package org.owasp.webscarab.plugin.openid;

import flex.messaging.io.amf.client.AMFConnection;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import org.apache.bsf.util.cf.CodeFormatter;
import org.htmlparser.tags.FormTag;
import org.openid4java.association.Association;
import org.openid4java.association.AssociationSessionType;
import org.openid4java.association.DiffieHellmanSession;
import org.openid4java.message.AssociationRequest;
import org.openid4java.message.AssociationResponse;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.Message;
import org.openid4java.message.ParameterList;
import org.openid4java.message.ax.AxMessage;
import org.openid4java.message.pape.PapeMessage;
import org.owasp.webscarab.httpclient.HTTPClientFactory;
import org.owasp.webscarab.model.ConversationID;
import org.owasp.webscarab.model.ConversationModel;
import org.owasp.webscarab.model.FilteredConversationModel;
import org.owasp.webscarab.model.FrameworkModel;
import org.owasp.webscarab.model.HttpUrl;
import org.owasp.webscarab.model.NamedValue;
import org.owasp.webscarab.model.Request;
import org.owasp.webscarab.model.Response;
import org.owasp.webscarab.plugin.AbstractPluginModel;
import org.owasp.webscarab.util.Encoding;

/* loaded from: input_file:main/WebScarab-1.0.0-SNAPSHOT.jar:org/owasp/webscarab/plugin/openid/OpenIdModel.class */
public class OpenIdModel extends AbstractPluginModel {
    private Logger _logger = Logger.getLogger(getClass().getName());
    private final FrameworkModel model;
    private final ConversationModel openIdConversationModel;

    public OpenIdModel(FrameworkModel frameworkModel) {
        this.model = frameworkModel;
        this.openIdConversationModel = new FilteredConversationModel(frameworkModel, frameworkModel.getConversationModel()) { // from class: org.owasp.webscarab.plugin.openid.OpenIdModel.1
            @Override // org.owasp.webscarab.model.FilteredConversationModel
            public boolean shouldFilter(ConversationID conversationID) {
                return !OpenIdModel.this.isOpenIDMessage(conversationID);
            }
        };
    }

    public void setOpenIDMessage(ConversationID conversationID, String str) {
        this.model.setConversationProperty(conversationID, "OPENID", str);
    }

    public boolean isOpenIDMessage(ConversationID conversationID) {
        return this.model.getConversationProperty(conversationID, "OPENID") != null;
    }

    public ConversationModel getOpenIDConversationModel() {
        return this.openIdConversationModel;
    }

    public void setOpenIDMessageType(ConversationID conversationID, String str) {
        this.model.setConversationProperty(conversationID, "OPENID_MODE", str);
    }

    public String getReadableOpenIDMessageType(ConversationID conversationID) {
        String conversationProperty = this.model.getConversationProperty(conversationID, "OPENID_MODE");
        return conversationProperty == null ? "Unknown" : AuthRequest.MODE_SETUP.equals(conversationProperty) ? "Request" : Message.MODE_IDRES.equals(conversationProperty) ? "Response" : "Unknown";
    }

    public List getParameters(ConversationID conversationID) {
        byte[] content;
        LinkedList linkedList = new LinkedList();
        Request request = this.model.getRequest(conversationID);
        NamedValue[] namedValueArr = (NamedValue[]) null;
        String method = request.getMethod();
        if (FormTag.GET.equals(method)) {
            String query = request.getURL().getQuery();
            if (query != null) {
                namedValueArr = NamedValue.splitNamedValues(query, "&", AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
            }
        } else if ("POST".equals(method) && (content = request.getContent()) != null && content.length > 0) {
            namedValueArr = NamedValue.splitNamedValues(new String(content), "&", AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
        }
        if (namedValueArr != null) {
            for (int i = 0; i < namedValueArr.length; i++) {
                String name = namedValueArr[i].getName();
                String urlDecode = Encoding.urlDecode(namedValueArr[i].getValue());
                if (name.startsWith("openid.")) {
                    linkedList.add(new NamedValue(name, urlDecode));
                }
            }
        }
        return linkedList;
    }

    public List getAXFetchRequestAttributes(ConversationID conversationID) {
        byte[] content;
        LinkedList linkedList = new LinkedList();
        Request request = this.model.getRequest(conversationID);
        String method = request.getMethod();
        NamedValue[] namedValueArr = (NamedValue[]) null;
        if (FormTag.GET.equals(method)) {
            String query = request.getURL().getQuery();
            if (query != null) {
                namedValueArr = NamedValue.splitNamedValues(query, "&", AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
            }
        } else if ("POST".equals(method) && (content = request.getContent()) != null && content.length > 0) {
            namedValueArr = NamedValue.splitNamedValues(new String(content), "&", AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
        }
        if (namedValueArr != null) {
            String str = null;
            int i = 0;
            while (true) {
                if (i >= namedValueArr.length) {
                    break;
                }
                String name = namedValueArr[i].getName();
                String urlDecode = Encoding.urlDecode(namedValueArr[i].getValue());
                if (name.startsWith("openid.ns.") && AxMessage.OPENID_NS_AX.equals(urlDecode)) {
                    str = name.substring("openid.ns.".length());
                    break;
                }
                i++;
            }
            if (str == null) {
                return linkedList;
            }
            this._logger.info("AX alias: " + str);
            boolean z = false;
            int i2 = 0;
            while (true) {
                if (i2 >= namedValueArr.length) {
                    break;
                }
                String name2 = namedValueArr[i2].getName();
                String urlDecode2 = Encoding.urlDecode(namedValueArr[i2].getValue());
                if (name2.equals("openid." + str + ".mode") && "fetch_request".equals(urlDecode2)) {
                    z = true;
                    break;
                }
                i2++;
            }
            if (!z) {
                return linkedList;
            }
            HashSet hashSet = new HashSet();
            int i3 = 0;
            while (true) {
                if (i3 >= namedValueArr.length) {
                    break;
                }
                String name3 = namedValueArr[i3].getName();
                String urlDecode3 = Encoding.urlDecode(namedValueArr[i3].getValue());
                if (name3.equals("openid." + str + ".required")) {
                    hashSet.addAll(Arrays.asList(urlDecode3.split(CodeFormatter.DEFAULT_S_DELIM)));
                    break;
                }
                i3++;
            }
            HashSet hashSet2 = new HashSet();
            int i4 = 0;
            while (true) {
                if (i4 >= namedValueArr.length) {
                    break;
                }
                String name4 = namedValueArr[i4].getName();
                String urlDecode4 = Encoding.urlDecode(namedValueArr[i4].getValue());
                if (name4.equals("openid." + str + ".if_available")) {
                    hashSet2.addAll(Arrays.asList(urlDecode4.split(CodeFormatter.DEFAULT_S_DELIM)));
                    break;
                }
                i4++;
            }
            for (int i5 = 0; i5 < namedValueArr.length; i5++) {
                String name5 = namedValueArr[i5].getName();
                String urlDecode5 = Encoding.urlDecode(namedValueArr[i5].getValue());
                if (name5.startsWith("openid." + str + ".type.")) {
                    String substring = name5.substring(("openid." + str + ".type.").length());
                    linkedList.add(new AXFetchRequestAttribute(urlDecode5, substring, hashSet.contains(substring), hashSet2.contains(substring)));
                }
            }
        }
        return linkedList;
    }

    public List getAXFetchResponseAttributes(ConversationID conversationID) {
        byte[] content;
        LinkedList<AXFetchResponseAttribute> linkedList = new LinkedList();
        Request request = this.model.getRequest(conversationID);
        String method = request.getMethod();
        NamedValue[] namedValueArr = (NamedValue[]) null;
        if (FormTag.GET.equals(method)) {
            String query = request.getURL().getQuery();
            if (query != null) {
                namedValueArr = NamedValue.splitNamedValues(query, "&", AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
            }
        } else if ("POST".equals(method) && (content = request.getContent()) != null && content.length > 0) {
            namedValueArr = NamedValue.splitNamedValues(new String(content), "&", AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
        }
        if (namedValueArr != null) {
            String str = null;
            int i = 0;
            while (true) {
                if (i >= namedValueArr.length) {
                    break;
                }
                String name = namedValueArr[i].getName();
                String urlDecode = Encoding.urlDecode(namedValueArr[i].getValue());
                if (name.startsWith("openid.ns.") && AxMessage.OPENID_NS_AX.equals(urlDecode)) {
                    str = name.substring("openid.ns.".length());
                    break;
                }
                i++;
            }
            if (str == null) {
                return linkedList;
            }
            this._logger.info("AX alias: " + str);
            boolean z = false;
            int i2 = 0;
            while (true) {
                if (i2 >= namedValueArr.length) {
                    break;
                }
                String name2 = namedValueArr[i2].getName();
                String urlDecode2 = Encoding.urlDecode(namedValueArr[i2].getValue());
                if (name2.equals("openid." + str + ".mode") && "fetch_response".equals(urlDecode2)) {
                    z = true;
                    break;
                }
                i2++;
            }
            if (!z) {
                return linkedList;
            }
            HashSet hashSet = new HashSet();
            int i3 = 0;
            while (true) {
                if (i3 >= namedValueArr.length) {
                    break;
                }
                String name3 = namedValueArr[i3].getName();
                String urlDecode3 = Encoding.urlDecode(namedValueArr[i3].getValue());
                if (name3.equals("openid.signed")) {
                    hashSet.addAll(Arrays.asList(urlDecode3.split(CodeFormatter.DEFAULT_S_DELIM)));
                    break;
                }
                i3++;
            }
            HashMap hashMap = new HashMap();
            for (int i4 = 0; i4 < namedValueArr.length; i4++) {
                String name4 = namedValueArr[i4].getName();
                String urlDecode4 = Encoding.urlDecode(namedValueArr[i4].getValue());
                if (name4.startsWith("openid." + str + ".type.")) {
                    String substring = name4.substring(("openid." + str + ".type.").length());
                    AXFetchResponseAttribute aXFetchResponseAttribute = (AXFetchResponseAttribute) hashMap.get(substring);
                    if (aXFetchResponseAttribute == null) {
                        aXFetchResponseAttribute = new AXFetchResponseAttribute(substring);
                        hashMap.put(substring, aXFetchResponseAttribute);
                    }
                    aXFetchResponseAttribute.setAttributeType(urlDecode4);
                } else if (name4.startsWith("openid." + str + ".value.")) {
                    String substring2 = name4.substring(("openid." + str + ".value.").length());
                    AXFetchResponseAttribute aXFetchResponseAttribute2 = (AXFetchResponseAttribute) hashMap.get(substring2);
                    if (aXFetchResponseAttribute2 == null) {
                        aXFetchResponseAttribute2 = new AXFetchResponseAttribute(substring2);
                        hashMap.put(substring2, aXFetchResponseAttribute2);
                    }
                    aXFetchResponseAttribute2.setValue(urlDecode4);
                }
            }
            linkedList.addAll(hashMap.values());
            for (AXFetchResponseAttribute aXFetchResponseAttribute3 : linkedList) {
                if (hashSet.contains(String.valueOf(str) + ".type." + aXFetchResponseAttribute3.getAlias()) && hashSet.contains(String.valueOf(str) + ".value." + aXFetchResponseAttribute3.getAlias())) {
                    aXFetchResponseAttribute3.setSigned(true);
                }
            }
        }
        return linkedList;
    }

    public PAPEResponse getPAPEResponse(ConversationID conversationID) {
        byte[] content;
        Request request = this.model.getRequest(conversationID);
        String method = request.getMethod();
        NamedValue[] namedValueArr = (NamedValue[]) null;
        if (FormTag.GET.equals(method)) {
            String query = request.getURL().getQuery();
            if (query != null) {
                namedValueArr = NamedValue.splitNamedValues(query, "&", AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
            }
        } else if ("POST".equals(method) && (content = request.getContent()) != null && content.length > 0) {
            namedValueArr = NamedValue.splitNamedValues(new String(content), "&", AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
        }
        if (namedValueArr == null) {
            return null;
        }
        String str = null;
        int i = 0;
        while (true) {
            if (i >= namedValueArr.length) {
                break;
            }
            String name = namedValueArr[i].getName();
            String urlDecode = Encoding.urlDecode(namedValueArr[i].getValue());
            if (name.startsWith("openid.ns.") && PapeMessage.OPENID_NS_PAPE.equals(urlDecode)) {
                str = name.substring("openid.ns.".length());
                break;
            }
            i++;
        }
        if (str == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        int i2 = 0;
        while (true) {
            if (i2 >= namedValueArr.length) {
                break;
            }
            String name2 = namedValueArr[i2].getName();
            String urlDecode2 = Encoding.urlDecode(namedValueArr[i2].getValue());
            if (name2.equals("openid.signed")) {
                hashSet.addAll(Arrays.asList(urlDecode2.split(CodeFormatter.DEFAULT_S_DELIM)));
                break;
            }
            i2++;
        }
        PAPEResponse pAPEResponse = new PAPEResponse();
        boolean z = true;
        for (int i3 = 0; i3 < namedValueArr.length; i3++) {
            String name3 = namedValueArr[i3].getName();
            String urlDecode3 = Encoding.urlDecode(namedValueArr[i3].getValue());
            if (name3.startsWith("openid." + str) && !hashSet.contains(name3.substring("openid.".length()))) {
                z = false;
            }
            if (name3.equals("openid." + str + ".auth_time")) {
                pAPEResponse.setAuthenticationTime(urlDecode3);
            } else if (name3.equals("openid." + str + ".auth_policies")) {
                HashSet hashSet2 = new HashSet(Arrays.asList(urlDecode3.split(Association.FAILED_ASSOC_HANDLE)));
                if (hashSet2.contains(PapeMessage.PAPE_POLICY_PHISHING_RESISTANT)) {
                    pAPEResponse.setPhishingResistant(true);
                }
                if (hashSet2.contains(PapeMessage.PAPE_POLICY_MULTI_FACTOR)) {
                    pAPEResponse.setMultiFactor(true);
                }
                if (hashSet2.contains(PapeMessage.PAPE_POLICY_MULTI_FACTOR_PHYSICAL)) {
                    pAPEResponse.setMultiFactorPhysical(true);
                }
            }
        }
        if (!hashSet.contains("ns." + str)) {
            z = false;
        }
        pAPEResponse.setSigned(z);
        return pAPEResponse;
    }

    public Association establishAssociation(String str, AssociationSessionType associationSessionType) throws Exception {
        DiffieHellmanSession create = associationSessionType.getHAlgorithm() != null ? DiffieHellmanSession.create(associationSessionType, DiffieHellmanSession.getDefaultParameter()) : null;
        AssociationRequest createAssociationRequest = AssociationRequest.createAssociationRequest(associationSessionType, create);
        Request request = new Request();
        request.setMethod("POST");
        request.setURL(new HttpUrl(str));
        request.setHeader("Content-Type", "application/x-www-form-urlencoded");
        StringBuffer stringBuffer = new StringBuffer();
        for (Map.Entry entry : createAssociationRequest.getParameterMap().entrySet()) {
            if (stringBuffer.length() != 0) {
                stringBuffer.append("&");
            }
            stringBuffer.append(entry.getKey());
            stringBuffer.append(AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
            stringBuffer.append(Encoding.urlEncode((String) entry.getValue()));
        }
        request.setHeader("Content-Length", Integer.toString(stringBuffer.length()));
        request.setContent(stringBuffer.toString().getBytes());
        Response fetchResponse = HTTPClientFactory.getInstance().fetchResponse(request);
        if ("200".equals(fetchResponse.getStatus())) {
            return AssociationResponse.createAssociationResponse(ParameterList.createFromKeyValueForm(new String(fetchResponse.getContent()))).getAssociation(create);
        }
        throw new RuntimeException("invalid status return code: " + fetchResponse.getStatus());
    }

    public boolean isOpenIDRequestMessage(ConversationID conversationID) {
        String conversationProperty = this.model.getConversationProperty(conversationID, "OPENID_MODE");
        return conversationProperty != null && AuthRequest.MODE_SETUP.equals(conversationProperty);
    }

    public String getOPUrl(ConversationID conversationID) {
        if (isOpenIDRequestMessage(conversationID)) {
            return this.model.getRequestUrl(conversationID).getSHPP();
        }
        return null;
    }
}
