package org.gcube.portal.oidc.lr62;

import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.LocaleUtil;
import com.liferay.portal.model.User;
import com.liferay.portal.security.auth.BaseAutoLogin;
import com.liferay.portal.service.ServiceContext;
import com.liferay.portal.service.UserLocalServiceUtil;
import com.liferay.portal.util.PortalUtil;
import com.liferay.util.PwdGenerator;
import java.util.Arrays;
import java.util.Locale;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.gcube.oidc.URLEncodedContextMapper;
import org.gcube.oidc.rest.JWTToken;
import org.gcube.oidc.rest.OpenIdConnectRESTHelper;

/* loaded from: input_file:WEB-INF/classes/org/gcube/portal/oidc/lr62/OpenIdConnectAutoLogin.class */
public class OpenIdConnectAutoLogin extends BaseAutoLogin {
    private static final Log log = LogFactoryUtil.getLog(OpenIdConnectAutoLogin.class);

    public String[] doLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (log.isTraceEnabled() && httpServletRequest.getSession(false) != null) {
            log.trace("Session details: id=" + httpServletRequest.getSession(false).getId() + ", instance=" + httpServletRequest.getSession(false));
        }
        JWTToken oIDCFromRequest = JWTTokenUtil.getOIDCFromRequest(httpServletRequest);
        if (oIDCFromRequest == null) {
            if (!log.isTraceEnabled() || httpServletRequest.getSession(false) == null) {
                return null;
            }
            log.trace("OIDC token is null. Can't perform auto login");
            return null;
        }
        User createOrUpdateUser = createOrUpdateUser(oIDCFromRequest, PortalUtil.getCompanyId(httpServletRequest), PortalUtil.getScopeGroupId(httpServletRequest), PortalUtil.getPortalURL(httpServletRequest, true), LiferayOpenIdConnectConfiguration.getConfiguration(httpServletRequest));
        if (createOrUpdateUser == null) {
            log.warn("User is null");
            return null;
        }
        log.info("Applying sites and roles strategy");
        try {
            new UserSitesToGroupsAndRolesMapper(createOrUpdateUser, new URLEncodedContextMapper(oIDCFromRequest.getResourceNameToAccessRolesMap(Arrays.asList("account")))).map();
        } catch (Throwable th) {
            log.error("Applying strategy", th);
        }
        log.debug("Returning logged in user's info");
        return new String[]{String.valueOf(createOrUpdateUser.getUserId()), UUID.randomUUID().toString(), "false"};
    }

    public static User createOrUpdateUser(JWTToken jWTToken, long j, long j2, String str, LiferayOpenIdConnectConfiguration liferayOpenIdConnectConfiguration) throws Exception {
        String email = jWTToken.getEmail();
        String given = jWTToken.getGiven();
        String family = jWTToken.getFamily();
        String sub = jWTToken.getSub();
        String userName = jWTToken.getUserName();
        try {
            boolean z = false;
            User fetchUserByEmailAddress = UserLocalServiceUtil.fetchUserByEmailAddress(j, email);
            if (fetchUserByEmailAddress == null) {
                log.debug("No Liferay user found with email address=" + email + ", trying with openId");
                fetchUserByEmailAddress = UserLocalServiceUtil.fetchUserByOpenId(j, sub);
                if (fetchUserByEmailAddress == null) {
                    log.debug("No Liferay user found with openid=" + sub + " and email address=" + email);
                    if (!liferayOpenIdConnectConfiguration.createUnexistingUser()) {
                        log.info("User will not be created according to configuration");
                        return null;
                    }
                    log.info("A new user will be created");
                    fetchUserByEmailAddress = addUser(j, j2, str, email, given, family, sub, userName);
                } else {
                    log.info("User found by its openId, the email will be updated");
                    z = true;
                }
            }
            if (fetchUserByEmailAddress != null) {
                log.debug("User found, updating name details with info from userinfo if changed");
                if (given != fetchUserByEmailAddress.getFirstName()) {
                    fetchUserByEmailAddress.setFirstName(given);
                    z = true;
                }
                if (family != fetchUserByEmailAddress.getLastName()) {
                    fetchUserByEmailAddress.setLastName(family);
                    z = true;
                }
                if (email != fetchUserByEmailAddress.getEmailAddress()) {
                    fetchUserByEmailAddress.setEmailAddress(email);
                    z = true;
                }
            }
            if (z) {
                UserLocalServiceUtil.updateUser(fetchUserByEmailAddress);
            }
            byte[] userAvatar = OpenIdConnectRESTHelper.getUserAvatar(liferayOpenIdConnectConfiguration.getAvatarURL(), jWTToken);
            if (userAvatar != null) {
                log.debug("Saving the retrieved avatar as user's portrait");
                UserLocalServiceUtil.updatePortrait(fetchUserByEmailAddress.getUserId(), userAvatar);
            } else {
                log.debug("Deleting the user's portrait since no avatar has been found for the user");
                UserLocalServiceUtil.deletePortrait(fetchUserByEmailAddress.getUserId());
            }
            return fetchUserByEmailAddress;
        } catch (SystemException | PortalException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public static User addUser(long j, long j2, String str, String str2, String str3, String str4, String str5, String str6) throws SystemException, PortalException {
        Locale mostRelevantLocale = LocaleUtil.getMostRelevantLocale();
        String password = PwdGenerator.getPassword();
        boolean z = str6 == null;
        String str7 = z ? "" : str6;
        ServiceContext serviceContext = new ServiceContext();
        serviceContext.setScopeGroupId(j2);
        serviceContext.setPortalURL(str);
        User addUser = UserLocalServiceUtil.addUser(0L, j, false, password, password, z, str7, str2, 0L, str5, mostRelevantLocale, str3, "", str4, 0, 0, true, 0, 1, 1970, "", (long[]) null, (long[]) null, (long[]) null, (long[]) null, false, serviceContext);
        addUser.setPasswordReset(false);
        addUser.setEmailAddressVerified(true);
        addUser.setReminderQueryQuestion("x");
        addUser.setReminderQueryAnswer("y");
        UserLocalServiceUtil.updateUser(addUser);
        return addUser;
    }
}
