package com.google.step2.discovery;

import com.google.common.collect.Lists;
import com.google.inject.Inject;
import com.google.step2.http.FetchException;
import com.google.step2.http.FetchRequest;
import com.google.step2.http.FetchResponse;
import com.google.step2.http.HttpFetcher;
import com.google.step2.util.XmlUtil;
import com.google.step2.xmlsimplesign.CertValidator;
import com.google.step2.xmlsimplesign.Constants;
import com.google.step2.xmlsimplesign.Verifier;
import com.google.step2.xmlsimplesign.XmlSimpleSignException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.List;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.parsers.ParserConfigurationException;
import org.openid4java.discovery.DiscoveryException;
import org.openid4java.discovery.Identifier;
import org.openid4java.discovery.UrlIdentifier;
import org.openxri.xml.Service;
import org.openxri.xml.XRD;
import org.openxri.xml.XRDS;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

/* JADX WARN: Classes with same name are omitted:
  input_file:com/google/step2/discovery/LegacyXrdsResolver.class
 */
/* loaded from: input_file:step2-common-1.0.0-wso2v1.jar:com/google/step2/discovery/LegacyXrdsResolver.class */
public class LegacyXrdsResolver implements XrdDiscoveryResolver {
    private static final Logger logger = Logger.getLogger(LegacyXrdsResolver.class.getName());
    private static final String XRDS_TYPE = "application/xrds+xml";
    private static final String URI_TEMPLATE_TYPE = "http://www.iana.org/assignments/relation/describedby";
    private static final String URI_TEMPLATE_TAG = "URITemplate";
    private static final String NEXT_AUTHORITY_TAG = "NextAuthority";
    private final HttpFetcher httpFetcher;
    private final Verifier verifier;
    private final CertValidator certValidator;

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:com/google/step2/discovery/LegacyXrdsResolver$NextXrdLocation.class
     */
    /* loaded from: input_file:step2-common-1.0.0-wso2v1.jar:com/google/step2/discovery/LegacyXrdsResolver$NextXrdLocation.class */
    public static class NextXrdLocation {
        private final URI uri;
        private final String nextAuthority;

        public NextXrdLocation(URI uri, String str) {
            this.uri = uri;
            this.nextAuthority = str;
        }

        public URI getUri() {
            return this.uri;
        }

        public String getNextAuthority() {
            return this.nextAuthority;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:com/google/step2/discovery/LegacyXrdsResolver$XrdRepresentations.class
     */
    /* loaded from: input_file:step2-common-1.0.0-wso2v1.jar:com/google/step2/discovery/LegacyXrdsResolver$XrdRepresentations.class */
    public static class XrdRepresentations {
        private final XRD xrd;
        private final byte[] document;
        private final String source;
        private final String signature;

        public XrdRepresentations(XRD xrd, String str, byte[] bArr, String str2) {
            this.xrd = xrd;
            this.source = str;
            this.document = bArr;
            this.signature = str2;
        }

        public XRD getXrd() {
            return this.xrd;
        }

        public byte[] getDocument() {
            return this.document;
        }

        public String getSignature() {
            return this.signature;
        }

        public String getSource() {
            return this.source;
        }
    }

    @Inject
    public LegacyXrdsResolver(HttpFetcher httpFetcher, Verifier verifier, CertValidator certValidator) {
        this.httpFetcher = httpFetcher;
        this.verifier = verifier;
        this.certValidator = certValidator;
    }

    @Override // com.google.step2.discovery.XrdDiscoveryResolver
    public String getDiscoveryDocumentType() {
        return XRDS_TYPE;
    }

    @Override // com.google.step2.discovery.XrdDiscoveryResolver
    public List<SecureDiscoveryInformation> findOpEndpointsForSite(IdpIdentifier idpIdentifier, URI uri) throws DiscoveryException {
        return resolveXrds(getXrd(uri), "http://specs.openid.net/auth/2.0/server", idpIdentifier, null);
    }

    @Override // com.google.step2.discovery.XrdDiscoveryResolver
    public List<SecureDiscoveryInformation> findOpEndpointsForUser(UrlIdentifier urlIdentifier, URI uri) throws DiscoveryException {
        return resolveXrds(getXrd(uri), "http://specs.openid.net/auth/2.0/signon", urlIdentifier, null);
    }

    @Override // com.google.step2.discovery.XrdDiscoveryResolver
    public List<SecureDiscoveryInformation> findOpEndpointsForUserThroughSiteXrd(UrlIdentifier urlIdentifier, URI uri) throws DiscoveryException {
        NextXrdLocation mapClaimedIdToUserXrdsUri = mapClaimedIdToUserXrdsUri(getXrd(uri), urlIdentifier);
        return resolveXrds(getXrd(mapClaimedIdToUserXrdsUri.getUri()), "http://specs.openid.net/auth/2.0/signon", urlIdentifier, mapClaimedIdToUserXrdsUri.getNextAuthority());
    }

    NextXrdLocation mapClaimedIdToUserXrdsUri(XrdRepresentations xrdRepresentations, UrlIdentifier urlIdentifier) throws DiscoveryException {
        IdpIdentifier idpIdentifier = new IdpIdentifier(urlIdentifier.getUrl().getHost());
        Service serviceForType = getServiceForType(xrdRepresentations.getXrd(), URI_TEMPLATE_TYPE);
        if (serviceForType == null) {
            throw new DiscoveryException("could not find service of type http://www.iana.org/assignments/relation/describedby in XRDS at location " + urlIdentifier.getIdentifier());
        }
        String tagValue = checkSecurity(xrdRepresentations, idpIdentifier, null) ? getTagValue(serviceForType, NEXT_AUTHORITY_TAG) : null;
        String tagValue2 = getTagValue(serviceForType, URI_TEMPLATE_TAG);
        if (tagValue2 == null) {
            throw new DiscoveryException("missing URITemplate in service specification in XRDS at location " + urlIdentifier.getIdentifier());
        }
        return new NextXrdLocation(new UriTemplate(tagValue2).map(URI.create(urlIdentifier.getIdentifier())), tagValue);
    }

    private String getTagValue(Service service, String str) {
        Vector otherTagValues = service.getOtherTagValues(str);
        if (otherTagValues == null || otherTagValues.size() == 0) {
            return null;
        }
        return ((Element) otherTagValues.get(0)).getTextContent();
    }

    private List<SecureDiscoveryInformation> resolveXrds(XrdRepresentations xrdRepresentations, String str, Identifier identifier, String str2) throws DiscoveryException {
        boolean checkSecurity = checkSecurity(xrdRepresentations, identifier, str2);
        List<Service> servicesForType = getServicesForType(xrdRepresentations.getXrd(), str);
        if (servicesForType == null) {
            throw new DiscoveryException("could not find <Service> of type " + str + " in XRDS for " + xrdRepresentations.getSource());
        }
        ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(servicesForType.size());
        for (Service service : servicesForType) {
            try {
                if (!str.equals("http://specs.openid.net/auth/2.0/signon")) {
                    if (!str.equals("http://specs.openid.net/auth/2.0/server")) {
                        throw new DiscoveryException("unkown OpenID version : " + str);
                        break;
                    }
                    newArrayListWithCapacity.add(createDiscoveryInfoForServer(service, checkSecurity));
                } else {
                    newArrayListWithCapacity.add(createDiscoveryInfoForSignon(service, identifier, checkSecurity));
                }
            } catch (MalformedURLException e) {
                logger.log(Level.WARNING, "found malformed URL in discovery document at " + xrdRepresentations.getSource(), (Throwable) e);
            }
        }
        return newArrayListWithCapacity;
    }

    private boolean checkSecurity(XrdRepresentations xrdRepresentations, Identifier identifier, String str) {
        String canonicalId = getCanonicalId(xrdRepresentations.getXrd());
        if (canonicalId == null) {
            logger.warning("XRD from " + xrdRepresentations.getSource() + "did not have canonical Id");
            return false;
        }
        if (!canonicalId.equals(identifier.getIdentifier())) {
            logger.warning("Canonical ID " + canonicalId + " in XRD from " + xrdRepresentations.getSource() + " did not equal identifier " + identifier.getIdentifier());
            return false;
        }
        try {
            return this.certValidator.matches(this.verifier.verify(xrdRepresentations.getDocument(), xrdRepresentations.getSignature()).getCerts().get(0), str == null ? canonicalId : str);
        } catch (XmlSimpleSignException e) {
            logger.log(Level.WARNING, "signature on XRD from " + xrdRepresentations.getSource() + "did not verify", (Throwable) e);
            return false;
        }
    }

    private String getCanonicalId(XRD xrd) {
        if (xrd.getNumCanonicalids() != 1) {
            return null;
        }
        return xrd.getCanonicalidAt(0).getValue();
    }

    private SecureDiscoveryInformation createDiscoveryInfoForServer(Service service, boolean z) throws DiscoveryException, MalformedURLException {
        SecureDiscoveryInformation secureDiscoveryInformation = new SecureDiscoveryInformation(service.getURIAt(0).getURI().toURL());
        secureDiscoveryInformation.setSecure(z);
        return secureDiscoveryInformation;
    }

    private SecureDiscoveryInformation createDiscoveryInfoForSignon(Service service, Identifier identifier, boolean z) throws DiscoveryException, MalformedURLException {
        SecureDiscoveryInformation secureDiscoveryInformation = new SecureDiscoveryInformation(service.getURIAt(0).getURI().toURL(), identifier, getLocalId(service), "http://specs.openid.net/auth/2.0/signon");
        secureDiscoveryInformation.setSecure(z);
        return secureDiscoveryInformation;
    }

    private String getLocalId(Service service) {
        if (service.getNumLocalIDs() == 0) {
            return null;
        }
        return service.getLocalIDAt(0).getValue();
    }

    private XrdRepresentations getXrd(URI uri) throws DiscoveryException {
        try {
            XrdRepresentations fetchXrd = fetchXrd(uri);
            if (fetchXrd == null) {
                throw new DiscoveryException("XRDS at " + uri.toASCIIString() + " did not contain an XRD");
            }
            return fetchXrd;
        } catch (FetchException e) {
            throw new DiscoveryException("could not fetch XRDS from " + uri.toASCIIString(), e);
        }
    }

    private XrdRepresentations fetchXrd(URI uri) throws FetchException {
        try {
            FetchResponse fetch = this.httpFetcher.fetch(FetchRequest.createGetRequest(uri));
            byte[] contentAsBytes = fetch.getContentAsBytes();
            return new XrdRepresentations(new XRDS(XmlUtil.getDocument(new ByteArrayInputStream(contentAsBytes)).getDocumentElement(), false).getFinalXRD(), uri.toASCIIString(), contentAsBytes, fetch.getFirstHeader(Constants.SIGNATURE_ELEMENT));
        } catch (IOException e) {
            throw new FetchException(e);
        } catch (URISyntaxException e2) {
            throw new FetchException(e2);
        } catch (ParseException e3) {
            throw new FetchException(e3);
        } catch (ParserConfigurationException e4) {
            throw new FetchException(e4);
        } catch (SAXException e5) {
            throw new FetchException(e5);
        }
    }

    private Service getServiceForType(XRD xrd, String str) {
        ArrayList<Service> prioritizedServices = xrd.getPrioritizedServices();
        if (prioritizedServices == null) {
            return null;
        }
        for (Service service : prioritizedServices) {
            if (service.matchType(str)) {
                return service;
            }
        }
        return null;
    }

    private List<Service> getServicesForType(XRD xrd, String str) {
        ArrayList<Service> prioritizedServices = xrd.getPrioritizedServices();
        ArrayList newArrayList = Lists.newArrayList();
        if (prioritizedServices == null) {
            return null;
        }
        for (Service service : prioritizedServices) {
            if (service.matchType(str)) {
                newArrayList.add(service);
            }
        }
        if (newArrayList.size() == 0) {
            return null;
        }
        return newArrayList;
    }
}
