package com.liferay.portal.security.sso.openid.internal;

import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.portlet.LiferayPortletResponse;
import com.liferay.portal.kernel.service.ServiceContext;
import com.liferay.portal.kernel.service.UserLocalService;
import com.liferay.portal.kernel.servlet.SessionMessages;
import com.liferay.portal.kernel.theme.ThemeDisplay;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.HttpUtil;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.PortalUtil;
import com.liferay.portal.kernel.util.PwdGenerator;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.security.sso.openid.OpenIdProviderRegistry;
import com.liferay.portal.security.sso.openid.OpenIdServiceException;
import com.liferay.portal.security.sso.openid.OpenIdServiceHandler;
import com.liferay.portal.security.sso.openid.constants.OpenIdWebKeys;
import java.io.IOException;
import java.util.List;
import java.util.Map;
import javax.portlet.ActionRequest;
import javax.portlet.ActionResponse;
import javax.portlet.PortletURL;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.openid4java.association.AssociationException;
import org.openid4java.consumer.ConsumerException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.InMemoryConsumerAssociationStore;
import org.openid4java.consumer.InMemoryNonceVerifier;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.DiscoveryException;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.MessageException;
import org.openid4java.message.MessageExtension;
import org.openid4java.message.ParameterList;
import org.openid4java.message.ax.AxMessage;
import org.openid4java.message.ax.AxPayload;
import org.openid4java.message.ax.FetchRequest;
import org.openid4java.message.ax.FetchResponse;
import org.openid4java.message.sreg.SRegMessage;
import org.openid4java.message.sreg.SRegRequest;
import org.openid4java.message.sreg.SRegResponse;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;

@Component(immediate = true, service = {OpenIdServiceHandler.class})
/* loaded from: input_file:com/liferay/portal/security/sso/openid/internal/OpenIdServiceHandlerImpl.class */
public class OpenIdServiceHandlerImpl implements OpenIdServiceHandler {
    private static final String _OPEN_ID_AX_ATTR_EMAIL = "email";
    private static final String _OPEN_ID_AX_ATTR_FIRST_NAME = "firstname";
    private static final String _OPEN_ID_AX_ATTR_FULL_NAME = "fullname";
    private static final String _OPEN_ID_AX_ATTR_LAST_NAME = "lastname";
    private static final String _OPEN_ID_SREG_ATTR_EMAIL = "email";
    private static final String _OPEN_ID_SREG_ATTR_FULLNAME = "fullname";
    private static final Log _log = LogFactoryUtil.getLog(OpenIdServiceHandlerImpl.class);
    private ConsumerManager _consumerManager;
    private OpenIdProviderRegistry _openIdProviderRegistry;
    private UserLocalService _userLocalService;

    @Override // com.liferay.portal.security.sso.openid.OpenIdServiceHandler
    public String readResponse(ThemeDisplay themeDisplay, ActionRequest actionRequest) throws PortalException {
        HttpServletRequest originalServletRequest = PortalUtil.getOriginalServletRequest(PortalUtil.getHttpServletRequest(actionRequest));
        String string = ParamUtil.getString(originalServletRequest, "openid.return_to");
        ParameterList parameterList = new ParameterList(originalServletRequest.getParameterMap());
        HttpSession session = originalServletRequest.getSession();
        DiscoveryInformation discoveryInformation = (DiscoveryInformation) session.getAttribute(OpenIdWebKeys.OPEN_ID_DISCO);
        if (discoveryInformation == null) {
            return null;
        }
        try {
            VerificationResult verify = this._consumerManager.verify(string, parameterList, discoveryInformation);
            if (verify.getVerifiedId() == null) {
                return null;
            }
            AuthSuccess authSuccess = (AuthSuccess) verify.getAuthResponse();
            String str = null;
            String str2 = null;
            String str3 = null;
            if (authSuccess.hasExtension(SRegMessage.OPENID_NS_SREG)) {
                MessageExtension extension = authSuccess.getExtension(SRegMessage.OPENID_NS_SREG);
                if (extension instanceof SRegResponse) {
                    SRegResponse sRegResponse = (SRegResponse) extension;
                    String[] splitFullName = splitFullName(GetterUtil.getString(sRegResponse.getAttributeValue("fullname")));
                    if (splitFullName != null) {
                        str = splitFullName[0];
                        str2 = splitFullName[1];
                    }
                    str3 = sRegResponse.getAttributeValue("email");
                }
            }
            if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
                MessageExtension extension2 = authSuccess.getExtension(AxMessage.OPENID_NS_AX);
                if (extension2 instanceof FetchResponse) {
                    AxPayload axPayload = (FetchResponse) extension2;
                    for (String str4 : this._openIdProviderRegistry.getOpenIdProvider(discoveryInformation.getOPEndpoint()).getAxSchema()) {
                        if (str4.equals("email")) {
                            if (Validator.isNull(str3)) {
                                str3 = getFirstValue(axPayload.getAttributeValues("email"));
                            }
                        } else if (str4.equals(_OPEN_ID_AX_ATTR_FIRST_NAME)) {
                            if (Validator.isNull(str)) {
                                str = getFirstValue(axPayload.getAttributeValues(_OPEN_ID_AX_ATTR_FIRST_NAME));
                            }
                        } else if (str4.equals("fullname")) {
                            String[] splitFullName2 = splitFullName(axPayload.getAttributeValue("fullname"));
                            if (splitFullName2 != null) {
                                if (Validator.isNull(str)) {
                                    str = splitFullName2[0];
                                }
                                if (Validator.isNull(str2)) {
                                    str2 = splitFullName2[1];
                                }
                            }
                        } else if (str4.equals(_OPEN_ID_AX_ATTR_LAST_NAME) && Validator.isNull(str2)) {
                            str2 = getFirstValue(axPayload.getAttributeValues(_OPEN_ID_AX_ATTR_LAST_NAME));
                        }
                    }
                }
            }
            String normalize = normalize(authSuccess.getIdentity());
            User fetchUserByOpenId = this._userLocalService.fetchUserByOpenId(themeDisplay.getCompanyId(), normalize);
            if (fetchUserByOpenId != null) {
                session.setAttribute("OPEN_ID_LOGIN", Long.valueOf(fetchUserByOpenId.getUserId()));
                return null;
            }
            try {
                if (!Validator.isNull(str) && !Validator.isNull(str2) && !Validator.isNull(str3)) {
                    long companyId = themeDisplay.getCompanyId();
                    String password = PwdGenerator.getPassword();
                    session.setAttribute("OPEN_ID_LOGIN", Long.valueOf(this._userLocalService.addUser(0L, companyId, false, password, password, true, "", str3, 0L, normalize, themeDisplay.getLocale(), str, "", str2, 0L, 0L, true, 0, 1, 1970, "", (long[]) null, (long[]) null, (long[]) null, (long[]) null, false, new ServiceContext()).getUserId()));
                    return null;
                }
                SessionMessages.add(originalServletRequest, "openIdUserInformationMissing");
                if (_log.isInfoEnabled()) {
                    _log.info("The OpenID provider did not send the required attributes to create an account");
                }
                String createAccountURL = PortalUtil.getCreateAccountURL(originalServletRequest, themeDisplay);
                String parameter = HttpUtil.setParameter(createAccountURL, PortalUtil.getPortletNamespace(HttpUtil.getParameter(createAccountURL, "p_p_id", false)) + "openId", normalize);
                session.setAttribute("OPEN_ID_LOGIN_PENDING", Boolean.TRUE);
                return parameter;
            } catch (Exception e) {
                throw new PortalException(e);
            }
        } catch (AssociationException e2) {
            throw new OpenIdServiceException.AssociationException(e2.getMessage(), e2);
        } catch (DiscoveryException e3) {
            throw new OpenIdServiceException.DiscoveryException(e3.getMessage(), e3);
        } catch (MessageException e4) {
            throw new OpenIdServiceException.MessageException(e4.getMessage(), e4);
        }
    }

    @Override // com.liferay.portal.security.sso.openid.OpenIdServiceHandler
    public void sendRequest(ThemeDisplay themeDisplay, ActionRequest actionRequest, ActionResponse actionResponse) throws PortalException {
        HttpServletRequest originalServletRequest = PortalUtil.getOriginalServletRequest(PortalUtil.getHttpServletRequest(actionRequest));
        HttpServletResponse httpServletResponse = PortalUtil.getHttpServletResponse(actionResponse);
        HttpSession session = originalServletRequest.getSession();
        LiferayPortletResponse liferayPortletResponse = PortalUtil.getLiferayPortletResponse(actionResponse);
        String string = ParamUtil.getString(actionRequest, "openId");
        PortletURL createActionURL = liferayPortletResponse.createActionURL();
        createActionURL.setParameter("javax.portlet.action", "/login/openid");
        createActionURL.setParameter("saveLastPath", Boolean.FALSE.toString());
        createActionURL.setParameter("mvcRenderCommandName", "/login/openid");
        createActionURL.setParameter("cmd", "read");
        try {
            DiscoveryInformation associate = this._consumerManager.associate(this._consumerManager.discover(string));
            session.setAttribute(OpenIdWebKeys.OPEN_ID_DISCO, associate);
            AuthRequest authenticate = this._consumerManager.authenticate(associate, createActionURL.toString(), themeDisplay.getPortalURL());
            if (this._userLocalService.fetchUserByOpenId(themeDisplay.getCompanyId(), string) != null) {
                httpServletResponse.sendRedirect(authenticate.getDestinationUrl(true));
                return;
            }
            User fetchUserByScreenName = this._userLocalService.fetchUserByScreenName(themeDisplay.getCompanyId(), getScreenName(string));
            if (fetchUserByScreenName != null) {
                this._userLocalService.updateOpenId(fetchUserByScreenName.getUserId(), string);
                httpServletResponse.sendRedirect(authenticate.getDestinationUrl(true));
                return;
            }
            FetchRequest createFetchRequest = FetchRequest.createFetchRequest();
            Map<String, String> axTypes = this._openIdProviderRegistry.getOpenIdProvider(associate.getOPEndpoint()).getAxTypes();
            for (String str : axTypes.keySet()) {
                createFetchRequest.addAttribute(str, axTypes.get(str), true);
            }
            authenticate.addExtension(createFetchRequest);
            SRegRequest createFetchRequest2 = SRegRequest.createFetchRequest();
            createFetchRequest2.addAttribute("email", true);
            createFetchRequest2.addAttribute("fullname", true);
            authenticate.addExtension(createFetchRequest2);
            httpServletResponse.sendRedirect(authenticate.getDestinationUrl(true));
        } catch (IOException e) {
            throw new SystemException("Unable to communicate with OpenId provider", e);
        } catch (ConsumerException e2) {
            throw new OpenIdServiceException.ConsumerException(e2.getMessage(), e2);
        } catch (DiscoveryException e3) {
            throw new OpenIdServiceException.DiscoveryException(e3.getMessage(), e3);
        } catch (MessageException e4) {
            throw new OpenIdServiceException.MessageException(e4.getMessage(), e4);
        }
    }

    @Activate
    @Modified
    protected void activate() {
        try {
            this._consumerManager = new ConsumerManager();
            this._consumerManager.setAssociations(new InMemoryConsumerAssociationStore());
            this._consumerManager.setNonceVerifier(new InMemoryNonceVerifier(5000));
        } catch (Exception e) {
            throw new IllegalStateException("Unable to start consumer manager", e);
        }
    }

    protected String getFirstValue(List<String> list) {
        if (list == null || list.size() < 1) {
            return null;
        }
        return list.get(0);
    }

    protected String getScreenName(String str) {
        String normalize = normalize(str);
        if (normalize.startsWith("http://")) {
            normalize = normalize.substring("http://".length());
        }
        if (normalize.startsWith("https://")) {
            normalize = normalize.substring("https://".length());
        }
        return StringUtil.replace(normalize, new String[]{"/", "_"}, new String[]{".", "."});
    }

    protected String normalize(String str) {
        return str.endsWith("/") ? str.substring(0, str.length() - 1) : str;
    }

    @Reference(unbind = "-")
    protected void setOpenIdProviderRegistry(OpenIdProviderRegistry openIdProviderRegistry) {
        this._openIdProviderRegistry = openIdProviderRegistry;
    }

    @Reference(unbind = "-")
    protected void setUserLocalService(UserLocalService userLocalService) {
        this._userLocalService = userLocalService;
    }

    protected String[] splitFullName(String str) {
        int indexOf;
        if (Validator.isNull(str) || (indexOf = str.indexOf(32)) == -1 || indexOf + 1 >= str.length()) {
            return null;
        }
        return new String[]{str.substring(0, indexOf), str.substring(indexOf + 1)};
    }
}
