package com.liferay.portal.security.sso.openid.connect.internal;

import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.UserEmailAddressException;
import com.liferay.portal.kernel.model.Company;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.service.CompanyLocalService;
import com.liferay.portal.kernel.service.ServiceContext;
import com.liferay.portal.kernel.service.UserLocalService;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.security.sso.openid.connect.OpenIdConnectServiceException;
import com.liferay.portal.security.sso.openid.connect.internal.exception.StrangersNotAllowedException;
import com.nimbusds.openid.connect.sdk.claims.UserInfo;
import java.util.Locale;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(immediate = true, service = {OpenIdConnectUserInfoProcessor.class})
/* loaded from: input_file:com/liferay/portal/security/sso/openid/connect/internal/OpenIdConnectUserInfoProcessorImpl.class */
public class OpenIdConnectUserInfoProcessorImpl implements OpenIdConnectUserInfoProcessor {

    @Reference
    private CompanyLocalService _companyLocalService;

    @Reference
    private UserLocalService _userLocalService;

    @Override // com.liferay.portal.security.sso.openid.connect.internal.OpenIdConnectUserInfoProcessor
    public long processUserInfo(UserInfo userInfo, long j, String str, String str2) throws PortalException {
        String emailAddress = userInfo.getEmailAddress();
        User fetchUserByEmailAddress = this._userLocalService.fetchUserByEmailAddress(j, emailAddress);
        if (fetchUserByEmailAddress != null) {
            return fetchUserByEmailAddress.getUserId();
        }
        _checkAddUser(j, emailAddress);
        String givenName = userInfo.getGivenName();
        String familyName = userInfo.getFamilyName();
        if (Validator.isNull(givenName) || Validator.isNull(familyName) || Validator.isNull(emailAddress)) {
            throw new OpenIdConnectServiceException.UserMappingException(StringBundler.concat(new String[]{"Unable to map OpenId Connect user to the portal, missing ", "or invalid profile information: {emailAddresss=", emailAddress, ", firstName=", givenName, ", lastName=", familyName, "}"}));
        }
        Locale locale = this._companyLocalService.getCompany(j).getLocale();
        ServiceContext serviceContext = new ServiceContext();
        serviceContext.setPathMain(str);
        serviceContext.setPortalURL(str2);
        return this._userLocalService.updatePasswordReset(this._userLocalService.addUser(0L, j, true, (String) null, (String) null, true, "", emailAddress, locale, givenName, userInfo.getMiddleName(), familyName, 0L, 0L, true, 0, 1, 1970, "", (long[]) null, (long[]) null, (long[]) null, (long[]) null, false, serviceContext).getUserId(), false).getUserId();
    }

    private void _checkAddUser(long j, String str) throws PortalException {
        Company company = this._companyLocalService.getCompany(j);
        if (!company.isStrangers()) {
            throw new StrangersNotAllowedException(j);
        }
        if (!company.isStrangersWithMx() && company.hasCompanyMx(str)) {
            throw new UserEmailAddressException.MustNotUseCompanyMx(str);
        }
    }
}
