package com.dotcms.filters.interceptor.jwt;

import com.dotcms.auth.providers.jwt.JsonWebTokenUtils;
import com.dotcms.auth.providers.jwt.beans.DotCMSSubjectBean;
import com.dotcms.auth.providers.jwt.beans.JWTBean;
import com.dotcms.auth.providers.jwt.factories.JsonWebTokenFactory;
import com.dotcms.auth.providers.jwt.services.JsonWebTokenService;
import com.dotcms.cms.login.LoginServiceAPI;
import com.dotcms.filters.interceptor.Result;
import com.dotcms.filters.interceptor.WebInterceptor;
import com.dotcms.repackage.com.google.common.annotations.VisibleForTesting;
import com.dotcms.util.marshal.MarshalFactory;
import com.dotcms.util.marshal.MarshalUtils;
import com.dotcms.util.security.Encryptor;
import com.dotcms.util.security.EncryptorFactory;
import com.dotmarketing.business.APILocator;
import com.dotmarketing.business.UserAPI;
import com.dotmarketing.exception.DotDataException;
import com.dotmarketing.exception.DotSecurityException;
import com.dotmarketing.util.Config;
import com.dotmarketing.util.Logger;
import com.dotmarketing.util.UtilMethods;
import com.liferay.portal.PortalException;
import com.liferay.portal.SystemException;
import com.liferay.portal.ejb.CompanyLocalManager;
import com.liferay.portal.ejb.CompanyLocalManagerFactory;
import com.liferay.portal.model.Company;
import com.liferay.portal.model.User;
import com.liferay.portal.util.CookieKeys;
import java.io.IOException;
import java.util.Date;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/dotcms/filters/interceptor/jwt/JsonWebTokenInterceptor.class */
public class JsonWebTokenInterceptor implements WebInterceptor {
    public static final String JSON_WEB_TOKEN_ALLOW_HTTP = "json.web.token.allowhttp";
    private JsonWebTokenService jsonWebTokenService;
    private MarshalUtils marshalUtils;
    private CompanyLocalManager companyLocalManager;
    private Encryptor encryptor;
    private LoginServiceAPI loginService;
    private UserAPI userAPI;

    public JsonWebTokenInterceptor() {
        this(JsonWebTokenFactory.getInstance().getJsonWebTokenService(), MarshalFactory.getInstance().getMarshalUtils(), CompanyLocalManagerFactory.getManager(), EncryptorFactory.getInstance().getEncryptor(), APILocator.getLoginServiceAPI(), APILocator.getUserAPI());
    }

    @VisibleForTesting
    protected JsonWebTokenInterceptor(JsonWebTokenService jsonWebTokenService, MarshalUtils marshalUtils, CompanyLocalManager companyLocalManager, Encryptor encryptor, LoginServiceAPI loginServiceAPI, UserAPI userAPI) {
        this.jsonWebTokenService = jsonWebTokenService;
        this.marshalUtils = marshalUtils;
        this.companyLocalManager = companyLocalManager;
        this.encryptor = encryptor;
        this.loginService = loginServiceAPI;
        this.userAPI = userAPI;
    }

    public void setUserAPI(UserAPI userAPI) {
        this.userAPI = userAPI;
    }

    public void setJsonWebTokenService(JsonWebTokenService jsonWebTokenService) {
        this.jsonWebTokenService = jsonWebTokenService;
    }

    public void setMarshalUtils(MarshalUtils marshalUtils) {
        this.marshalUtils = marshalUtils;
    }

    public void setCompanyLocalManager(CompanyLocalManager companyLocalManager) {
        this.companyLocalManager = companyLocalManager;
    }

    public void setEncryptor(Encryptor encryptor) {
        this.encryptor = encryptor;
    }

    public void setLoginService(LoginServiceAPI loginServiceAPI) {
        this.loginService = loginServiceAPI;
    }

    @Override // com.dotcms.filters.interceptor.WebInterceptor
    public void destroy() {
    }

    @Override // com.dotcms.filters.interceptor.WebInterceptor
    public void init() {
    }

    @Override // com.dotcms.filters.interceptor.WebInterceptor
    public Result intercept(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Result result = Result.NEXT;
        if (!isLoggedIn(httpServletRequest) && (Config.getBooleanProperty(JSON_WEB_TOKEN_ALLOW_HTTP, false) || isHttpSecure(httpServletRequest))) {
            try {
                result = processJwtCookie(httpServletResponse, httpServletRequest);
            } catch (Exception e) {
                if (Logger.isErrorEnabled(JsonWebTokenInterceptor.class)) {
                    Logger.error(JsonWebTokenInterceptor.class, e.getMessage(), (Throwable) e);
                }
            }
        }
        return result;
    }

    protected boolean isLoggedIn(HttpServletRequest httpServletRequest) {
        return this.loginService.isLoggedIn(httpServletRequest);
    }

    protected Result processJwtCookie(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        String cookieValue = UtilMethods.getCookieValue(((HttpServletRequest) HttpServletRequest.class.cast(httpServletRequest)).getCookies(), CookieKeys.JWT_ACCESS_TOKEN);
        Result result = Result.NEXT;
        if (null != cookieValue) {
            result = parseJwtToken(cookieValue, httpServletResponse, httpServletRequest);
        }
        return result;
    }

    protected Result parseJwtToken(String str, HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        JWTBean parseToken = this.jsonWebTokenService.parseToken(str);
        Result result = Result.NEXT;
        if (null != parseToken && JsonWebTokenUtils.isJsonWebTokenValid(parseToken)) {
            result = processSubject(parseToken, httpServletResponse, httpServletRequest);
        }
        return result;
    }

    protected Result processSubject(JWTBean jWTBean, HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        DotCMSSubjectBean dotCMSSubjectBean = (DotCMSSubjectBean) this.marshalUtils.unmarshal(jWTBean.getSubject(), DotCMSSubjectBean.class);
        Result result = Result.NEXT;
        if (null != dotCMSSubjectBean) {
            result = performAuthentication(dotCMSSubjectBean, httpServletResponse, httpServletRequest);
        }
        return result;
    }

    protected Result performAuthentication(DotCMSSubjectBean dotCMSSubjectBean, HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        Result result = Result.NEXT;
        try {
            Company company = getCompany(dotCMSSubjectBean.getCompanyId());
            result = performDefaultAuthentication(company, this.encryptor.decrypt(company.getKeyObj(), dotCMSSubjectBean.getUserId()), dotCMSSubjectBean.getLastModified(), httpServletResponse, httpServletRequest);
        } catch (Exception e) {
            if (Logger.isErrorEnabled(JsonWebTokenInterceptor.class)) {
                Logger.error(JsonWebTokenInterceptor.class, e.getMessage(), (Throwable) e);
            }
        }
        return result;
    }

    protected Company getCompany(String str) throws SystemException, PortalException {
        return this.companyLocalManager.getCompany(str);
    }

    protected Result performDefaultAuthentication(Company company, String str, Date date, HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) throws DotSecurityException, DotDataException {
        User loadUserById = this.userAPI.loadUserById(str);
        Result result = Result.NEXT;
        if (null != loadUserById && 0 == loadUserById.getModificationDate().compareTo(date) && this.loginService.doCookieLogin(this.encryptor.encryptString(str), httpServletRequest, httpServletResponse)) {
            result = Result.SKIP;
        }
        return result;
    }

    protected boolean isHttpSecure(ServletRequest servletRequest) {
        return servletRequest.isSecure();
    }
}
