package org.wso2.carbon.identity.relyingparty.ui.openid;

import java.util.ArrayList;
import java.util.Iterator;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.openid4java.OpenIDException;
import org.openid4java.consumer.ConsumerException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.InMemoryConsumerAssociationStore;
import org.openid4java.consumer.InMemoryNonceVerifier;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.Message;
import org.openid4java.message.ParameterList;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.relyingparty.ui.dto.ClaimDTO;
import org.wso2.carbon.identity.relyingparty.ui.dto.OpenIDDTO;
import org.wso2.carbon.identity.relyingparty.ui.openid.extensions.OpenIDExtension;
import org.wso2.carbon.ui.CarbonUIUtil;

/* loaded from: input_file:org/wso2/carbon/identity/relyingparty/ui/openid/OpenIDConsumer.class */
public class OpenIDConsumer {
    private ConsumerManager manager;
    private static volatile OpenIDConsumer consumer;
    private static Log log = LogFactory.getLog(OpenIDConsumer.class);

    private OpenIDConsumer() throws IdentityException {
        try {
            this.manager = new ConsumerManager();
            this.manager.setAssociations(new InMemoryConsumerAssociationStore());
            this.manager.setNonceVerifier(new InMemoryNonceVerifier(5000));
            this.manager.getRealmVerifier().setEnforceRpId(false);
        } catch (ConsumerException e) {
            log.error("Relying Party initialization failed", e);
            throw new IdentityException("Relying Party initialization failed", e);
        }
    }

    public static OpenIDConsumer getInstance() throws IdentityException {
        if (consumer == null) {
            synchronized (OpenIDConsumer.class) {
                if (consumer == null) {
                    consumer = new OpenIDConsumer();
                }
            }
        }
        return consumer;
    }

    public String doOpenIDAuthentication(OpenIDAuthenticationRequest openIDAuthenticationRequest) throws IdentityException {
        if (openIDAuthenticationRequest == null) {
            throw new IdentityException("Invalid OpenID authentication request");
        }
        if (openIDAuthenticationRequest.getReturnUrl() == null) {
            openIDAuthenticationRequest.setReturnUrl(openIDAuthenticationRequest.getRequest().getParameter("returnUrl"));
        }
        if (log.isDebugEnabled()) {
            log.debug("Return_to url :" + openIDAuthenticationRequest.getReturnUrl());
        }
        return authRequest(openIDAuthenticationRequest);
    }

    public Message verifyOpenID(HttpServletRequest httpServletRequest, ParameterList parameterList) throws OpenIDException, IdentityException {
        DiscoveryInformation discoveryInformation = (DiscoveryInformation) httpServletRequest.getSession().getAttribute("openid-disc");
        String str = getAdminConsoleURL(httpServletRequest) + "relyingparty/openid_accept.jsp";
        String queryString = httpServletRequest.getQueryString();
        if (log.isDebugEnabled()) {
            log.debug("OpenID receiving url from the reponse: " + str);
            log.debug("OpenID query string from the reponse: " + queryString);
        }
        VerificationResult verify = this.manager.verify(str, parameterList, discoveryInformation);
        if (verify.getVerifiedId() != null) {
            return verify.getAuthResponse();
        }
        log.error("OpenID verification failed");
        throw new IdentityException("OpenID verification failed");
    }

    protected String authRequest(OpenIDAuthenticationRequest openIDAuthenticationRequest) throws IdentityException {
        try {
            DiscoveryInformation associate = this.manager.associate(this.manager.discover(openIDAuthenticationRequest.getOpenIDUrl()));
            openIDAuthenticationRequest.getRequest().getSession().setAttribute("openid-disc", associate);
            AuthRequest authenticate = this.manager.authenticate(associate, openIDAuthenticationRequest.getReturnUrl());
            if (openIDAuthenticationRequest.getRealm() != null && openIDAuthenticationRequest.getRealm().trim().length() != 0) {
                authenticate.setRealm(openIDAuthenticationRequest.getRealm());
            }
            Iterator<String> it = openIDAuthenticationRequest.getRequestTypes().iterator();
            while (it.hasNext()) {
                authenticate.addExtension(OpenIDExtensionFactory.getInstance().getExtension(it.next()).getMessageExtension(openIDAuthenticationRequest));
            }
            return authenticate.getDestinationUrl(true);
        } catch (OpenIDException e) {
            log.error("openIDAuthError", e);
            throw new IdentityException("openIDAuthError", e);
        }
    }

    public OpenIDDTO validateOpenIDAuthentication(HttpServletRequest httpServletRequest) throws IdentityException {
        try {
            ParameterList parameterList = new ParameterList(httpServletRequest.getParameterMap());
            String parameterValue = parameterList.getParameterValue("openid.mode");
            if (parameterValue != null && "cancel".equals(parameterValue)) {
                throw new IdentityException("User has denied sending his profile info");
            }
            AuthSuccess verifyOpenID = verifyOpenID(httpServletRequest, parameterList);
            ArrayList arrayList = new ArrayList();
            Iterator it = verifyOpenID.getExtensions().iterator();
            while (it.hasNext()) {
                OpenIDExtension extension = OpenIDExtensionFactory.getInstance().getExtension((String) it.next(), verifyOpenID);
                if (extension != null) {
                    extension.setSessionAttributes(arrayList);
                }
            }
            OpenIDDTO openIDDTO = new OpenIDDTO();
            openIDDTO.setOpenID(verifyOpenID.getIdentity());
            openIDDTO.setClaims((ClaimDTO[]) arrayList.toArray(new ClaimDTO[arrayList.size()]));
            return openIDDTO;
        } catch (OpenIDException e) {
            log.error(e.getMessage());
            throw new IdentityException("OpenID authentication failed", e);
        }
    }

    public String getAdminConsoleURL(HttpServletRequest httpServletRequest) {
        return CarbonUIUtil.getAdminConsoleURL(httpServletRequest);
    }
}
