package org.springframework.security.openid;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.openid4java.consumer.ConsumerException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/openid/OpenIDAuthenticationFilter.class */
public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
    public static final String DEFAULT_CLAIMED_IDENTITY_FIELD = "openid_identifier";
    private OpenIDConsumer consumer;
    private String claimedIdentityFieldName;
    private Map<String, String> realmMapping;
    private Set<String> returnToUrlParameters;

    public OpenIDAuthenticationFilter() {
        super("/j_spring_openid_security_check");
        this.claimedIdentityFieldName = DEFAULT_CLAIMED_IDENTITY_FIELD;
        this.realmMapping = Collections.emptyMap();
        this.returnToUrlParameters = Collections.emptySet();
    }

    public void afterPropertiesSet() {
        super.afterPropertiesSet();
        if (this.consumer == null) {
            try {
                this.consumer = new OpenID4JavaConsumer();
            } catch (ConsumerException e) {
                throw new IllegalArgumentException("Failed to initialize OpenID", e);
            }
        }
        if (this.returnToUrlParameters.isEmpty() && (getRememberMeServices() instanceof AbstractRememberMeServices)) {
            this.returnToUrlParameters = new HashSet();
            this.returnToUrlParameters.add(getRememberMeServices().getParameter());
        }
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException {
        String parameter = httpServletRequest.getParameter("openid.identity");
        if (StringUtils.hasText(parameter)) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Supplied OpenID identity is " + parameter);
            }
            try {
                OpenIDAuthenticationToken endConsumption = this.consumer.endConsumption(httpServletRequest);
                endConsumption.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
                return getAuthenticationManager().authenticate(endConsumption);
            } catch (OpenIDConsumerException e) {
                throw new AuthenticationServiceException("Consumer error", e);
            }
        }
        String obtainUsername = obtainUsername(httpServletRequest);
        try {
            String buildReturnToUrl = buildReturnToUrl(httpServletRequest);
            String lookupRealm = lookupRealm(buildReturnToUrl);
            String beginConsumption = this.consumer.beginConsumption(httpServletRequest, obtainUsername, buildReturnToUrl, lookupRealm);
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("return_to is '" + buildReturnToUrl + "', realm is '" + lookupRealm + "'");
                this.logger.debug("Redirecting to " + beginConsumption);
            }
            httpServletResponse.sendRedirect(beginConsumption);
            return null;
        } catch (OpenIDConsumerException e2) {
            this.logger.debug("Failed to consume claimedIdentity: " + obtainUsername, e2);
            throw new AuthenticationServiceException("Unable to process claimed identity '" + obtainUsername + "'");
        }
    }

    protected String lookupRealm(String str) {
        String str2 = this.realmMapping.get(str);
        if (str2 == null) {
            try {
                URL url = new URL(str);
                int port = url.getPort();
                StringBuilder append = new StringBuilder(str.length()).append(url.getProtocol()).append("://").append(url.getHost());
                if (port > 0) {
                    append.append(":").append(port);
                }
                append.append("/");
                str2 = append.toString();
            } catch (MalformedURLException e) {
                this.logger.warn("returnToUrl was not a valid URL: [" + str + "]", e);
            }
        }
        return str2;
    }

    protected String buildReturnToUrl(HttpServletRequest httpServletRequest) {
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        Iterator<String> it = this.returnToUrlParameters.iterator();
        boolean z = true;
        while (it.hasNext()) {
            String next = it.next();
            String parameter = httpServletRequest.getParameter(next);
            if (parameter != null) {
                if (z) {
                    requestURL.append("?");
                    z = false;
                }
                requestURL.append(next).append("=").append(parameter);
                if (it.hasNext()) {
                    requestURL.append("&");
                }
            }
        }
        return requestURL.toString();
    }

    protected String obtainUsername(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(this.claimedIdentityFieldName);
    }

    public void setRealmMapping(Map<String, String> map) {
        this.realmMapping = map;
    }

    public void setClaimedIdentityFieldName(String str) {
        this.claimedIdentityFieldName = str;
    }

    public void setConsumer(OpenIDConsumer openIDConsumer) {
        this.consumer = openIDConsumer;
    }

    public void setReturnToUrlParameters(Set<String> set) {
        Assert.notNull(set, "returnToUrlParameters cannot be null");
        this.returnToUrlParameters = set;
    }
}
