package org.verisign.joid;

import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.tsik.datatypes.DateTime;
import org.verisign.joid.extension.Extension;

/* loaded from: input_file:org/verisign/joid/AuthenticationResponse.class */
public class AuthenticationResponse extends Response {
    private static Log log = LogFactory.getLog(AuthenticationResponse.class);
    public static String OPENID_PREFIX = "openid.";
    public static String OPENID_RETURN_TO = AuthenticationRequest.OPENID_RETURN_TO;
    public static String OPENID_OP_ENDPOINT = "openid.op_endpoint";
    public static String OPENID_IDENTITY = "openid.identity";
    public static String OPENID_ERROR = "openid.error";
    public static String OPENID_NONCE = "openid.response_nonce";
    public static String OPENID_INVALIDATE_HANDLE = "openid.invalidate_handle";
    public static String OPENID_ASSOCIATION_HANDLE = "openid.assoc_handle";
    public static String OPENID_SIGNED = "openid.signed";
    public static String OPENID_SIG = "openid.sig";
    private Map extendedMap;
    private String claimed_id;
    private String identity;
    private String returnTo;
    private String nonce;
    private String invalidateHandle;
    private String associationHandle;
    private String signed;
    private String algo;
    private String signature;
    private SimpleRegistration sreg;
    private String urlEndPoint;
    private byte[] key;

    public String getSignature() {
        return this.signature;
    }

    public String getSignedList() {
        return this.signed;
    }

    public String getAssociationHandle() {
        return this.associationHandle;
    }

    @Override // org.verisign.joid.Response, org.verisign.joid.Message
    public Map toMap() {
        Map map = super.toMap();
        if (isVersion2()) {
            map.put(OPENID_OP_ENDPOINT, this.urlEndPoint);
        }
        map.put(OPENID_MODE, this.mode);
        map.put(OPENID_IDENTITY, this.identity);
        map.put(OPENID_RETURN_TO, this.returnTo);
        map.put(OPENID_NONCE, this.nonce);
        if (this.claimed_id != null) {
            map.put(AuthenticationRequest.OPENID_CLAIMED_ID, this.claimed_id);
        }
        if (this.invalidateHandle != null) {
            map.put(OPENID_INVALIDATE_HANDLE, this.invalidateHandle);
        }
        map.put(OPENID_ASSOCIATION_HANDLE, this.associationHandle);
        if (this.signed != null) {
            map.put(OPENID_SIGNED, this.signed);
        }
        map.put(OPENID_SIG, this.signature);
        Map suppliedValues = this.sreg.getSuppliedValues();
        log.debug("sreg in authnresp = " + this.sreg);
        Set<Map.Entry> entrySet = suppliedValues.entrySet();
        for (Map.Entry entry : entrySet) {
            map.put("openid.sreg." + ((String) entry.getKey()), (String) entry.getValue());
        }
        if (!entrySet.isEmpty() && isVersion2()) {
            map.put(Message.OPENID_NS + ".sreg", this.sreg.getNamespace());
        }
        if (this.extendedMap != null && !this.extendedMap.isEmpty()) {
            for (Map.Entry entry2 : this.extendedMap.entrySet()) {
                map.put(OPENID_PREFIX + ((String) entry2.getKey()), (String) entry2.getValue());
            }
        }
        return map;
    }

    private String generateNonce() {
        return DateTime.formatISODateTime(new Date()) + Crypto.generateCrumb();
    }

    public static String toUrlStringResponse(Request request, OpenIdException openIdException) {
        HashMap hashMap = new HashMap();
        hashMap.put(OPENID_MODE, "error");
        if (request != null) {
            if (request.isVersion2()) {
                hashMap.put(OPENID_NS, request.getNamespace());
            }
            hashMap.put(OPENID_ERROR, openIdException.getMessage());
        } else {
            hashMap.put(OPENID_ERROR, "OpenID request error");
        }
        try {
            return new AuthenticationResponse(hashMap).toUrlString();
        } catch (OpenIdException e) {
            log.error(e);
            return "internal error";
        }
    }

    public String sign(byte[] bArr, String str) throws OpenIdException {
        return sign(this.algo, bArr, str);
    }

    public String sign(String str, byte[] bArr, String str2) throws OpenIdException {
        byte[] hmacSha256;
        Map map = toMap();
        log.debug("in sign() map=" + map);
        log.debug("in sign() signed=" + str2);
        StringTokenizer stringTokenizer = new StringTokenizer(str2, ",");
        StringBuffer stringBuffer = new StringBuffer();
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            String str3 = (String) map.get("openid." + nextToken);
            if (str3 == null) {
                throw new OpenIdException("Cannot sign non-existent mapping: " + nextToken);
            }
            stringBuffer.append(nextToken);
            stringBuffer.append(':');
            stringBuffer.append(str3);
            stringBuffer.append('\n');
        }
        if (str == null) {
            try {
                str = AssociationRequest.HMAC_SHA1;
            } catch (UnsupportedEncodingException e) {
                throw new OpenIdException(e);
            } catch (InvalidKeyException e2) {
                throw new OpenIdException(e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new OpenIdException(e3);
            }
        }
        if (str.equals(AssociationRequest.HMAC_SHA1)) {
            hmacSha256 = Crypto.hmacSha1(bArr, stringBuffer.toString().getBytes("UTF-8"));
        } else {
            if (!str.equals(AssociationRequest.HMAC_SHA256)) {
                throw new OpenIdException("Unknown signature algorithm");
            }
            hmacSha256 = Crypto.hmacSha256(bArr, stringBuffer.toString().getBytes("UTF-8"));
        }
        return Crypto.convertToString(hmacSha256);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationResponse(ServerInfo serverInfo, AuthenticationRequest authenticationRequest, Association association, Crypto crypto, String str) throws OpenIdException {
        super(null);
        this.mode = "id_res";
        this.claimed_id = authenticationRequest.getClaimedIdentity();
        this.identity = authenticationRequest.getIdentity();
        this.returnTo = authenticationRequest.getReturnTo();
        this.ns = authenticationRequest.getNamespace();
        this.nonce = generateNonce();
        this.urlEndPoint = serverInfo.getUrlEndPoint();
        this.invalidateHandle = str;
        this.associationHandle = association.getHandle();
        this.signed = "assoc_handle,identity,response_nonce,return_to";
        if (this.claimed_id != null) {
            this.signed += ",claimed_id";
        }
        if (isVersion2()) {
            this.signed += ",op_endpoint";
        }
        this.sreg = authenticationRequest.getSimpleRegistration();
        log.debug("sreg=" + this.sreg);
        if (this.sreg != null) {
            Map suppliedValues = this.sreg.getSuppliedValues();
            log.debug("sreg supplied values=" + suppliedValues);
            Iterator it = suppliedValues.entrySet().iterator();
            while (it.hasNext()) {
                this.signed += ",sreg." + ((String) ((Map.Entry) it.next()).getKey());
            }
        }
        this.key = association.getMacKey();
        this.algo = association.getAssociationType();
        this.signature = sign(this.key, this.signed);
        this.extendedMap = new HashMap();
    }

    public AuthenticationResponse(Map map) throws OpenIdException {
        super(map);
        Set<Map.Entry> entrySet = map.entrySet();
        this.extendedMap = new HashMap();
        for (Map.Entry entry : entrySet) {
            String str = (String) entry.getKey();
            String str2 = (String) entry.getValue();
            if (OPENID_MODE.equals(str)) {
                this.mode = str2;
            } else if (OPENID_IDENTITY.equals(str)) {
                this.identity = str2;
            } else if (AuthenticationRequest.OPENID_CLAIMED_ID.equals(str)) {
                this.claimed_id = str2;
            } else if (OPENID_RETURN_TO.equals(str)) {
                this.returnTo = str2;
            } else if (OPENID_NONCE.equals(str)) {
                this.nonce = str2;
            } else if (OPENID_INVALIDATE_HANDLE.equals(str)) {
                this.invalidateHandle = str2;
            } else if (OPENID_ASSOCIATION_HANDLE.equals(str)) {
                this.associationHandle = str2;
            } else if (OPENID_SIGNED.equals(str)) {
                this.signed = str2;
            } else if (OPENID_SIG.equals(str)) {
                this.signature = str2;
            } else if (OPENID_OP_ENDPOINT.equals(str)) {
                this.urlEndPoint = str2;
                if (this.ns == null) {
                    this.ns = OPENID_20_NAMESPACE;
                }
            } else if (str != null && str.startsWith("openid.")) {
                String substring = str.substring(7);
                if (!OPENID_RESERVED_WORDS.contains(substring) && !substring.startsWith("sreg.")) {
                    this.extendedMap.put(substring, str2);
                }
            }
        }
        this.sreg = SimpleRegistration.parseFromResponse(map);
        log.debug("authn resp constr sreg=" + this.sreg);
    }

    public Map getExtensions() {
        return this.extendedMap;
    }

    public void addExtensions(Map map) throws OpenIdException {
        for (Map.Entry entry : map.entrySet()) {
            String str = (String) entry.getKey();
            this.extendedMap.put(str, (String) entry.getValue());
            this.signed += "," + str;
        }
        this.signature = sign(this.key, this.signed);
    }

    public void addExtension(Extension extension) throws OpenIdException {
        addExtensions(extension.getParamMap());
    }

    @Override // org.verisign.joid.Response, org.verisign.joid.Message
    public String toString() {
        String str = "[AuthenticationResponse " + super.toString();
        if (this.sreg != null) {
            str = str + ", sreg=" + this.sreg;
        }
        return str + ", mode=" + this.mode + ", algo=" + this.algo + ", nonce=" + this.nonce + ", association handle=" + this.associationHandle + ", invalidation handle=" + this.invalidateHandle + ", signed=" + this.signed + ", signature=" + this.signature + ", identity=" + this.identity + ", return to=" + this.returnTo + "]";
    }

    public String getClaimedId() {
        return this.claimed_id;
    }

    public String getIdentity() {
        return this.identity;
    }

    public String getReturnTo() {
        return this.returnTo;
    }

    public String getNonce() {
        return this.nonce;
    }

    public String getInvalidateHandle() {
        return this.invalidateHandle;
    }

    public String getSigned() {
        return this.signed;
    }

    public String getAlgo() {
        return this.algo;
    }

    public SimpleRegistration getSreg() {
        return this.sreg;
    }

    public String getUrlEndPoint() {
        return this.urlEndPoint;
    }
}
