package org.picketlink.social.openid.auth;

import java.io.IOException;
import java.net.URL;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.log4j.Logger;
import org.openid4java.consumer.ConsumerException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.DiscoveryException;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.discovery.Identifier;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.MessageException;
import org.openid4java.message.ParameterList;
import org.openid4java.message.ax.FetchRequest;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.social.openid.OpenIdPrincipal;
import org.picketlink.social.openid.constants.OpenIDAliasMapper;

/* loaded from: input_file:org/picketlink/social/openid/auth/OpenIDProcessor.class */
public class OpenIDProcessor {
    public static final String AUTH_TYPE = "authType";
    private ConsumerManager openIdConsumerManager;
    private FetchRequest fetchRequest;
    private String returnURL;
    private String requiredAttributes;
    private String optionalAttributes;
    protected static Logger log = Logger.getLogger(OpenIDProcessor.class);
    public static ThreadLocal<Principal> cachedPrincipal = new ThreadLocal<>();
    public static ThreadLocal<List<String>> cachedRoles = new ThreadLocal<>();
    public static String EMPTY_PASSWORD = "EMPTY";
    protected boolean trace = log.isTraceEnabled();
    private String openIdServiceUrl = null;
    private boolean initialized = false;
    protected List<String> roles = new ArrayList();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/picketlink/social/openid/auth/OpenIDProcessor$Providers.class */
    public enum Providers {
        GOOGLE("https://www.google.com/accounts/o8/id"),
        YAHOO("https://me.yahoo.com/"),
        MYSPACE("myspace.com"),
        MYOPENID("https://myopenid.com/");

        private String name;

        Providers(String str) {
            this.name = str;
        }

        String get() {
            return this.name;
        }
    }

    /* loaded from: input_file:org/picketlink/social/openid/auth/OpenIDProcessor$STATES.class */
    private enum STATES {
        AUTH,
        AUTHZ,
        FINISH
    }

    public OpenIDProcessor(String str, String str2, String str3) {
        this.returnURL = null;
        this.optionalAttributes = null;
        this.returnURL = str;
        this.requiredAttributes = str2;
        this.optionalAttributes = str3;
    }

    public boolean isInitialized() {
        return this.initialized;
    }

    public void initialize(List<String> list) throws MessageException, ConsumerException {
        if (this.openIdConsumerManager == null) {
            this.openIdConsumerManager = new ConsumerManager();
        }
        this.fetchRequest = FetchRequest.createFetchRequest();
        if (StringUtil.isNotNull(this.requiredAttributes)) {
            for (String str : StringUtil.tokenize(this.requiredAttributes)) {
                this.fetchRequest.addAttribute(str, OpenIDAliasMapper.get(str), true);
            }
        }
        if (StringUtil.isNotNull(this.optionalAttributes)) {
            for (String str2 : StringUtil.tokenize(this.optionalAttributes)) {
                String str3 = OpenIDAliasMapper.get(str2);
                if (str3 == null) {
                    log.error("Null Type returned for " + str2);
                }
                this.fetchRequest.addAttribute(str2, str3, false);
            }
        }
        this.roles.addAll(list);
        this.initialized = true;
    }

    public boolean prepareAndSendAuthRequest(Request request, Response response) throws IOException {
        String parameter = request.getParameter("authType");
        if (parameter == null || parameter.length() == 0) {
            parameter = (String) request.getSession().getAttribute("authType");
        }
        determineServiceUrl(parameter);
        String str = this.openIdServiceUrl;
        Session sessionInternal = request.getSessionInternal(true);
        if (str == null) {
            return false;
        }
        sessionInternal.setNote("openid", str);
        try {
            DiscoveryInformation associate = this.openIdConsumerManager.associate(this.openIdConsumerManager.discover(str));
            sessionInternal.setNote("discovery", associate);
            try {
                AuthRequest authenticate = this.openIdConsumerManager.authenticate(associate, this.returnURL);
                authenticate.addExtension(this.fetchRequest);
                response.sendRedirect(authenticate.getDestinationUrl(true));
                request.getSession().setAttribute("STATE", STATES.AUTH.name());
                return false;
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } catch (DiscoveryException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    public Principal processIncomingAuthResult(Request request, Response response, Realm realm) throws IOException {
        Principal principal = null;
        Session sessionInternal = request.getSessionInternal(false);
        if (sessionInternal == null) {
            throw new RuntimeException("wrong lifecycle: session was null");
        }
        ParameterList parameterList = new ParameterList(request.getParameterMap());
        DiscoveryInformation discoveryInformation = (DiscoveryInformation) sessionInternal.getNote("discovery");
        if (discoveryInformation == null) {
            throw new RuntimeException("discovered information was null");
        }
        StringBuffer requestURL = request.getRequestURL();
        String queryString = request.getQueryString();
        if (queryString != null && queryString.length() > 0) {
            requestURL.append("?").append(request.getQueryString());
        }
        try {
            VerificationResult verify = this.openIdConsumerManager.verify(requestURL.toString(), parameterList, discoveryInformation);
            Identifier verifiedId = verify.getVerifiedId();
            if (verifiedId != null) {
                AuthSuccess authResponse = verify.getAuthResponse();
                Map<String, List<String>> map = null;
                if (authResponse.hasExtension("http://openid.net/srv/ax/1.0")) {
                    try {
                        map = authResponse.getExtension("http://openid.net/srv/ax/1.0").getAttributes();
                    } catch (MessageException e) {
                        throw new RuntimeException((Throwable) e);
                    }
                }
                OpenIdPrincipal createPrincipal = createPrincipal(verifiedId.getIdentifier(), discoveryInformation.getOPEndpoint(), map);
                request.getSession().setAttribute("PRINCIPAL", createPrincipal);
                String name = createPrincipal.getName();
                cachedPrincipal.set(createPrincipal);
                if (isJBossEnv()) {
                    cachedRoles.set(this.roles);
                    principal = realm.authenticate(name, EMPTY_PASSWORD);
                } else {
                    principal = new GenericPrincipal(realm, name, (String) null, this.roles, createPrincipal);
                }
                if (this.trace) {
                    log.trace("Logged in as:" + principal);
                }
            } else {
                response.sendError(403);
            }
            return principal;
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private OpenIdPrincipal createPrincipal(String str, URL url, Map<String, List<String>> map) {
        return new OpenIdPrincipal(str, url, map);
    }

    private boolean isJBossEnv() {
        Class<?> loadClass = SecurityActions.loadClass(getClass(), "org.jboss.as.web.WebServer");
        if (loadClass == null) {
            loadClass = SecurityActions.loadClass(getClass(), "org.jboss.system.Service");
        }
        return loadClass != null;
    }

    private void determineServiceUrl(String str) {
        this.openIdServiceUrl = Providers.GOOGLE.get();
        if (StringUtil.isNotNull(str)) {
            if ("google".equals(str)) {
                this.openIdServiceUrl = Providers.GOOGLE.get();
                return;
            }
            if ("yahoo".equals(str)) {
                this.openIdServiceUrl = Providers.YAHOO.get();
            } else if ("myspace".equals(str)) {
                this.openIdServiceUrl = Providers.MYSPACE.get();
            } else if ("myopenid".equals(str)) {
                this.openIdServiceUrl = Providers.MYOPENID.get();
            }
        }
    }
}
