package org.springframework.security.openid;

import ch.qos.logback.classic.spi.CallerData;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.openid4java.association.AssociationException;
import org.openid4java.consumer.ConsumerException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.DiscoveryException;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.discovery.Identifier;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.Message;
import org.openid4java.message.MessageException;
import org.openid4java.message.MessageExtension;
import org.openid4java.message.ParameterList;
import org.openid4java.message.ax.AxMessage;
import org.openid4java.message.ax.FetchRequest;
import org.openid4java.message.ax.FetchResponse;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-security-openid-5.0.7.RELEASE.jar:org/springframework/security/openid/OpenID4JavaConsumer.class */
public class OpenID4JavaConsumer implements OpenIDConsumer {
    private static final String DISCOVERY_INFO_KEY = DiscoveryInformation.class.getName();
    private static final String ATTRIBUTE_LIST_KEY = "SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST";
    protected final Log logger;
    private final ConsumerManager consumerManager;
    private final AxFetchListFactory attributesToFetchFactory;

    public OpenID4JavaConsumer() throws ConsumerException {
        this(new ConsumerManager(), new NullAxFetchListFactory());
    }

    public OpenID4JavaConsumer(AxFetchListFactory axFetchListFactory) throws ConsumerException {
        this(new ConsumerManager(), axFetchListFactory);
    }

    public OpenID4JavaConsumer(ConsumerManager consumerManager, AxFetchListFactory axFetchListFactory) throws ConsumerException {
        this.logger = LogFactory.getLog(getClass());
        this.consumerManager = consumerManager;
        this.attributesToFetchFactory = axFetchListFactory;
    }

    @Override // org.springframework.security.openid.OpenIDConsumer
    public String beginConsumption(HttpServletRequest httpServletRequest, String str, String str2, String str3) throws OpenIDConsumerException {
        try {
            DiscoveryInformation associate = this.consumerManager.associate(this.consumerManager.discover(str));
            httpServletRequest.getSession().setAttribute(DISCOVERY_INFO_KEY, associate);
            try {
                AuthRequest authenticate = this.consumerManager.authenticate(associate, str2, str3);
                this.logger.debug("Looking up attribute fetch list for identifier: " + str);
                List<OpenIDAttribute> createAttributeList = this.attributesToFetchFactory.createAttributeList(str);
                if (!createAttributeList.isEmpty()) {
                    httpServletRequest.getSession().setAttribute(ATTRIBUTE_LIST_KEY, createAttributeList);
                    FetchRequest createFetchRequest = FetchRequest.createFetchRequest();
                    for (OpenIDAttribute openIDAttribute : createAttributeList) {
                        if (this.logger.isDebugEnabled()) {
                            this.logger.debug("Adding attribute " + openIDAttribute.getType() + " to fetch request");
                        }
                        createFetchRequest.addAttribute(openIDAttribute.getName(), openIDAttribute.getType(), openIDAttribute.isRequired(), openIDAttribute.getCount());
                    }
                    authenticate.addExtension(createFetchRequest);
                }
                return authenticate.getDestinationUrl(true);
            } catch (ConsumerException e) {
                throw new OpenIDConsumerException("Error processing ConsumerManager authentication", e);
            } catch (MessageException e2) {
                throw new OpenIDConsumerException("Error processing ConsumerManager authentication", e2);
            }
        } catch (DiscoveryException e3) {
            throw new OpenIDConsumerException("Error during discovery", e3);
        }
    }

    @Override // org.springframework.security.openid.OpenIDConsumer
    public OpenIDAuthenticationToken endConsumption(HttpServletRequest httpServletRequest) throws OpenIDConsumerException {
        ParameterList parameterList = new ParameterList(httpServletRequest.getParameterMap());
        DiscoveryInformation discoveryInformation = (DiscoveryInformation) httpServletRequest.getSession().getAttribute(DISCOVERY_INFO_KEY);
        if (discoveryInformation == null) {
            throw new OpenIDConsumerException("DiscoveryInformation is not available. Possible causes are lost session or replay attack");
        }
        List<OpenIDAttribute> list = (List) httpServletRequest.getSession().getAttribute(ATTRIBUTE_LIST_KEY);
        httpServletRequest.getSession().removeAttribute(DISCOVERY_INFO_KEY);
        httpServletRequest.getSession().removeAttribute(ATTRIBUTE_LIST_KEY);
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        if (StringUtils.hasLength(httpServletRequest.getQueryString())) {
            requestURL.append(CallerData.NA).append(httpServletRequest.getQueryString());
        }
        try {
            VerificationResult verify = this.consumerManager.verify(requestURL.toString(), parameterList, discoveryInformation);
            Identifier verifiedId = verify.getVerifiedId();
            if (verifiedId != null) {
                return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, verifiedId.getIdentifier(), "some message", fetchAxAttributes(verify.getAuthResponse(), list));
            }
            Identifier claimedIdentifier = discoveryInformation.getClaimedIdentifier();
            return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, claimedIdentifier == null ? "Unknown" : claimedIdentifier.getIdentifier(), "Verification status message: [" + verify.getStatusMsg() + "]", (List<OpenIDAttribute>) Collections.emptyList());
        } catch (AssociationException e) {
            throw new OpenIDConsumerException("Error verifying openid response", e);
        } catch (DiscoveryException e2) {
            throw new OpenIDConsumerException("Error verifying openid response", e2);
        } catch (MessageException e3) {
            throw new OpenIDConsumerException("Error verifying openid response", e3);
        }
    }

    List<OpenIDAttribute> fetchAxAttributes(Message message, List<OpenIDAttribute> list) throws OpenIDConsumerException {
        if (list == null || !message.hasExtension(AxMessage.OPENID_NS_AX)) {
            return Collections.emptyList();
        }
        this.logger.debug("Extracting attributes retrieved by attribute exchange");
        List<OpenIDAttribute> emptyList = Collections.emptyList();
        try {
            MessageExtension extension = message.getExtension(AxMessage.OPENID_NS_AX);
            if (extension instanceof FetchResponse) {
                FetchResponse fetchResponse = (FetchResponse) extension;
                emptyList = new ArrayList(list.size());
                for (OpenIDAttribute openIDAttribute : list) {
                    List attributeValues = fetchResponse.getAttributeValues(openIDAttribute.getName());
                    if (!attributeValues.isEmpty()) {
                        OpenIDAttribute openIDAttribute2 = new OpenIDAttribute(openIDAttribute.getName(), openIDAttribute.getType(), attributeValues);
                        openIDAttribute2.setRequired(openIDAttribute.isRequired());
                        emptyList.add(openIDAttribute2);
                    }
                }
            }
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Retrieved attributes" + emptyList);
            }
            return emptyList;
        } catch (MessageException e) {
            throw new OpenIDConsumerException("Attribute retrieval failed", e);
        }
    }
}
