package sk.seges.acris.security.server.service;

import com.google.gwt.user.server.rpc.RemoteServiceServlet;
import com.google.inject.Inject;
import java.util.Map;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.openid4java.OpenIDException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.InMemoryConsumerAssociationStore;
import org.openid4java.consumer.InMemoryNonceVerifier;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.ParameterList;
import org.openid4java.message.ax.FetchRequest;
import org.openid4java.message.sreg.SRegRequest;
import sk.seges.acris.security.server.core.session.ServerSessionProvider;
import sk.seges.acris.security.shared.dto.OpenIDUserDTO;
import sk.seges.acris.security.shared.service.IOpenIDConsumerService;
import sk.seges.acris.security.shared.user_management.domain.api.HasOpenIDIdentifierMetaModel;

/* loaded from: input_file:sk/seges/acris/security/server/service/OpenIDConsumerService.class */
public class OpenIDConsumerService extends RemoteServiceServlet implements IOpenIDConsumerService {
    private static final long serialVersionUID = 530902889319575560L;
    private Logger log = Logger.getLogger(OpenIDConsumerService.class);
    private ConsumerManager manager;
    private ServerSessionProvider sessionProvider;

    @Inject
    public OpenIDConsumerService(ConsumerManager consumerManager, ServerSessionProvider serverSessionProvider) {
        this.manager = consumerManager;
        this.manager.setAssociations(new InMemoryConsumerAssociationStore());
        this.manager.setNonceVerifier(new InMemoryNonceVerifier(5000));
        this.manager.getRealmVerifier().setEnforceRpId(false);
        this.sessionProvider = serverSessionProvider;
    }

    private ConsumerManager getManager() {
        return this.manager;
    }

    private HttpSession getSession() {
        return this.sessionProvider.getSession();
    }

    @Override // sk.seges.acris.security.shared.service.IOpenIDConsumerService
    public OpenIDUserDTO authenticate(String str, String str2, String str3) {
        try {
            DiscoveryInformation associate = getManager().associate(getManager().discover(str));
            HttpSession session = getSession();
            session.setAttribute("openid-disc", associate);
            AuthRequest authenticate = getManager().authenticate(associate, str2, str3);
            FetchRequest createFetchRequest = FetchRequest.createFetchRequest();
            createFetchRequest.addAttribute(HasOpenIDIdentifierMetaModel.EMAIL, "http://schema.openid.net/contact/email", true);
            authenticate.addExtension(createFetchRequest);
            SRegRequest createFetchRequest2 = SRegRequest.createFetchRequest();
            createFetchRequest2.addAttribute(HasOpenIDIdentifierMetaModel.EMAIL, true);
            authenticate.addExtension(createFetchRequest2);
            OpenIDUserDTO openIDUserDTO = new OpenIDUserDTO();
            openIDUserDTO.getParams().put(OpenIDUserDTO.SESSION_ID, session.getId());
            openIDUserDTO.getParams().put(OpenIDUserDTO.ENDPOINT_URL, authenticate.getDestinationUrl(true));
            return openIDUserDTO;
        } catch (OpenIDException e) {
            this.log.error("Error while creating openID authentication request", e);
            return null;
        }
    }

    @Override // sk.seges.acris.security.shared.service.IOpenIDConsumerService
    public OpenIDUserDTO verify(String str, Map<String, String[]> map) {
        try {
            VerificationResult verify = getManager().verify(str, new ParameterList(map), (DiscoveryInformation) getSession().getAttribute("openid-disc"));
            if (verify.getVerifiedId() == null) {
                return null;
            }
            AuthSuccess authResponse = verify.getAuthResponse();
            OpenIDUserDTO openIDUserDTO = new OpenIDUserDTO();
            openIDUserDTO.getParams().put(OpenIDUserDTO.OPENID_IDENTIFIER, authResponse.getIdentity());
            if (authResponse.hasExtension("http://openid.net/srv/ax/1.0")) {
                openIDUserDTO.getParams().put(OpenIDUserDTO.EMAIL_FROM_FETCH, (String) authResponse.getExtension("http://openid.net/srv/ax/1.0").getAttributeValues(HasOpenIDIdentifierMetaModel.EMAIL).get(0));
            }
            if (authResponse.hasExtension("http://openid.net/sreg/1.0")) {
                openIDUserDTO.getParams().put(OpenIDUserDTO.EMAIL_FROM_SREG, authResponse.getExtension("http://openid.net/sreg/1.0").getAttributeValue(HasOpenIDIdentifierMetaModel.EMAIL));
            }
            return openIDUserDTO;
        } catch (Exception e) {
            this.log.error("Error while verifying openID authentication response", e);
            return null;
        }
    }
}
