package org.openid4java.server;

import java.net.MalformedURLException;
import java.net.URL;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.openid4java.OpenIDException;
import org.openid4java.association.Association;
import org.openid4java.association.AssociationException;
import org.openid4java.association.AssociationSessionType;
import org.openid4java.association.DiffieHellmanSession;
import org.openid4java.message.AssociationError;
import org.openid4java.message.AssociationRequest;
import org.openid4java.message.AssociationResponse;
import org.openid4java.message.AuthFailure;
import org.openid4java.message.AuthImmediateFailure;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.DirectError;
import org.openid4java.message.IndirectError;
import org.openid4java.message.Message;
import org.openid4java.message.MessageException;
import org.openid4java.message.ParameterList;
import org.openid4java.message.VerifyRequest;
import org.openid4java.message.VerifyResponse;

/* loaded from: classes.dex */
public class ServerManager {
    private String _opEndpointUrl;
    private String[] _signExtensions;
    private String _signFields;
    private static Log _log = LogFactory.getLog(ServerManager.class);
    private static final boolean DEBUG = _log.isDebugEnabled();
    private ServerAssociationStore _sharedAssociations = new InMemoryServerAssociationStore();
    private ServerAssociationStore _privateAssociations = new InMemoryServerAssociationStore();
    private NonceGenerator _nonceGenerator = new IncrementalNonceGenerator();
    private AssociationSessionType _minAssocSessEnc = AssociationSessionType.NO_ENCRYPTION_SHA1MAC;
    private AssociationSessionType _prefAssocSessEnc = AssociationSessionType.DH_SHA256;
    private int _expireIn = 1800;
    private String _userSetupUrl = null;
    private RealmVerifier _realmVerifier = new RealmVerifier(true);

    public ServerManager() {
        this._realmVerifier.setEnforceRpId(false);
    }

    public Message associationResponse(ParameterList parameterList) {
        boolean hasParameter = parameterList.hasParameter("openid.ns");
        _log.info("Processing association request...");
        try {
            AssociationRequest createAssociationRequest = AssociationRequest.createAssociationRequest(parameterList);
            createAssociationRequest.isVersion2();
            AssociationSessionType type = createAssociationRequest.getType();
            if (!Association.isHmacSupported(type.getAssociationType()) || !DiffieHellmanSession.isDhSupported(type) || this._minAssocSessEnc.isBetter(type)) {
                throw new AssociationException("Unable create association for: " + type.getSessionType() + " / " + type.getAssociationType());
            }
            Association generate = this._sharedAssociations.generate(type.getAssociationType(), this._expireIn);
            _log.info("Returning shared association; handle: " + generate.getHandle());
            return AssociationResponse.createAssociationResponse(createAssociationRequest, generate);
        } catch (OpenIDException e) {
            if (hasParameter) {
                _log.warn("Cannot establish association, responding with an OpenID2 association error.", e);
                return AssociationError.createAssociationError(e.getMessage(), this._prefAssocSessEnc);
            }
            _log.warn("Error processing an OpenID1 association request: " + e.getMessage() + " Responding with a dummy association.", e);
            try {
                return AssociationResponse.createAssociationResponse(AssociationRequest.createAssociationRequest(AssociationSessionType.NO_ENCRYPTION_COMPAT_SHA1MAC), this._sharedAssociations.generate("HMAC-SHA1", 0));
            } catch (OpenIDException e2) {
                _log.error("Error creating negative OpenID1 association response.", e);
                return null;
            }
        }
    }

    public Message authResponse(AuthRequest authRequest, String str, String str2, boolean z) {
        return authResponse(authRequest, str, str2, z, this._opEndpointUrl, true);
    }

    public Message authResponse(AuthRequest authRequest, String str, String str2, boolean z, String str3) {
        return authResponse(authRequest, str, str2, z, str3, true);
    }

    public Message authResponse(AuthRequest authRequest, String str, String str2, boolean z, String str3, boolean z2) {
        String identity;
        String claimed;
        _log.info("Processing authentication request...");
        boolean isVersion2 = authRequest.isVersion2();
        try {
            new URL(str3);
            try {
                if (authRequest.getReturnTo() == null) {
                    _log.error("No return_to in the received (valid) auth request; returning null auth response.");
                    return null;
                }
                if (AuthRequest.SELECT_ID.equals(authRequest.getIdentity())) {
                    identity = str;
                    claimed = str2;
                } else {
                    identity = str != null ? str : authRequest.getIdentity();
                    claimed = str2 != null ? str2 : authRequest.getClaimed();
                }
                if (identity == null) {
                    throw new ServerException("No identifier provided by the authntication requestor by the OpenID Provider");
                }
                if (DEBUG) {
                    _log.debug("Using ClaimedID: " + claimed + " OP-specific ID: " + identity);
                }
                if (!z) {
                    if (!authRequest.isImmediate()) {
                        _log.error("Responding with authentication failure to " + authRequest.getReturnTo());
                        return new AuthFailure(!isVersion2, authRequest.getReturnTo());
                    }
                    _log.error("Responding with immediate authentication failure to " + authRequest.getReturnTo());
                    authRequest.setImmediate(false);
                    return AuthImmediateFailure.createAuthImmediateFailure(this._userSetupUrl + (this._userSetupUrl.indexOf("?") >= 0 ? "&" : "?") + authRequest.wwwFormEncoding(), authRequest.getReturnTo(), !isVersion2);
                }
                Association association = null;
                String handle = authRequest.getHandle();
                String str4 = null;
                if (handle != null) {
                    association = this._sharedAssociations.load(handle);
                    if (association == null) {
                        _log.info("Invalidating handle: " + handle);
                        str4 = handle;
                    } else {
                        _log.info("Loaded shared association; handle: " + handle);
                    }
                }
                if (association == null) {
                    association = this._privateAssociations.generate(this._prefAssocSessEnc.getAssociationType(), this._expireIn);
                    _log.info("Generated private association; handle: " + association.getHandle());
                }
                AuthSuccess createAuthSuccess = AuthSuccess.createAuthSuccess(str3, claimed, identity, !isVersion2, authRequest.getReturnTo(), isVersion2 ? this._nonceGenerator.next() : null, str4, association, false);
                if (this._signFields != null) {
                    createAuthSuccess.setSignFields(this._signFields);
                }
                if (this._signExtensions != null) {
                    createAuthSuccess.setSignExtensions(this._signExtensions);
                }
                if (z2) {
                    createAuthSuccess.setSignature(association.sign(createAuthSuccess.getSignedText()));
                }
                _log.info("Returning positive assertion for " + createAuthSuccess.getReturnTo());
                return createAuthSuccess;
            } catch (OpenIDException e) {
                if (authRequest.hasParameter("openid.return_to")) {
                    _log.error("Error processing authentication request; responding with an indirect error message.", e);
                    return IndirectError.createIndirectError(e, authRequest.getReturnTo(), !isVersion2);
                }
                _log.error("Error processing authentication request; responding with a direct error message.", e);
                return DirectError.createDirectError(e, !isVersion2);
            }
        } catch (MalformedURLException e2) {
            String str5 = "Invalid OP-endpoint configured; cannot issue authentication responses." + str3;
            _log.error(str5, e2);
            return DirectError.createDirectError(new ServerException(str5, e2), isVersion2);
        }
    }

    public Message authResponse(AuthRequest authRequest, String str, String str2, boolean z, boolean z2) {
        return authResponse(authRequest, str, str2, z, this._opEndpointUrl, z2);
    }

    public Message authResponse(ParameterList parameterList, String str, String str2, boolean z) {
        return authResponse(parameterList, str, str2, z, this._opEndpointUrl, true);
    }

    public Message authResponse(ParameterList parameterList, String str, String str2, boolean z, String str3) {
        return authResponse(parameterList, str, str2, z, str3, true);
    }

    public Message authResponse(ParameterList parameterList, String str, String str2, boolean z, String str3, boolean z2) {
        _log.info("Parsing authentication request...");
        boolean equals = Message.OPENID2_NS.equals(parameterList.getParameterValue("openid.ns"));
        try {
            return authResponse(AuthRequest.createAuthRequest(parameterList, this._realmVerifier), str, str2, z, str3, z2);
        } catch (MessageException e) {
            if (parameterList.hasParameter("openid.return_to")) {
                _log.error("Invalid authentication request; responding with an indirect error message.", e);
                return IndirectError.createIndirectError(e, parameterList.getParameterValue("openid.return_to"), !equals);
            }
            _log.error("Invalid authentication request; responding with a direct error message.", e);
            return DirectError.createDirectError(e, !equals);
        }
    }

    public Message authResponse(ParameterList parameterList, String str, String str2, boolean z, boolean z2) {
        return authResponse(parameterList, str, str2, z, this._opEndpointUrl, z2);
    }

    public boolean getEnforceRpId() {
        return this._realmVerifier.getEnforceRpId();
    }

    public int getExpireIn() {
        return this._expireIn;
    }

    public AssociationSessionType getMinAssocSessEnc() {
        return this._minAssocSessEnc;
    }

    public NonceGenerator getNonceGenerator() {
        return this._nonceGenerator;
    }

    public String getOPEndpointUrl() {
        return this._opEndpointUrl;
    }

    public AssociationSessionType getPrefAssocSessEnc() {
        return this._prefAssocSessEnc;
    }

    public ServerAssociationStore getPrivateAssociations() {
        return this._privateAssociations;
    }

    public RealmVerifier getRealmVerifier() {
        return this._realmVerifier;
    }

    public ServerAssociationStore getSharedAssociations() {
        return this._sharedAssociations;
    }

    public String[] getSignExtensions() {
        return this._signExtensions;
    }

    public String getSignFields() {
        return this._signFields;
    }

    public String getUserSetupUrl() {
        return this._userSetupUrl;
    }

    public void setEnforceRpId(boolean z) {
        this._realmVerifier.setEnforceRpId(z);
    }

    public void setExpireIn(int i) {
        this._expireIn = i;
    }

    public void setMinAssocSessEnc(AssociationSessionType associationSessionType) {
        this._minAssocSessEnc = associationSessionType;
    }

    public void setNonceGenerator(NonceGenerator nonceGenerator) {
        this._nonceGenerator = nonceGenerator;
    }

    public void setOPEndpointUrl(String str) {
        this._opEndpointUrl = str;
    }

    public void setPrefAssocSessEnc(AssociationSessionType associationSessionType) throws ServerException {
        if (!Association.isHmacSupported(associationSessionType.getAssociationType()) || !DiffieHellmanSession.isDhSupported(associationSessionType)) {
            throw new ServerException("Unsupported association / session type: " + associationSessionType.getSessionType() + " : " + associationSessionType.getAssociationType());
        }
        if (this._minAssocSessEnc.isBetter(associationSessionType)) {
            throw new ServerException("Minimum encryption settings cannot be better than the preferred");
        }
        this._prefAssocSessEnc = associationSessionType;
    }

    public void setPrivateAssociations(ServerAssociationStore serverAssociationStore) {
        this._privateAssociations = serverAssociationStore;
    }

    public void setRealmVerifier(RealmVerifier realmVerifier) {
        this._realmVerifier = realmVerifier;
    }

    public void setSharedAssociations(ServerAssociationStore serverAssociationStore) {
        this._sharedAssociations = serverAssociationStore;
    }

    public void setSignExtensions(String[] strArr) {
        this._signExtensions = strArr;
    }

    public void setSignFields(String str) {
        this._signFields = str;
    }

    public void setUserSetupUrl(String str) {
        this._userSetupUrl = str;
    }

    public void sign(AuthSuccess authSuccess) throws ServerException, AssociationException {
        String handle = authSuccess.getHandle();
        Association load = this._sharedAssociations.load(handle);
        if (load == null) {
            load = this._privateAssociations.load(handle);
        }
        if (load == null) {
            throw new ServerException("No association found for handle: " + handle);
        }
        authSuccess.setSignature(load.sign(authSuccess.getSignedText()));
    }

    public Message verify(ParameterList parameterList) {
        _log.info("Processing verification request...");
        boolean z = true;
        try {
            VerifyRequest createVerifyRequest = VerifyRequest.createVerifyRequest(parameterList);
            z = createVerifyRequest.isVersion2();
            String handle = createVerifyRequest.getHandle();
            boolean z2 = false;
            Association load = this._privateAssociations.load(handle);
            if (load != null) {
                _log.info("Loaded private association; handle: " + handle);
                z2 = load.verifySignature(createVerifyRequest.getSignedText(), createVerifyRequest.getSignature());
                this._privateAssociations.remove(handle);
            }
            VerifyResponse createVerifyResponse = VerifyResponse.createVerifyResponse(!createVerifyRequest.isVersion2());
            createVerifyResponse.setSignatureVerified(z2);
            if (z2) {
                String invalidateHandle = createVerifyRequest.getInvalidateHandle();
                if (invalidateHandle != null && this._sharedAssociations.load(invalidateHandle) == null) {
                    _log.info("Confirming shared association invalidate handle: " + invalidateHandle);
                    createVerifyResponse.setInvalidateHandle(invalidateHandle);
                }
            } else {
                _log.error("Signature verification failed, handle: " + handle);
            }
            _log.info("Responding with " + (z2 ? "positive" : "negative") + " verification response");
            return createVerifyResponse;
        } catch (OpenIDException e) {
            _log.error("Error processing verification request; responding with verification error.", e);
            return DirectError.createDirectError(e, z ? false : true);
        }
    }
}
