package org.openid4java.message;

import java.util.Arrays;
import java.util.List;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.oltu.oauth2.common.OAuth;
import org.openid4java.association.Association;
import org.openid4java.association.AssociationException;
import org.openid4java.association.AssociationSessionType;
import org.openid4java.association.DiffieHellmanSession;

/* loaded from: input_file:org/openid4java/message/AssociationResponse.class */
public class AssociationResponse extends Message {
    private static Log _log = LogFactory.getLog(AssociationResponse.class);
    private static final boolean DEBUG = _log.isDebugEnabled();
    protected static final List requiredFields = Arrays.asList("assoc_type", "assoc_handle", OAuth.OAUTH_EXPIRES_IN);
    protected static final List optionalFields = Arrays.asList("ns", "session_type", "mac_key", "enc_mac_key", "dh_server_public");

    protected AssociationResponse(AssociationRequest associationRequest, Association association) throws AssociationException {
        if (DEBUG) {
            _log.debug("Creating association response, type: " + associationRequest.getType() + " association handle: " + association.getHandle());
        }
        if (associationRequest.isVersion2()) {
            set("ns", Message.OPENID2_NS);
        }
        AssociationSessionType type = associationRequest.getType();
        setType(type);
        setAssocHandle(association.getHandle());
        setExpire(new Long((association.getExpiry().getTime() - System.currentTimeMillis()) / 1000));
        if (type.getHAlgorithm() == null) {
            setMacKey(new String(Base64.encodeBase64(association.getMacKey().getEncoded())));
            return;
        }
        DiffieHellmanSession create = DiffieHellmanSession.create(type, associationRequest.getDhModulus(), associationRequest.getDhGen());
        setPublicKey(create.getPublicKey());
        setMacKeyEnc(create.encryptMacKey(association.getMacKey().getEncoded(), associationRequest.getDhPublicKey()));
    }

    protected AssociationResponse(ParameterList parameterList) {
        super(parameterList);
    }

    public static AssociationResponse createAssociationResponse(AssociationRequest associationRequest, Association association) throws MessageException, AssociationException {
        AssociationResponse associationResponse = new AssociationResponse(associationRequest, association);
        associationResponse.validate();
        if (DEBUG) {
            _log.debug("Created association response:\n" + associationResponse.keyValueFormEncoding());
        }
        return associationResponse;
    }

    public static AssociationResponse createAssociationResponse(ParameterList parameterList) throws MessageException {
        AssociationResponse associationResponse = new AssociationResponse(parameterList);
        associationResponse.validate();
        if (DEBUG) {
            _log.debug("Created association response from message parameters:\n" + associationResponse.keyValueFormEncoding());
        }
        return associationResponse;
    }

    @Override // org.openid4java.message.Message
    public List getRequiredFields() {
        return requiredFields;
    }

    public boolean isVersion2() {
        return hasParameter("ns") && Message.OPENID2_NS.equals(getParameterValue("ns"));
    }

    private String getAssociationType() {
        return getParameterValue("assoc_type");
    }

    private String getSessionType() {
        return getParameterValue("session_type");
    }

    public void setType(AssociationSessionType associationSessionType) {
        set("session_type", associationSessionType.getSessionType());
        set("assoc_type", associationSessionType.getAssociationType());
    }

    public AssociationSessionType getType() throws AssociationException {
        return AssociationSessionType.create(getSessionType(), getAssociationType(), !isVersion2());
    }

    public void setAssocHandle(String str) {
        set("assoc_handle", str);
    }

    public void setExpire(Long l) {
        set(OAuth.OAUTH_EXPIRES_IN, l.toString());
    }

    public void setMacKey(String str) {
        set("mac_key", str);
    }

    public void setPublicKey(String str) {
        set("dh_server_public", str);
    }

    public void setMacKeyEnc(String str) {
        set("enc_mac_key", str);
    }

    @Override // org.openid4java.message.Message
    public void validate() throws MessageException {
        String parameterValue;
        super.validate();
        try {
            AssociationSessionType type = getType();
            if (type.isVersion2() ^ isVersion2()) {
                throw new MessageException("Protocol verison mismatch between association session type: " + type + " and AssociationResponse message type.", 512);
            }
            if (!isVersion2() && getAssociationType() == null) {
                throw new MessageException("assoc_type cannot be omitted in OpenID1 responses", 512);
            }
            if (type.getHAlgorithm() != null) {
                if (!hasParameter("dh_server_public") || !hasParameter("enc_mac_key")) {
                    throw new MessageException("DH public key or encrypted MAC key missing.", 512);
                }
                parameterValue = getParameterValue("enc_mac_key");
            } else {
                if (!hasParameter("mac_key")) {
                    throw new MessageException("Missing MAC key.", 512);
                }
                parameterValue = getParameterValue("mac_key");
            }
            int length = Base64.decodeBase64(parameterValue.getBytes()).length * 8;
            if (length != type.getKeySize()) {
                throw new MessageException("MAC key size: " + length + " doesn't match the association/session type: " + type, 512);
            }
        } catch (AssociationException e) {
            throw new MessageException("Error verifying association response validity.", 512, e);
        }
    }

    public Association getAssociation(DiffieHellmanSession diffieHellmanSession) throws AssociationException {
        byte[] decodeBase64;
        Association createHmacSha256;
        if (DEBUG) {
            _log.debug("Retrieving MAC key from association response...");
        }
        String parameterValue = getParameterValue("assoc_handle");
        int parseInt = Integer.parseInt(getParameterValue(OAuth.OAUTH_EXPIRES_IN));
        AssociationSessionType type = getType();
        if (type.getHAlgorithm() != null) {
            decodeBase64 = diffieHellmanSession.decryptMacKey(getParameterValue("enc_mac_key"), getParameterValue("dh_server_public"));
            if (DEBUG) {
                _log.debug("Decrypted MAC key (base64): " + new String(Base64.encodeBase64(decodeBase64)));
            }
        } else {
            decodeBase64 = Base64.decodeBase64(getParameterValue("mac_key").getBytes());
            if (DEBUG) {
                _log.debug("Unencrypted MAC key (base64): " + getParameterValue("mac_key"));
            }
        }
        if (Association.TYPE_HMAC_SHA1.equals(type.getAssociationType())) {
            createHmacSha256 = Association.createHmacSha1(parameterValue, decodeBase64, parseInt);
        } else {
            if (!Association.TYPE_HMAC_SHA256.equals(type.getAssociationType())) {
                throw new AssociationException("Unknown association type: " + type);
            }
            createHmacSha256 = Association.createHmacSha256(parameterValue, decodeBase64, parseInt);
        }
        if (DEBUG) {
            _log.debug("Created association for handle: " + parameterValue);
        }
        return createHmacSha256;
    }
}
