package org.wso2.solutions.identity.openid;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.openid4java.association.AssociationException;
import org.openid4java.message.AuthFailure;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.DirectError;
import org.openid4java.message.Message;
import org.openid4java.message.MessageException;
import org.openid4java.message.MessageExtension;
import org.openid4java.message.ParameterList;
import org.openid4java.message.sreg.SRegMessage;
import org.openid4java.server.ServerException;
import org.openid4java.server.ServerManager;
import org.wso2.solutions.identity.IdentityProviderException;
import org.wso2.solutions.identity.openid.extensions.OpenIDExtension;
import org.wso2.solutions.identity.persistence.IPPersistenceManager;
import org.wso2.solutions.identity.persistence.dataobject.OpenIDUserRPDO;
import org.wso2.utils.ServerConfiguration;

/* loaded from: input_file:org/wso2/solutions/identity/openid/OpenIDProvider.class */
public class OpenIDProvider {
    private String authPage;
    private static String opAddress;
    public static final ServerManager manager = new OpenIDServerManager();
    private static Log log = LogFactory.getLog(OpenIDProvider.class);

    public String processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IdentityProviderException {
        String keyValueFormEncoding;
        ParameterList parameterList;
        try {
            parameterList = ("complete".equals(httpServletRequest.getParameter("_action")) || "cancel".equals(httpServletRequest.getParameter("_action"))) ? (ParameterList) httpServletRequest.getSession().getAttribute("parameterlist") : new ParameterList(httpServletRequest.getParameterMap());
        } catch (Exception e) {
            log.error(e.getMessage());
            keyValueFormEncoding = DirectError.createDirectError(e.getMessage()).keyValueFormEncoding();
        }
        if (parameterList == null) {
            throw new Exception("Invalid OpenID request");
        }
        String parameterValue = parameterList.hasParameter("openid.mode") ? parameterList.getParameterValue("openid.mode") : null;
        if ("associate".equals(parameterValue)) {
            keyValueFormEncoding = manager.associationResponse(parameterList).keyValueFormEncoding();
        } else {
            if ("checkid_setup".equals(parameterValue) || "checkid_immediate".equals(parameterValue)) {
                return checkSetupOrImmediate(httpServletRequest, httpServletResponse, parameterList);
            }
            keyValueFormEncoding = "check_authentication".equals(parameterValue) ? checkAuthentication(parameterList) : DirectError.createDirectError("Unknown request").keyValueFormEncoding();
        }
        try {
            return directResponse(httpServletResponse, keyValueFormEncoding);
        } catch (IOException e2) {
            log.error(e2.getMessage());
            throw new IdentityProviderException("openIDDirectResponseFailed");
        }
    }

    public void setAuthPage(String str) {
        ServerConfiguration serverConfiguration = ServerConfiguration.getInstance();
        this.authPage = "https://" + serverConfiguration.getFirstProperty("HostName") + ":" + serverConfiguration.getFirstProperty("Ports.HTTPS") + "/" + str;
    }

    public static String getOpAddress() {
        return opAddress;
    }

    public static ServerManager getManager() {
        return manager;
    }

    private String checkAuthentication(ParameterList parameterList) {
        return manager.verify(parameterList).keyValueFormEncoding();
    }

    private String checkSetupOrImmediate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ParameterList parameterList) throws IdentityProviderException, ServerException, MessageException, AssociationException {
        MessageExtension messageExtension;
        boolean z = false;
        String str = null;
        HttpSession session = httpServletRequest.getSession();
        String parameterValue = parameterList.hasParameter("openid.identity") ? parameterList.getParameterValue("openid.identity") : null;
        if (parameterValue == null) {
            throw new IdentityProviderException("requredAttributeMissing");
        }
        String userName = OpenIDUtil.getUserName(parameterValue);
        if (httpServletRequest.getParameter("authenticatedAndApproved") != null && httpServletRequest.getParameter("authenticatedAndApproved").equals("true")) {
            OpenIDUserRPDO[] openIDUserRP = IPPersistenceManager.getPersistanceManager().getOpenIDUserRP(userName, OpenIDUtil.getRelyingPartyUrl(parameterList.getParameterValue("openid.return_to")));
            if (openIDUserRP != null && openIDUserRP.length > 0) {
                str = openIDUserRP[0].getDefaultProfileName();
            }
            z = true;
        }
        AuthRequest createAuthRequest = AuthRequest.createAuthRequest(parameterList, manager.getRealmVerifier());
        if ("cancel".equals(httpServletRequest.getParameter("_action"))) {
            z = false;
        } else if (!z) {
            List<String> requestedAttributes = getRequestedAttributes(createAuthRequest);
            session.setAttribute("parameterlist", parameterList);
            session.setAttribute("RequestedAttr", requestedAttributes);
            return this.authPage;
        }
        session.removeAttribute("RequestedAttr");
        AuthSuccess authResponse = manager.authResponse(parameterList, (String) null, (String) null, z);
        if ((authResponse instanceof DirectError) || (authResponse instanceof AuthFailure)) {
            return authResponse.getDestinationUrl(true);
        }
        OpenIDAuthenticationRequest openIDAuthenticationRequest = new OpenIDAuthenticationRequest();
        if ("true".equals(session.getAttribute("phishingResistanceAuthentication"))) {
            openIDAuthenticationRequest.setPhishingResistanceLogin(true);
            session.removeAttribute("phishingResistanceAuthentication");
        }
        if ("true".equals(session.getAttribute("multifactorlogin"))) {
            openIDAuthenticationRequest.setMultifactorLogin(true);
            session.removeAttribute("multifactorlogin");
        }
        openIDAuthenticationRequest.setAuthRequest(createAuthRequest);
        boolean z2 = false;
        boolean z3 = false;
        for (Object obj : createAuthRequest.getExtensions()) {
            if (log.isDebugEnabled()) {
                log.info("Found extension in the OpenID request: " + obj);
            }
            openIDAuthenticationRequest.setExtensionAlias((String) obj);
            OpenIDExtension extension = OpenIDExtensionFactory.getInstance().getExtension(openIDAuthenticationRequest);
            if (extension != null && (messageExtension = extension.getMessageExtension(userName, str)) != null) {
                authResponse.addExtension(messageExtension);
                AuthSuccess authSuccess = authResponse;
                authSuccess.setSignExtension((String) obj);
                if ((messageExtension instanceof SRegMessage) && openIDAuthenticationRequest.getExtensionAlias().equals("http://openid.net/sreg/1.0")) {
                    z3 = true;
                } else {
                    z2 = true;
                }
                manager.sign(authSuccess);
            }
        }
        if (z3 && !z2) {
            return authResponse.getDestinationUrl(true);
        }
        sendData(httpServletRequest, httpServletResponse, authResponse);
        return null;
    }

    private List<String> getRequestedAttributes(AuthRequest authRequest) throws IdentityProviderException {
        OpenIDAuthenticationRequest openIDAuthenticationRequest = new OpenIDAuthenticationRequest();
        openIDAuthenticationRequest.setAuthRequest(authRequest);
        ArrayList arrayList = new ArrayList();
        Iterator it = authRequest.getExtensions().iterator();
        while (it.hasNext()) {
            openIDAuthenticationRequest.setExtensionAlias((String) it.next());
            OpenIDExtension extension = OpenIDExtensionFactory.getInstance().getExtension(openIDAuthenticationRequest);
            if (extension != null) {
                extension.addRequiredAttributes(arrayList);
            }
        }
        return arrayList;
    }

    private void sendData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Message message) throws IdentityProviderException {
        try {
            RequestDispatcher requestDispatcher = httpServletRequest.getRequestDispatcher("/jsp/redirect.jsp");
            httpServletRequest.setAttribute("parameterMap", message.getParameterMap());
            httpServletRequest.setAttribute("destinationUrl", message.getDestinationUrl(false));
            requestDispatcher.forward(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            throw new IdentityProviderException("openIDResponseGenerationFailed", e);
        }
    }

    private String directResponse(HttpServletResponse httpServletResponse, String str) throws IOException {
        ServletOutputStream servletOutputStream = null;
        try {
            servletOutputStream = httpServletResponse.getOutputStream();
            servletOutputStream.write(str.getBytes());
            if (servletOutputStream == null) {
                return null;
            }
            servletOutputStream.close();
            return null;
        } catch (Throwable th) {
            if (servletOutputStream != null) {
                servletOutputStream.close();
            }
            throw th;
        }
    }

    static {
        opAddress = null;
        opAddress = ServerConfiguration.getInstance().getFirstProperty("OpenIDServerUrl") + "/server/";
        manager.setOPEndpointUrl(opAddress);
    }
}
