package org.verisign.joid.server;

import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.Enumeration;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.verisign.joid.AuthenticationRequest;
import org.verisign.joid.Crypto;
import org.verisign.joid.OpenId;
import org.verisign.joid.OpenIdException;
import org.verisign.joid.RequestFactory;
import org.verisign.joid.ServerInfo;
import org.verisign.joid.Store;
import org.verisign.joid.StoreFactory;
import org.verisign.joid.util.CookieUtils;
import org.verisign.joid.util.DependencyUtils;

/* loaded from: input_file:org/verisign/joid/server/OpenIdServlet.class */
public class OpenIdServlet extends HttpServlet {
    private static Log log;
    private static final long serialVersionUID = 297366254782L;
    private static OpenId openId;
    private Store store;
    private Crypto crypto;
    private String loginPage;
    public static final String USERNAME_ATTRIBUTE = "username";
    public static final String ID_CLAIMED = "idClaimed";
    public static final String QUERY = "query";
    public static final String COOKIE_AUTH_NAME = "authKey";
    public static final String COOKIE_USERNAME = "username";
    private static UserManager userManager;
    static Class class$org$verisign$joid$server$OpenIdServlet;

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        String initParameter = servletConfig.getInitParameter("storeClassName");
        String initParameter2 = servletConfig.getInitParameter("userManagerClassName");
        this.store = StoreFactory.getInstance(initParameter);
        ((MemoryStore) this.store).setAssociationLifetime(600L);
        userManager = (UserManager) DependencyUtils.newInstance(initParameter2);
        this.crypto = new Crypto();
        this.loginPage = servletConfig.getInitParameter("loginPage");
        openId = new OpenId(new ServerInfo(servletConfig.getInitParameter("endPointUrl"), this.store, this.crypto));
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doQuery(httpServletRequest.getQueryString(), httpServletRequest, httpServletResponse);
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        StringBuffer stringBuffer = new StringBuffer();
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            String[] parameterValues = httpServletRequest.getParameterValues(str);
            if (parameterValues.length == 0) {
                throw new IOException(new StringBuffer().append("Empty value not allowed: ").append(str).append(" has no value").toString());
            }
            try {
                stringBuffer.append(new StringBuffer().append(URLEncoder.encode(str, "UTF-8")).append("=").append(URLEncoder.encode(parameterValues[0], "UTF-8")).toString());
                if (parameterNames.hasMoreElements()) {
                    stringBuffer.append("&");
                }
            } catch (UnsupportedEncodingException e) {
                throw new IOException(e.toString());
            }
        }
        doQuery(stringBuffer.toString(), httpServletRequest, httpServletResponse);
    }

    public void doQuery(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        log(new StringBuffer().append("\nrequest\n-------\n").append(str).append("\n").toString());
        if (!openId.canHandle(str)) {
            returnError(str, httpServletResponse);
            return;
        }
        try {
            boolean isAuthenticationRequest = openId.isAuthenticationRequest(str);
            HttpSession session = httpServletRequest.getSession(true);
            String loggedIn = getLoggedIn(httpServletRequest);
            log.debug(new StringBuffer().append("[OpenIdServlet] Logged in as: ").append(loggedIn).toString());
            if (httpServletRequest.getParameter(AuthenticationRequest.OPENID_TRUST_ROOT) != null) {
                session.setAttribute(AuthenticationRequest.OPENID_TRUST_ROOT, httpServletRequest.getParameter(AuthenticationRequest.OPENID_TRUST_ROOT));
            }
            if (httpServletRequest.getParameter(AuthenticationRequest.OPENID_RETURN_TO) != null) {
                session.setAttribute(AuthenticationRequest.OPENID_RETURN_TO, httpServletRequest.getParameter(AuthenticationRequest.OPENID_RETURN_TO));
            }
            if (isAuthenticationRequest && loggedIn == null) {
                httpServletRequest.getRequestDispatcher(this.loginPage);
                httpServletRequest.setAttribute(QUERY, str);
                httpServletRequest.setAttribute(AuthenticationRequest.OPENID_REALM, httpServletRequest.getParameter(AuthenticationRequest.OPENID_REALM));
                session.setAttribute(QUERY, str);
                if (httpServletRequest.getParameter(AuthenticationRequest.OPENID_CLAIMED_ID) == null) {
                    session.setAttribute(AuthenticationRequest.OPENID_CLAIMED_ID, httpServletRequest.getParameter("openid.identity"));
                } else {
                    session.setAttribute(AuthenticationRequest.OPENID_CLAIMED_ID, httpServletRequest.getParameter(AuthenticationRequest.OPENID_CLAIMED_ID));
                }
                session.setAttribute(AuthenticationRequest.OPENID_REALM, httpServletRequest.getParameter(AuthenticationRequest.OPENID_REALM));
                httpServletResponse.sendRedirect(this.loginPage);
                return;
            }
            String handleRequest = openId.handleRequest(str);
            log(new StringBuffer().append("\nresponse\n--------\n").append(handleRequest).append("\n").toString());
            if (isAuthenticationRequest) {
                AuthenticationRequest authenticationRequest = (AuthenticationRequest) RequestFactory.parse(str);
                if (httpServletRequest.getParameter(AuthenticationRequest.OPENID_CLAIMED_ID) == null) {
                    httpServletRequest.getParameter("openid.identity");
                } else {
                    authenticationRequest.getClaimedIdentity();
                }
                if (!getUserManager().canClaim(loggedIn, authenticationRequest.getClaimedIdentity())) {
                    throw new OpenIdException("User cannot claim this id.");
                }
                String str2 = (String) session.getAttribute(AuthenticationRequest.OPENID_RETURN_TO);
                String encodeRedirectURL = httpServletResponse.encodeRedirectURL(new StringBuffer().append(str2).append(str2.indexOf(63) >= 0 ? "&" : "?").append(handleRequest).toString());
                log.debug(new StringBuffer().append("sending redirect to: ").append(encodeRedirectURL).toString());
                httpServletResponse.sendRedirect(encodeRedirectURL);
            } else {
                int length = handleRequest.length();
                PrintWriter writer = httpServletResponse.getWriter();
                httpServletResponse.setHeader("Content-Length", Integer.toString(length));
                if (openId.isAnErrorResponse(handleRequest)) {
                    httpServletResponse.setStatus(400);
                }
                writer.print(handleRequest);
                writer.flush();
            }
        } catch (OpenIdException e) {
            e.printStackTrace();
            httpServletResponse.sendError(500, e.getMessage());
        }
    }

    public static String getLoggedIn(HttpServletRequest httpServletRequest) {
        String cookieValue;
        String str = (String) httpServletRequest.getSession(true).getAttribute("username");
        if (str != null) {
            return str;
        }
        String cookieValue2 = CookieUtils.getCookieValue(httpServletRequest, COOKIE_AUTH_NAME, null);
        if (cookieValue2 != null && (cookieValue = CookieUtils.getCookieValue(httpServletRequest, "username", null)) != null) {
            str = getUserManager().getRememberedUser(cookieValue, cookieValue2);
            if (str != null) {
                httpServletRequest.getSession(true).setAttribute("username", str);
            }
        }
        return str;
    }

    public static void setLoggedIn(HttpServletRequest httpServletRequest, String str) {
        httpServletRequest.getSession(true).setAttribute("username", str);
    }

    private void returnError(String str, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String str2 = (String) RequestFactory.parseQuery(str).get(AuthenticationRequest.OPENID_RETURN_TO);
        boolean z = false;
        try {
            new URL(str2);
            z = true;
        } catch (MalformedURLException e) {
            e.printStackTrace();
        }
        if (z) {
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(new StringBuffer().append(str2).append("?openid.ns:http://specs.openid.net/auth/2.0&openid.mode=error&openid.error=BAD_REQUEST").toString()));
            return;
        }
        PrintWriter writer = httpServletResponse.getWriter();
        httpServletResponse.setHeader("Content-Length", Integer.toString("ns:http://specs.openid.net/auth/2.0\n&mode:error&error:BAD_REQUEST\n".length()));
        httpServletResponse.setStatus(400);
        writer.print("ns:http://specs.openid.net/auth/2.0\n&mode:error&error:BAD_REQUEST\n");
        writer.flush();
    }

    public void log(String str) {
        System.out.println(str);
    }

    public static void idClaimed(HttpSession httpSession, String str) {
        httpSession.setAttribute(ID_CLAIMED, str);
    }

    public static UserManager getUserManager() {
        return userManager;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$verisign$joid$server$OpenIdServlet == null) {
            cls = class$("org.verisign.joid.server.OpenIdServlet");
            class$org$verisign$joid$server$OpenIdServlet = cls;
        } else {
            cls = class$org$verisign$joid$server$OpenIdServlet;
        }
        log = LogFactory.getLog(cls);
    }
}
