package org.kohsuke.stapler.openid.client;

import java.io.IOException;
import java.io.Serializable;
import org.kohsuke.stapler.AttributeKey;
import org.kohsuke.stapler.HttpRedirect;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;
import org.openid4java.OpenIDException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.ParameterList;
import org.openid4java.message.sreg.SRegRequest;

/* loaded from: input_file:org/kohsuke/stapler/openid/client/OpenIDSession.class */
public class OpenIDSession implements Serializable {
    private final transient ConsumerManager manager;
    private final transient DiscoveryInformation endpoint;
    private transient String from;
    private final transient String finishUrl;
    private OpenIDIdentity identity;
    public static final AttributeKey<OpenIDSession> KEY = AttributeKey.sessionScoped();
    private static final long serialVersionUID = 1;

    public OpenIDSession(ConsumerManager consumerManager, String str, String str2) throws OpenIDException, IOException {
        this.manager = consumerManager;
        this.endpoint = consumerManager.associate(consumerManager.discover(str));
        if (!str2.startsWith("/")) {
            this.finishUrl = str2 + "/finishLogin";
            return;
        }
        StaplerRequest currentRequest = Stapler.getCurrentRequest();
        StringBuffer requestURL = currentRequest.getRequestURL();
        requestURL.setLength(requestURL.length() - currentRequest.getRequestURI().length());
        this.finishUrl = ((Object) requestURL) + currentRequest.getContextPath() + str2 + "/finishLogin";
    }

    public OpenIDIdentity authenticate() {
        if (this.identity == null) {
            commence();
        }
        return this.identity;
    }

    public void commence() {
        try {
            this.from = Stapler.getCurrentRequest().getRequestURIWithQueryString();
            AuthRequest authenticate = this.manager.authenticate(this.endpoint, this.finishUrl);
            SRegRequest createFetchRequest = SRegRequest.createFetchRequest();
            createFetchRequest.addAttribute("fullname", false);
            createFetchRequest.addAttribute("nickname", true);
            createFetchRequest.addAttribute("email", false);
            authenticate.addExtension(createFetchRequest);
            String destinationUrl = authenticate.getDestinationUrl(true);
            KEY.set(this);
            throw new HttpRedirect(destinationUrl);
        } catch (OpenIDException e) {
            throw HttpResponses.error(e);
        }
    }

    public HttpResponse doFinishLogin(StaplerRequest staplerRequest) throws IOException, OpenIDException {
        VerificationResult verify = this.manager.verify(staplerRequest.getRequestURLWithQueryString().toString(), new ParameterList(staplerRequest.getParameterMap()), this.endpoint);
        if (verify.getVerifiedId() == null) {
            throw HttpResponses.error(500, "Failed to login: " + verify.getStatusMsg());
        }
        this.identity = new OpenIDIdentity(verify.getAuthResponse());
        return HttpResponses.redirectTo(this.from);
    }
}
