package com.google.step2;

import com.google.inject.Inject;
import com.google.inject.Singleton;
import com.google.step2.discovery.Discovery2;
import com.google.step2.discovery.SecureDiscoveryInformation;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.openid4java.association.AssociationException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.DiscoveryException;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.discovery.Identifier;
import org.openid4java.discovery.UrlIdentifier;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.MessageException;
import org.openid4java.message.ParameterList;

/* JADX WARN: Classes with same name are omitted:
  input_file:com/google/step2/ConsumerHelper.class
 */
@Singleton
/* loaded from: input_file:step2-consumer-1.0.0-wso2v1.jar:com/google/step2/ConsumerHelper.class */
public class ConsumerHelper {
    private static Log log = LogFactory.getLog(ConsumerHelper.class);
    private final ConsumerManager consumerManager;

    @Inject
    public ConsumerHelper(ConsumerManager consumerManager, Discovery2 discovery2) {
        this.consumerManager = consumerManager;
        this.consumerManager.setDiscovery(discovery2);
    }

    public AuthRequestHelper getAuthRequestHelper(Identifier identifier, String str) {
        log.info("OpenId: " + identifier + " Return URL: " + str);
        return new AuthRequestHelper(this.consumerManager, identifier, str);
    }

    public AuthResponseHelper verify(String str, ParameterList parameterList, DiscoveryInformation discoveryInformation) throws MessageException, AssociationException, DiscoveryException, VerificationException {
        log.info("Receiving URL: " + str);
        SecureDiscoveryInformation discoveryInfoForClaimedId = getDiscoveryInfoForClaimedId(parameterList, discoveryInformation);
        VerificationResult verify = this.consumerManager.verify(str, parameterList, discoveryInfoForClaimedId);
        if ((verify.getAuthResponse() instanceof AuthSuccess) && verify.getVerifiedId() == null) {
            throw new VerificationException("something went wrong during response verification, such as nonce or signature checking. Check your debug logs.");
        }
        return new AuthResponseHelper(verify, checkResponse(discoveryInfoForClaimedId, verify));
    }

    private boolean checkResponse(SecureDiscoveryInformation secureDiscoveryInformation, VerificationResult verificationResult) {
        if (secureDiscoveryInformation == null) {
            return false;
        }
        try {
            UrlIdentifier urlIdentifier = new UrlIdentifier(verificationResult.getVerifiedId().getIdentifier(), true);
            if (secureDiscoveryInformation.getClaimedIdentifier() != null && secureDiscoveryInformation.getClaimedIdentifier().getIdentifier().equals(urlIdentifier.getIdentifier())) {
                return secureDiscoveryInformation.isSecure();
            }
            return false;
        } catch (DiscoveryException e) {
            return false;
        }
    }

    private SecureDiscoveryInformation getDiscoveryInfoForClaimedId(ParameterList parameterList, DiscoveryInformation discoveryInformation) throws DiscoveryException, MessageException {
        AuthSuccess createAuthSuccess;
        if (!"id_res".equals(parameterList.getParameterValue("openid.mode")) || (createAuthSuccess = AuthSuccess.createAuthSuccess(parameterList)) == null || !createAuthSuccess.isVersion2() || createAuthSuccess.getIdentity() == null || createAuthSuccess.getClaimed() == null) {
            return null;
        }
        String identity = createAuthSuccess.getIdentity();
        Identifier parseIdentifier = this.consumerManager.getDiscovery().parseIdentifier(createAuthSuccess.getClaimed(), true);
        String opEndpoint = createAuthSuccess.getOpEndpoint();
        if ((discoveryInformation instanceof SecureDiscoveryInformation) && discoveryInformation.hasClaimedIdentifier() && discoveryInformation.getClaimedIdentifier().equals(parseIdentifier)) {
            if ((discoveryInformation.hasDelegateIdentifier() ? discoveryInformation.getDelegateIdentifier() : discoveryInformation.getClaimedIdentifier().getIdentifier()).equals(identity) && discoveryInformation.isVersion2() && discoveryInformation.getOPEndpoint().toString().equals(opEndpoint)) {
                return (SecureDiscoveryInformation) discoveryInformation;
            }
        }
        SecureDiscoveryInformation secureDiscoveryInformation = null;
        for (SecureDiscoveryInformation secureDiscoveryInformation2 : this.consumerManager.getDiscovery().discover(parseIdentifier)) {
            if (!"http://specs.openid.net/auth/2.0/server".equals(secureDiscoveryInformation2.getVersion())) {
                if ((secureDiscoveryInformation2.hasDelegateIdentifier() ? secureDiscoveryInformation2.getDelegateIdentifier() : secureDiscoveryInformation2.getClaimedIdentifier().getIdentifier()).equals(identity) && secureDiscoveryInformation2.isVersion2() && secureDiscoveryInformation2.getOPEndpoint().toString().equals(opEndpoint)) {
                    if (secureDiscoveryInformation == null) {
                        secureDiscoveryInformation = secureDiscoveryInformation2;
                    }
                    if (this.consumerManager.getPrivateAssociationStore().load(secureDiscoveryInformation2.getOPEndpoint().toString(), createAuthSuccess.getHandle()) != null) {
                        return secureDiscoveryInformation2;
                    }
                }
            }
        }
        return secureDiscoveryInformation;
    }
}
