package org.wso2.carbon.identity.provider.openid.ui.handlers;

import java.io.IOException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.openid4java.message.DirectError;
import org.openid4java.message.ParameterList;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.provider.openid.ui.OpenIDConstants;
import org.wso2.carbon.identity.provider.openid.ui.client.OpenIDAdminClient;
import org.wso2.carbon.identity.provider.openid.ui.dto.OpenIDAuthRequestDTO;
import org.wso2.carbon.identity.provider.openid.ui.dto.OpenIDAuthResponseDTO;
import org.wso2.carbon.identity.provider.openid.ui.dto.OpenIDParameterDTO;
import org.wso2.carbon.identity.provider.openid.ui.dto.PapeInfoRequestDTO;
import org.wso2.carbon.ui.CarbonUIUtil;

/* loaded from: input_file:org/wso2/carbon/identity/provider/openid/ui/handlers/OpenIDHandler.class */
public class OpenIDHandler {
    private String authPage;
    private String opAddress;
    private static OpenIDHandler provider;
    private static Log log = LogFactory.getLog(OpenIDHandler.class);

    private OpenIDHandler(String str) {
        this.opAddress = str;
    }

    public static OpenIDHandler getInstance(String str) {
        if (provider == null) {
            provider = new OpenIDHandler(str);
        }
        return provider;
    }

    public void setAuthPage(String str) {
        this.authPage = str;
        if (log.isDebugEnabled()) {
            log.debug("Authentication page set to :" + this.authPage);
        }
    }

    public String getOpAddress() {
        return this.opAddress;
    }

    public String processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IdentityException {
        String errorResponseText;
        OpenIDAdminClient openIDAdminClient;
        ParameterList parameterList;
        if (httpServletRequest == null || httpServletResponse == null) {
            throw new IdentityException("Required attributes missing");
        }
        try {
            HttpSession session = httpServletRequest.getSession();
            openIDAdminClient = new OpenIDAdminClient((ConfigurationContext) session.getServletContext().getAttribute("ConfigurationContext"), CarbonUIUtil.getServerURL(session.getServletContext(), session), (String) session.getAttribute(OpenIDAdminClient.OPENID_ADMIN_COOKIE));
            parameterList = (OpenIDConstants.COMPLETE.equals(session.getAttribute(OpenIDConstants.ACTION)) || OpenIDConstants.CANCEL.equals(session.getAttribute(OpenIDConstants.ACTION))) ? (ParameterList) session.getAttribute(OpenIDConstants.PARAM_LIST) : new ParameterList(httpServletRequest.getParameterMap());
        } catch (Exception e) {
            errorResponseText = getErrorResponseText(e.getMessage());
        }
        if (parameterList == null) {
            String errorResponseText2 = getErrorResponseText("Invalid OpenID authentication request");
            if (log.isDebugEnabled()) {
                log.debug("Invalid OpenID authentication request :" + errorResponseText2);
            }
            directResponse(httpServletResponse, errorResponseText2);
            return null;
        }
        String parameterValue = parameterList.hasParameter(OpenIDConstants.ATTR_MODE) ? parameterList.getParameterValue(OpenIDConstants.ATTR_MODE) : null;
        if (log.isDebugEnabled()) {
            log.debug("OpenID authentication mode :" + parameterValue);
        }
        if (OpenIDConstants.ASSOCIATE.equals(parameterValue)) {
            errorResponseText = openIDAdminClient.getOpenIDAssociationResponse(OpenIDUtil.getOpenIDAuthRequest(httpServletRequest));
            if (log.isDebugEnabled()) {
                log.debug("Association created successfully");
            }
        } else {
            if (OpenIDConstants.CHECKID_SETUP.equals(parameterValue) || OpenIDConstants.CHECKID_IMMEDIATE.equals(parameterValue)) {
                return checkSetupOrImmediate(httpServletRequest, parameterList);
            }
            if (OpenIDConstants.CHECK_AUTHENTICATION.equals(parameterValue)) {
                errorResponseText = openIDAdminClient.verify(OpenIDUtil.getOpenIDAuthRequest(httpServletRequest));
                if (log.isDebugEnabled()) {
                    log.debug("Authentication verified successfully");
                }
            } else {
                errorResponseText = getErrorResponseText("No valid OpenID found in the authentication request");
                if (log.isDebugEnabled()) {
                    log.debug("No valid OpenID found in the authentication request");
                }
            }
        }
        try {
            directResponse(httpServletResponse, errorResponseText);
            return null;
        } catch (IOException e2) {
            log.error(e2.getMessage());
            throw new IdentityException("OpenID redirect reponse failed");
        }
    }

    private String checkSetupOrImmediate(HttpServletRequest httpServletRequest, ParameterList parameterList) throws Exception {
        boolean z = false;
        String str = null;
        HttpSession session = httpServletRequest.getSession();
        String parameterValue = parameterList.hasParameter(OpenIDConstants.ATTR_IDENTITY) ? parameterList.getParameterValue(OpenIDConstants.ATTR_IDENTITY) : null;
        if (log.isDebugEnabled()) {
            log.debug("Authentication check for OpenID " + parameterValue);
        }
        if (parameterValue == null) {
            throw new IdentityException("Required attributes missing");
        }
        if (log.isDebugEnabled()) {
            log.debug("Authentication check for user " + parameterValue);
        }
        boolean equals = OpenIDConstants.COMPLETE.equals(session.getAttribute(OpenIDConstants.ACTION));
        boolean equals2 = "true".equals(session.getAttribute("userApproved"));
        OpenIDAdminClient openIDAdminClient = new OpenIDAdminClient((ConfigurationContext) session.getServletContext().getAttribute("ConfigurationContext"), CarbonUIUtil.getServerURL(session.getServletContext(), session), (String) session.getAttribute(OpenIDAdminClient.OPENID_ADMIN_COOKIE));
        if (equals && equals2) {
            session.removeAttribute("userApproved");
            session.removeAttribute(OpenIDConstants.ACTION);
            parameterList.getParameterValue(OpenIDConstants.ATTR_RETURN_TO);
            str = (String) session.getAttribute("profile");
            session.removeAttribute("profile");
            session.removeAttribute("profiles");
            z = true;
            if (log.isDebugEnabled()) {
                log.debug("Authenticated and user confirmed :" + parameterValue);
            }
        }
        if (OpenIDConstants.CANCEL.equals(session.getAttribute(OpenIDConstants.ACTION))) {
            if (log.isDebugEnabled()) {
                log.debug("User cancelled :" + parameterValue);
            }
            z = false;
        } else if (!z) {
            session.setAttribute(OpenIDConstants.PARAM_LIST, parameterList);
            if (log.isDebugEnabled()) {
                log.debug("User not authenticated. Redirecting to the authentication page :" + parameterValue);
            }
            PapeInfoRequestDTO papeInfoRequestDTO = new PapeInfoRequestDTO();
            papeInfoRequestDTO.setParamList(OpenIDUtil.getOpenIDAuthRequest(parameterList));
            papeInfoRequestDTO.setOpenID(parameterValue);
            OpenIDParameterDTO[] policies = openIDAdminClient.getPapeInfo(papeInfoRequestDTO).getPolicies();
            if (!policies[0].getValue().equals("true") && !policies[1].getValue().equals("true")) {
                return this.authPage;
            }
            this.authPage = CarbonUIUtil.getAdminConsoleURL(httpServletRequest) + "openid-provider/PAPE_info.jsp";
            session.setAttribute("papePhishingResistance", policies[0].getValue());
            session.setAttribute("multiFactorAuth", policies[1].getValue());
            session.setAttribute("infoCardBasedMultiFacotrAuth", policies[2].getValue());
            session.setAttribute("xmppBasedMultiFacotrAuth", policies[3].getValue());
            return this.authPage;
        }
        session.removeAttribute(OpenIDConstants.PARAM_LIST);
        OpenIDAuthRequestDTO openIDAuthRequestDTO = new OpenIDAuthRequestDTO();
        if ("true".equals(session.getAttribute("phishingResistanceAuthentication"))) {
            openIDAuthRequestDTO.setPhishiingResistanceAuthRequest(true);
            session.removeAttribute("phishingResistanceAuthentication");
        }
        if ("true".equals(session.getAttribute("multifactorlogin"))) {
            openIDAuthRequestDTO.setMultiFactorAuthRequested(true);
            session.removeAttribute("multifactorlogin");
        }
        openIDAuthRequestDTO.setParams(OpenIDUtil.getOpenIDAuthRequest(parameterList));
        openIDAuthRequestDTO.setOpLocalId(null);
        openIDAuthRequestDTO.setUserSelectedClaimedId(null);
        openIDAuthRequestDTO.setAuthenticated(z);
        openIDAuthRequestDTO.setOpenID(parameterValue);
        openIDAuthRequestDTO.setProfileName(str);
        OpenIDAuthResponseDTO openIDAuthResponse = openIDAdminClient.getOpenIDAuthResponse(openIDAuthRequestDTO);
        if (openIDAuthResponse != null) {
            return openIDAuthResponse.getDestinationUrl();
        }
        return null;
    }

    private String getErrorResponseText(String str) {
        log.error(str);
        return DirectError.createDirectError(str).keyValueFormEncoding();
    }

    private void directResponse(HttpServletResponse httpServletResponse, String str) throws IOException {
        ServletOutputStream servletOutputStream = null;
        try {
            servletOutputStream = httpServletResponse.getOutputStream();
            servletOutputStream.write(str.getBytes());
            if (servletOutputStream != null) {
                servletOutputStream.close();
            }
        } catch (Throwable th) {
            if (servletOutputStream != null) {
                servletOutputStream.close();
            }
            throw th;
        }
    }
}
