package com.liferay.portal.security.sso.openid.connect.internal.service.filter;

import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.servlet.BaseFilter;
import com.liferay.portal.kernel.util.Portal;
import com.liferay.portal.security.sso.openid.connect.OpenIdConnect;
import com.liferay.portal.security.sso.openid.connect.OpenIdConnectFlowState;
import com.liferay.portal.security.sso.openid.connect.OpenIdConnectServiceHandler;
import com.liferay.portal.security.sso.openid.connect.OpenIdConnectSession;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(immediate = true, property = {"servlet-context-name=", "servlet-filter-name=OpenId Connect Session Validation Filter", "url-pattern=/*"}, service = {Filter.class})
/* loaded from: input_file:com/liferay/portal/security/sso/openid/connect/internal/service/filter/OpenIdConnectSessionValidationFilter.class */
public class OpenIdConnectSessionValidationFilter extends BaseFilter {
    private static final Log _log = LogFactoryUtil.getLog(OpenIdConnectSessionValidationFilter.class);

    @Reference
    private OpenIdConnect _openIdConnect;

    @Reference
    private OpenIdConnectServiceHandler _openIdConnectServiceHandler;

    @Reference
    private Portal _portal;

    public boolean isFilterEnabled(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return this._openIdConnect.isEnabled(this._portal.getCompanyId(httpServletRequest));
    }

    protected boolean checkEndSession(HttpSession httpSession) throws Exception {
        boolean z = false;
        OpenIdConnectSession openIdConnectSession = (OpenIdConnectSession) httpSession.getAttribute("OPEN_ID_CONNECT_SESSION");
        if (openIdConnectSession == null) {
            return false;
        }
        OpenIdConnectFlowState openIdConnectFlowState = openIdConnectSession.getOpenIdConnectFlowState();
        if (!OpenIdConnectFlowState.AUTH_COMPLETE.equals(openIdConnectFlowState) && !OpenIdConnectFlowState.PORTAL_AUTH_COMPLETE.equals(openIdConnectFlowState)) {
            return false;
        }
        try {
            if (!this._openIdConnectServiceHandler.hasValidOpenIdConnectSession(httpSession)) {
                z = true;
            }
        } catch (PortalException e) {
            _log.error("Unable to validate OpenId Connect session: " + e.getMessage(), e);
            z = true;
        }
        return z;
    }

    protected Log getLog() {
        return _log;
    }

    protected void processFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws Exception {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null || !checkEndSession(session)) {
            processFilter(OpenIdConnectSessionValidationFilter.class.getName(), httpServletRequest, httpServletResponse, filterChain);
        } else {
            session.invalidate();
            httpServletResponse.sendRedirect(this._portal.getHomeURL(httpServletRequest));
        }
    }
}
