package org.apache.jetspeed.openid;

import com.google.step2.discovery.DefaultHostMetaFetcher;
import com.google.step2.discovery.Discovery2;
import com.google.step2.discovery.HostMetaFetcher;
import com.google.step2.discovery.IdpIdentifier;
import com.google.step2.discovery.LegacyXrdsResolver;
import com.google.step2.discovery.ParallelHostMetaFetcher;
import com.google.step2.discovery.SecureDiscoveryInformation;
import com.google.step2.discovery.SecureUrlIdentifier;
import com.google.step2.http.DefaultHttpFetcher;
import com.google.step2.xmlsimplesign.CachedCertPathValidator;
import com.google.step2.xmlsimplesign.DefaultCertValidator;
import com.google.step2.xmlsimplesign.DefaultTrustRootsProvider;
import com.google.step2.xmlsimplesign.Verifier;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.Executors;
import java.util.concurrent.ThreadFactory;
import javax.security.auth.Subject;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.jetspeed.Jetspeed;
import org.apache.jetspeed.administration.PortalAdministration;
import org.apache.jetspeed.administration.PortalAuthenticationConfiguration;
import org.apache.jetspeed.audit.AuditActivity;
import org.apache.jetspeed.cache.UserContentCacheManager;
import org.apache.jetspeed.components.ComponentManager;
import org.apache.jetspeed.layout.impl.Constants;
import org.apache.jetspeed.openid.step2.GoogleHostMetaFetcher;
import org.apache.jetspeed.security.SecurityAttribute;
import org.apache.jetspeed.security.SecurityAttributes;
import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.UserManager;
import org.openid4java.OpenIDException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.discovery.Identifier;
import org.openid4java.discovery.UrlIdentifier;
import org.openid4java.discovery.html.HtmlResolver;
import org.openid4java.discovery.xri.XriDotNetProxyResolver;
import org.openid4java.discovery.yadis.YadisResolver;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.ParameterList;
import org.openid4java.message.ax.FetchRequest;
import org.openid4java.message.ax.FetchResponse;
import org.openid4java.message.sreg.SRegRequest;
import org.openid4java.message.sreg.SRegResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jetspeed/openid/OpenIDRelayingPartyServlet.class */
public class OpenIDRelayingPartyServlet extends HttpServlet {
    private static final long serialVersionUID = 1;
    private static final Logger log = LoggerFactory.getLogger(OpenIDRelayingPartyServlet.class);
    private static final long OPEN_ID_DISCOVERY_TIMEOUT_SECONDS = 10;
    private static final String OPEN_ID_DISCOVERY_INIT_PARAM_NAME_PREFIX = "discovery.";
    private static final String OPEN_ID_CONSUMER_INIT_PARAM_NAME_PREFIX = "consumer.";
    private static final String OPEN_ID_CONSUMER_INIT_PARAM_NAME_VALUE = "openid4java";
    private static final String STEP2_CONSUMER_INIT_PARAM_NAME_VALUE = "step2";
    private static final String OPEN_ID_PROVIDER_ATTR_NAME = "org.apache.jetspeed.openid.provider";
    private static final String OPEN_ID_DISCOVERY_INFO_ATTR_NAME = "org.apache.jetspeed.openid.discoveryinfo";
    private static final String USER_ATTRIBUTE_EMAIL = "user.business-info.online.email";
    private static final String USER_ATTRIBUTE_NAME = "user.name";
    private static final String USER_ATTRIBUTE_GIVEN_NAME = "user.name.given";
    private static final String USER_ATTRIBUTE_FAMILY_NAME = "user.name.family";
    private static final String USER_ATTRIBUTE_NICKNAME = "user.name.nickName";
    private static final String OPEN_ID_LOGIN_LOCALE_ATTR_NAME = "org.apache.jetspeed.openid.locale";
    private static final String OPEN_ID_LOGIN_SERVER_NAME_ATTR_NAME = "org.apache.jetspeed.openid.server.name";
    private ConsumerManager openIDConsumerManager;
    private ConsumerManager openIDStep2ConsumerManager;
    private UserManager portalUserManager;
    private PortalAdministration portalAdministration;
    private AuditActivity portalAudit;
    private PortalAuthenticationConfiguration portalAuthenticationConfiguration;
    private UserContentCacheManager portalUserContentCacheManager;
    private OpenIDRegistrationConfiguration initRegistrationConfiguration;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jetspeed/openid/OpenIDRelayingPartyServlet$VerificationResults.class */
    public class VerificationResults {
        public VerificationResult verification;
        public Identifier verifiedIdentifier;

        private VerificationResults() {
            this.verification = null;
            this.verifiedIdentifier = null;
        }
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        try {
            this.openIDConsumerManager = new ConsumerManager();
            Discovery2 discovery2 = new Discovery2(new ParallelHostMetaFetcher(Executors.newFixedThreadPool(10, new ThreadFactory() { // from class: org.apache.jetspeed.openid.OpenIDRelayingPartyServlet.1
                @Override // java.util.concurrent.ThreadFactory
                public Thread newThread(Runnable runnable) {
                    Thread newThread = Executors.defaultThreadFactory().newThread(runnable);
                    newThread.setName(getClass().getSimpleName() + "-" + newThread.getName());
                    newThread.setDaemon(true);
                    return newThread;
                }
            }), Long.valueOf(OPEN_ID_DISCOVERY_TIMEOUT_SECONDS), new HostMetaFetcher[]{new GoogleHostMetaFetcher(new DefaultHttpFetcher()), new DefaultHostMetaFetcher(new DefaultHttpFetcher())}), new LegacyXrdsResolver(new DefaultHttpFetcher(), new Verifier(new CachedCertPathValidator(new DefaultTrustRootsProvider()), new DefaultHttpFetcher()), new DefaultCertValidator()), new HtmlResolver(), new YadisResolver(), new XriDotNetProxyResolver());
            this.openIDStep2ConsumerManager = new ConsumerManager();
            this.openIDStep2ConsumerManager.setDiscovery(discovery2);
            ComponentManager componentManager = Jetspeed.getComponentManager();
            this.portalUserManager = (UserManager) componentManager.lookupComponent("org.apache.jetspeed.security.UserManager");
            this.portalAdministration = (PortalAdministration) componentManager.lookupComponent("PortalAdministration");
            this.portalAudit = (AuditActivity) componentManager.lookupComponent("org.apache.jetspeed.audit.AuditActivity");
            this.portalAuthenticationConfiguration = (PortalAuthenticationConfiguration) componentManager.lookupComponent("org.apache.jetspeed.administration.PortalAuthenticationConfiguration");
            this.portalUserContentCacheManager = (UserContentCacheManager) componentManager.lookupComponent("userContentCacheManager");
            if (Boolean.parseBoolean(servletConfig.getInitParameter("enableRegistrationConfig"))) {
                this.initRegistrationConfiguration = new OpenIDRegistrationConfiguration();
                this.initRegistrationConfiguration.setEnableRegistration(servletConfig.getInitParameter("enableRegistration"));
                this.initRegistrationConfiguration.setUserTemplateDirectory(servletConfig.getInitParameter("newUserTemplateDirectory"));
                this.initRegistrationConfiguration.setSubsiteRootFolder(servletConfig.getInitParameter("subsiteRootFolder"));
                this.initRegistrationConfiguration.setRoles(servletConfig.getInitParameter(Constants.ROLES));
                this.initRegistrationConfiguration.setGroups(servletConfig.getInitParameter("groups"));
                this.initRegistrationConfiguration.setProfilerRules(servletConfig.getInitParameter("rulesNames"), servletConfig.getInitParameter("rulesValues"));
            }
        } catch (OpenIDException e) {
            throw new ServletException("Unexpected OpenID exception: " + e, e);
        }
    }

    public void destroy() {
        this.initRegistrationConfiguration = null;
        this.portalUserContentCacheManager = null;
        this.portalAuthenticationConfiguration = null;
        this.portalAdministration = null;
        this.portalUserManager = null;
        this.openIDStep2ConsumerManager = null;
        this.openIDConsumerManager = null;
        super.destroy();
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        int indexOf;
        String initParameter;
        String initParameter2;
        String openIDRealmURL = openIDRealmURL(httpServletRequest);
        String requestURI = httpServletRequest.getRequestURI();
        String str = httpServletRequest.getContextPath() + httpServletRequest.getServletPath();
        if (requestURI.equals(str)) {
            httpServletResponse.setHeader("Cache-Control", "no-cache,no-store,private");
            httpServletResponse.setHeader("Pragma", "no-cache");
            httpServletResponse.setHeader("Expires", "0");
            httpServletResponse.setContentType("text/xml");
            httpServletResponse.setStatus(200);
            PrintWriter writer = httpServletResponse.getWriter();
            writer.println("<?xml version=\"1.0\" encoding=\"UTF-8\"?>");
            writer.println("<Service xmlns=\"xri://$xrd*($v*2.0)\">");
            writer.println("  <Type>http://specs.openid.net/auth/2.0/return_to</Type>");
            writer.println("  <URI>" + openIDRealmURL + "</URI>");
            writer.println("</Service>");
            writer.flush();
            writer.close();
            if (log.isDebugEnabled()) {
                log.debug("OpenID realm request received, returned realm: " + openIDRealmURL);
                return;
            }
            return;
        }
        HttpSession session = httpServletRequest.getSession();
        session.removeAttribute("org.apache.jetspeed.openid.error");
        session.setAttribute(OPEN_ID_LOGIN_LOCALE_ATTR_NAME, httpServletRequest.getLocale());
        session.setAttribute(OPEN_ID_LOGIN_SERVER_NAME_ATTR_NAME, httpServletRequest.getServerName());
        String str2 = str + "/";
        if (requestURI.startsWith(str2)) {
            requestURI = requestURI.substring(str2.length());
        }
        if (requestURI.equals("login")) {
            String parameter = httpServletRequest.getParameter("org.apache.jetspeed.openid.discovery");
            if (parameter != null && parameter.length() == 0) {
                parameter = null;
            }
            String parameter2 = httpServletRequest.getParameter(OPEN_ID_PROVIDER_ATTR_NAME);
            if (parameter2 != null && parameter2.length() == 0) {
                parameter2 = null;
            }
            String parameter3 = httpServletRequest.getParameter("org.apache.jetspeed.openid.return");
            if (parameter3 == null || parameter3.length() == 0) {
                parameter3 = httpServletRequest.getContextPath() + "/";
            }
            boolean z = false;
            String str3 = parameter;
            if (parameter2 == null && str3 != null) {
                try {
                    if (str3.startsWith("http://") || str3.startsWith("https://")) {
                        int indexOf2 = str3.indexOf("://") + 3;
                        int indexOf3 = str3.indexOf(47, indexOf2);
                        if (indexOf3 == -1) {
                            indexOf3 = str3.length();
                        }
                        parameter2 = str3.substring(indexOf2, indexOf3);
                        int lastIndexOf = parameter2.lastIndexOf(46, parameter2.length());
                        if (lastIndexOf > 0) {
                            lastIndexOf = parameter2.lastIndexOf(46, lastIndexOf - 1);
                        }
                        if (lastIndexOf != -1) {
                            parameter2 = parameter2.substring(lastIndexOf);
                        }
                    } else if (!str3.startsWith("xri://") && !str3.startsWith("=") && !str3.startsWith("@")) {
                        int indexOf4 = str3.indexOf(64);
                        if (indexOf4 != -1) {
                            parameter2 = str3.substring(indexOf4 + 1);
                        } else if (Character.isLetterOrDigit(str3.charAt(0))) {
                            parameter2 = str3;
                        }
                    }
                } catch (Exception e) {
                    log.error("OpenID login error: " + e, e);
                    session.setAttribute("org.apache.jetspeed.openid.error", !z ? "ErrorNoProvider" : "ErrorCannotAuthenticate");
                    httpServletResponse.sendRedirect(parameter3);
                    return;
                }
            }
            if (parameter2 != null) {
                String initParameter3 = getInitParameter(OPEN_ID_DISCOVERY_INIT_PARAM_NAME_PREFIX + parameter2);
                if (initParameter3 != null) {
                    str3 = initParameter3;
                } else if (str3 == null) {
                    str3 = parameter2;
                }
            }
            String str4 = OPEN_ID_CONSUMER_INIT_PARAM_NAME_VALUE;
            ConsumerManager consumerManager = this.openIDConsumerManager;
            if (parameter2 != null && (initParameter2 = getInitParameter(OPEN_ID_CONSUMER_INIT_PARAM_NAME_PREFIX + parameter2)) != null && initParameter2.equals(STEP2_CONSUMER_INIT_PARAM_NAME_VALUE)) {
                str4 = STEP2_CONSUMER_INIT_PARAM_NAME_VALUE;
                consumerManager = this.openIDStep2ConsumerManager;
            }
            DiscoveryInformation discoveryInformation = null;
            if (str3 != null) {
                try {
                    List list = null;
                    if (!str4.equals(STEP2_CONSUMER_INIT_PARAM_NAME_VALUE)) {
                        list = consumerManager.discover(str3);
                    } else if (str3.indexOf("://") == -1 && str3.indexOf(64) == -1 && str3.indexOf(61) == -1) {
                        list = consumerManager.getDiscovery().discover(new IdpIdentifier(str3));
                    }
                    if (list != null && !list.isEmpty()) {
                        discoveryInformation = consumerManager.associate(list);
                    }
                } catch (OpenIDException e2) {
                    throw new RuntimeException("Unexpected OpenID discovery exception: " + e2, e2);
                }
            }
            if (discoveryInformation == null) {
                throw new RuntimeException("No OpenID provider discovered for: " + str3);
            }
            z = true;
            if (log.isDebugEnabled()) {
                log.debug("Discovered OpenID provider endpoint: " + discoveryInformation.getOPEndpoint() + ", [" + discoveryInformation.getClass().getSimpleName() + "]");
            }
            session.setAttribute(OPEN_ID_LOGIN_LOCALE_ATTR_NAME, httpServletRequest.getLocale());
            session.setAttribute(OPEN_ID_LOGIN_SERVER_NAME_ATTR_NAME, httpServletRequest.getServerName());
            session.setAttribute(OPEN_ID_PROVIDER_ATTR_NAME, parameter2);
            session.setAttribute(OPEN_ID_DISCOVERY_INFO_ATTR_NAME, discoveryInformation);
            try {
                AuthRequest authenticate = consumerManager.authenticate(discoveryInformation, openIDRealmURL + "/authed?org.apache.jetspeed.openid.return=" + parameter3, openIDRealmURL);
                FetchRequest createFetchRequest = FetchRequest.createFetchRequest();
                createFetchRequest.addAttribute("email", "http://axschema.org/contact/email", true);
                createFetchRequest.addAttribute("fullname", "http://axschema.org/namePerson", true);
                createFetchRequest.addAttribute("lastname", "http://axschema.org/namePerson/last", true);
                createFetchRequest.addAttribute("firstname", "http://axschema.org/namePerson/first", true);
                createFetchRequest.addAttribute("nickname", "http://axschema.org/namePerson/friendly", true);
                authenticate.addExtension(createFetchRequest);
                SRegRequest createFetchRequest2 = SRegRequest.createFetchRequest();
                createFetchRequest2.addAttribute("email", true);
                createFetchRequest2.addAttribute("fullname", true);
                createFetchRequest2.addAttribute("nickname", true);
                authenticate.addExtension(createFetchRequest2);
                String destinationUrl = authenticate.getDestinationUrl(true);
                httpServletResponse.sendRedirect(destinationUrl);
                if (log.isDebugEnabled()) {
                    log.debug("OpenID authentication redirect: " + destinationUrl);
                }
                return;
            } catch (OpenIDException e3) {
                throw new RuntimeException("Unexpected OpenID authentication request exception: " + e3, e3);
            }
        }
        if (!requestURI.equals("authed")) {
            if (!requestURI.equals("logout")) {
                throw new ServletException("Unexpected OpenID request: " + requestURI);
            }
            String parameter4 = httpServletRequest.getParameter("org.apache.jetspeed.openid.return");
            if (parameter4 == null || parameter4.length() == 0) {
                parameter4 = httpServletRequest.getContextPath() + "/";
            }
            session.invalidate();
            httpServletResponse.sendRedirect(parameter4);
            return;
        }
        String parameter5 = httpServletRequest.getParameter("org.apache.jetspeed.openid.return");
        if (parameter5 == null || parameter5.length() == 0) {
            parameter5 = httpServletRequest.getContextPath() + "/";
        }
        Locale locale = (Locale) session.getAttribute(OPEN_ID_LOGIN_LOCALE_ATTR_NAME);
        if (locale != null) {
            session.removeAttribute(OPEN_ID_LOGIN_LOCALE_ATTR_NAME);
        }
        String str5 = (String) session.getAttribute(OPEN_ID_LOGIN_SERVER_NAME_ATTR_NAME);
        if (str5 != null) {
            session.removeAttribute(OPEN_ID_LOGIN_SERVER_NAME_ATTR_NAME);
        }
        OpenIDRegistrationConfiguration openIDRegistrationConfiguration = (OpenIDRegistrationConfiguration) session.getAttribute("org.apache.jetspeed.openid.registration.configuration");
        if (openIDRegistrationConfiguration != null) {
            session.removeAttribute("org.apache.jetspeed.openid.registration.configuration");
        }
        boolean z2 = false;
        boolean z3 = false;
        try {
            ParameterList parameterList = new ParameterList(httpServletRequest.getParameterMap());
            String str6 = (String) session.getAttribute(OPEN_ID_PROVIDER_ATTR_NAME);
            DiscoveryInformation discoveryInformation2 = (DiscoveryInformation) session.getAttribute(OPEN_ID_DISCOVERY_INFO_ATTR_NAME);
            StringBuffer requestURL = httpServletRequest.getRequestURL();
            String queryString = httpServletRequest.getQueryString();
            if (queryString != null && queryString.length() > 0) {
                requestURL.append('?').append(queryString);
            }
            String stringBuffer = requestURL.toString();
            String str7 = OPEN_ID_CONSUMER_INIT_PARAM_NAME_VALUE;
            if (str6 != null && (initParameter = getInitParameter(OPEN_ID_CONSUMER_INIT_PARAM_NAME_PREFIX + str6)) != null && initParameter.equals(STEP2_CONSUMER_INIT_PARAM_NAME_VALUE)) {
                str7 = STEP2_CONSUMER_INIT_PARAM_NAME_VALUE;
            }
            VerificationResults openIDStep2Verification = str7.equals(STEP2_CONSUMER_INIT_PARAM_NAME_VALUE) ? openIDStep2Verification(stringBuffer, parameterList, discoveryInformation2) : openIDVerification(stringBuffer, parameterList, discoveryInformation2);
            VerificationResult verificationResult = openIDStep2Verification.verification;
            Identifier identifier = openIDStep2Verification.verifiedIdentifier;
            if (identifier == null) {
                throw new RuntimeException("Verified identifier unavailable for authenticated OpenID login");
            }
            z2 = true;
            String str8 = null;
            String str9 = null;
            String str10 = null;
            String str11 = null;
            String str12 = null;
            AuthSuccess authResponse = verificationResult.getAuthResponse();
            if (authResponse.hasExtension("http://openid.net/srv/ax/1.0")) {
                try {
                    FetchResponse extension = authResponse.getExtension("http://openid.net/srv/ax/1.0");
                    str8 = extension.getAttributeValue("email");
                    str12 = extension.getAttributeValue("fullname");
                    str9 = extension.getAttributeValue("firstname");
                    str10 = extension.getAttributeValue("lastname");
                    str11 = extension.getAttributeValue("nickname");
                } catch (OpenIDException e4) {
                    throw new RuntimeException("Unexpected OpenID authenticated attribute exchange fetch exception: " + e4, e4);
                }
            }
            if (authResponse.hasExtension("http://openid.net/sreg/1.0")) {
                try {
                    SRegResponse extension2 = authResponse.getExtension("http://openid.net/sreg/1.0");
                    str8 = extension2.getAttributeValue("email");
                    str12 = extension2.getAttributeValue("fullname");
                    str11 = extension2.getAttributeValue("nickname");
                } catch (OpenIDException e5) {
                    throw new RuntimeException("Unexpected OpenID authenticated simple registration fetch exception: " + e5, e5);
                }
            }
            if (log.isDebugEnabled()) {
                log.debug("Authenticated OpenID verified identifier: " + identifier.getIdentifier() + ", email=" + str8 + ", fullname=" + str12 + ", firstname=" + str9 + ", lastname=" + str10 + ", nickname=" + str11);
            }
            if (str8 == null) {
                throw new RuntimeException("OpenID email attribute required for portal login");
            }
            if (str12 != null) {
                String[] split = str12.split("\\s");
                if (str9 == null && split.length > 1) {
                    str9 = split[0];
                }
                if (str10 == null) {
                    str10 = split.length > 1 ? split[split.length - 1] : str12;
                }
            }
            if (str11 == null && str9 != null) {
                str11 = str9;
            }
            if (str11 == null && (indexOf = str8.indexOf(64)) != -1) {
                str11 = str8.substring(0, indexOf);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(USER_ATTRIBUTE_EMAIL, str8);
            hashMap.put(USER_ATTRIBUTE_NAME, str8);
            if (str9 != null) {
                hashMap.put(USER_ATTRIBUTE_GIVEN_NAME, str9);
            }
            if (str10 != null) {
                hashMap.put(USER_ATTRIBUTE_FAMILY_NAME, str10);
            }
            if (str11 != null) {
                hashMap.put(USER_ATTRIBUTE_NICKNAME, str11);
            }
            User user = null;
            try {
                user = this.portalUserManager.getUser(str8);
            } catch (Exception e6) {
            }
            if (user == null) {
                String str13 = "none";
                try {
                    if (openIDRegistrationConfiguration != null) {
                        openIDRegistrationConfiguration.merge(this.initRegistrationConfiguration);
                        str13 = "session, (from login)";
                    } else if (this.initRegistrationConfiguration != null) {
                        openIDRegistrationConfiguration = this.initRegistrationConfiguration;
                        str13 = "init params";
                    }
                    if (openIDRegistrationConfiguration == null || openIDRegistrationConfiguration.isEnableRegistration()) {
                        if (openIDRegistrationConfiguration != null) {
                            this.portalAdministration.registerUser(str8, (String) null, openIDRegistrationConfiguration.getRoles(), openIDRegistrationConfiguration.getGroups(), hashMap, openIDRegistrationConfiguration.getProfilerRules(), openIDRegistrationConfiguration.getUserTemplateDirectory(), openIDRegistrationConfiguration.getSubsiteRootFolder(), locale, str5);
                        } else {
                            this.portalAdministration.registerUser(str8, (String) null, (List) null, (List) null, hashMap, (Map) null, (String) null, (String) null, locale, str5);
                        }
                        user = this.portalUserManager.getUser(str8);
                        if (log.isDebugEnabled()) {
                            if (user != null) {
                                log.debug("OpenID login registered portal user: " + user.getName() + ", configuration: " + str13 + ", locale: " + locale + ", server: " + str5);
                            } else {
                                log.debug("OpenID login unregistered portal user, (registration failed): " + str8 + ", configuration: " + str13 + ", locale: " + locale + ", server: " + str5);
                            }
                        }
                    } else if (log.isDebugEnabled()) {
                        log.debug("OpenID login unregistered portal user, (registration disabled): " + str8 + ", configuration: " + str13);
                    }
                } catch (Exception e7) {
                    throw new RuntimeException("Unable to register portal user: " + str8);
                }
            }
            if (user == null) {
                throw new RuntimeException("Missing registered portal user: " + str8);
            }
            z3 = true;
            boolean z4 = false;
            SecurityAttributes securityAttributes = user.getSecurityAttributes();
            for (Map.Entry entry : hashMap.entrySet()) {
                String str14 = (String) entry.getKey();
                String str15 = (String) entry.getValue();
                SecurityAttribute attribute = securityAttributes.getAttribute(str14, true);
                if (!str15.equals(attribute.getStringValue())) {
                    attribute.setStringValue(str15);
                    z4 = true;
                }
            }
            if (z4) {
                try {
                    this.portalUserManager.updateUser(user);
                } catch (Exception e8) {
                    throw new RuntimeException("Unable to update attributes for user: " + user.getName());
                }
            }
            try {
                Subject subject = this.portalUserManager.getSubject(user);
                if (this.portalAuthenticationConfiguration.isCreateNewSessionOnLogin()) {
                    session.invalidate();
                    session = httpServletRequest.getSession(true);
                } else {
                    this.portalUserContentCacheManager.evictUserContentCache(user.getName(), session.getId());
                }
                session.setAttribute("org.apache.jetspeed.security.openid.provider", str6);
                session.setAttribute("org.apache.jetspeed.security.subject", subject);
                this.portalAudit.logUserActivity(user.getName(), httpServletRequest.getRemoteAddr(), "login-success", "OpenIDRelayingPartyServlet");
                httpServletResponse.sendRedirect(parameter5);
            } catch (Exception e9) {
                throw new RuntimeException("Unable to login portal user: " + user.getName());
            }
        } catch (Exception e10) {
            log.error("OpenID login error: " + e10, e10);
            session.setAttribute("org.apache.jetspeed.openid.error", !z2 ? "ErrorNotAuthenticated" : !z3 ? "ErrorNoPortaUser" : "ErrorCannotLogin");
            httpServletResponse.sendRedirect(parameter5);
        }
    }

    public final void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        doGet(httpServletRequest, httpServletResponse);
    }

    private String openIDRealmURL(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder(httpServletRequest.isSecure() ? "https://" : "http://");
        sb.append(httpServletRequest.getServerName());
        if ((httpServletRequest.isSecure() && httpServletRequest.getServerPort() != 443) || (!httpServletRequest.isSecure() && httpServletRequest.getServerPort() != 80)) {
            sb.append(':').append(httpServletRequest.getServerPort());
        }
        sb.append(httpServletRequest.getContextPath() + httpServletRequest.getServletPath());
        return sb.toString();
    }

    private VerificationResults openIDVerification(String str, ParameterList parameterList, DiscoveryInformation discoveryInformation) {
        try {
            if (log.isDebugEnabled()) {
                log.debug("Verify standard OpenID authentication request using: " + discoveryInformation.getOPEndpoint());
            }
            VerificationResults verificationResults = new VerificationResults();
            verificationResults.verification = this.openIDConsumerManager.verify(str, parameterList, discoveryInformation);
            if (log.isDebugEnabled() && verificationResults.verification != null) {
                log.debug("Verified standard OpenID authentication request: " + str);
            }
            verificationResults.verifiedIdentifier = verificationResults.verification.getVerifiedId();
            if (log.isDebugEnabled() && verificationResults.verifiedIdentifier != null) {
                log.debug("Verified standard OpenID authentication request identity: " + verificationResults.verifiedIdentifier);
            }
            return verificationResults;
        } catch (OpenIDException e) {
            throw new RuntimeException("Unexpected standard OpenId authenticated request verification exception: " + e, e);
        }
    }

    private VerificationResults openIDStep2Verification(String str, ParameterList parameterList, DiscoveryInformation discoveryInformation) {
        AuthSuccess createAuthSuccess;
        try {
            VerificationResults verificationResults = new VerificationResults();
            String parameterValue = parameterList.getParameterValue("openid.mode");
            if (parameterValue != null && parameterValue.equals("id_res") && (createAuthSuccess = AuthSuccess.createAuthSuccess(parameterList)) != null && createAuthSuccess.isVersion2() && createAuthSuccess.getIdentity() != null && createAuthSuccess.getClaimed() != null) {
                String identity = createAuthSuccess.getIdentity();
                Identifier parseIdentifier = this.openIDStep2ConsumerManager.getDiscovery().parseIdentifier(createAuthSuccess.getClaimed(), true);
                String opEndpoint = createAuthSuccess.getOpEndpoint();
                if (log.isDebugEnabled()) {
                    log.debug("Step2 discovery for identity: " + parseIdentifier);
                }
                SecureDiscoveryInformation secureDiscoveryInformation = null;
                if ((discoveryInformation instanceof SecureDiscoveryInformation) && discoveryInformation.isVersion2() && discoveryInformation.hasClaimedIdentifier() && discoveryInformation.getClaimedIdentifier().equals(parseIdentifier) && discoveryInformation.getOPEndpoint().equals(opEndpoint)) {
                    if ((discoveryInformation.hasDelegateIdentifier() ? discoveryInformation.getDelegateIdentifier() : discoveryInformation.getClaimedIdentifier().getIdentifier()).equals(identity)) {
                        secureDiscoveryInformation = (SecureDiscoveryInformation) discoveryInformation;
                        if (log.isDebugEnabled()) {
                            log.debug("Matched previously discovered Step2 secure discovery information for " + parseIdentifier + " identity: " + secureDiscoveryInformation.getOPEndpoint());
                        }
                    }
                }
                if (secureDiscoveryInformation == null) {
                    Iterator it = this.openIDStep2ConsumerManager.getDiscovery().discover(parseIdentifier).iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        SecureDiscoveryInformation secureDiscoveryInformation2 = (SecureDiscoveryInformation) it.next();
                        String version = secureDiscoveryInformation2.getVersion();
                        if (version != null && version.equals("http://specs.openid.net/auth/2.0/server") && secureDiscoveryInformation2.isVersion2() && secureDiscoveryInformation2.getOPEndpoint().equals(opEndpoint)) {
                            if (!(secureDiscoveryInformation2.hasDelegateIdentifier() ? secureDiscoveryInformation2.getDelegateIdentifier() : secureDiscoveryInformation2.getClaimedIdentifier().getIdentifier()).equals(identity)) {
                                continue;
                            } else {
                                if (this.openIDStep2ConsumerManager.getPrivateAssociationStore().load(secureDiscoveryInformation2.getOPEndpoint().toString(), createAuthSuccess.getHandle()) != null) {
                                    secureDiscoveryInformation = secureDiscoveryInformation2;
                                    break;
                                }
                                if (secureDiscoveryInformation == null) {
                                    secureDiscoveryInformation = secureDiscoveryInformation2;
                                }
                            }
                        }
                    }
                    if (log.isDebugEnabled() && secureDiscoveryInformation != null) {
                        log.debug("Discovered Step2 secure discovery information for " + parseIdentifier + " identity: " + secureDiscoveryInformation.getOPEndpoint());
                    }
                }
                if (log.isDebugEnabled() && secureDiscoveryInformation != null) {
                    log.debug("Verify Step2 OpenID authentication request using: " + secureDiscoveryInformation.getOPEndpoint());
                }
                verificationResults.verification = this.openIDStep2ConsumerManager.verify(str, parameterList, secureDiscoveryInformation);
                if (log.isDebugEnabled() && verificationResults.verification != null) {
                    log.debug("Verified Step2 OpenID authentication request: " + str);
                }
                if (!(verificationResults.verification.getAuthResponse() instanceof AuthSuccess) || verificationResults.verification.getVerifiedId() == null) {
                    throw new RuntimeException("Step2 OpenId authenticated request verification failed");
                }
                boolean z = (secureDiscoveryInformation == null || secureDiscoveryInformation.getClaimedIdentifier() == null || !secureDiscoveryInformation.isSecure()) ? false : true;
                if (z) {
                    try {
                        z = secureDiscoveryInformation.getClaimedIdentifier().getIdentifier().equals(new UrlIdentifier(verificationResults.verification.getVerifiedId().getIdentifier(), true).getIdentifier());
                    } catch (OpenIDException e) {
                        z = false;
                    }
                }
                SecureUrlIdentifier verifiedId = verificationResults.verification.getVerifiedId();
                verificationResults.verifiedIdentifier = z ? new SecureUrlIdentifier(verifiedId) : verifiedId;
                if (log.isDebugEnabled()) {
                    log.debug("Verified Step2 OpenID authentication request identity: " + verificationResults.verifiedIdentifier);
                }
            }
            return verificationResults;
        } catch (OpenIDException e2) {
            throw new RuntimeException("Unexpected Step2 OpenId authenticated request verification exception: " + e2, e2);
        }
    }
}
