package org.expressme.openid;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.StringReader;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:JOpenId-1.08.jar:org/expressme/openid/OpenIdManager.class */
public class OpenIdManager {
    private static final String HMAC_SHA1_ALGORITHM = "HmacSHA1";
    private ShortName shortName = new ShortName();
    private Map<String, Endpoint> endpointCache = new ConcurrentHashMap();
    private Map<Endpoint, Association> associationCache = new ConcurrentHashMap();
    private int timeOut = 5000;
    private String assocQuery = null;
    private String authQuery = null;
    private String returnTo = null;
    private String returnToUrlEncode = null;
    private String realm = null;

    public void setReturnTo(String str) {
        try {
            this.returnToUrlEncode = Utils.urlEncode(str);
            this.returnTo = str;
        } catch (UnsupportedEncodingException e) {
            throw new OpenIdException(e);
        }
    }

    public void setRealm(String str) {
        try {
            this.realm = Utils.urlEncode(str);
        } catch (UnsupportedEncodingException e) {
            throw new OpenIdException(e);
        }
    }

    public void setTimeOut(int i) {
        this.timeOut = i;
    }

    public Authentication getAuthentication(HttpServletRequest httpServletRequest, byte[] bArr) {
        return getAuthentication(httpServletRequest, bArr, "ext1");
    }

    public Authentication getAuthentication(HttpServletRequest httpServletRequest, byte[] bArr, String str) {
        String parameter = httpServletRequest.getParameter("openid.identity");
        if (parameter == null) {
            throw new OpenIdException("Missing 'openid.identity'.");
        }
        if (httpServletRequest.getParameter("openid.invalidate_handle") != null) {
            throw new OpenIdException("Invalidate handle.");
        }
        String parameter2 = httpServletRequest.getParameter("openid.sig");
        if (parameter2 == null) {
            throw new OpenIdException("Missing 'openid.sig'.");
        }
        String parameter3 = httpServletRequest.getParameter("openid.signed");
        if (parameter3 == null) {
            throw new OpenIdException("Missing 'openid.signed'.");
        }
        if (!this.returnTo.equals(httpServletRequest.getParameter("openid.return_to"))) {
            throw new OpenIdException("Bad 'openid.return_to'.");
        }
        String[] split = parameter3.split("[\\,]+");
        StringBuilder sb = new StringBuilder(1024);
        for (String str2 : split) {
            sb.append(str2).append(':');
            String parameter4 = httpServletRequest.getParameter("openid." + str2);
            if (parameter4 != null) {
                sb.append(parameter4);
            }
            sb.append('\n');
        }
        if (!safeEquals(parameter2, getHmacSha1(sb.toString(), bArr))) {
            throw new OpenIdException("Verify signature failed.");
        }
        Authentication authentication = new Authentication();
        authentication.setIdentity(parameter);
        authentication.setEmail(httpServletRequest.getParameter("openid." + str + ".value.email"));
        authentication.setLanguage(httpServletRequest.getParameter("openid." + str + ".value.language"));
        authentication.setGender(httpServletRequest.getParameter("openid." + str + ".value.gender"));
        authentication.setFullname(getFullname(httpServletRequest, str));
        authentication.setFirstname(getFirstname(httpServletRequest, str));
        authentication.setLastname(getLastname(httpServletRequest, str));
        return authentication;
    }

    /* JADX WARN: Multi-variable type inference failed */
    boolean safeEquals(String str, String str2) {
        if (str.length() != str2.length()) {
            return false;
        }
        Object[] objArr = false;
        for (int i = 0; i < str.length(); i++) {
            objArr = (objArr == true ? 1 : 0) | (str.charAt(i) ^ str2.charAt(i)) ? 1 : 0;
        }
        return objArr == false;
    }

    String getLastname(HttpServletRequest httpServletRequest, String str) {
        int lastIndexOf;
        String parameter = httpServletRequest.getParameter("openid." + str + ".value.lastname");
        if (parameter == null) {
            parameter = httpServletRequest.getParameter("openid." + str + ".value.fullname");
            if (parameter != null && (lastIndexOf = parameter.lastIndexOf(32)) != -1) {
                parameter = parameter.substring(lastIndexOf + 1);
            }
        }
        return parameter;
    }

    String getFirstname(HttpServletRequest httpServletRequest, String str) {
        int indexOf;
        String parameter = httpServletRequest.getParameter("openid." + str + ".value.firstname");
        if (parameter == null) {
            parameter = httpServletRequest.getParameter("openid." + str + ".value.fullname");
            if (parameter != null && (indexOf = parameter.indexOf(32)) != -1) {
                parameter = parameter.substring(0, indexOf);
            }
        }
        return parameter;
    }

    String getFullname(HttpServletRequest httpServletRequest, String str) {
        String parameter = httpServletRequest.getParameter("openid." + str + ".value.fullname");
        if (parameter == null) {
            String parameter2 = httpServletRequest.getParameter("openid." + str + ".value.firstname");
            if (parameter2 != null) {
                parameter2 = parameter2 + " ";
            }
            parameter = parameter2 + httpServletRequest.getParameter("openid." + str + ".value.lastname");
        }
        return parameter;
    }

    String getHmacSha1(String str, byte[] bArr) {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, HMAC_SHA1_ALGORITHM);
        try {
            Mac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
            mac.init(secretKeySpec);
            try {
                return Base64.encodeBytes(mac.doFinal(str.getBytes("UTF-8")));
            } catch (UnsupportedEncodingException e) {
                throw new OpenIdException(e);
            } catch (IllegalStateException e2) {
                throw new OpenIdException(e2);
            }
        } catch (InvalidKeyException e3) {
            throw new OpenIdException(e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new OpenIdException(e4);
        }
    }

    public Endpoint lookupEndpoint(String str) {
        String str2;
        String str3 = null;
        if (str.startsWith("http://") || str.startsWith("https://")) {
            str2 = str;
        } else {
            str2 = this.shortName.lookupUrlByName(str);
            if (str2 == null) {
                throw new OpenIdException("Cannot find OP URL by name: " + str);
            }
            str3 = this.shortName.lookupAliasByName(str);
        }
        Endpoint endpoint = this.endpointCache.get(str2);
        if (endpoint != null && !endpoint.isExpired()) {
            return endpoint;
        }
        Endpoint requestEndpoint = requestEndpoint(str2, str3 == null ? "ext1" : str3);
        this.endpointCache.put(str2, requestEndpoint);
        return requestEndpoint;
    }

    public Association lookupAssociation(Endpoint endpoint) {
        Association association = this.associationCache.get(endpoint);
        if (association != null && !association.isExpired()) {
            return association;
        }
        Association requestAssociation = requestAssociation(endpoint);
        this.associationCache.put(endpoint, requestAssociation);
        return requestAssociation;
    }

    public String getAuthenticationUrl(Endpoint endpoint, Association association) {
        StringBuilder sb = new StringBuilder(1024);
        sb.append(endpoint.getUrl()).append(endpoint.getUrl().contains("?") ? '&' : '?').append(getAuthQuery(endpoint.getAlias())).append("&openid.return_to=").append(this.returnToUrlEncode).append("&openid.assoc_handle=").append(association.getAssociationHandle());
        if (this.realm != null) {
            sb.append("&openid.realm=").append(this.realm);
        }
        return sb.toString();
    }

    Endpoint requestEndpoint(String str, String str2) {
        Map<String, Object> httpRequest = Utils.httpRequest(str, "GET", "application/xrds+xml", null, this.timeOut);
        try {
            return new Endpoint(Utils.mid(Utils.getContent(httpRequest), "<URI>", "</URI>"), str2, Utils.getMaxAge(httpRequest));
        } catch (UnsupportedEncodingException e) {
            throw new OpenIdException(e);
        }
    }

    Association requestAssociation(Endpoint endpoint) {
        try {
            String content = Utils.getContent(Utils.httpRequest(endpoint.getUrl(), "POST", "*/*", getAssocQuery(), this.timeOut));
            Association association = new Association();
            try {
                BufferedReader bufferedReader = new BufferedReader(new StringReader(content));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        return association;
                    }
                    String trim = readLine.trim();
                    int indexOf = trim.indexOf(58);
                    if (indexOf != -1) {
                        String substring = trim.substring(0, indexOf);
                        String substring2 = trim.substring(indexOf + 1);
                        if ("session_type".equals(substring)) {
                            association.setSessionType(substring2);
                        } else if ("assoc_type".equals(substring)) {
                            association.setAssociationType(substring2);
                        } else if ("assoc_handle".equals(substring)) {
                            association.setAssociationHandle(substring2);
                        } else if ("mac_key".equals(substring)) {
                            association.setMacKey(substring2);
                        } else if ("expires_in".equals(substring)) {
                            association.setMaxAge(Long.parseLong(substring2) * 900);
                        }
                    }
                }
            } catch (IOException e) {
                throw new RuntimeException("IOException is impossible!", e);
            }
        } catch (UnsupportedEncodingException e2) {
            throw new OpenIdException(e2);
        }
    }

    String getAuthQuery(String str) {
        if (this.authQuery != null) {
            return this.authQuery;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add("openid.ns=http://specs.openid.net/auth/2.0");
        arrayList.add("openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select");
        arrayList.add("openid.identity=http://specs.openid.net/auth/2.0/identifier_select");
        arrayList.add("openid.mode=checkid_setup");
        arrayList.add("openid.ns." + str + "=http://openid.net/srv/ax/1.0");
        arrayList.add("openid." + str + ".mode=fetch_request");
        arrayList.add("openid." + str + ".type.email=http://axschema.org/contact/email");
        arrayList.add("openid." + str + ".type.fullname=http://axschema.org/namePerson");
        arrayList.add("openid." + str + ".type.language=http://axschema.org/pref/language");
        arrayList.add("openid." + str + ".type.firstname=http://axschema.org/namePerson/first");
        arrayList.add("openid." + str + ".type.lastname=http://axschema.org/namePerson/last");
        arrayList.add("openid." + str + ".type.gender=http://axschema.org/person/gender");
        arrayList.add("openid." + str + ".required=email,fullname,language,firstname,lastname,gender");
        String buildQuery = Utils.buildQuery(arrayList);
        this.authQuery = buildQuery;
        return buildQuery;
    }

    String getAssocQuery() {
        if (this.assocQuery != null) {
            return this.assocQuery;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add("openid.ns=http://specs.openid.net/auth/2.0");
        arrayList.add("openid.mode=associate");
        arrayList.add("openid.session_type=no-encryption");
        arrayList.add("openid.assoc_type=HMAC-SHA1");
        String buildQuery = Utils.buildQuery(arrayList);
        this.assocQuery = buildQuery;
        return buildQuery;
    }
}
