package com.liferay.portal.security.auth;

import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.model.Portlet;
import com.liferay.portal.model.PortletConstants;
import com.liferay.portal.service.PortletLocalServiceUtil;
import com.liferay.portal.service.permission.PortletPermissionUtil;
import com.liferay.portal.util.PortalUtil;
import com.liferay.portal.util.PropsValues;
import com.liferay.util.Encryptor;
import com.liferay.util.PwdGenerator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:WEB-INF/lib/portal-impl.jar:com/liferay/portal/security/auth/SessionAuthToken.class */
public class SessionAuthToken implements AuthToken {
    private static final String _PORTAL = "PORTAL";

    public void check(HttpServletRequest httpServletRequest) throws PrincipalException {
        if (isIgnoreAction(httpServletRequest) || isIgnorePortlet(httpServletRequest)) {
            return;
        }
        String string = ParamUtil.getString(httpServletRequest, "p_auth");
        String sessionAuthenticationToken = getSessionAuthenticationToken(httpServletRequest, _PORTAL);
        String digest = Encryptor.digest(PropsValues.AUTH_TOKEN_SHARED_SECRET);
        String string2 = ParamUtil.getString(httpServletRequest, "p_auth_secret");
        if (!string.equals(sessionAuthenticationToken) && !string2.equals(digest)) {
            throw new PrincipalException("Invalid authentication token");
        }
    }

    public String getToken(HttpServletRequest httpServletRequest) {
        return getSessionAuthenticationToken(httpServletRequest, _PORTAL);
    }

    public String getToken(HttpServletRequest httpServletRequest, long j, String str) {
        return getSessionAuthenticationToken(httpServletRequest, PortletPermissionUtil.getPrimaryKey(j, str));
    }

    protected String getSessionAuthenticationToken(HttpServletRequest httpServletRequest, String str) {
        HttpSession session = httpServletRequest.getSession();
        String concat = "LIFERAY_SHARED_AUTHENTICATION_TOKEN".concat(str);
        String str2 = (String) session.getAttribute(concat);
        if (Validator.isNull(str2)) {
            str2 = PwdGenerator.getPassword();
            session.setAttribute(concat, str2);
        }
        return str2;
    }

    protected boolean isIgnoreAction(HttpServletRequest httpServletRequest) {
        long companyId = PortalUtil.getCompanyId(httpServletRequest);
        String string = ParamUtil.getString(httpServletRequest, "p_p_id");
        return isIgnoreAction(companyId, string, ParamUtil.getString(httpServletRequest, String.valueOf(PortalUtil.getPortletNamespace(string)) + "struts_action"));
    }

    protected boolean isIgnoreAction(long j, String str, String str2) {
        if (!PortalUtil.getAuthTokenIgnoreActions().contains(str2)) {
            return false;
        }
        try {
            Portlet portletById = PortletLocalServiceUtil.getPortletById(j, str);
            if (portletById == null) {
                return false;
            }
            String substring = str2.substring(1, str2.lastIndexOf(47));
            if (substring.equals(portletById.getStrutsPath())) {
                return true;
            }
            return substring.equals(portletById.getParentStrutsPath());
        } catch (Exception unused) {
            return false;
        }
    }

    protected boolean isIgnorePortlet(HttpServletRequest httpServletRequest) {
        return isIgnorePortlet(ParamUtil.getString(httpServletRequest, "p_p_id"));
    }

    protected boolean isIgnorePortlet(String str) {
        return PortalUtil.getAuthTokenIgnorePortlets().contains(PortletConstants.getRootPortletId(str));
    }
}
