package org.wso2.carbon.identity.sso.agent.openid;

import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.openid4java.association.AssociationException;
import org.openid4java.consumer.ConsumerException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.Discovery;
import org.openid4java.discovery.DiscoveryException;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.discovery.yadis.YadisException;
import org.openid4java.discovery.yadis.YadisResolver;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.MessageException;
import org.openid4java.message.ParameterList;
import org.openid4java.message.ax.FetchRequest;
import org.openid4java.message.ax.FetchResponse;
import org.openid4java.server.RealmVerifierFactory;
import org.openid4java.util.HttpFetcherFactory;
import org.wso2.carbon.identity.sso.agent.bean.SSOAgentSessionBean;
import org.wso2.carbon.identity.sso.agent.exception.SSOAgentException;
import org.wso2.carbon.identity.sso.agent.util.SSOAgentConfigs;

/* loaded from: input_file:org/wso2/carbon/identity/sso/agent/openid/OpenIDManager.class */
public class OpenIDManager {
    private static ConsumerManager consumerManager = null;
    AttributesRequestor attributesRequestor = null;

    public OpenIDManager() throws SSOAgentException {
        consumerManager = getConsumerManagerInstance();
    }

    private ConsumerManager getConsumerManagerInstance() throws SSOAgentException {
        HttpFetcherFactory httpFetcherFactory = new HttpFetcherFactory(loadSSLContext(), (X509HostnameVerifier) null);
        return new ConsumerManager(new RealmVerifierFactory(new YadisResolver(httpFetcherFactory)), new Discovery(), httpFetcherFactory);
    }

    public String doOpenIDLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SSOAgentException {
        String parameter = httpServletRequest.getParameter(SSOAgentConfigs.getClaimedIdParameterName());
        try {
            DiscoveryInformation associate = consumerManager.associate(consumerManager.discover(parameter));
            SSOAgentSessionBean sSOAgentSessionBean = new SSOAgentSessionBean();
            sSOAgentSessionBean.getClass();
            sSOAgentSessionBean.setOpenIDSessionBean(new SSOAgentSessionBean.OpenIDSessionBean(sSOAgentSessionBean));
            sSOAgentSessionBean.getOpenIDSessionBean().setDiscoveryInformation(associate);
            httpServletRequest.getSession().setAttribute(SSOAgentConfigs.getSessionBeanName(), sSOAgentSessionBean);
            consumerManager.setImmediateAuth(true);
            AuthRequest authenticate = consumerManager.authenticate(associate, SSOAgentConfigs.getReturnTo());
            if (SSOAgentConfigs.getAttributesRequestorImplClass() != null) {
                if (this.attributesRequestor == null) {
                    synchronized (this) {
                        if (this.attributesRequestor == null) {
                            this.attributesRequestor = (AttributesRequestor) Class.forName(SSOAgentConfigs.getAttributesRequestorImplClass()).newInstance();
                            this.attributesRequestor.init();
                        }
                    }
                }
                String[] requestedAttributes = this.attributesRequestor.getRequestedAttributes(parameter);
                FetchRequest createFetchRequest = FetchRequest.createFetchRequest();
                for (String str : requestedAttributes) {
                    createFetchRequest.addAttribute(str, this.attributesRequestor.getTypeURI(parameter, str), this.attributesRequestor.isRequired(parameter, str), this.attributesRequestor.getCount(parameter, str));
                }
                authenticate.addExtension(createFetchRequest);
            }
            return authenticate.getDestinationUrl(true);
        } catch (ConsumerException e) {
            throw new SSOAgentException("Error while doing OpenID Authentication", e);
        } catch (DiscoveryException e2) {
            throw new SSOAgentException("Error while doing OpenID Discovery", e2);
        } catch (IllegalAccessException e3) {
            throw new SSOAgentException("Error while instantiating AttributeRequestorImplClass: " + SSOAgentConfigs.getAttributesRequestorImplClass(), e3);
        } catch (MessageException e4) {
            throw new SSOAgentException("Error while creating FetchRequest", e4);
        } catch (ClassNotFoundException e5) {
            throw new SSOAgentException("Error while instantiating AttributeRequestorImplClass: " + SSOAgentConfigs.getAttributesRequestorImplClass(), e5);
        } catch (InstantiationException e6) {
            throw new SSOAgentException("Error while instantiating AttributeRequestorImplClass: " + SSOAgentConfigs.getAttributesRequestorImplClass(), e6);
        } catch (YadisException e7) {
            if (e7.getErrorCode() == 1796) {
                throw new SSOAgentException(e7.getMessage(), e7);
            }
            throw new SSOAgentException("Error while creating FetchRequest", e7);
        }
    }

    public void processOpenIDLoginResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SSOAgentException {
        try {
            ParameterList parameterList = new ParameterList(httpServletRequest.getParameterMap());
            SSOAgentSessionBean sSOAgentSessionBean = (SSOAgentSessionBean) httpServletRequest.getSession(false).getAttribute(SSOAgentConfigs.getSessionBeanName());
            if (sSOAgentSessionBean == null) {
                throw new SSOAgentException("Error while verifying OpenID response. Cannot find valid session for user");
            }
            VerificationResult verify = consumerManager.verify(SSOAgentConfigs.getReturnTo(), parameterList, sSOAgentSessionBean.getOpenIDSessionBean().getDiscoveryInformation());
            if (verify.getVerifiedId() == null) {
                throw new SSOAgentException("OpenID verification failed");
            }
            AuthSuccess authResponse = verify.getAuthResponse();
            sSOAgentSessionBean.getOpenIDSessionBean().setClaimedId(authResponse.getIdentity());
            if (authResponse.hasExtension("http://openid.net/srv/ax/1.0")) {
                HashMap hashMap = new HashMap();
                String[] requestedAttributes = this.attributesRequestor.getRequestedAttributes(authResponse.getIdentity());
                FetchResponse extension = authResponse.getExtension("http://openid.net/srv/ax/1.0");
                for (String str : requestedAttributes) {
                    List<String> attributeValuesByTypeUri = extension.getAttributeValuesByTypeUri(this.attributesRequestor.getTypeURI(authResponse.getIdentity(), str));
                    if ((attributeValuesByTypeUri.get(0) instanceof String) && attributeValuesByTypeUri.get(0).split(",").length > 1) {
                        for (String str2 : attributeValuesByTypeUri.get(0).split(",")) {
                            attributeValuesByTypeUri.add(str2);
                        }
                    }
                    if (attributeValuesByTypeUri.get(0) != null) {
                        hashMap.put(str, attributeValuesByTypeUri);
                    }
                }
                sSOAgentSessionBean.getOpenIDSessionBean().setOpenIdAttributes(hashMap);
            }
        } catch (DiscoveryException e) {
            throw new SSOAgentException("Error while verifying OpenID response", e);
        } catch (AssociationException e2) {
            throw new SSOAgentException("Error while verifying OpenID response", e2);
        } catch (MessageException e3) {
            throw new SSOAgentException("Error while verifying OpenID response", e3);
        }
    }

    private SSLContext loadSSLContext() throws SSOAgentException {
        try {
            KeyStore keyStore = SSOAgentConfigs.getKeyStore();
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            return sSLContext;
        } catch (KeyManagementException e) {
            throw new SSOAgentException("Error when reading keystore", e);
        } catch (KeyStoreException e2) {
            throw new SSOAgentException("Error when reading keystore", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new SSOAgentException("Error when reading keystore", e3);
        }
    }
}
