package com.liferay.portal.servlet.filters.secure;

import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
import com.liferay.portal.kernel.util.Base64;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.HttpUtil;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.service.UserLocalServiceUtil;
import com.liferay.portal.servlet.filters.BasePortalFilter;
import com.liferay.portal.util.PortalInstances;
import com.liferay.portal.util.PropsUtil;
import com.liferay.portal.util.PropsValues;
import com.liferay.portlet.enterpriseadmin.search.UserDisplayTerms;
import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/liferay/portal/servlet/filters/secure/SecureFilter.class */
public class SecureFilter extends BasePortalFilter {
    private static final String _SERVER_IP = "SERVER_IP";
    private static final String _PORTAL_REALM = "Basic realm=\"PortalRealm\"";
    private static final String _AUTHENTICATED_USER = SecureFilter.class + "_AUTHENTICATED_USER";
    private static Log _log = LogFactoryUtil.getLog(SecureFilter.class);
    private boolean _basicAuthEnabled;
    private Set<String> _hostsAllowed = new HashSet();
    private boolean _httpsRequired;

    public void init(FilterConfig filterConfig) {
        String[] array;
        super.init(filterConfig);
        this._basicAuthEnabled = GetterUtil.getBoolean(filterConfig.getInitParameter("basic_auth"));
        String initParameter = filterConfig.getInitParameter("portal_property_prefix");
        if (Validator.isNull(initParameter)) {
            array = StringUtil.split(filterConfig.getInitParameter("hosts.allowed"));
            this._httpsRequired = GetterUtil.getBoolean(filterConfig.getInitParameter("https.required"));
        } else {
            array = PropsUtil.getArray(initParameter + "hosts.allowed");
            this._httpsRequired = GetterUtil.getBoolean(PropsUtil.get(initParameter + "https.required"));
        }
        for (String str : array) {
            this._hostsAllowed.add(str);
        }
    }

    protected long getBasicAuthUserId(HttpServletRequest httpServletRequest) throws Exception {
        String header = httpServletRequest.getHeader("Authorization");
        if (Validator.isNull(header)) {
            return 0L;
        }
        String[] split = header.split("\\s+");
        String str = split[0];
        String str2 = new String(Base64.decode(split[1]));
        if (!str.equalsIgnoreCase("BASIC")) {
            return 0L;
        }
        long companyId = PortalInstances.getCompanyId(httpServletRequest);
        String[] split2 = StringUtil.split(str2, ":");
        String trim = split2[0].trim();
        String trim2 = split2[1].trim();
        if (trim.endsWith("@uid")) {
            trim = trim.substring(0, trim.indexOf("@uid"));
        } else if (trim.endsWith("@sn")) {
            trim = trim.substring(0, trim.indexOf("@sn"));
        }
        long authenticateForBasic = UserLocalServiceUtil.authenticateForBasic(companyId, "emailAddress", trim, trim2);
        if (authenticateForBasic > 0) {
            return authenticateForBasic;
        }
        long authenticateForBasic2 = UserLocalServiceUtil.authenticateForBasic(companyId, UserDisplayTerms.SCREEN_NAME, trim, trim2);
        return authenticateForBasic2 > 0 ? authenticateForBasic2 : UserLocalServiceUtil.authenticateForBasic(companyId, "userId", trim, trim2);
    }

    protected boolean isAccessAllowed(HttpServletRequest httpServletRequest) {
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String serverName = httpServletRequest.getServerName();
        if (this._hostsAllowed.size() <= 0 || this._hostsAllowed.contains(remoteAddr)) {
            return true;
        }
        return serverName.equals(remoteAddr) && this._hostsAllowed.contains(_SERVER_IP);
    }

    protected void processFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String remoteAddr = httpServletRequest.getRemoteAddr();
        if (!isAccessAllowed(httpServletRequest)) {
            if (_log.isErrorEnabled()) {
                _log.error("Access denied for " + remoteAddr);
            }
            httpServletResponse.sendError(403, "Access denied for " + remoteAddr);
            return;
        }
        if (_log.isDebugEnabled()) {
            _log.debug("Access allowed for " + remoteAddr);
        }
        if (_log.isDebugEnabled()) {
            if (this._httpsRequired) {
                _log.debug("https is required");
            } else {
                _log.debug("https is not required");
            }
        }
        String completeURL = HttpUtil.getCompleteURL(httpServletRequest);
        if (this._httpsRequired && !httpServletRequest.isSecure()) {
            if (_log.isDebugEnabled()) {
                _log.debug("Securing " + completeURL);
            }
            StringBuilder sb = new StringBuilder();
            sb.append("https://");
            sb.append(httpServletRequest.getServerName());
            sb.append(httpServletRequest.getServletPath());
            if (Validator.isNotNull(httpServletRequest.getQueryString())) {
                sb.append("?");
                sb.append(httpServletRequest.getQueryString());
            }
            if (_log.isDebugEnabled()) {
                _log.debug("Redirect to " + ((Object) sb));
            }
            httpServletResponse.sendRedirect(sb.toString());
            return;
        }
        if (_log.isDebugEnabled()) {
            _log.debug("Not securing " + completeURL);
        }
        HttpSession session = httpServletRequest.getSession();
        long j = GetterUtil.getLong((String) session.getAttribute(_AUTHENTICATED_USER));
        if (this._basicAuthEnabled && !PropsValues.PORTAL_JAAS_ENABLE) {
            if (j > 0) {
                httpServletRequest = new ProtectedServletRequest(httpServletRequest, String.valueOf(j));
            } else {
                try {
                    j = getBasicAuthUserId(httpServletRequest);
                } catch (Exception e) {
                    _log.error(e);
                }
                if (j <= 0) {
                    httpServletResponse.setHeader("WWW-Authenticate", _PORTAL_REALM);
                    httpServletResponse.setStatus(401);
                    return;
                } else {
                    String valueOf = String.valueOf(j);
                    httpServletRequest = new ProtectedServletRequest(httpServletRequest, valueOf);
                    session.setAttribute(_AUTHENTICATED_USER, valueOf);
                }
            }
        }
        processFilter(SecureFilter.class, httpServletRequest, httpServletResponse, filterChain);
    }
}
