package org.sonar.plugins.openid;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import java.net.URL;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.openid4java.association.Association;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.InMemoryConsumerAssociationStore;
import org.openid4java.consumer.InMemoryNonceVerifier;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.Discovery;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.ParameterList;
import org.openid4java.message.ax.AxMessage;
import org.openid4java.message.ax.FetchRequest;
import org.openid4java.message.ax.FetchResponse;
import org.openid4java.message.sreg.SRegMessage;
import org.openid4java.message.sreg.SRegRequest;
import org.openid4java.message.sreg.SRegResponse;
import org.slf4j.LoggerFactory;
import org.sonar.api.ServerExtension;
import org.sonar.api.config.Settings;
import org.sonar.api.security.UserDetails;
import org.sonar.plugins.openid.api.OpenIdExtension;
import org.sonar.plugins.openid.api.OpenIdUtils;

/* loaded from: input_file:org/sonar/plugins/openid/OpenIdClient.class */
public class OpenIdClient implements ServerExtension {
    public static final String PROPERTY_SONAR_URL = "sonar.openid.sonarServerUrl";
    public static final String PROPERTY_OPENID_URL = "sonar.openid.providerUrl";
    static final String AX_ATTR_EMAIL = "email";
    static final String SREG_ATTR_EMAIL = "email";
    static final String SREG_ATTR_FULLNAME = "fullname";
    static final String AX_ATTR_FIRSTNAME = "firstName";
    static final String AX_ATTR_LASTNAME = "lastName";
    private Settings settings;
    private ConsumerManager manager;
    private DiscoveryInformation discoveryInfo;
    private String returnToUrl;
    private List<OpenIdExtension> extensions;

    public OpenIdClient(Settings settings) {
        this(settings, Collections.emptyList());
    }

    public OpenIdClient(Settings settings, List<OpenIdExtension> list) {
        this.settings = settings;
        this.extensions = list;
    }

    @VisibleForTesting
    OpenIdClient setConsumerManager(ConsumerManager consumerManager) {
        this.manager = consumerManager;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public String getReturnToUrl() {
        return this.returnToUrl;
    }

    @VisibleForTesting
    public DiscoveryInformation getDiscoveryInfo() {
        return this.discoveryInfo;
    }

    public void start() {
        initManager();
        initDiscoveryInfo();
        initReturnToUrl();
    }

    @VisibleForTesting
    void initReturnToUrl() {
        String string = this.settings.getString(PROPERTY_SONAR_URL);
        Preconditions.checkArgument(StringUtils.isNotBlank(string), "Property sonar.openid.sonarServerUrl is missing");
        Preconditions.checkArgument(!string.contains("?"), "Property sonar.openid.sonarServerUrl must not contain the character ?");
        Preconditions.checkArgument(!StringUtils.endsWith(string, "/"), "Property sonar.openid.sonarServerUrl must not end with with slash /");
        this.returnToUrl = string + "/openid/validate";
    }

    @VisibleForTesting
    void initDiscoveryInfo() {
        String string = this.settings.getString(PROPERTY_OPENID_URL);
        Preconditions.checkState(!Strings.isNullOrEmpty(string), "Property sonar.openid.providerUrl is missing");
        try {
            List discover = new Discovery().discover(string);
            if (discover == null || discover.isEmpty()) {
                this.discoveryInfo = new DiscoveryInformation(new URL(string));
            } else {
                this.discoveryInfo = (DiscoveryInformation) discover.get(0);
            }
        } catch (Exception e) {
            throw new IllegalStateException("Fail to discover OpenID endpoint: " + string, e);
        }
    }

    private void initManager() {
        this.manager = new ConsumerManager();
        this.manager.setAssociations(new InMemoryConsumerAssociationStore());
        this.manager.setNonceVerifier(new InMemoryNonceVerifier(5000));
        this.manager.getRealmVerifier().setEnforceRpId(false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthRequest createAuthenticationRequest() {
        try {
            AuthRequest authenticate = this.manager.authenticate(this.discoveryInfo, this.returnToUrl);
            FetchRequest createFetchRequest = FetchRequest.createFetchRequest();
            createFetchRequest.addAttribute("email", "http://schema.openid.net/contact/email", true);
            createFetchRequest.addAttribute(AX_ATTR_FIRSTNAME, "http://axschema.org/namePerson/first", true);
            createFetchRequest.addAttribute(AX_ATTR_LASTNAME, "http://axschema.org/namePerson/last", true);
            authenticate.addExtension(createFetchRequest);
            SRegRequest createFetchRequest2 = SRegRequest.createFetchRequest();
            createFetchRequest2.addAttribute(SREG_ATTR_FULLNAME, true);
            createFetchRequest2.addAttribute("email", true);
            authenticate.addExtension(createFetchRequest2);
            for (OpenIdExtension openIdExtension : this.extensions) {
                LoggerFactory.getLogger(OpenIdClient.class).debug("Call {}#doOnRequest()", openIdExtension.getClass().getName());
                openIdExtension.doOnRequest(authenticate);
            }
            return authenticate;
        } catch (Exception e) {
            throw new IllegalStateException("Fail to create OpenID authentication request", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserDetails verify(String str, ParameterList parameterList) {
        UserDetails userDetails = null;
        try {
            VerificationResult verify = this.manager.verify(str, parameterList, this.discoveryInfo);
            if (verify.getVerifiedId() == null) {
                LoggerFactory.getLogger(OpenIdClient.class).warn("Fail to verify OpenId request: " + verify.getStatusMsg());
            } else {
                AuthSuccess authSuccess = (AuthSuccess) verify.getAuthResponse();
                if (authSuccess == null) {
                    throw new IllegalStateException("The OpenId response message is missing");
                }
                boolean z = true;
                Iterator<OpenIdExtension> it = this.extensions.iterator();
                while (it.hasNext()) {
                    z &= it.next().doVerifyResponse(authSuccess);
                }
                if (z) {
                    userDetails = toUser(authSuccess);
                }
            }
            return userDetails;
        } catch (Exception e) {
            throw new IllegalStateException("Fail to verify OpenID request", e);
        }
    }

    static UserDetails toUser(AuthSuccess authSuccess) {
        try {
            String str = null;
            String str2 = null;
            SRegResponse sRegResponse = (SRegResponse) OpenIdUtils.getMessageAs(SRegResponse.class, authSuccess, SRegMessage.OPENID_NS_SREG);
            if (sRegResponse != null) {
                str = sRegResponse.getAttributeValue(SREG_ATTR_FULLNAME);
                str2 = sRegResponse.getAttributeValue("email");
            }
            FetchResponse fetchResponse = (FetchResponse) OpenIdUtils.getMessageAs(FetchResponse.class, authSuccess, AxMessage.OPENID_NS_AX);
            if (fetchResponse != null) {
                if (str == null) {
                    String attributeValue = fetchResponse.getAttributeValue(AX_ATTR_FIRSTNAME);
                    String attributeValue2 = fetchResponse.getAttributeValue(AX_ATTR_LASTNAME);
                    if (attributeValue != null && attributeValue2 != null) {
                        str = attributeValue + Association.FAILED_ASSOC_HANDLE + attributeValue2;
                    }
                }
                if (str2 == null) {
                    str2 = fetchResponse.getAttributeValue("email");
                }
            }
            UserDetails userDetails = null;
            if (!Strings.isNullOrEmpty(str)) {
                userDetails = new UserDetails();
                userDetails.setName(str);
                userDetails.setEmail(str2);
            }
            return userDetails;
        } catch (Exception e) {
            throw new IllegalStateException("Fail to read openId response", e);
        }
    }
}
