package com.liferay.multi.factor.authentication.email.otp.web.internal.checker;

import com.liferay.multi.factor.authentication.email.otp.model.MFAEmailOTPEntry;
import com.liferay.multi.factor.authentication.email.otp.service.MFAEmailOTPEntryLocalService;
import com.liferay.multi.factor.authentication.email.otp.web.internal.configuration.MFAEmailOTPConfiguration;
import com.liferay.multi.factor.authentication.email.otp.web.internal.constants.MFAEmailOTPWebKeys;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.module.configuration.ConfigurationException;
import com.liferay.portal.kernel.module.configuration.ConfigurationProviderUtil;
import com.liferay.portal.kernel.service.UserLocalService;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.Portal;
import com.liferay.portal.util.PropsValues;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.util.Objects;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;

@Component(service = {MFAEmailOTPChecker.class})
/* loaded from: input_file:com/liferay/multi/factor/authentication/email/otp/web/internal/checker/MFAEmailOTPChecker.class */
public class MFAEmailOTPChecker {
    private static final Log _log = LogFactoryUtil.getLog(MFAEmailOTPChecker.class);

    @Reference
    private MFAEmailOTPEntryLocalService _mfaEmailOTPEntryLocalService;

    @Reference
    private Portal _portal;

    @Reference(target = "(osgi.web.symbolicname=com.liferay.multi.factor.authentication.checker.email.otp.web)")
    private ServletContext _servletContext;

    @Reference
    private UserLocalService _userLocalService;

    public void includeBrowserVerification(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, long j) throws Exception {
        User fetchUser = this._userLocalService.fetchUser(j);
        if (fetchUser == null) {
            if (_log.isWarnEnabled()) {
                _log.warn("Requested one-time password email verification for a nonexistent user " + j);
            }
        } else {
            httpServletRequest.setAttribute(MFAEmailOTPWebKeys.MFA_EMAIL_OTP_CONFIGURATION, _getMFAEmailOTPConfiguration(j));
            httpServletRequest.setAttribute(MFAEmailOTPWebKeys.MFA_EMAIL_OTP_SEND_TO_ADDRESS, fetchUser.getEmailAddress());
            this._servletContext.getRequestDispatcher("/mfa_email_otp_checker/verify_browser.jsp").include(httpServletRequest, httpServletResponse);
            HttpSession session = this._portal.getOriginalServletRequest(httpServletRequest).getSession();
            session.setAttribute(MFAEmailOTPWebKeys.MFA_EMAIL_OTP_PHASE, "verify");
            session.setAttribute(MFAEmailOTPWebKeys.MFA_EMAIL_OTP_USER_ID, Long.valueOf(j));
        }
    }

    public boolean isBrowserVerified(HttpServletRequest httpServletRequest, long j) {
        return isVerified(this._portal.getOriginalServletRequest(httpServletRequest).getSession(false), j);
    }

    public boolean verifyBrowserRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, long j) throws Exception {
        if (this._userLocalService.fetchUser(j) == null) {
            if (!_log.isWarnEnabled()) {
                return false;
            }
            _log.warn("Requested one-time password email verification for a nonexistent user " + j);
            return false;
        }
        MFAEmailOTPEntry fetchMFAEmailOTPEntryByUserId = this._mfaEmailOTPEntryLocalService.fetchMFAEmailOTPEntryByUserId(j);
        if (fetchMFAEmailOTPEntryByUserId == null) {
            fetchMFAEmailOTPEntryByUserId = this._mfaEmailOTPEntryLocalService.addMFAEmailOTPEntry(j);
        }
        MFAEmailOTPConfiguration _getMFAEmailOTPConfiguration = _getMFAEmailOTPConfiguration(j);
        if (_getMFAEmailOTPConfiguration.failedAttemptsAllowed() >= 0 && _getMFAEmailOTPConfiguration.failedAttemptsAllowed() <= fetchMFAEmailOTPEntryByUserId.getFailedAttempts() && _getMFAEmailOTPConfiguration.retryTimeout() >= 0) {
            if (_getMFAEmailOTPConfiguration.retryTimeout() + fetchMFAEmailOTPEntryByUserId.getLastFailDate().getTime() > System.currentTimeMillis()) {
                return false;
            }
            this._mfaEmailOTPEntryLocalService.resetFailedAttempts(j);
        }
        HttpServletRequest originalServletRequest = this._portal.getOriginalServletRequest(httpServletRequest);
        HttpSession session = originalServletRequest.getSession();
        if (!_verify(session, ParamUtil.getString(httpServletRequest, "otp"))) {
            this._mfaEmailOTPEntryLocalService.updateAttempts(j, originalServletRequest.getRemoteAddr(), false);
            return false;
        }
        session.setAttribute(MFAEmailOTPWebKeys.MFA_EMAIL_OTP_VALIDATED_AT_TIME, Long.valueOf(System.currentTimeMillis()));
        session.setAttribute(MFAEmailOTPWebKeys.MFA_EMAIL_OTP_VALIDATED_USER_ID, Long.valueOf(j));
        this._mfaEmailOTPEntryLocalService.updateAttempts(j, originalServletRequest.getRemoteAddr(), true);
        return true;
    }

    @Activate
    protected void activate(Map<String, Object> map) {
        if (PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) {
            ArrayList arrayList = new ArrayList(Arrays.asList(PropsValues.SESSION_PHISHING_PROTECTED_ATTRIBUTES));
            arrayList.add(MFAEmailOTPWebKeys.MFA_EMAIL_OTP_VALIDATED_AT_TIME);
            arrayList.add(MFAEmailOTPWebKeys.MFA_EMAIL_OTP_VALIDATED_USER_ID);
            PropsValues.SESSION_PHISHING_PROTECTED_ATTRIBUTES = (String[]) arrayList.toArray(new String[0]);
        }
    }

    @Deactivate
    protected void deactivate() {
        if (PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) {
            ArrayList arrayList = new ArrayList(Arrays.asList(PropsValues.SESSION_PHISHING_PROTECTED_ATTRIBUTES));
            arrayList.remove(MFAEmailOTPWebKeys.MFA_EMAIL_OTP_VALIDATED_AT_TIME);
            arrayList.remove(MFAEmailOTPWebKeys.MFA_EMAIL_OTP_VALIDATED_USER_ID);
            PropsValues.SESSION_PHISHING_PROTECTED_ATTRIBUTES = (String[]) arrayList.toArray(new String[0]);
        }
    }

    protected boolean isVerified(HttpSession httpSession, long j) {
        if (httpSession == null || !Objects.equals(httpSession.getAttribute(MFAEmailOTPWebKeys.MFA_EMAIL_OTP_VALIDATED_USER_ID), Long.valueOf(j))) {
            return false;
        }
        long validationExpirationTime = _getMFAEmailOTPConfiguration(j).validationExpirationTime();
        if (validationExpirationTime < 0) {
            return true;
        }
        return (validationExpirationTime * 1000) + ((Long) httpSession.getAttribute(MFAEmailOTPWebKeys.MFA_EMAIL_OTP_VALIDATED_AT_TIME)).longValue() > System.currentTimeMillis();
    }

    private MFAEmailOTPConfiguration _getMFAEmailOTPConfiguration(long j) {
        User fetchUser = this._userLocalService.fetchUser(j);
        if (fetchUser == null) {
            throw new IllegalStateException("Requested one-time password email verification for a nonexistent user " + j);
        }
        try {
            return (MFAEmailOTPConfiguration) ConfigurationProviderUtil.getCompanyConfiguration(MFAEmailOTPConfiguration.class, fetchUser.getCompanyId());
        } catch (ConfigurationException e) {
            throw new IllegalStateException((Throwable) e);
        }
    }

    private boolean _verify(HttpSession httpSession, String str) {
        String str2 = (String) httpSession.getAttribute(MFAEmailOTPWebKeys.MFA_EMAIL_OTP);
        if (str2 == null || !str2.equals(str)) {
            return false;
        }
        httpSession.removeAttribute(MFAEmailOTPWebKeys.MFA_EMAIL_OTP);
        httpSession.removeAttribute(MFAEmailOTPWebKeys.MFA_EMAIL_OTP_PHASE);
        httpSession.removeAttribute(MFAEmailOTPWebKeys.MFA_EMAIL_OTP_SET_AT_TIME);
        httpSession.removeAttribute(MFAEmailOTPWebKeys.MFA_EMAIL_OTP_USER_ID);
        return true;
    }
}
