package org.wso2.carbon.identity.relyingparty.ui.openid;

import com.google.step2.AuthRequestHelper;
import com.google.step2.AuthResponseHelper;
import com.google.step2.ConsumerHelper;
import com.google.step2.Step2;
import com.google.step2.discovery.IdpIdentifier;
import com.google.step2.openid.ui.UiMessageRequest;
import java.util.ArrayList;
import java.util.Iterator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.openid4java.OpenIDException;
import org.openid4java.consumer.InMemoryConsumerAssociationStore;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.Message;
import org.openid4java.message.ParameterList;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.relyingparty.stub.dto.ClaimDTO;
import org.wso2.carbon.identity.relyingparty.stub.dto.OpenIDDTO;
import org.wso2.carbon.identity.relyingparty.ui.openid.extensions.OpenIDExtension;
import org.wso2.carbon.ui.CarbonUIUtil;
import org.wso2.carbon.utils.CarbonUtils;

/* loaded from: input_file:org/wso2/carbon/identity/relyingparty/ui/openid/OpenIDConsumer.class */
public class OpenIDConsumer {
    private static volatile OpenIDConsumer consumer;
    private static volatile ConsumerHelper consumerHelper;
    private static Log log = LogFactory.getLog(OpenIDConsumer.class);

    public OpenIDConsumer() throws IdentityException {
        try {
            consumerHelper = new ConsumerFactory(new InMemoryConsumerAssociationStore()).getConsumerHelper();
        } catch (Exception e) {
            log.error("Relying Party initialization failed", e);
            throw new IdentityException("Relying Party initialization failed", e);
        }
    }

    public static OpenIDConsumer getInstance() throws IdentityException {
        if (consumer == null) {
            synchronized (OpenIDConsumer.class) {
                if (consumer == null) {
                    consumer = new OpenIDConsumer();
                }
            }
        }
        return consumer;
    }

    public String doOpenIDAuthentication(OpenIDAuthenticationRequest openIDAuthenticationRequest) throws IdentityException {
        if (openIDAuthenticationRequest == null) {
            throw new IdentityException("Invalid OpenID authentication request");
        }
        if (openIDAuthenticationRequest.getReturnUrl() == null) {
            openIDAuthenticationRequest.setReturnUrl(openIDAuthenticationRequest.getRequest().getParameter("returnUrl"));
        }
        if (log.isDebugEnabled()) {
            log.debug("Return_to url :" + openIDAuthenticationRequest.getReturnUrl());
        }
        return authRequest(openIDAuthenticationRequest);
    }

    public Message verifyOpenID(HttpServletRequest httpServletRequest, ParameterList parameterList, String str) throws OpenIDException, IdentityException {
        DiscoveryInformation discoveryInformation = (DiscoveryInformation) httpServletRequest.getSession().getAttribute("openid-disc");
        String parameter = httpServletRequest.getParameter("css");
        if ("null".equals(parameter)) {
            parameter = null;
        }
        String parameter2 = httpServletRequest.getParameter("title");
        String parameter3 = httpServletRequest.getParameter("forwardPage");
        if (str == null) {
            str = getAdminConsoleURL(httpServletRequest) + "relyingparty/openid_accept.jsp";
            if (parameter != null) {
                str = str + "?forwardPage=" + parameter3 + "&css=" + parameter + "&title=" + parameter2;
            }
        }
        String queryString = httpServletRequest.getQueryString();
        if (log.isDebugEnabled()) {
            log.debug("OpenID receiving url from the reponse: " + str);
            log.debug("OpenID query string from the reponse: " + queryString);
        }
        AuthResponseHelper verify = consumerHelper.verify(str, parameterList, discoveryInformation);
        if (verify.getAuthResultType() == AuthResponseHelper.ResultType.AUTH_SUCCESS) {
            return verify.getAuthResponse();
        }
        log.error("OpenID verification failed");
        throw new IdentityException("OpenID verification failed");
    }

    protected String authRequest(OpenIDAuthenticationRequest openIDAuthenticationRequest) throws IdentityException {
        try {
            AuthRequestHelper authRequestHelper = consumerHelper.getAuthRequestHelper(new IdpIdentifier(openIDAuthenticationRequest.getOpenIDUrl()), openIDAuthenticationRequest.getReturnUrl());
            addAttributes(authRequestHelper, openIDAuthenticationRequest);
            HttpSession session = openIDAuthenticationRequest.getRequest().getSession();
            AuthRequest generateRequest = authRequestHelper.generateRequest();
            UiMessageRequest uiMessageRequest = new UiMessageRequest();
            uiMessageRequest.setIconRequest(true);
            generateRequest.addExtension(uiMessageRequest);
            session.setAttribute("openid-disc", authRequestHelper.getDiscoveryInformation());
            if (openIDAuthenticationRequest.getRealm() != null && openIDAuthenticationRequest.getRealm().trim().length() != 0) {
                generateRequest.setRealm(openIDAuthenticationRequest.getRealm());
            }
            Iterator<String> it = openIDAuthenticationRequest.getRequestTypes().iterator();
            while (it.hasNext()) {
                generateRequest.addExtension(OpenIDExtensionFactory.getInstance().getExtension(it.next()).getMessageExtension(openIDAuthenticationRequest));
            }
            return generateRequest.getDestinationUrl(true);
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new IdentityException(e.getMessage(), e);
        }
    }

    void addAttributes(AuthRequestHelper authRequestHelper, OpenIDAuthenticationRequest openIDAuthenticationRequest) {
        if (openIDAuthenticationRequest.getRequestClaimsFromIdP()) {
            Iterator<String> it = openIDAuthenticationRequest.getRequiredClaimURIs().iterator();
            while (it.hasNext()) {
                authRequestHelper.requestAxAttribute(Step2.AxSchema.ofTypeUri(it.next()), true);
            }
        }
    }

    public OpenIDDTO validateOpenIDAuthentication(HttpServletRequest httpServletRequest, String str) throws IdentityException {
        try {
            ParameterList parameterList = new ParameterList(httpServletRequest.getParameterMap());
            String parameterValue = parameterList.getParameterValue("openid.mode");
            if (parameterValue != null && "cancel".equals(parameterValue)) {
                throw new IdentityException("User has denied sending his profile info");
            }
            AuthSuccess verifyOpenID = verifyOpenID(httpServletRequest, parameterList, str);
            ArrayList arrayList = new ArrayList();
            Iterator it = verifyOpenID.getExtensions().iterator();
            while (it.hasNext()) {
                OpenIDExtension extension = OpenIDExtensionFactory.getInstance().getExtension((String) it.next(), verifyOpenID);
                if (extension != null) {
                    extension.setSessionAttributes(arrayList);
                }
            }
            OpenIDDTO openIDDTO = new OpenIDDTO();
            openIDDTO.setOpenID(verifyOpenID.getIdentity());
            openIDDTO.setClaims((ClaimDTO[]) arrayList.toArray(new ClaimDTO[arrayList.size()]));
            return openIDDTO;
        } catch (OpenIDException e) {
            log.error(e.getMessage());
            throw new IdentityException("OpenID authentication failed", e);
        }
    }

    public String getAdminConsoleURL(HttpServletRequest httpServletRequest) {
        return CarbonUIUtil.getAdminConsoleURL(CarbonUtils.getServerConfiguration().getFirstProperty("WebContextRoot"));
    }
}
