package com.atlassian.crowd.openid.server.provider;

import com.atlassian.crowd.integration.http.HttpAuthenticator;
import com.atlassian.crowd.integration.soap.SOAPPrincipal;
import com.atlassian.crowd.openid.server.manager.openid.OpenIDAuthenticationManager;
import com.atlassian.crowd.openid.server.manager.property.OpenIDPropertyManager;
import com.atlassian.crowd.openid.server.manager.property.OpenIDPropertyManagerException;
import java.io.IOException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.openid4java.message.AssociationRequest;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.DirectError;
import org.openid4java.message.Message;
import org.openid4java.message.MessageException;
import org.openid4java.message.ParameterList;
import org.openid4java.message.VerifyRequest;
import org.openid4java.message.sreg.SRegMessage;
import org.openid4java.message.sreg.SRegRequest;
import org.openid4java.message.sreg.SRegResponse;
import org.openid4java.server.ServerManager;

/* loaded from: input_file:WEB-INF/classes/com/atlassian/crowd/openid/server/provider/OpenID4JavaProvider.class */
public class OpenID4JavaProvider implements CrowdProvider {
    private static final Logger logger = Logger.getLogger(OpenID4JavaProvider.class);
    private ServerManager serverManager;
    private String userInteractionURL;
    private OpenIDAuthenticationManager openIDAuthenticationManager;
    private OpenIDPropertyManager openIDPropertyManager;
    private HttpAuthenticator httpAuthenticator;

    @Override // com.atlassian.crowd.openid.server.provider.CrowdProvider
    public void processOpenIDRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, OpenIDException {
        ParameterList parameterList = new ParameterList(httpServletRequest.getParameterMap());
        String parameterValue = parameterList.hasParameter("openid.mode") ? parameterList.getParameterValue("openid.mode") : null;
        if (logger.isInfoEnabled()) {
            logger.info("Servicing OpenID request, mode = " + parameterValue);
        }
        if (AssociationRequest.MODE_ASSOC.equals(parameterValue)) {
            associate(httpServletRequest, httpServletResponse, parameterList);
            return;
        }
        if (AuthRequest.MODE_SETUP.equals(parameterValue)) {
            checkAuthentication(httpServletRequest, httpServletResponse, parameterList);
            return;
        }
        if (AuthRequest.MODE_IMMEDIATE.equals(parameterValue)) {
            try {
                if (this.openIDPropertyManager.isEnableCheckImmediateMode().booleanValue()) {
                    checkImmediateAuthentication(httpServletRequest, httpServletResponse, parameterList);
                } else {
                    logger.warn("checkid_immediate mode is disabled but has been requested by " + httpServletRequest.getRequestURL().toString());
                    logger.warn("Proceeding to use checkid_setup mode");
                    checkAuthentication(httpServletRequest, httpServletResponse, parameterList);
                }
                return;
            } catch (OpenIDPropertyManagerException e) {
                logger.error("Could not check if check-immediate mode has been enabled", e);
                throw new OpenIDException(e);
            }
        }
        if (!VerifyRequest.MODE_CHKAUTH.equals(parameterValue)) {
            throw new OpenIDException("OpenID Server trying to process message with an unknown or unspecified openid.mode: " + parameterValue);
        }
        try {
            if (this.openIDPropertyManager.isEnableStatelessMode().booleanValue()) {
                verifyAuthentication(httpServletRequest, httpServletResponse, parameterList);
            } else {
                logger.warn("check_authentication (stateless-mode) is disabled but has been requested by " + httpServletRequest.getRequestURL().toString());
                logger.warn("Returning an immediate error response");
                sendRPDirectResponse(httpServletRequest, httpServletResponse, DirectError.createDirectError("Stateless mode is blocked by this OpenID Provider", true).keyValueFormEncoding());
            }
        } catch (OpenIDPropertyManagerException e2) {
            logger.error("Could not check if stateless-mode has been allowed", e2);
            throw new OpenIDException(e2);
        }
    }

    protected void sendRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.sendRedirect(str);
    }

    protected void sendRPRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        removeOpenIDAuthRequest(httpServletRequest.getSession());
        sendRedirect(httpServletRequest, httpServletResponse, str);
    }

    protected void sendRPDirectResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        outputStream.write(str.getBytes());
        outputStream.close();
    }

    protected void removeOpenIDAuthRequest(HttpSession httpSession) {
        httpSession.setAttribute(CrowdProvider.OPENID_AUTHENTICATION_REQUEST, (Object) null);
    }

    @Override // com.atlassian.crowd.openid.server.provider.CrowdProvider
    public void associate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ParameterList parameterList) throws IOException {
        sendRPDirectResponse(httpServletRequest, httpServletResponse, this.serverManager.associationResponse(parameterList).keyValueFormEncoding());
    }

    @Override // com.atlassian.crowd.openid.server.provider.CrowdProvider
    public void checkAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ParameterList parameterList) throws IOException, OpenIDException {
        try {
            httpServletRequest.getSession().setAttribute(OPENID_AUTHENTICATION_REQUEST, new OpenIDAuthRequest(parameterList, this.serverManager.getRealmVerifier()));
            sendRedirect(httpServletRequest, httpServletResponse, this.userInteractionURL);
        } catch (MalformedOpenIDRequestException e) {
            logger.error("Could not generate authentication request message from request paramters", e);
            throw new OpenIDException("Could not generate authentication request message from request paramters", e);
        }
    }

    @Override // com.atlassian.crowd.openid.server.provider.CrowdProvider
    public void checkImmediateAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ParameterList parameterList) throws IOException, OpenIDException {
        OpenIDAuthResponse openIDAuthResponse;
        try {
            OpenIDAuthRequest openIDAuthRequest = new OpenIDAuthRequest(parameterList, this.serverManager.getRealmVerifier());
            httpServletRequest.getSession().setAttribute(OPENID_AUTHENTICATION_REQUEST, openIDAuthRequest);
            SOAPPrincipal remotePrincipal = getRemotePrincipal(httpServletRequest);
            if (remotePrincipal != null) {
                openIDAuthResponse = this.openIDAuthenticationManager.checkImmediate(remotePrincipal, httpServletRequest.getLocale(), openIDAuthRequest);
            } else {
                logger.info("User not authenticated for immediate request");
                openIDAuthResponse = new OpenIDAuthResponse(openIDAuthRequest.getIdentifier(), false);
            }
            sendAuthenticationResponse(httpServletRequest, httpServletResponse, openIDAuthResponse);
        } catch (MalformedOpenIDRequestException e) {
            logger.error("Could not generate authentication request message from request paramters", e);
            throw new OpenIDException("Could not generate authentication request message from request paramters", e);
        }
    }

    private SOAPPrincipal getRemotePrincipal(HttpServletRequest httpServletRequest) {
        try {
            return getHttpAuthenticator().getPrincipal(httpServletRequest);
        } catch (Exception e) {
            return null;
        }
    }

    @Override // com.atlassian.crowd.openid.server.provider.CrowdProvider
    public void sendAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OpenIDAuthResponse openIDAuthResponse) throws IOException {
        OpenIDAuthRequest openIDAuthRequest = (OpenIDAuthRequest) httpServletRequest.getSession().getAttribute(OPENID_AUTHENTICATION_REQUEST);
        Message authResponse = this.serverManager.authResponse(openIDAuthRequest.getParamaterList(), openIDAuthResponse.getIdentifier(), openIDAuthResponse.getClaimedIdentifier(), openIDAuthResponse.isAuthenticated());
        SRegRequest sregRequest = openIDAuthRequest.getSregRequest();
        if (sregRequest != null && (authResponse instanceof AuthSuccess)) {
            AuthSuccess authSuccess = (AuthSuccess) authResponse;
            logger.debug("Preparing SREG response");
            try {
                authSuccess.addExtension(SRegResponse.createSRegResponse(sregRequest, openIDAuthResponse.getAttributes()));
                authSuccess.addSignExtension(SRegMessage.OPENID_NS_SREG);
                try {
                    this.serverManager.sign(authSuccess);
                } catch (Exception e) {
                    logger.error("Unable to sign SREG response", e);
                }
            } catch (MessageException e2) {
                logger.error("Could not add SregResponse SREG extension to successful AuthResponse", e2);
            }
        }
        if (authResponse instanceof DirectError) {
            sendRedirect(httpServletRequest, httpServletResponse, authResponse.keyValueFormEncoding());
        } else {
            sendRPRedirect(httpServletRequest, httpServletResponse, authResponse.getDestinationUrl(true));
        }
    }

    @Override // com.atlassian.crowd.openid.server.provider.CrowdProvider
    public void verifyAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ParameterList parameterList) throws IOException {
        sendRPDirectResponse(httpServletRequest, httpServletResponse, this.serverManager.verify(parameterList).keyValueFormEncoding());
    }

    public ServerManager getServerManager() {
        return this.serverManager;
    }

    public void setServerManager(ServerManager serverManager) {
        this.serverManager = serverManager;
    }

    public String getUserInteractionURL() {
        return this.userInteractionURL;
    }

    public void setUserInteractionURL(String str) {
        this.userInteractionURL = str;
    }

    public OpenIDAuthenticationManager getOpenIDAuthenticationManager() {
        return this.openIDAuthenticationManager;
    }

    public void setOpenIDAuthenticationManager(OpenIDAuthenticationManager openIDAuthenticationManager) {
        this.openIDAuthenticationManager = openIDAuthenticationManager;
    }

    public OpenIDPropertyManager getOpenIDPropertyManager() {
        return this.openIDPropertyManager;
    }

    public void setOpenIDPropertyManager(OpenIDPropertyManager openIDPropertyManager) {
        this.openIDPropertyManager = openIDPropertyManager;
    }

    public HttpAuthenticator getHttpAuthenticator() {
        return this.httpAuthenticator;
    }

    public void setHttpAuthenticator(HttpAuthenticator httpAuthenticator) {
        this.httpAuthenticator = httpAuthenticator;
    }
}
