package com.ibm.ws.security.openid20.consumer;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.openid20.OpenidClientConfig;
import com.ibm.ws.security.openid20.OpenidConstants;
import com.ibm.ws.security.openid20.TraceConstants;
import com.ibm.ws.security.openid20.internal.UserInfo;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.cxf.transport.https.HttpsURLConnectionFactory;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.DiscoveryException;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.discovery.Identifier;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.MessageException;
import org.openid4java.message.MessageExtension;
import org.openid4java.message.ax.FetchRequest;
import org.openid4java.message.ax.FetchResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.openid20_1.0.13.jar:com/ibm/ws/security/openid20/consumer/Utils.class */
public class Utils {
    static final TraceComponent tc = Tr.register(Utils.class);
    private OpenidClientConfig openidClientConfig;
    private int maxDiscoverRetry;
    static final long serialVersionUID = -3045025654373050675L;

    /* JADX INFO: Access modifiers changed from: package-private */
    public Utils(OpenidClientConfig openidClientConfig) {
        this.openidClientConfig = openidClientConfig;
        this.maxDiscoverRetry = openidClientConfig.getMaxDiscoverRetry();
    }

    public void verificationFailed(VerificationResult verificationResult, DiscoveryInformation discoveryInformation) throws IOException {
        String statusMsg = verificationResult.getStatusMsg();
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "verification result status message from ConsumerManager: ", statusMsg);
        }
        String str = null;
        Identifier claimedIdentifier = discoveryInformation.getClaimedIdentifier();
        if (claimedIdentifier != null) {
            str = claimedIdentifier.getIdentifier();
        }
        if (str != null) {
            Tr.error(tc, "OPENID_RP_NO_RESULT_ERR", str);
            if (statusMsg == null) {
                statusMsg = TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "OPENID_RP_NO_RESULT_ERR", new Object[]{str}, "CWWKS1506E: OpenID can not get a valid result for claim identifier {0}.");
            }
        } else {
            String url = discoveryInformation.getOPEndpoint().toString();
            Tr.error(tc, "OPENID_RP_CAN_NOT_ACCESS_OP", url);
            if (statusMsg == null) {
                statusMsg = TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "OPENID_RP_CAN_NOT_ACCESS_OP", new Object[]{url}, "CWWKS1511E: Cannot access the OpenID provider {0}");
            }
        }
        throw new IOException(statusMsg);
    }

    public String getOpEndPoint(DiscoveryInformation discoveryInformation, AuthSuccess authSuccess, Map<String, Object> map) {
        String opEndpoint = authSuccess.getOpEndpoint();
        if (opEndpoint == null) {
            opEndpoint = discoveryInformation.getOPEndpoint().toString();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Get OpEndPoint from discovered object =" + opEndpoint, new Object[0]);
            }
        }
        map.put("OpEndPoint", opEndpoint);
        return opEndpoint;
    }

    public String getReceivingUrl(HttpServletRequest httpServletRequest) {
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null && queryString.length() > 0) {
            requestURL.append("?").append(httpServletRequest.getQueryString());
        }
        return requestURL.toString();
    }

    public String resolveMapUserName(AuthSuccess authSuccess, Map<String, Object> map) {
        if (this.openidClientConfig.isUseClientIdentity()) {
            return getIdentityOrClaimedId(authSuccess);
        }
        String userMappingFromUserInfo = getUserMappingFromUserInfo(map);
        if (userMappingFromUserInfo == null) {
            userMappingFromUserInfo = getIdentityOrClaimedId(authSuccess);
        }
        return userMappingFromUserInfo;
    }

    protected String getUserMappingFromUserInfo(Map<String, Object> map) {
        ArrayList arrayList;
        List<UserInfo> userInfo = this.openidClientConfig.getUserInfo();
        if (userInfo == null || userInfo.isEmpty()) {
            return null;
        }
        String str = null;
        int searchNumberOfUserInfoToMap = this.openidClientConfig.getSearchNumberOfUserInfoToMap();
        for (int i = 0; i < searchNumberOfUserInfoToMap; i++) {
            String alias = userInfo.get(i).getAlias();
            if (alias != null && (arrayList = (ArrayList) map.get(alias)) != null) {
                str = (String) arrayList.get(0);
                if (str != null) {
                    break;
                }
            }
        }
        return str;
    }

    protected String getIdentityOrClaimedId(AuthSuccess authSuccess) {
        String identity = authSuccess.getIdentity();
        if (identity == null) {
            identity = authSuccess.getClaimed();
        }
        return identity;
    }

    public DiscoveryInformation discoverOpenID(ConsumerManager consumerManager, String str) throws IOException {
        DiscoveryInformation associate = consumerManager.associate(tryToDiscoverOpenID(consumerManager, str, null));
        if (this.openidClientConfig.ishttpsRequired()) {
            String protocol = associate.getOPEndpoint().getProtocol();
            if (!HttpsURLConnectionFactory.HTTPS_URL_PROTOCOL_ID.equals(protocol)) {
                Tr.error(tc, "OPENID_OP_URL_PROTOCOL_NOT_HTTPS", protocol);
                throw new IOException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "OPENID_OP_URL_PROTOCOL_NOT_HTTPS", new Object[]{protocol}, "CWWKS1510E: The relying party requires SSL but the openID provider URL protocol is {0}."));
            }
        }
        String version = associate.getVersion();
        if (!associate.isVersion2() && tc.isDebugEnabled()) {
            Tr.warning(tc, "OPENID_VERSION_NOT_TEST", version);
        }
        return associate;
    }

    protected List<?> tryToDiscoverOpenID(ConsumerManager consumerManager, String str, List<?> list) throws IOException {
        int i = 0;
        while (i < this.maxDiscoverRetry) {
            try {
                i++;
                list = consumerManager.discover(str);
                break;
            } catch (DiscoveryException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.openid20.consumer.Utils", "245", this, new Object[]{consumerManager, str, list});
                if (i == this.maxDiscoverRetry) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Hit maxDiscoverRetry (" + i + ") allowed to discover...", new Object[0]);
                    }
                    Tr.error(tc, "OPENID_RP_CAN_NOT_ACCESS_OP", str);
                    throw new IOException(e.getLocalizedMessage());
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Number call of discover(): " + i, new Object[0]);
        }
        return list;
    }

    public String createReturnToUrl(HttpServletRequest httpServletRequest, String str) throws IOException {
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        requestURL.append("?");
        requestURL.append(OpenidConstants.RP_REQUEST_IDENTIFIER).append("=").append(str);
        return requestURL.toString();
    }

    public String getRpRealm(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder(128);
        sb.append(httpServletRequest.getScheme());
        sb.append("://");
        sb.append(httpServletRequest.getServerName());
        int serverPort = httpServletRequest.getServerPort();
        if (serverPort != 80 && serverPort != 443) {
            sb.append(":");
            sb.append(httpServletRequest.getServerPort());
        }
        sb.append(httpServletRequest.getContextPath());
        return sb.toString();
    }

    public void addUserInfoAttributes(AuthRequest authRequest) throws Exception {
        FetchRequest createFetchRequest = FetchRequest.createFetchRequest();
        ArrayList arrayList = (ArrayList) this.openidClientConfig.getUserInfo();
        if (arrayList == null || arrayList.isEmpty()) {
            return;
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            UserInfo userInfo = (UserInfo) it.next();
            createFetchRequest.addAttribute(userInfo.getAlias(), userInfo.getType(), userInfo.getRequired(), userInfo.getCount());
        }
        authRequest.addExtension(createFetchRequest);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v14, types: [java.util.Map] */
    public Map<String, Object> receiveUserInfoAttributes(AuthSuccess authSuccess) throws IOException {
        HashMap hashMap = new HashMap();
        if (authSuccess.hasExtension("http://openid.net/srv/ax/1.0")) {
            try {
                MessageExtension extension = authSuccess.getExtension("http://openid.net/srv/ax/1.0");
                if (extension instanceof FetchResponse) {
                    hashMap = ((FetchResponse) extension).getAttributes();
                }
            } catch (MessageException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.openid20.consumer.Utils", "333", this, new Object[]{authSuccess});
                throw new IOException(e.getLocalizedMessage());
            }
        }
        return hashMap;
    }

    public String getRealmName(OpenidClientConfig openidClientConfig, Map<String, Object> map) {
        ArrayList arrayList;
        String str = null;
        String realmIdentifier = openidClientConfig.getRealmIdentifier();
        if (realmIdentifier != null && !realmIdentifier.isEmpty() && (arrayList = (ArrayList) map.get(realmIdentifier)) != null && !arrayList.isEmpty()) {
            str = (String) arrayList.get(0);
        }
        return str;
    }

    public ArrayList<String> getGroups(OpenidClientConfig openidClientConfig, Map<String, Object> map, String str) {
        ArrayList<String> arrayList = new ArrayList<>();
        String groupIdentifier = openidClientConfig.getGroupIdentifier();
        if (groupIdentifier != null) {
            ArrayList<String> arrayList2 = (ArrayList) map.get(groupIdentifier);
            if (str == null || str.isEmpty()) {
                return arrayList2;
            }
            if (arrayList2 != null && !arrayList2.isEmpty()) {
                Iterator<String> it = arrayList2.iterator();
                while (it.hasNext()) {
                    arrayList.add(new StringBuffer("group:").append(str).append("/").append((Object) it.next()).toString());
                }
            }
        }
        return arrayList;
    }
}
