package org.intermine.web.logic.login;

import java.io.IOException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.expressme.openid.Association;
import org.expressme.openid.Authentication;
import org.expressme.openid.Endpoint;
import org.expressme.openid.OpenIdException;
import org.expressme.openid.OpenIdManager;
import org.intermine.api.profile.Profile;
import org.intermine.api.profile.ProfileManager;
import org.intermine.web.logic.Constants;
import org.intermine.web.logic.profile.LoginHandler;
import org.intermine.web.logic.session.SessionMethods;

/* loaded from: input_file:org/intermine/web/logic/login/OpenIDAuthenticator.class */
public class OpenIDAuthenticator extends HttpServlet {
    private static final long serialVersionUID = -3591074522737892280L;
    static final long ONE_HOUR = 3600000;
    static final long TWO_HOUR = 7200000;
    static final String ATTR_MAC = "openid_mac";
    static final String ATTR_ALIAS = "openid_alias";
    static final String PARAM_NONCE = "openid.response_nonce";
    static final String PARAM_PROVIDER = "provider";
    static final Set<String> NONCES = new HashSet();
    private String loginUrl;
    private String returnTo;
    private OpenIdManager manager;
    private ProfileManager profileManager;

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        this.manager = new OpenIdManager();
        ServletContext servletContext = servletConfig.getServletContext();
        Properties webProperties = SessionMethods.getWebProperties(servletContext);
        String property = webProperties.getProperty("webapp.baseurl");
        String property2 = webProperties.getProperty("webapp.path");
        this.manager.setRealm(property);
        this.returnTo = property + "/" + property2 + "/openid";
        this.manager.setReturnTo(this.returnTo);
        this.profileManager = SessionMethods.getInterMineAPI(servletContext).getProfileManager();
        this.loginUrl = property + "/" + property2 + "/mymine.do";
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter(PARAM_PROVIDER);
        if (parameter != null) {
            Endpoint lookupEndpoint = this.manager.lookupEndpoint(parameter);
            httpServletRequest.getSession().setAttribute(Constants.PROVIDER, parameter);
            Association lookupAssociation = this.manager.lookupAssociation(lookupEndpoint);
            httpServletRequest.getSession().setAttribute(ATTR_MAC, lookupAssociation.getRawMacKey());
            httpServletRequest.getSession().setAttribute(ATTR_ALIAS, lookupEndpoint.getAlias());
            httpServletResponse.sendRedirect(this.manager.getAuthenticationUrl(lookupEndpoint, lookupAssociation));
            return;
        }
        checkNonce(httpServletRequest.getParameter(PARAM_NONCE));
        Authentication authentication = this.manager.getAuthentication(httpServletRequest, (byte[]) httpServletRequest.getSession().getAttribute(ATTR_MAC), (String) httpServletRequest.getSession().getAttribute(ATTR_ALIAS));
        String email = authentication.getEmail();
        String fullname = authentication.getFullname();
        HttpSession session = httpServletRequest.getSession();
        if (fullname != null) {
            session.setAttribute(Constants.USERNAME, fullname);
        } else {
            session.setAttribute(Constants.USERNAME, email);
        }
        String identity = authentication.getIdentity();
        if (!this.profileManager.hasProfile(identity)) {
            this.profileManager.createProfile(new Profile(this.profileManager, identity, (Integer) null, (String) null, new HashMap(), new HashMap(), new HashMap(), (String) null, false, false));
        }
        LoginHandler.doStaticLogin(httpServletRequest, identity, null);
        httpServletResponse.sendRedirect(this.loginUrl);
    }

    private void checkNonce(String str) {
        if (str == null || str.length() < 20) {
            throw new OpenIdException("Verify failed - bad nonce");
        }
        if (NONCES.contains(str)) {
            throw new OpenIdException("Verify failed - nonce has previously been used");
        }
        long currentTimeMillis = System.currentTimeMillis() - getNonceTime(str);
        if (currentTimeMillis < 0) {
            currentTimeMillis = -currentTimeMillis;
        }
        if (currentTimeMillis > ONE_HOUR) {
            throw new OpenIdException("Verify failed - expired nonce");
        }
        NONCES.add(str);
    }

    private long getNonceTime(String str) {
        try {
            return new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ").parse(str.substring(0, 19) + "+0000").getTime();
        } catch (ParseException e) {
            throw new OpenIdException("Bad nonce time.");
        }
    }
}
