package com.liferay.portal.security.sso.opensso.internal;

import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.io.unsync.UnsyncBufferedReader;
import com.liferay.portal.kernel.json.JSONException;
import com.liferay.portal.kernel.json.JSONFactoryUtil;
import com.liferay.portal.kernel.json.JSONObject;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.module.configuration.ConfigurationException;
import com.liferay.portal.kernel.module.configuration.ConfigurationProvider;
import com.liferay.portal.kernel.security.sso.OpenSSO;
import com.liferay.portal.kernel.settings.CompanyServiceSettingsLocator;
import com.liferay.portal.kernel.util.CookieKeys;
import com.liferay.portal.kernel.util.Http;
import com.liferay.portal.kernel.util.Portal;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.URLCodec;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.security.sso.opensso.configuration.OpenSSOConfiguration;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.http.HttpServletRequest;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(immediate = true, service = {OpenSSO.class})
/* loaded from: input_file:com/liferay/portal/security/sso/opensso/internal/OpenSSOImpl.class */
public class OpenSSOImpl implements OpenSSO {
    private static final String _GET_ATTRIBUTES = "/identity/attributes";
    private static final String _GET_COOKIE_NAME = "/identity/getCookieNameForToken";
    private static final String _GET_COOKIE_NAMES = "/identity/getCookieNamesToForward";
    private static final String _VALIDATE_TOKEN_VERSION_12 = "/identity/isTokenValid";
    private static final String _VALIDATE_TOKEN_VERSION_13 = "/json/sessions/{#subjectId}?_action=validate";
    private static final Log _log = LogFactoryUtil.getLog(OpenSSOImpl.class);

    @Reference
    private ConfigurationProvider _configurationProvider;
    private final Map<String, String[]> _cookieNamesMap = new ConcurrentHashMap();

    @Reference
    private Http _http;

    @Reference
    private Portal _portal;

    public Map<String, String> getAttributes(HttpServletRequest httpServletRequest, String str) {
        HashMap hashMap = new HashMap();
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str.concat(_GET_ATTRIBUTES)).openConnection();
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setRequestMethod("POST");
            httpURLConnection.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
            setCookieProperty(httpServletRequest, httpURLConnection, getCookieNames(str));
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(httpURLConnection.getOutputStream());
            outputStreamWriter.write("dummy");
            outputStreamWriter.flush();
            int responseCode = httpURLConnection.getResponseCode();
            if (responseCode == 200) {
                UnsyncBufferedReader unsyncBufferedReader = new UnsyncBufferedReader(new InputStreamReader((InputStream) httpURLConnection.getContent()));
                while (true) {
                    String readLine = unsyncBufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    if (readLine.startsWith("userdetails.attribute.name=")) {
                        String replaceFirst = readLine.replaceFirst("userdetails.attribute.name=", "");
                        String readLine2 = unsyncBufferedReader.readLine();
                        if (readLine2.startsWith("userdetails.attribute.value=")) {
                            hashMap.put(replaceFirst, readLine2.replaceFirst("userdetails.attribute.value=", ""));
                        }
                    }
                }
            } else if (_log.isDebugEnabled()) {
                _log.debug("Attributes response code " + responseCode);
            }
        } catch (MalformedURLException e) {
            _log.error(e.getMessage());
            if (_log.isDebugEnabled()) {
                _log.debug(e, e);
            }
        } catch (IOException e2) {
            _log.error(e2.getMessage());
            if (_log.isDebugEnabled()) {
                _log.debug(e2, e2);
            }
        }
        return hashMap;
    }

    public String[] getCookieNames(String str) {
        String[] strArr = this._cookieNamesMap.get(str);
        if (strArr != null) {
            return strArr;
        }
        ArrayList arrayList = new ArrayList();
        try {
            String str2 = null;
            String concat = str.concat(_GET_COOKIE_NAME);
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(concat).openConnection();
            UnsyncBufferedReader unsyncBufferedReader = new UnsyncBufferedReader(new InputStreamReader((InputStream) httpURLConnection.getContent()));
            int responseCode = httpURLConnection.getResponseCode();
            if (responseCode == 200) {
                while (true) {
                    String readLine = unsyncBufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    if (readLine.startsWith("string=")) {
                        str2 = readLine.replaceFirst("string=", "");
                    }
                }
            } else if (_log.isDebugEnabled()) {
                _log.debug(concat + " has response code " + responseCode);
            }
            String concat2 = str.concat(_GET_COOKIE_NAMES);
            HttpURLConnection httpURLConnection2 = (HttpURLConnection) new URL(concat2).openConnection();
            UnsyncBufferedReader unsyncBufferedReader2 = new UnsyncBufferedReader(new InputStreamReader((InputStream) httpURLConnection2.getContent()));
            if (httpURLConnection2.getResponseCode() == 200) {
                while (true) {
                    String readLine2 = unsyncBufferedReader2.readLine();
                    if (readLine2 == null) {
                        break;
                    }
                    if (readLine2.startsWith("string=")) {
                        String replaceFirst = readLine2.replaceFirst("string=", "");
                        if (str2.equals(replaceFirst)) {
                            arrayList.add(0, str2);
                        } else {
                            arrayList.add(replaceFirst);
                        }
                    }
                }
            } else if (_log.isDebugEnabled()) {
                _log.debug(concat2 + " has response code " + responseCode);
            }
        } catch (IOException e) {
            if (_log.isWarnEnabled()) {
                _log.warn(e, e);
            }
        }
        String[] strArr2 = (String[]) arrayList.toArray(new String[arrayList.size()]);
        if (strArr2.length > 0) {
            this._cookieNamesMap.put(str, strArr2);
        }
        return strArr2;
    }

    public String getSubjectId(HttpServletRequest httpServletRequest, String str) {
        return CookieKeys.getCookie(httpServletRequest, getCookieNames(str)[0]);
    }

    public boolean isAuthenticated(HttpServletRequest httpServletRequest, String str) throws IOException {
        String[] cookieNames = getCookieNames(str);
        if (!_hasCookieNames(httpServletRequest, cookieNames)) {
            return false;
        }
        String str2 = "openam-12";
        try {
            str2 = ((OpenSSOConfiguration) this._configurationProvider.getConfiguration(OpenSSOConfiguration.class, new CompanyServiceSettingsLocator(this._portal.getCompanyId(httpServletRequest), "com.liferay.portal.security.sso.opensso"))).version();
        } catch (ConfigurationException e) {
            if (_log.isWarnEnabled()) {
                _log.warn(e, e);
            }
        }
        if (!str2.equals("openam-13")) {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str.concat(_VALIDATE_TOKEN_VERSION_12)).openConnection();
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setRequestMethod("POST");
            httpURLConnection.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
            setCookieProperty(httpServletRequest, httpURLConnection, cookieNames);
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(httpURLConnection.getOutputStream());
            outputStreamWriter.write("dummy");
            outputStreamWriter.flush();
            int responseCode = httpURLConnection.getResponseCode();
            if (responseCode == 200) {
                return StringUtil.toLowerCase(StringUtil.read(httpURLConnection.getInputStream())).contains("boolean=true");
            }
            if (!_log.isDebugEnabled()) {
                return false;
            }
            _log.debug("Authentication response code " + responseCode);
            return false;
        }
        String subjectId = getSubjectId(httpServletRequest, str);
        if (subjectId == null) {
            return false;
        }
        String URLtoString = this._http.URLtoString(str.concat(StringUtil.replace(_VALIDATE_TOKEN_VERSION_13, "{#subjectId}", URLCodec.encodeURL(subjectId))), true);
        try {
            JSONObject createJSONObject = JSONFactoryUtil.createJSONObject(URLtoString);
            String string = createJSONObject.getString("realm");
            String string2 = createJSONObject.getString("uid");
            boolean z = createJSONObject.getBoolean("valid");
            if (string != null && string2 != null && z) {
                return true;
            }
            if (_log.isDebugEnabled()) {
                _log.debug("Invalid authentication: " + URLtoString);
            }
            return false;
        } catch (JSONException e2) {
            throw new IOException((Throwable) e2);
        }
    }

    public boolean isValidServiceUrl(String str) {
        return (Validator.isNull(str) || getCookieNames(str).length == 0) ? false : true;
    }

    public boolean isValidUrl(String str) {
        if (Validator.isNull(str)) {
            return false;
        }
        try {
            int responseCode = ((HttpURLConnection) new URL(str).openConnection()).getResponseCode();
            if (responseCode == 200 || (responseCode >= 300 && responseCode <= 304)) {
                if (_log.isDebugEnabled()) {
                    _log.debug(StringBundler.concat(new Object[]{"URL ", str, " is valid with response code ", Integer.valueOf(responseCode)}));
                }
                return true;
            }
            if (!_log.isDebugEnabled()) {
                return false;
            }
            _log.debug(StringBundler.concat(new Object[]{"URL ", str, " is invalid with response code ", Integer.valueOf(responseCode)}));
            return false;
        } catch (IOException e) {
            if (!_log.isWarnEnabled()) {
                return false;
            }
            _log.warn(e, e);
            return false;
        }
    }

    public boolean isValidUrls(String[] strArr) {
        for (String str : strArr) {
            if (!isValidUrl(str)) {
                return false;
            }
        }
        return true;
    }

    public void setCookieProperty(HttpServletRequest httpServletRequest, HttpURLConnection httpURLConnection, String[] strArr) {
        if (strArr.length == 0) {
            return;
        }
        StringBundler stringBundler = new StringBundler(strArr.length * 6);
        for (String str : strArr) {
            String cookie = CookieKeys.getCookie(httpServletRequest, str);
            stringBundler.append(str);
            stringBundler.append("=");
            stringBundler.append("\"");
            stringBundler.append(cookie);
            stringBundler.append("\"");
            stringBundler.append(";");
        }
        httpURLConnection.setRequestProperty("Cookie", stringBundler.toString());
    }

    private boolean _hasCookieNames(HttpServletRequest httpServletRequest, String[] strArr) {
        for (String str : strArr) {
            if (CookieKeys.getCookie(httpServletRequest, str) != null) {
                return true;
            }
        }
        if (!_log.isInfoEnabled()) {
            return false;
        }
        _log.info("No OpenSSO cookies: " + StringUtil.merge(strArr));
        return false;
    }
}
