().getName(), " returned inactive user", Long.valueOf(verify.getUserId())));
                    }
                    verify.setState(AuthVerifierResult.State.UNSUCCESSFUL);
                }
                Map<String, Object> _mergeSettings = _mergeSettings(properties, verify.getSettings());
                _mergeSettings.put(AuthVerifierPipeline.AUTH_TYPE, authVerifier.getAuthType());
                verify.setSettings(_mergeSettings);
                return verify;
            } catch (Exception e) {
                if (!AuthVerifierPipeline._log.isDebugEnabled()) {
                    return null;
                }
                AuthVerifierPipeline._log.debug("Skipping " + authVerifier.getClass().getName(), e);
                return null;
            }
        }
    }

    /* loaded from: input_file:com/liferay/portal/security/auth/AuthVerifierPipeline$PortalAuthVerifierPipelineHolder.class */
    private static class PortalAuthVerifierPipelineHolder {
        private static final AuthVerifierPipeline _PORTAL_AUTH_VERIFIER_PIPELINE;

        private PortalAuthVerifierPipelineHolder() {
        }

        static {
            final AuthVerifierPipeline authVerifierPipeline = new AuthVerifierPipeline(Collections.emptyList(), PortalContextLoaderListener.getPortalServletContextPath());
            final BundleContext bundleContext = SystemBundleUtil.getBundleContext();
            new ServiceTracker(bundleContext, AuthVerifierConfiguration.class, new ServiceTrackerCustomizer<AuthVerifierConfiguration, AuthVerifierConfiguration>() { // from class: com.liferay.portal.security.auth.AuthVerifierPipeline.PortalAuthVerifierPipelineHolder.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.osgi.util.tracker.ServiceTrackerCustomizer
                public AuthVerifierConfiguration addingService(ServiceReference<AuthVerifierConfiguration> serviceReference) {
                    AuthVerifierConfiguration authVerifierConfiguration = (AuthVerifierConfiguration) BundleContext.this.getService(serviceReference);
                    if (authVerifierConfiguration != null) {
                        authVerifierPipeline._addAuthVerifierConfiguration(authVerifierConfiguration);
                    }
                    return authVerifierConfiguration;
                }

                @Override // org.osgi.util.tracker.ServiceTrackerCustomizer
                public void modifiedService(ServiceReference<AuthVerifierConfiguration> serviceReference, AuthVerifierConfiguration authVerifierConfiguration) {
                }

                @Override // org.osgi.util.tracker.ServiceTrackerCustomizer
                public void removedService(ServiceReference<AuthVerifierConfiguration> serviceReference, AuthVerifierConfiguration authVerifierConfiguration) {
                    authVerifierPipeline._removeAuthVerifierConfiguration(authVerifierConfiguration);
                    BundleContext.this.ungetService(serviceReference);
                }
            }).open();
            _PORTAL_AUTH_VERIFIER_PIPELINE = authVerifierPipeline;
        }
    }

    public static String getAuthVerifierPropertyName(String str) {
        return StringBundler.concat(PropsKeys.AUTH_VERIFIER, StringUtil.extractLast(str, StringPool.PERIOD), StringPool.PERIOD);
    }

    public static AuthVerifierPipeline getPortalAuthVerifierPipeline() {
        return PortalAuthVerifierPipelineHolder._PORTAL_AUTH_VERIFIER_PIPELINE;
    }

    public AuthVerifierPipeline(List<AuthVerifierConfiguration> list, String str) {
        this._authVerifierConfigurations = new ArrayList(list);
        this._contextPath = str;
        _buildURLPatternMapper();
    }

    public AuthVerifierResult verifyRequest(AccessControlContext accessControlContext) throws PortalException {
        if (accessControlContext == null) {
            throw new IllegalArgumentException("Access control context is null");
        }
        String requestURI = accessControlContext.getRequest().getRequestURI();
        AuthVerifierConfigurationConsumer authVerifierConfigurationConsumer = new AuthVerifierConfigurationConsumer(accessControlContext, this._excludeURLPatternMapper, requestURI);
        this._includeURLPatternMapper.consumeValues(authVerifierConfigurationConsumer, requestURI);
        return authVerifierConfigurationConsumer.getAuthVerifierResult() != null ? authVerifierConfigurationConsumer.getAuthVerifierResult() : _createGuestVerificationResult(accessControlContext);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void _addAuthVerifierConfiguration(AuthVerifierConfiguration authVerifierConfiguration) {
        this._authVerifierConfigurations.add(authVerifierConfiguration);
        _buildURLPatternMapper();
    }

    private void _buildURLPatternMapper() {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        for (AuthVerifierConfiguration authVerifierConfiguration : this._authVerifierConfigurations) {
            Properties properties = authVerifierConfiguration.getProperties();
            for (String str : StringUtil.split(properties.getProperty("urls.excludes"))) {
                ((List) hashMap.computeIfAbsent(this._contextPath + _fixLegacyURLPattern(str), str2 -> {
                    return new ArrayList();
                })).add(authVerifierConfiguration);
            }
            for (String str3 : StringUtil.split(properties.getProperty("urls.includes"))) {
                ((List) hashMap2.computeIfAbsent(this._contextPath + _fixLegacyURLPattern(str3), str4 -> {
                    return new ArrayList();
                })).add(authVerifierConfiguration);
            }
        }
        this._excludeURLPatternMapper = URLPatternMapperFactory.create(hashMap);
        this._includeURLPatternMapper = URLPatternMapperFactory.create(hashMap2);
    }

    private AuthVerifierResult _createGuestVerificationResult(AccessControlContext accessControlContext) throws PortalException {
        AuthVerifierResult authVerifierResult = new AuthVerifierResult();
        authVerifierResult.setState(AuthVerifierResult.State.UNSUCCESSFUL);
        authVerifierResult.setUserId(UserLocalServiceUtil.getGuestUserId(PortalUtil.getCompanyId(accessControlContext.getRequest())));
        return authVerifierResult;
    }

    private String _fixLegacyURLPattern(String str) {
        return (str == null || str.length() == 0 || str.charAt(str.length() - 1) != '*') ? str : (str.length() <= 1 || str.charAt(str.length() - 2) != '/') ? str.substring(0, str.length() - 1) + "/*" : str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void _removeAuthVerifierConfiguration(AuthVerifierConfiguration authVerifierConfiguration) {
        this._authVerifierConfigurations.remove(authVerifierConfiguration);
        _buildURLPatternMapper();
    }
}
