package org.openid4java.server;

import java.net.MalformedURLException;
import java.net.URL;
import org.apache.log4j.Logger;
import org.openid4java.OpenIDException;
import org.openid4java.association.Association;
import org.openid4java.association.AssociationException;
import org.openid4java.association.AssociationSessionType;
import org.openid4java.association.DiffieHellmanSession;
import org.openid4java.message.AssociationError;
import org.openid4java.message.AssociationRequest;
import org.openid4java.message.AssociationResponse;
import org.openid4java.message.AuthFailure;
import org.openid4java.message.AuthImmediateFailure;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.DirectError;
import org.openid4java.message.IndirectError;
import org.openid4java.message.Message;
import org.openid4java.message.ParameterList;
import org.openid4java.message.VerifyRequest;
import org.openid4java.message.VerifyResponse;

/* loaded from: input_file:WEB-INF/lib/openid4java-0.9.3.jar:org/openid4java/server/ServerManager.class */
public class ServerManager {
    private static Logger _log;
    private static final boolean DEBUG;
    private String _signFields;
    private String[] _signExtensions;
    private String _opEndpointUrl;
    static Class class$org$openid4java$server$ServerManager;
    private ServerAssociationStore _sharedAssociations = new InMemoryServerAssociationStore();
    private ServerAssociationStore _privateAssociations = new InMemoryServerAssociationStore();
    private NonceGenerator _nonceGenerator = new IncrementalNonceGenerator();
    private AssociationSessionType _minAssocSessEnc = AssociationSessionType.NO_ENCRYPTION_SHA1MAC;
    private AssociationSessionType _prefAssocSessEnc = AssociationSessionType.DH_SHA256;
    private int _expireIn = 1800;
    private String _userSetupUrl = null;
    private RealmVerifier _realmVerifier = new RealmVerifier();

    public ServerAssociationStore getSharedAssociations() {
        return this._sharedAssociations;
    }

    public void setSharedAssociations(ServerAssociationStore serverAssociationStore) {
        this._sharedAssociations = serverAssociationStore;
    }

    public ServerAssociationStore getPrivateAssociations() {
        return this._privateAssociations;
    }

    public void setPrivateAssociations(ServerAssociationStore serverAssociationStore) {
        this._privateAssociations = serverAssociationStore;
    }

    public AssociationSessionType getMinAssocSessEnc() {
        return this._minAssocSessEnc;
    }

    public NonceGenerator getNonceGenerator() {
        return this._nonceGenerator;
    }

    public void setNonceGenerator(NonceGenerator nonceGenerator) {
        this._nonceGenerator = nonceGenerator;
    }

    public void setMinAssocSessEnc(AssociationSessionType associationSessionType) {
        this._minAssocSessEnc = associationSessionType;
    }

    public AssociationSessionType getPrefAssocSessEnc() {
        return this._prefAssocSessEnc;
    }

    public void setPrefAssocSessEnc(AssociationSessionType associationSessionType) throws ServerException {
        if (!Association.isHmacSupported(associationSessionType.getAssociationType()) || !DiffieHellmanSession.isDhSupported(associationSessionType)) {
            throw new ServerException(new StringBuffer().append("Unsupported association / session type: ").append(associationSessionType.getSessionType()).append(" : ").append(associationSessionType.getAssociationType()).toString());
        }
        if (this._minAssocSessEnc.isBetter(associationSessionType)) {
            throw new ServerException("Minimum encryption settings cannot be better than the preferred");
        }
        this._prefAssocSessEnc = associationSessionType;
    }

    public int getExpireIn() {
        return this._expireIn;
    }

    public void setExpireIn(int i) {
        this._expireIn = i;
    }

    public String getUserSetupUrl() {
        return this._userSetupUrl;
    }

    public void setUserSetupUrl(String str) {
        this._userSetupUrl = str;
    }

    public void setSignFields(String str) {
        this._signFields = str;
    }

    public String getSignFields() {
        return this._signFields;
    }

    public void setSignExtensions(String[] strArr) {
        this._signExtensions = strArr;
    }

    public String[] getSignExtensions() {
        return this._signExtensions;
    }

    public RealmVerifier getRealmVerifier() {
        return this._realmVerifier;
    }

    public void setRealmVerifier(RealmVerifier realmVerifier) {
        this._realmVerifier = realmVerifier;
    }

    public String getOPEndpointUrl() {
        return this._opEndpointUrl;
    }

    public void setOPEndpointUrl(String str) {
        this._opEndpointUrl = str;
    }

    public Message associationResponse(ParameterList parameterList) {
        boolean hasParameter = parameterList.hasParameter("openid.ns");
        _log.info("Processing association request...");
        try {
            AssociationRequest createAssociationRequest = AssociationRequest.createAssociationRequest(parameterList);
            createAssociationRequest.isVersion2();
            AssociationSessionType type = createAssociationRequest.getType();
            if (!Association.isHmacSupported(type.getAssociationType()) || !DiffieHellmanSession.isDhSupported(type) || this._minAssocSessEnc.isBetter(type)) {
                throw new AssociationException(new StringBuffer().append("Unable create association for: ").append(type.getSessionType()).append(" / ").append(type.getAssociationType()).toString());
            }
            Association generate = this._sharedAssociations.generate(type.getAssociationType(), this._expireIn);
            _log.info(new StringBuffer().append("Returning shared association; handle: ").append(generate.getHandle()).toString());
            return AssociationResponse.createAssociationResponse(createAssociationRequest, generate);
        } catch (OpenIDException e) {
            if (hasParameter) {
                _log.warn("Cannot establish association, responding with an OpenID2 association error.", e);
                return AssociationError.createAssociationError(e.getMessage(), this._prefAssocSessEnc);
            }
            _log.warn("Error processing an OpenID1 association request; responding with a dummy association", e);
            try {
                return AssociationResponse.createAssociationResponse(AssociationRequest.createAssociationRequest(AssociationSessionType.NO_ENCRYPTION_COMPAT_SHA1MAC), this._sharedAssociations.generate(Association.TYPE_HMAC_SHA1, 0));
            } catch (OpenIDException e2) {
                _log.error("Error creating negative OpenID1 association response.", e);
                return null;
            }
        }
    }

    public Message authResponse(ParameterList parameterList, String str, String str2, boolean z) {
        return authResponse(parameterList, str, str2, z, this._opEndpointUrl, true);
    }

    public Message authResponse(ParameterList parameterList, String str, String str2, boolean z, boolean z2) {
        return authResponse(parameterList, str, str2, z, this._opEndpointUrl, z2);
    }

    public Message authResponse(ParameterList parameterList, String str, String str2, boolean z, String str3) {
        return authResponse(parameterList, str, str2, z, str3, true);
    }

    public Message authResponse(ParameterList parameterList, String str, String str2, boolean z, String str3, boolean z2) {
        String identity;
        String claimed;
        _log.info("Processing authentication request...");
        try {
            new URL(str3);
            try {
                AuthRequest createAuthRequest = AuthRequest.createAuthRequest(parameterList, this._realmVerifier);
                boolean isVersion2 = createAuthRequest.isVersion2();
                if (createAuthRequest.getReturnTo() == null) {
                    _log.error("Received valid auth request, but no return_to specified; authResponse() should not be called.");
                    return null;
                }
                if (AuthRequest.SELECT_ID.equals(createAuthRequest.getIdentity())) {
                    identity = str;
                    claimed = str2;
                } else {
                    identity = str != null ? str : createAuthRequest.getIdentity();
                    claimed = str2 != null ? str2 : createAuthRequest.getClaimed();
                }
                if (identity == null) {
                    throw new ServerException("No identifier provided by the authntication requestor by the OpenID Provider");
                }
                if (DEBUG) {
                    _log.debug(new StringBuffer().append("Using ClaimedID: ").append(claimed).append(" OP-specific ID: ").append(identity).toString());
                }
                if (!z) {
                    if (createAuthRequest.isImmediate()) {
                        _log.error(new StringBuffer().append("Responding with immediate authentication failure to ").append(createAuthRequest.getReturnTo()).toString());
                        return AuthImmediateFailure.createAuthImmediateFailure(this._userSetupUrl, createAuthRequest.getReturnTo(), !isVersion2);
                    }
                    _log.error(new StringBuffer().append("Responding with authentication failure to ").append(createAuthRequest.getReturnTo()).toString());
                    return new AuthFailure(!isVersion2, createAuthRequest.getReturnTo());
                }
                Association association = null;
                String handle = createAuthRequest.getHandle();
                String str4 = null;
                if (handle != null) {
                    association = this._sharedAssociations.load(handle);
                    if (association == null) {
                        _log.info(new StringBuffer().append("Invalidating handle: ").append(handle).toString());
                        str4 = handle;
                    } else {
                        _log.info(new StringBuffer().append("Loaded shared association; handle: ").append(handle).toString());
                    }
                }
                if (association == null) {
                    association = this._privateAssociations.generate(this._prefAssocSessEnc.getAssociationType(), this._expireIn);
                    _log.info(new StringBuffer().append("Generated private association; handle: ").append(association.getHandle()).toString());
                }
                AuthSuccess createAuthSuccess = AuthSuccess.createAuthSuccess(str3, claimed, identity, !isVersion2, createAuthRequest.getReturnTo(), isVersion2 ? this._nonceGenerator.next() : null, str4, association, false);
                if (this._signFields != null) {
                    createAuthSuccess.setSignFields(this._signFields);
                }
                if (this._signExtensions != null) {
                    createAuthSuccess.setSignExtensions(this._signExtensions);
                }
                if (z2) {
                    createAuthSuccess.setSignature(association.sign(createAuthSuccess.getSignedText()));
                }
                _log.info(new StringBuffer().append("Returning positive assertion for ").append(createAuthSuccess.getReturnTo()).toString());
                return createAuthSuccess;
            } catch (OpenIDException e) {
                if (parameterList.hasParameter("openid.return_to")) {
                    _log.error("Error processing an authentication request; responding with an indirect error message.", e);
                    return IndirectError.createIndirectError(e.getMessage(), parameterList.getParameterValue("openid.return_to"), 1 == 0);
                }
                _log.error("Error processing an authentication request; responding with an direct error message.", e);
                return DirectError.createDirectError(e.getMessage(), true);
            }
        } catch (MalformedURLException e2) {
            _log.error(new StringBuffer().append("Invalid OP-endpoint configured; cannot issue OpenID authentication responses.").append(str3).toString());
            return DirectError.createDirectError("Invalid OpenID Provider endpoint URL; cannot issue authentication response", true);
        }
    }

    public void sign(Message message) throws ServerException, AssociationException {
        if (!(message instanceof AuthSuccess)) {
            throw new ServerException(new StringBuffer().append("Cannot sign message of type: ").append(message.getClass()).toString());
        }
        AuthSuccess authSuccess = (AuthSuccess) message;
        String handle = authSuccess.getHandle();
        Association load = this._sharedAssociations.load(handle);
        if (load == null) {
            load = this._privateAssociations.load(handle);
        }
        if (load == null) {
            throw new ServerException(new StringBuffer().append("No association found for handle: ").append(handle).toString());
        }
        authSuccess.setSignature(load.sign(authSuccess.getSignedText()));
    }

    public Message verify(ParameterList parameterList) {
        _log.info("Processing verification request...");
        boolean z = true;
        try {
            VerifyRequest createVerifyRequest = VerifyRequest.createVerifyRequest(parameterList);
            z = createVerifyRequest.isVersion2();
            String handle = createVerifyRequest.getHandle();
            boolean z2 = false;
            Association load = this._privateAssociations.load(handle);
            if (load != null) {
                _log.info(new StringBuffer().append("Loaded private association; handle: ").append(handle).toString());
                z2 = load.verifySignature(createVerifyRequest.getSignedText(), createVerifyRequest.getSignature());
                this._privateAssociations.remove(handle);
            }
            VerifyResponse createVerifyResponse = VerifyResponse.createVerifyResponse(!createVerifyRequest.isVersion2());
            createVerifyResponse.setSignatureVerified(z2);
            if (z2) {
                String invalidateHandle = createVerifyRequest.getInvalidateHandle();
                if (invalidateHandle != null && this._sharedAssociations.load(invalidateHandle) == null) {
                    _log.info(new StringBuffer().append("Confirming shared association invalidate handle: ").append(invalidateHandle).toString());
                    createVerifyResponse.setInvalidateHandle(invalidateHandle);
                }
            } else {
                _log.error(new StringBuffer().append("Signature verification failed, handle: ").append(handle).toString());
            }
            _log.info(new StringBuffer().append("Responding with ").append(z2 ? "positive" : "negative").append(" verification response").toString());
            return createVerifyResponse;
        } catch (OpenIDException e) {
            _log.error("Error processing verification request; responding with verificatioin error.", e);
            return DirectError.createDirectError(e.getMessage(), !z);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$openid4java$server$ServerManager == null) {
            cls = class$("org.openid4java.server.ServerManager");
            class$org$openid4java$server$ServerManager = cls;
        } else {
            cls = class$org$openid4java$server$ServerManager;
        }
        _log = Logger.getLogger(cls);
        DEBUG = _log.isDebugEnabled();
    }
}
