package org.viafirma.cliente.openid;

import java.io.IOException;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.openid4java.OpenIDException;
import org.openid4java.consumer.ConsumerException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.InMemoryNonceVerifier;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.DiscoveryException;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.MessageException;
import org.openid4java.message.ParameterList;
import org.openid4java.message.ax.FetchRequest;
import org.viafirma.cliente.exception.CodigoError;
import org.viafirma.cliente.exception.InternalException;
import org.viafirma.cliente.util.TypeRequest;

/* loaded from: input_file:org/viafirma/cliente/openid/OpenIdHandler.class */
public class OpenIdHandler {
    public static String OPEN_ID_DISC = "openid-disc";
    private String urlAplicacion;
    private Log log = LogFactory.getLog(OpenIdHandler.class);
    private String VARIABLE_URL_RETORNO_OPENID = "urlRetornoOpenID";
    ConsumerManager manager = new ConsumerManager();

    public void autenticar(String str, Set<String> set, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InternalException {
        iniciarProtocoloOpenId(str, set, httpServletRequest, httpServletResponse, generarUrlRetorno(httpServletRequest, null));
    }

    public void firmar(String str, Set<String> set, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str2) throws InternalException {
        iniciarProtocoloOpenId(str, set, httpServletRequest, httpServletResponse, generarUrlRetorno(httpServletRequest, str2));
    }

    public void iniciarProtocoloOpenId(String str, Set<String> set, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str2) throws InternalException {
        try {
            DiscoveryInformation associate = this.manager.associate(this.manager.discover(str));
            httpServletRequest.getSession().setAttribute(OPEN_ID_DISC, associate);
            this.manager.getRealmVerifier().setEnforceRpId(false);
            AuthRequest authenticate = this.manager.authenticate(associate, str2);
            addRequestRequired(set, authenticate);
            if (associate.isVersion2()) {
                throw new UnsupportedOperationException("Operación no soportada.Option 2: HTML FORM Redirection (Allows payloads >2048 bytes)");
            }
            httpServletResponse.sendRedirect(authenticate.getDestinationUrl(true));
        } catch (ConsumerException e) {
            this.log.warn("No se puede enviar la redirección al usuario. " + e.getMessage());
            throw new InternalException(CodigoError.ERROR_PROTOCOLO_AUTENTICACION_REDIRECCION, "Url Solicitada " + str, e);
        } catch (DiscoveryException e2) {
            this.log.warn("El servidor de autenticación no esta disponible en este momento. No se ha podido localizar un servicio OpenId en la url solicitada " + str + ". " + e2.getMessage());
            throw new InternalException(CodigoError.ERROR_AUTENTICACION_NO_DISPONIBLE, "Url Solicitada " + str, e2);
        } catch (IOException e3) {
            this.log.debug("No se puede enviar la redirección al usuario. " + e3.getMessage());
            throw new InternalException(CodigoError.ERROR_PROTOCOLO_AUTENTICACION_REDIRECCION, "Url Solicitada " + str, e3);
        } catch (MessageException e4) {
            this.log.warn("El mensaje contiene errores. " + e4.getMessage());
            throw new InternalException(CodigoError.ERROR_PROTOCOLO_AUTENTICACION, "Url Solicitada " + str, e4);
        }
    }

    public Map<String, String> processResponseAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InternalException {
        try {
            ParameterList parameterList = new ParameterList(httpServletRequest.getParameterMap());
            DiscoveryInformation discoveryInformation = (DiscoveryInformation) httpServletRequest.getSession().getAttribute(OPEN_ID_DISC);
            String str = (String) httpServletRequest.getSession().getAttribute(this.VARIABLE_URL_RETORNO_OPENID);
            this.log.debug("Url de retorno: " + str);
            if (str == null) {
                this.log.warn("No hay url de retorno. Probablemente problema con sesiones distintas en en navegador. " + str);
                throw new InternalException(CodigoError.ERROR_PROTOCOLO_AUTENTICACION_REDIRECCION, "No hay url de retorno. Probablemente problema con sesiones distintas en en navegador. ");
            }
            StringBuilder sb = new StringBuilder(str);
            String queryString = httpServletRequest.getQueryString();
            if (sb.indexOf("?") != -1) {
                sb.delete(sb.indexOf("?"), sb.length());
            }
            if (queryString != null && queryString.length() > 0) {
                sb.append("?").append(httpServletRequest.getQueryString());
            }
            VerificationResult verify = this.manager.verify(sb.toString(), parameterList, discoveryInformation);
            if (verify.getVerifiedId() != null) {
                AuthSuccess authResponse = verify.getAuthResponse();
                return authResponse.hasExtension("http://openid.net/srv/ax/1.0") ? authResponse.getExtension("http://openid.net/srv/ax/1.0").getAttributes() : Collections.EMPTY_MAP;
            }
            this.log.warn("No se puede verificar la autenticación. " + ((Object) sb));
            throw new InternalException(CodigoError.ERROR_AUTENTICACION_VERIFICACION, sb.toString());
        } catch (OpenIDException e) {
            throw new InternalException(CodigoError.ERROR_AUTENTICACION_VERIFICACION, e.getMessage(), e);
        }
    }

    public void addRequestRequired(Set<String> set, AuthRequest authRequest) throws MessageException {
        FetchRequest createFetchRequest = FetchRequest.createFetchRequest();
        for (TypeRequest typeRequest : TypeRequest.valuesCustom()) {
            if (set.contains(typeRequest.getAlias())) {
                createFetchRequest.addAttribute(typeRequest.getAlias(), typeRequest.getTypeUri(), true);
                this.log.debug("Añadida solicitud de " + typeRequest.getAlias());
            }
        }
        authRequest.addExtension(createFetchRequest);
    }

    public boolean isResponseAuthentication(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("openid.ext1.mode") != null;
    }

    public boolean isResponseCancel(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.getParameter("openid.rpsig") == null || isResponseAuthentication(httpServletRequest)) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenIdHandler(String str) throws ConsumerException {
        this.manager.setNonceVerifier(new InMemoryNonceVerifier(300));
        this.urlAplicacion = str;
    }

    private String generarUrlRetorno(HttpServletRequest httpServletRequest, String str) {
        if (str == null) {
            str = String.valueOf(StringUtils.substringAfterLast(httpServletRequest.getRequestURI(), httpServletRequest.getContextPath())) + (httpServletRequest.getQueryString() == null ? "" : "?" + httpServletRequest.getQueryString());
        }
        String str2 = String.valueOf(this.urlAplicacion) + str;
        this.log.debug("Url de retorno: " + str2);
        httpServletRequest.getSession().setAttribute(this.VARIABLE_URL_RETORNO_OPENID, str2);
        return str2;
    }
}
