package org.gcube.portal.threadlocalexec;

import com.liferay.portal.model.User;
import com.liferay.portal.service.UserLocalServiceUtil;
import java.io.IOException;
import java.util.ArrayList;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
import org.gcube.common.authorization.client.Constants;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.scope.api.ScopeProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gcube/portal/threadlocalexec/SmartGearsPortalValve.class */
public class SmartGearsPortalValve extends ValveBase {
    private static final String DEFAULT_ROLE = "OrganizationMember";
    private static final String LIFERAY_POLLER_CONTEXT = "poller/receive";
    private static final int MAX_AUTHORIZATION_RETRY_ATTEMPTS = 4;
    private static final int AUTHORIZATION_RETRY_ATTEMPTS_DELAY = 4000;
    private static final Logger _log = LoggerFactory.getLogger(SmartGearsPortalValve.class);
    private static boolean REFRESH_UMA_TOKEN = false;
    private static String LOGOUT_URI = "/c/portal/logout";
    private static boolean FORCE_LOGOUT_ON_INVALID_OIDC = true;
    private static boolean FORCE_LOGOUT_ON_MISSING_OIDC = true;
    private static boolean FORCE_LOGOUT_ON_OIDC_REFRESH_ERROR = true;

    public void invoke(Request request, Response response) throws IOException, ServletException {
        SecurityTokenProvider.instance.reset();
        ScopeProvider.instance.reset();
        AuthorizationProvider.instance.reset();
        UmaJWTProvider.instance.reset();
        if ((request instanceof HttpServletRequest) && !request.getRequestURL().toString().endsWith(LIFERAY_POLLER_CONTEXT)) {
            String currentScope = PortalContext.getConfiguration().getCurrentScope(request);
            String currentUsername = getCurrentUsername(request);
            if (currentScope != null && currentUsername != null && validateContext(currentScope)) {
                try {
                    ScopeProvider.instance.set(currentScope);
                    SecurityTokenProvider.instance.set(Constants.authorizationService().resolveTokenByUserAndContext(currentUsername, currentScope));
                } catch (ObjectNotFound e) {
                    SecurityTokenProvider.instance.set(generateAuthorizationToken(currentUsername, currentScope));
                    _log.debug("generateAuthorizationToken OK for " + currentUsername + " in scope " + currentScope);
                } catch (Exception e2) {
                    _log.error("Something went wrong in generating token for " + currentUsername + " in scope " + currentScope);
                    e2.printStackTrace();
                }
                checkUMATicket(request, response, currentScope);
            }
        }
        getNext().invoke(request, response);
    }

    /* JADX WARN: Code restructure failed: missing block: B:84:0x02f8, code lost:
    
        if (r16.isExpired() != false) goto L80;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void checkUMATicket(javax.servlet.http.HttpServletRequest r6, javax.servlet.http.HttpServletResponse r7, java.lang.String r8) {
        /*
            Method dump skipped, instructions count: 1253
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.gcube.portal.threadlocalexec.SmartGearsPortalValve.checkUMATicket(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String):void");
    }

    protected void forceLogout(HttpServletResponse httpServletResponse) {
        try {
            if (httpServletResponse.isCommitted()) {
                _log.warn("Cannot redirect to logout URI since the response is already commited");
            } else {
                httpServletResponse.sendRedirect(LOGOUT_URI);
            }
        } catch (IOException e) {
            _log.error("Cannot redirect to logout URI: " + LOGOUT_URI, e);
        }
    }

    private static boolean validateContext(String str) {
        if (!str.matches("\\S+")) {
            return false;
        }
        String[] split = str.split("/");
        return split.length >= 2 && split.length <= MAX_AUTHORIZATION_RETRY_ATTEMPTS;
    }

    private static String generateAuthorizationToken(String str, String str2) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(DEFAULT_ROLE);
        try {
            return Constants.authorizationService().generateUserToken(new UserInfo(str, arrayList), str2);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static String getCurrentUsername(HttpServletRequest httpServletRequest) {
        User currentUser = getCurrentUser(httpServletRequest);
        if (currentUser != null) {
            return currentUser.getScreenName();
        }
        return null;
    }

    public static User getCurrentUser(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("gcube-userId");
        if (header == null || header.compareTo("undefined") == 0) {
            return null;
        }
        try {
            return UserLocalServiceUtil.getUser(Long.parseLong(header));
        } catch (NumberFormatException e) {
            _log.error("The userId is not a number -> " + header);
            return null;
        } catch (Exception e2) {
            _log.error("The userId does not belong to any user -> " + header);
            return null;
        }
    }
}
