package org.wso2.carbon.identity.sso.agent.openid;

import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.MapUtils;
import org.openid4java.association.AssociationException;
import org.openid4java.consumer.ConsumerException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.Discovery;
import org.openid4java.discovery.DiscoveryException;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.discovery.yadis.YadisException;
import org.openid4java.discovery.yadis.YadisResolver;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.MessageException;
import org.openid4java.message.ParameterList;
import org.openid4java.message.ax.AxMessage;
import org.openid4java.message.ax.AxPayload;
import org.openid4java.message.ax.FetchRequest;
import org.openid4java.message.ax.FetchResponse;
import org.openid4java.server.RealmVerifierFactory;
import org.openid4java.util.HttpFetcherFactory;
import org.wso2.carbon.identity.sso.agent.SSOAgentConstants;
import org.wso2.carbon.identity.sso.agent.SSOAgentDataHolder;
import org.wso2.carbon.identity.sso.agent.SSOAgentException;
import org.wso2.carbon.identity.sso.agent.bean.LoggedInSessionBean;
import org.wso2.carbon.identity.sso.agent.bean.SSOAgentConfig;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.sso.agent-5.1.1-m1.jar:org/wso2/carbon/identity/sso/agent/openid/OpenIDManager.class */
public class OpenIDManager {
    AttributesRequestor attributesRequestor = null;
    private SSOAgentConfig ssoAgentConfig;

    public OpenIDManager(SSOAgentConfig sSOAgentConfig) throws SSOAgentException {
        this.ssoAgentConfig = null;
        SSOAgentDataHolder.getInstance().setConsumerManager(getConsumerManagerInstance());
        this.ssoAgentConfig = sSOAgentConfig;
    }

    private ConsumerManager getConsumerManagerInstance() throws SSOAgentException {
        try {
            HttpFetcherFactory httpFetcherFactory = new HttpFetcherFactory(SSLContext.getDefault(), null);
            return new ConsumerManager(new RealmVerifierFactory(new YadisResolver(httpFetcherFactory)), new Discovery(), httpFetcherFactory);
        } catch (NoSuchAlgorithmException e) {
            throw new SSOAgentException("Error while getting default SSL Context", e);
        }
    }

    public String doOpenIDLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SSOAgentException {
        String claimedId = this.ssoAgentConfig.getOpenId().getClaimedId();
        try {
            ConsumerManager consumerManager = SSOAgentDataHolder.getInstance().getConsumerManager();
            if (this.ssoAgentConfig.getOpenId().isDumbModeEnabled()) {
                consumerManager.setMaxAssocAttempts(0);
            }
            DiscoveryInformation associate = consumerManager.associate(consumerManager.discover(claimedId));
            LoggedInSessionBean loggedInSessionBean = new LoggedInSessionBean();
            loggedInSessionBean.getClass();
            loggedInSessionBean.setOpenId(new LoggedInSessionBean.OpenID());
            loggedInSessionBean.getOpenId().setDiscoveryInformation(associate);
            httpServletRequest.getSession().setAttribute(SSOAgentConstants.SESSION_BEAN_NAME, loggedInSessionBean);
            consumerManager.setImmediateAuth(true);
            AuthRequest authenticate = consumerManager.authenticate(associate, this.ssoAgentConfig.getOpenId().getReturnToURL());
            if (this.ssoAgentConfig.getOpenId().isAttributeExchangeEnabled() && this.ssoAgentConfig.getOpenId().getAttributesRequestor() != null) {
                this.attributesRequestor = this.ssoAgentConfig.getOpenId().getAttributesRequestor();
                this.attributesRequestor.init();
                String[] requestedAttributes = this.attributesRequestor.getRequestedAttributes(claimedId);
                FetchRequest createFetchRequest = FetchRequest.createFetchRequest();
                for (String str : requestedAttributes) {
                    createFetchRequest.addAttribute(str, this.attributesRequestor.getTypeURI(claimedId, str), this.attributesRequestor.isRequired(claimedId, str), this.attributesRequestor.getCount(claimedId, str));
                }
                authenticate.addExtension(createFetchRequest);
            }
            SSOAgentDataHolder.getInstance().setConsumerManager(consumerManager);
            StringBuilder sb = new StringBuilder(authenticate.getDestinationUrl(true));
            if (MapUtils.isNotEmpty(this.ssoAgentConfig.getQueryParams())) {
                StringBuilder sb2 = new StringBuilder();
                for (Map.Entry<String, String[]> entry : this.ssoAgentConfig.getQueryParams().entrySet()) {
                    if (entry.getKey() != null && entry.getValue() != null && entry.getValue().length > 0) {
                        for (String str2 : entry.getValue()) {
                            sb2.append("&").append(entry.getKey()).append("=").append(str2);
                        }
                    }
                }
                sb.append((CharSequence) sb2);
            }
            return sb.toString();
        } catch (ConsumerException e) {
            throw new SSOAgentException("Error while doing OpenID Authentication", e);
        } catch (YadisException e2) {
            if (e2.getErrorCode() == 1796) {
                throw new SSOAgentException(e2.getMessage(), e2);
            }
            throw new SSOAgentException("Error while creating FetchRequest", e2);
        } catch (DiscoveryException e3) {
            throw new SSOAgentException("Error while doing OpenID Discovery", e3);
        } catch (MessageException e4) {
            throw new SSOAgentException("Error while creating FetchRequest", e4);
        }
    }

    public void processOpenIDLoginResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SSOAgentException {
        try {
            ParameterList parameterList = new ParameterList(httpServletRequest.getParameterMap());
            LoggedInSessionBean loggedInSessionBean = (LoggedInSessionBean) httpServletRequest.getSession(false).getAttribute(SSOAgentConstants.SESSION_BEAN_NAME);
            if (loggedInSessionBean == null) {
                throw new SSOAgentException("Error while verifying OpenID response. Cannot find valid session for user");
            }
            VerificationResult verify = SSOAgentDataHolder.getInstance().getConsumerManager().verify(this.ssoAgentConfig.getOpenId().getReturnToURL(), parameterList, loggedInSessionBean.getOpenId().getDiscoveryInformation());
            if (verify.getVerifiedId() == null) {
                throw new SSOAgentException("OpenID verification failed");
            }
            AuthSuccess authSuccess = (AuthSuccess) verify.getAuthResponse();
            loggedInSessionBean.getOpenId().setClaimedId(authSuccess.getIdentity());
            if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
                HashMap hashMap = new HashMap();
                if (this.ssoAgentConfig.getOpenId().getAttributesRequestor() != null) {
                    this.attributesRequestor = this.ssoAgentConfig.getOpenId().getAttributesRequestor();
                    String[] requestedAttributes = this.attributesRequestor.getRequestedAttributes(authSuccess.getIdentity());
                    AxPayload axPayload = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
                    for (String str : requestedAttributes) {
                        List attributeValuesByTypeUri = axPayload.getAttributeValuesByTypeUri(this.attributesRequestor.getTypeURI(authSuccess.getIdentity(), str));
                        if ((attributeValuesByTypeUri.get(0) instanceof String) && attributeValuesByTypeUri.get(0).split(",").length > 1) {
                            for (String str2 : attributeValuesByTypeUri.get(0).split(",")) {
                                attributeValuesByTypeUri.add(str2);
                            }
                        }
                        if (attributeValuesByTypeUri.get(0) != null) {
                            hashMap.put(str, attributeValuesByTypeUri);
                        }
                    }
                }
                loggedInSessionBean.getOpenId().setSubjectAttributes(hashMap);
            }
        } catch (AssociationException e) {
            throw new SSOAgentException("Error while verifying OpenID response", e);
        } catch (DiscoveryException e2) {
            throw new SSOAgentException("Error while verifying OpenID response", e2);
        } catch (MessageException e3) {
            throw new SSOAgentException("Error while verifying OpenID response", e3);
        }
    }
}
