package org.picketlink.social.standalone.login;

import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.json.JSONException;
import org.json.JSONObject;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.DiscoveryException;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.discovery.Identifier;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.MessageException;
import org.openid4java.message.ParameterList;
import org.openid4java.message.ax.FetchRequest;
import org.picketlink.social.standalone.fb.FacebookConstants;
import org.picketlink.social.standalone.fb.FacebookPrincipal;
import org.picketlink.social.standalone.fb.FacebookProcessor;
import org.picketlink.social.standalone.oauth.OAuthConstants;
import org.picketlink.social.standalone.oauth.OpenIDProcessor;
import org.picketlink.social.standalone.oauth.OpenIdPrincipal;
import org.picketlink.social.standalone.oauth.StringUtil;

/* loaded from: input_file:org/picketlink/social/standalone/login/ExternalAuthentication.class */
public class ExternalAuthentication {
    protected static Logger log = Logger.getLogger(ExternalAuthentication.class);
    private ConsumerManager openIdConsumerManager;
    private FetchRequest fetchRequest;
    public static final String AUTH_TYPE = "authType";
    protected FacebookProcessor facebookProcessor;
    protected OpenIDProcessor openidProcessor;
    protected String returnURL;
    protected String clientID;
    protected String clientSecret;
    protected boolean trace = log.isTraceEnabled();
    private String openIdServiceUrl = null;
    protected String facebookScope = "email";
    private String requiredAttributes = "name,email,ax_firstName,ax_lastName,ax_fullName,ax_email";
    private String optionalAttributes = null;
    protected boolean saveRestoreRequest = true;
    protected List<String> roles = new ArrayList();

    /* loaded from: input_file:org/picketlink/social/standalone/login/ExternalAuthentication$AUTH_PROVIDERS.class */
    private enum AUTH_PROVIDERS {
        FACEBOOK,
        OPENID
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/picketlink/social/standalone/login/ExternalAuthentication$Providers.class */
    public enum Providers {
        GOOGLE("https://www.google.com/accounts/o8/id"),
        YAHOO("https://me.yahoo.com/"),
        MYSPACE("myspace.com"),
        MYOPENID("https://myopenid.com/");

        private String name;

        Providers(String str) {
            this.name = str;
        }

        String get() {
            return this.name;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/picketlink/social/standalone/login/ExternalAuthentication$STATES.class */
    public enum STATES {
        AUTH,
        AUTHZ,
        FINISH
    }

    public void setRoleString(String str) {
        if (str == null) {
            throw new RuntimeException("Role String is null in configuration");
        }
        StringTokenizer stringTokenizer = new StringTokenizer(getSystemPropertyAsString(str), ",");
        while (stringTokenizer.hasMoreElements()) {
            this.roles.add(stringTokenizer.nextToken());
        }
    }

    public void setSaveRestoreRequest(boolean z) {
        this.saveRestoreRequest = z;
    }

    public void setReturnURL(String str) {
        this.returnURL = getSystemPropertyAsString(str);
    }

    public void setClientID(String str) {
        this.clientID = getSystemPropertyAsString(str);
    }

    public void setClientSecret(String str) {
        this.clientSecret = getSystemPropertyAsString(str);
    }

    public void setFacebookScope(String str) {
        this.facebookScope = getSystemPropertyAsString(str);
    }

    public boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (this.facebookProcessor == null) {
            this.facebookProcessor = new FacebookProcessor(this.clientID, this.clientSecret, this.facebookScope, this.returnURL, this.roles);
        }
        if (this.openidProcessor == null) {
            this.openidProcessor = new OpenIDProcessor(this.returnURL, this.requiredAttributes, this.optionalAttributes);
        }
        HttpSession session = httpServletRequest.getSession();
        String parameter = httpServletRequest.getParameter("authType");
        if (parameter != null && parameter.length() > 0) {
            session.setAttribute("authType", parameter);
        }
        if (parameter == null || parameter.length() == 0) {
            parameter = (String) session.getAttribute("authType");
        }
        if (parameter == null) {
            parameter = AUTH_PROVIDERS.FACEBOOK.name();
        }
        return (parameter == null || !parameter.equals(AUTH_PROVIDERS.FACEBOOK.name())) ? processOpenID(httpServletRequest, httpServletResponse) : processFacebook(httpServletRequest, httpServletResponse);
    }

    protected boolean processFacebook(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String str = (String) httpServletRequest.getSession().getAttribute("STATE");
        if (STATES.FINISH.name().equals(str)) {
            Principal userPrincipal = httpServletRequest.getUserPrincipal();
            if (userPrincipal == null) {
                userPrincipal = getFacebookPrincipal(httpServletRequest, httpServletResponse);
            }
            if (userPrincipal != null) {
                return dealWithFacebookPrincipal(httpServletRequest, httpServletResponse, userPrincipal);
            }
            httpServletResponse.sendError(403);
            return false;
        }
        if (str == null || str.isEmpty()) {
            return initialFacebookInteraction(httpServletRequest, httpServletResponse);
        }
        if (str.equals(STATES.AUTH.name())) {
            return this.facebookProcessor.handleAuthStage(httpServletRequest, httpServletResponse);
        }
        if (!str.equals(STATES.AUTHZ.name())) {
            return false;
        }
        Principal facebookPrincipal = getFacebookPrincipal(httpServletRequest, httpServletResponse);
        if (facebookPrincipal != null) {
            return dealWithFacebookPrincipal(httpServletRequest, httpServletResponse, facebookPrincipal);
        }
        log.error("Principal was null. Maybe login modules need to be configured properly. Or user chose no data");
        httpServletResponse.sendError(403);
        return false;
    }

    protected boolean processOpenID(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        if (userPrincipal != null) {
            if (!this.trace) {
                return true;
            }
            log.trace("Logged in as:" + userPrincipal);
            return true;
        }
        if (!this.openidProcessor.isInitialized()) {
            try {
                this.openidProcessor.initialize(this.roles);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        HttpSession session = httpServletRequest.getSession();
        String str = (String) session.getAttribute("STATE");
        if (this.trace) {
            log.trace("state=" + str);
        }
        if (STATES.FINISH.name().equals(str)) {
            session.setAttribute("STATE", STATES.AUTH.name());
            return prepareAndSendAuthRequest(httpServletRequest, httpServletResponse);
        }
        if (str == null || str.isEmpty()) {
            return prepareAndSendAuthRequest(httpServletRequest, httpServletResponse);
        }
        if (!str.equals(STATES.AUTH.name())) {
            return false;
        }
        Principal processIncomingAuthResult = processIncomingAuthResult(httpServletRequest, httpServletResponse);
        if (processIncomingAuthResult != null) {
            return dealWithOpenIDPrincipal(httpServletRequest, httpServletResponse, processIncomingAuthResult);
        }
        log.error("Principal was null. Maybe login modules need to be configured properly. Or user chose no data");
        return false;
    }

    public boolean initialFacebookInteraction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        HttpSession session = httpServletRequest.getSession();
        HashMap hashMap = new HashMap();
        hashMap.put(OAuthConstants.REDIRECT_URI_PARAMETER, this.returnURL);
        hashMap.put(OAuthConstants.CLIENT_ID_PARAMETER, this.clientID);
        if (this.facebookScope != null) {
            hashMap.put(OAuthConstants.SCOPE_PARAMETER, this.facebookScope);
        }
        String str = FacebookConstants.SERVICE_URL + "?" + createFacebookQueryString(hashMap);
        try {
            session.setAttribute("STATE", STATES.AUTH.name());
            if (this.trace) {
                log.trace("Redirect:" + str);
            }
            httpServletResponse.sendRedirect(str);
            return false;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private boolean dealWithFacebookPrincipal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Principal principal) throws IOException {
        ((SocialRequestWrapper) httpServletRequest).setUserPrincipal(principal);
        httpServletRequest.getSession().setAttribute("STATE", STATES.FINISH.name());
        return true;
    }

    private boolean dealWithOpenIDPrincipal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Principal principal) throws IOException {
        HttpSession session = httpServletRequest.getSession();
        ((SocialRequestWrapper) httpServletRequest).setUserPrincipal(principal);
        if (this.trace) {
            log.trace("Logged in as:" + principal);
        }
        session.setAttribute("STATE", STATES.FINISH.name());
        return true;
    }

    public Principal getFacebookPrincipal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Principal handleFacebookAuthenticationResponse = handleFacebookAuthenticationResponse(httpServletRequest, httpServletResponse);
        if (handleFacebookAuthenticationResponse == null) {
            return null;
        }
        httpServletRequest.getSession().setAttribute("PRINCIPAL", handleFacebookAuthenticationResponse);
        return handleFacebookAuthenticationResponse;
    }

    protected Principal handleFacebookAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter(OAuthConstants.ERROR_PARAMETER);
        if (parameter != null) {
            throw new RuntimeException("error:" + parameter);
        }
        String str = this.returnURL;
        String parameter2 = httpServletRequest.getParameter(OAuthConstants.CODE_PARAMETER);
        if (parameter2 == null) {
            log.error("Authorization code parameter not found");
            return null;
        }
        Map<String, String> formUrlDecode = formUrlDecode(readUrlContent(sendFacebookAccessTokenRequest(str, parameter2, httpServletResponse)));
        String str2 = formUrlDecode.get(OAuthConstants.ACCESS_TOKEN_PARAMETER);
        String str3 = formUrlDecode.get(FacebookConstants.EXPIRES);
        if (this.trace) {
            log.trace("Access Token=" + str2 + " :: Expires=" + str3);
        }
        if (str2 == null) {
            throw new RuntimeException("No access token found");
        }
        return readInIdentity(httpServletRequest, httpServletResponse, str2, str);
    }

    protected URLConnection sendFacebookAccessTokenRequest(String str, String str2, HttpServletResponse httpServletResponse) {
        String str3 = this.returnURL;
        HashMap hashMap = new HashMap();
        hashMap.put(OAuthConstants.REDIRECT_URI_PARAMETER, str3);
        hashMap.put(OAuthConstants.CLIENT_ID_PARAMETER, this.clientID);
        hashMap.put(OAuthConstants.CLIENT_SECRET_PARAMETER, this.clientSecret);
        hashMap.put(OAuthConstants.CODE_PARAMETER, str2);
        String str4 = FacebookConstants.ACCESS_TOKEN_ENDPOINT_URL + "?" + createFacebookQueryString(hashMap);
        try {
            if (this.trace) {
                log.trace("AccessToken Request=" + str4);
            }
            return new URL(str4).openConnection();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private boolean prepareAndSendAuthRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter("authType");
        if (parameter == null || parameter.length() == 0) {
            parameter = (String) httpServletRequest.getSession().getAttribute("authType");
        }
        determineServiceUrl(parameter);
        String str = this.openIdServiceUrl;
        HttpSession session = httpServletRequest.getSession(true);
        if (str == null) {
            return false;
        }
        session.setAttribute("openid", str);
        try {
            DiscoveryInformation associate = this.openIdConsumerManager.associate(this.openIdConsumerManager.discover(str));
            session.setAttribute("discovery", associate);
            try {
                AuthRequest authenticate = this.openIdConsumerManager.authenticate(associate, this.returnURL);
                authenticate.addExtension(this.fetchRequest);
                httpServletResponse.sendRedirect(authenticate.getDestinationUrl(true));
                httpServletRequest.getSession().setAttribute("STATE", STATES.AUTH.name());
                return false;
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } catch (DiscoveryException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    private void determineServiceUrl(String str) {
        this.openIdServiceUrl = Providers.GOOGLE.get();
        if (StringUtil.isNotNull(str)) {
            if ("google".equals(str)) {
                this.openIdServiceUrl = Providers.GOOGLE.get();
                return;
            }
            if ("yahoo".equals(str)) {
                this.openIdServiceUrl = Providers.YAHOO.get();
            } else if ("myspace".equals(str)) {
                this.openIdServiceUrl = Providers.MYSPACE.get();
            } else if ("myopenid".equals(str)) {
                this.openIdServiceUrl = Providers.MYOPENID.get();
            }
        }
    }

    private String createFacebookQueryString(Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String key = entry.getKey();
            String value = entry.getValue();
            if (z) {
                z = false;
            } else {
                sb.append("&");
            }
            sb.append(key).append("=");
            if (value == null) {
                throw new RuntimeException("paramValue is null");
            }
            try {
                sb.append(URLEncoder.encode(value, "UTF-8"));
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException(e);
            }
            throw new RuntimeException(e);
        }
        return sb.toString();
    }

    private Principal readInIdentity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        try {
            String str3 = FacebookConstants.PROFILE_ENDPOINT_URL + "?access_token=" + URLEncoder.encode(str, "UTF-8");
            if (this.trace) {
                log.trace("Profile read:" + str3);
            }
            JSONObject jSONObject = new JSONObject(readUrlContent(new URL(str3).openConnection()));
            FacebookPrincipal facebookPrincipal = new FacebookPrincipal();
            facebookPrincipal.setAccessToken(str);
            facebookPrincipal.setId(jSONObject.getString("id"));
            facebookPrincipal.setName(jSONObject.getString("name"));
            facebookPrincipal.setFirstName(jSONObject.getString("first_name"));
            facebookPrincipal.setLastName(jSONObject.getString("last_name"));
            facebookPrincipal.setGender(jSONObject.getString("gender"));
            facebookPrincipal.setTimezone(jSONObject.getString("timezone"));
            facebookPrincipal.setLocale(jSONObject.getString("locale"));
            if (jSONObject.getString("email") != null) {
                facebookPrincipal.setEmail(jSONObject.getString("email"));
            }
            return facebookPrincipal;
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (JSONException e2) {
            throw new RuntimeException(e2);
        }
    }

    private String readUrlContent(URLConnection uRLConnection) {
        StringBuilder sb = new StringBuilder();
        InputStreamReader inputStreamReader = null;
        try {
            try {
                inputStreamReader = new InputStreamReader(uRLConnection.getInputStream());
                char[] cArr = new char[50];
                while (true) {
                    int read = inputStreamReader.read(cArr);
                    if (read == -1) {
                        break;
                    }
                    sb.append(cArr, 0, read);
                }
                if (inputStreamReader != null) {
                    try {
                        inputStreamReader.close();
                    } catch (IOException e) {
                    }
                }
                return sb.toString();
            } catch (IOException e2) {
                throw new RuntimeException(e2);
            }
        } catch (Throwable th) {
            if (inputStreamReader != null) {
                try {
                    inputStreamReader.close();
                } catch (IOException e3) {
                    throw th;
                }
            }
            throw th;
        }
    }

    private Map<String, String> formUrlDecode(String str) {
        HashMap hashMap = new HashMap();
        for (String str2 : str.split("&")) {
            String[] split = str2.split("=");
            if (split.length != 2) {
                throw new RuntimeException("Unexpected name-value pair in response: " + str2);
            }
            try {
                hashMap.put(split[0], URLDecoder.decode(split[1], "UTF-8"));
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException(e);
            }
        }
        return hashMap;
    }

    private String getSystemPropertyAsString(String str) {
        if (str.contains("${")) {
            Matcher matcher = Pattern.compile("\\$\\{([^}]+)}").matcher(str);
            StringBuffer stringBuffer = new StringBuffer();
            while (matcher.find()) {
                String group = matcher.group(1);
                String str2 = "";
                if (group.contains("::")) {
                    int indexOf = group.indexOf("::");
                    str2 = group.substring(indexOf + 2);
                    group = group.substring(0, indexOf);
                }
                matcher.appendReplacement(stringBuffer, SecurityActions.getSystemProperty(group, str2));
            }
            matcher.appendTail(stringBuffer);
            str = stringBuffer.toString();
        }
        return str;
    }

    public Principal processIncomingAuthResult(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        OpenIdPrincipal openIdPrincipal = null;
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            throw new RuntimeException("wrong lifecycle: session was null");
        }
        ParameterList parameterList = new ParameterList(httpServletRequest.getParameterMap());
        DiscoveryInformation discoveryInformation = (DiscoveryInformation) session.getAttribute("discovery");
        if (discoveryInformation == null) {
            throw new RuntimeException("discovered information was null");
        }
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null && queryString.length() > 0) {
            requestURL.append("?").append(httpServletRequest.getQueryString());
        }
        try {
            VerificationResult verify = this.openIdConsumerManager.verify(requestURL.toString(), parameterList, discoveryInformation);
            Identifier verifiedId = verify.getVerifiedId();
            if (verifiedId != null) {
                AuthSuccess authResponse = verify.getAuthResponse();
                Map<String, List<String>> map = null;
                if (authResponse.hasExtension("http://openid.net/srv/ax/1.0")) {
                    try {
                        map = authResponse.getExtension("http://openid.net/srv/ax/1.0").getAttributes();
                    } catch (MessageException e) {
                        throw new RuntimeException((Throwable) e);
                    }
                }
                openIdPrincipal = createOpenIDPrincipal(verifiedId.getIdentifier(), discoveryInformation.getOPEndpoint(), map);
                httpServletRequest.getSession().setAttribute("PRINCIPAL", openIdPrincipal);
                if (this.trace) {
                    log.trace("Logged in as:" + openIdPrincipal);
                }
            } else {
                httpServletResponse.sendError(403);
            }
            return openIdPrincipal;
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private OpenIdPrincipal createOpenIDPrincipal(String str, URL url, Map<String, List<String>> map) {
        return new OpenIdPrincipal(str, url, map);
    }
}
