package com.liferay.portal.security.sso.openid.connect.internal.servlet.filter.auto.login;

import com.liferay.portal.kernel.exception.UserEmailAddressException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.HttpComponentsUtil;
import com.liferay.portal.kernel.util.Portal;
import com.liferay.portal.security.sso.openid.connect.OpenIdConnect;
import com.liferay.portal.security.sso.openid.connect.OpenIdConnectAuthenticationHandler;
import com.liferay.portal.security.sso.openid.connect.internal.exception.StrangersNotAllowedException;
import com.liferay.portal.security.sso.openid.connect.internal.session.manager.OfflineOpenIdConnectSessionManager;
import com.liferay.portal.servlet.filters.autologin.AutoLoginFilter;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(configurationPid = {"com.liferay.portal.security.sso.openid.connect.configuration.OpenIdConnectConfiguration"}, property = {"after-filter=Virtual Host Filter", "servlet-context-name=", "servlet-filter-name=SSO OpenId Connect Auto Login Filter", "url-pattern=/c/portal/login/openidconnect"}, service = {Filter.class})
/* loaded from: input_file:com/liferay/portal/security/sso/openid/connect/internal/servlet/filter/auto/login/OpenIdConnectAutoLoginFilter.class */
public class OpenIdConnectAutoLoginFilter extends AutoLoginFilter {
    private static final Log _log = LogFactoryUtil.getLog(OpenIdConnectAutoLoginFilter.class);

    @Reference
    private OfflineOpenIdConnectSessionManager _offlineOpenIdConnectSessionManager;

    @Reference
    private OpenIdConnect _openIdConnect;

    @Reference
    private OpenIdConnectAuthenticationHandler _openIdConnectAuthenticationHandler;

    @Reference
    private Portal _portal;

    public boolean isFilterEnabled(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return this._openIdConnect.isEnabled(this._portal.getCompanyId(httpServletRequest));
    }

    protected Log getLog() {
        return _log;
    }

    protected void processFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws Exception {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return;
        }
        if (this._offlineOpenIdConnectSessionManager.isOpenIdConnectSession(session)) {
            if (_log.isDebugEnabled()) {
                _log.debug("User is already authenticated");
                return;
            }
            return;
        }
        String str = (String) session.getAttribute("OPEN_ID_CONNECT_ACTION_URL");
        try {
            this._openIdConnectAuthenticationHandler.processAuthenticationResponse(httpServletRequest, httpServletResponse, l -> {
                _autoLoginUser(httpServletRequest, httpServletResponse, l);
            });
        } catch (StrangersNotAllowedException | UserEmailAddressException.MustNotUseCompanyMx e) {
            str = HttpComponentsUtil.addParameter(str, "error", e.getClass().getSimpleName());
            httpServletResponse.sendRedirect(str);
        } catch (Exception e2) {
            this._portal.sendError(e2, httpServletRequest, httpServletResponse);
        }
        if (httpServletResponse.isCommitted()) {
            return;
        }
        if (str != null) {
            httpServletResponse.sendRedirect(str);
        } else {
            processFilter(OpenIdConnectAutoLoginFilter.class.getName(), httpServletRequest, httpServletResponse, filterChain);
        }
    }

    private void _autoLoginUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Long l) throws Exception {
        httpServletRequest.getSession().setAttribute("OPEN_ID_CONNECT_AUTHENTICATING_USER_ID", l);
        super.processFilter(httpServletRequest, httpServletResponse, (servletRequest, servletResponse) -> {
            if (_getRemoteUserId(servletRequest) != l.longValue()) {
                throw new ServletException("Expected user " + l + " to be authenticated");
            }
        });
    }

    private long _getRemoteUserId(ServletRequest servletRequest) {
        return GetterUtil.getLong(((HttpServletRequest) servletRequest).getRemoteUser());
    }
}
