package org.openid4java.message;

import java.net.MalformedURLException;
import java.net.URL;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.openid4java.OpenIDException;
import org.openid4java.association.Association;
import org.openid4java.association.AssociationException;
import org.openid4java.discovery.DiscoveryException;
import org.openid4java.util.InternetDateFormat;

/* loaded from: input_file:org/openid4java/message/AuthSuccess.class */
public class AuthSuccess extends Message {
    private static Log _log = LogFactory.getLog(AuthSuccess.class);
    private static final boolean DEBUG = _log.isDebugEnabled();
    protected static final List requiredFields = Arrays.asList("openid.mode", "openid.return_to", "openid.assoc_handle", "openid.signed", "openid.sig");
    protected static final List optionalFields = Arrays.asList("openid.ns", "openid.op_endpoint", "openid.claimed_id", "openid.identity", "openid.response_nonce", "openid.invalidate_handle");
    protected static final String signRequired1 = "return_to,identity";
    protected static final String signRequired2 = "op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle";
    protected static final String signRequired3 = "op_endpoint,return_to,response_nonce,assoc_handle";
    protected List _signFields;
    protected List _signExtensions;

    protected AuthSuccess(String str, String str2, String str3, boolean z, String str4, String str5, String str6, Association association, boolean z2) throws AssociationException {
        this._signFields = new ArrayList();
        this._signExtensions = new ArrayList();
        if (!z) {
            set("openid.ns", Message.OPENID2_NS);
            setOpEndpoint(str);
            setClaimed(str2);
            setNonce(str5);
        }
        set("openid.mode", Message.MODE_IDRES);
        setIdentity(str3);
        setReturnTo(str4);
        if (str6 != null) {
            setInvalidateHandle(str6);
        }
        setHandle(association.getHandle());
        buildSignedList();
        setSignature(z2 ? association.sign(getSignedText()) : "");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthSuccess(ParameterList parameterList) {
        super(parameterList);
        this._signFields = new ArrayList();
        this._signExtensions = new ArrayList();
    }

    public static AuthSuccess createAuthSuccess(String str, String str2, String str3, boolean z, String str4, String str5, String str6, Association association, boolean z2) throws MessageException, AssociationException {
        AuthSuccess authSuccess = new AuthSuccess(str, str2, str3, z, str4, str5, str6, association, z2);
        authSuccess.validate();
        if (DEBUG) {
            _log.debug("Created positive auth response:\n" + authSuccess.keyValueFormEncoding());
        }
        return authSuccess;
    }

    public static AuthSuccess createAuthSuccess(ParameterList parameterList) throws MessageException {
        AuthSuccess authSuccess = new AuthSuccess(parameterList);
        authSuccess.validate();
        if (DEBUG) {
            _log.debug("Created positive auth response:\n" + authSuccess.keyValueFormEncoding());
        }
        return authSuccess;
    }

    @Override // org.openid4java.message.Message
    public List getRequiredFields() {
        return requiredFields;
    }

    public boolean isVersion2() {
        return hasParameter("openid.ns") && Message.OPENID2_NS.equals(getParameterValue("openid.ns"));
    }

    public void setMode(String str) throws MessageException {
        if (!str.equals(Message.MODE_IDRES) && !str.equals(Message.MODE_CANCEL)) {
            throw new MessageException("Unknown authentication mode: " + str);
        }
        set("openid.mode", str);
    }

    public String getMode() {
        return getParameterValue("openid.mode");
    }

    public void setOpEndpoint(String str) {
        set("openid.op_endpoint", str);
    }

    public String getOpEndpoint() {
        return getParameterValue("openid.op_endpoint");
    }

    public void setIdentity(String str) {
        set("openid.identity", str);
    }

    public String getIdentity() throws DiscoveryException {
        return getParameterValue("openid.identity");
    }

    public void setClaimed(String str) {
        set("openid.claimed_id", str);
    }

    public String getClaimed() {
        return getParameterValue("openid.claimed_id");
    }

    public void setReturnTo(String str) {
        set("openid.return_to", str);
        this._destinationUrl = str;
    }

    public String getReturnTo() {
        return getParameterValue("openid.return_to");
    }

    public void setNonce(String str) {
        set("openid.response_nonce", str);
    }

    public String getNonce() {
        return getParameterValue("openid.response_nonce");
    }

    public void setInvalidateHandle(String str) {
        set("openid.invalidate_handle", str);
    }

    public String getInvalidateHandle() {
        return getParameterValue("openid.invalidate_handle");
    }

    public void setHandle(String str) {
        set("openid.assoc_handle", str);
    }

    public String getHandle() {
        return getParameterValue("openid.assoc_handle");
    }

    public void buildSignedList() {
        String substring;
        int indexOf;
        StringBuffer stringBuffer = !isVersion2() ? new StringBuffer(signRequired1) : hasParameter("openid.identity") ? new StringBuffer(signRequired2) : new StringBuffer(signRequired3);
        ArrayList arrayList = new ArrayList(Arrays.asList(stringBuffer.toString().split(",")));
        for (String str : this._signFields) {
            if (!arrayList.contains(str)) {
                stringBuffer.append(",").append(str);
                arrayList.add(str);
            }
        }
        ArrayList arrayList2 = new ArrayList();
        Iterator it = this._signExtensions.iterator();
        while (it.hasNext()) {
            String extensionAlias = getExtensionAlias((String) it.next());
            if (extensionAlias != null) {
                arrayList2.add(extensionAlias);
            }
        }
        Iterator it2 = getParameters().iterator();
        while (it2.hasNext()) {
            String key = ((Parameter) it2.next()).getKey();
            if (key.startsWith("openid.") && (indexOf = (substring = key.substring(7)).indexOf(".")) > 0 && arrayList2.contains(substring.substring(0, indexOf)) && !arrayList.contains(substring)) {
                stringBuffer.append(",").append(substring);
                arrayList.add(substring);
            }
        }
        if (DEBUG) {
            _log.debug("Setting fields to be signed: " + ((Object) stringBuffer));
        }
        set("openid.signed", stringBuffer.toString());
    }

    public void setSignFields(String str) {
        if (str != null) {
            this._signFields = Arrays.asList(str.split(","));
            buildSignedList();
        }
    }

    public void setSignExtensions(String[] strArr) {
        if (strArr != null) {
            this._signExtensions = new ArrayList(Arrays.asList(strArr));
            buildSignedList();
        }
    }

    public void addSignExtension(String str) {
        if (this._signExtensions.contains(str)) {
            return;
        }
        this._signExtensions.add(str);
        buildSignedList();
    }

    public List getSignExtensions() {
        return this._signExtensions;
    }

    public void setSignature(String str) {
        set("openid.sig", str);
        if (DEBUG) {
            _log.debug("Added signature: " + str);
        }
    }

    public String getSignature() {
        return getParameterValue("openid.sig");
    }

    public String getSignList() {
        return getParameterValue("openid.signed");
    }

    public String getSignedText() {
        StringBuffer stringBuffer = new StringBuffer("");
        String[] split = getParameterValue("openid.signed").split(",");
        for (int i = 0; i < split.length; i++) {
            stringBuffer.append(split[i]);
            stringBuffer.append(':');
            String parameterValue = getParameterValue("openid." + split[i]);
            if (parameterValue != null) {
                stringBuffer.append(parameterValue);
            }
            stringBuffer.append('\n');
        }
        return stringBuffer.toString();
    }

    @Override // org.openid4java.message.Message
    public void validate() throws MessageException {
        super.validate();
        boolean z = !isVersion2();
        if (!z && !hasParameter("openid.op_endpoint")) {
            throw new MessageException("openid.op_endpoint is required in OpenID auth responses", OpenIDException.AUTH_ERROR);
        }
        try {
            if (getReturnTo() != null) {
                new URL(getReturnTo());
            }
            try {
                if (isVersion2() && getOpEndpoint() != null) {
                    new URL(getOpEndpoint());
                }
                if (!Message.MODE_IDRES.equals(getMode())) {
                    throw new MessageException("Invalid openid.mode value in auth response: " + getMode(), OpenIDException.AUTH_ERROR);
                }
                if (hasParameter("openid.identity")) {
                    if (!z && !hasParameter("openid.claimed_id")) {
                        throw new MessageException("openid.clamied_id must be present in OpenID2 auth responses", OpenIDException.AUTH_ERROR);
                    }
                } else {
                    if (z) {
                        throw new MessageException("openid.identity is required in OpenID1 auth responses", OpenIDException.AUTH_ERROR);
                    }
                    boolean z2 = false;
                    Iterator it = getExtensions().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        } else if (getExtension(it.next().toString()).providesIdentifier()) {
                            z2 = true;
                            break;
                        }
                    }
                    if (!z2) {
                        throw new MessageException("no identifier specified in auth request", OpenIDException.AUTH_ERROR);
                    }
                    if (hasParameter("openid.claimed_id")) {
                        throw new MessageException("openid.claimed_id must be present if and only if openid.identity is present.", OpenIDException.AUTH_ERROR);
                    }
                }
                String nonce = getNonce();
                if (z) {
                    if (nonce != null) {
                        _log.warn("openid.response_nonce present in OpenID1 auth response");
                    }
                } else {
                    if (nonce == null) {
                        throw new MessageException("openid.response_nonce is required in OpenID2 auth responses", OpenIDException.AUTH_ERROR);
                    }
                    try {
                        new InternetDateFormat().parse(nonce.substring(0, 20));
                        if (nonce.length() > 255) {
                            throw new MessageException("nonce length must not exceed 255 characters", OpenIDException.AUTH_ERROR);
                        }
                    } catch (ParseException e) {
                        throw new MessageException("Error parsing nonce in auth response.", OpenIDException.AUTH_ERROR, e);
                    }
                }
                List asList = Arrays.asList(getParameterValue("openid.signed").split(","));
                if (!asList.contains("return_to")) {
                    throw new MessageException("return_to must be signed", OpenIDException.AUTH_ERROR);
                }
                if (z == asList.contains("response_nonce")) {
                    _log.warn("response_nonce must be present and signed only in OpenID2 auth responses");
                }
                if (z == asList.contains("op_endpoint")) {
                    _log.warn("op_endpoint must be present and signed only in OpenID2 auth responses");
                }
                if (!z && !asList.contains("assoc_handle")) {
                    throw new MessageException("assoc_handle must be signed in OpenID2 auth responses", OpenIDException.AUTH_ERROR);
                }
                if (hasParameter("openid.identity") && !asList.contains("identity")) {
                    throw new MessageException("openid.identity must be signed if present", OpenIDException.AUTH_ERROR);
                }
                if (hasParameter("openid.claimed_id") && !asList.contains("claimed_id")) {
                    throw new MessageException("openid.claimed_id must be signed if present", OpenIDException.AUTH_ERROR);
                }
            } catch (MalformedURLException e2) {
                throw new MessageException("Invalid op_endpoint: " + getOpEndpoint(), OpenIDException.AUTH_ERROR, e2);
            }
        } catch (MalformedURLException e3) {
            throw new MessageException("Invalid return_to: " + getReturnTo(), OpenIDException.AUTH_ERROR, e3);
        }
    }
}
