package org.owasp.webscarab.plugin.openid;

import flex.messaging.io.amf.client.AMFConnection;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.bsf.util.cf.CodeFormatter;
import org.bouncycastle.util.encoders.Base64;
import org.htmlparser.tags.FormTag;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.Message;
import org.openid4java.message.ax.AxMessage;
import org.owasp.webscarab.httpclient.HTTPClient;
import org.owasp.webscarab.model.HttpUrl;
import org.owasp.webscarab.model.NamedValue;
import org.owasp.webscarab.model.Request;
import org.owasp.webscarab.model.Response;
import org.owasp.webscarab.util.Encoding;

/* loaded from: input_file:main/WebScarab-1.0.0-SNAPSHOT.jar:org/owasp/webscarab/plugin/openid/OpenIdHTTPClient.class */
public class OpenIdHTTPClient implements HTTPClient {
    private final HTTPClient httpClient;
    private final OpenIdProxyConfig openIdProxyConfig;

    public OpenIdHTTPClient(HTTPClient hTTPClient, OpenIdProxyConfig openIdProxyConfig) {
        this.httpClient = hTTPClient;
        this.openIdProxyConfig = openIdProxyConfig;
    }

    @Override // org.owasp.webscarab.httpclient.HTTPClient
    public Response fetchResponse(Request request) throws IOException {
        String str;
        if (!this.openIdProxyConfig.doSomething()) {
            return this.httpClient.fetchResponse(request);
        }
        str = "";
        str = this.openIdProxyConfig.doCorruptSignature() ? String.valueOf(str) + corruptSignature(request) : "";
        if (this.openIdProxyConfig.doRemoveSignature()) {
            str = String.valueOf(str) + removeSignature(request);
        }
        if (this.openIdProxyConfig.doRemoveRequestedAttribute()) {
            str = String.valueOf(str) + removeRequestedAttribute(request);
        }
        if (this.openIdProxyConfig.doAppendAttribute()) {
            str = String.valueOf(str) + appendAttribute(request);
        }
        if (this.openIdProxyConfig.doRemoveRequestAssociationHandle()) {
            str = String.valueOf(str) + removeRequestAssociationHandle(request);
        }
        if (this.openIdProxyConfig.doRemoveResponseAssociationHandle()) {
            str = String.valueOf(str) + removeResponseAssociationHandle(request);
        }
        if (!str.isEmpty()) {
            request.addHeader("X-OpenIDProxy", str);
        }
        return this.httpClient.fetchResponse(request);
    }

    private NamedValue[] getParameters(Request request) {
        byte[] content;
        String method = request.getMethod();
        if (FormTag.GET.equals(method)) {
            String query = request.getURL().getQuery();
            if (query == null) {
                return null;
            }
            return NamedValue.splitNamedValues(query, "&", AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
        }
        if (!"POST".equals(method) || (content = request.getContent()) == null || content.length == 0) {
            return null;
        }
        return NamedValue.splitNamedValues(new String(content), "&", AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
    }

    private String removeSignature(Request request) {
        NamedValue[] parameters = getParameters(request);
        if (parameters == null) {
            return "";
        }
        boolean z = false;
        for (int i = 0; i < parameters.length; i++) {
            String name = parameters[i].getName();
            if ("openid.sig".equals(name)) {
                parameters[i] = null;
                z = true;
            }
            if ("openid.signed".equals(name)) {
                parameters[i] = null;
                z = true;
            }
        }
        if (!z) {
            return "";
        }
        updateParameters(parameters, request);
        return "remove signature;";
    }

    private void updateParameters(NamedValue[] namedValueArr, Request request) {
        updateParameters(namedValueArr, null, request);
    }

    private void updateParameters(NamedValue[] namedValueArr, List list, Request request) {
        if (!FormTag.GET.equals(request.getMethod())) {
            updateRequestPostParameters(namedValueArr, list, request);
            return;
        }
        try {
            setNewUrl(request.getURL(), namedValueArr, list, request);
        } catch (MalformedURLException e) {
            Logger.getLogger(OpenIdHTTPClient.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e);
        }
    }

    private String corruptSignature(Request request) {
        NamedValue[] parameters = getParameters(request);
        if (parameters == null) {
            return "";
        }
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= parameters.length) {
                break;
            }
            String name = parameters[i].getName();
            String urlDecode = Encoding.urlDecode(parameters[i].getValue());
            if ("openid.sig".equals(name)) {
                byte[] decode = Base64.decode(urlDecode);
                decode[0] = (byte) (decode[0] + 1);
                parameters[i] = new NamedValue(name, new String(Base64.encode(decode)));
                z = true;
                break;
            }
            i++;
        }
        if (!z) {
            return "";
        }
        updateParameters(parameters, request);
        return "corrupt signature;";
    }

    private void updateRequestPostParameters(NamedValue[] namedValueArr, List list, Request request) {
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < namedValueArr.length; i++) {
            if (namedValueArr[i] != null) {
                if (stringBuffer.length() > 1) {
                    stringBuffer.append("&");
                }
                stringBuffer.append(namedValueArr[i].getName());
                stringBuffer.append(AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
                stringBuffer.append(namedValueArr[i].getValue());
            }
        }
        if (list != null) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                NamedValue namedValue = (NamedValue) it.next();
                if (stringBuffer.length() > 1) {
                    stringBuffer.append("&");
                }
                stringBuffer.append(namedValue.getName());
                stringBuffer.append(AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
                stringBuffer.append(namedValue.getValue());
            }
        }
        request.setContent(stringBuffer.toString().getBytes());
    }

    private void setNewUrl(HttpUrl httpUrl, NamedValue[] namedValueArr, Request request) throws MalformedURLException {
        setNewUrl(httpUrl, namedValueArr, null, request);
    }

    private void setNewUrl(HttpUrl httpUrl, NamedValue[] namedValueArr, List list, Request request) throws MalformedURLException {
        StringBuffer stringBuffer = new StringBuffer("?");
        for (int i = 0; i < namedValueArr.length; i++) {
            if (namedValueArr[i] != null) {
                if (stringBuffer.length() > 1) {
                    stringBuffer.append("&");
                }
                stringBuffer.append(namedValueArr[i].getName());
                stringBuffer.append(AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
                stringBuffer.append(namedValueArr[i].getValue());
            }
        }
        if (list != null) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                NamedValue namedValue = (NamedValue) it.next();
                stringBuffer.append("&");
                stringBuffer.append(namedValue.getName());
                stringBuffer.append(AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
                stringBuffer.append(namedValue.getValue());
            }
        }
        request.setURL(new HttpUrl(String.valueOf(httpUrl.getSHPP()) + stringBuffer.toString()));
    }

    private String removeRequestAssociationHandle(Request request) {
        NamedValue[] parameters = getParameters(request);
        if (parameters == null) {
            return "";
        }
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= parameters.length) {
                break;
            }
            String name = parameters[i].getName();
            String urlDecode = Encoding.urlDecode(parameters[i].getValue());
            if (!"openid.mode".equals(name)) {
                i++;
            } else if (AuthRequest.MODE_SETUP.equals(urlDecode)) {
                z = true;
            }
        }
        if (!z) {
            return "";
        }
        boolean z2 = false;
        int i2 = 0;
        while (true) {
            if (i2 >= parameters.length) {
                break;
            }
            if ("openid.assoc_handle".equals(parameters[i2].getName())) {
                parameters[i2] = null;
                z2 = true;
                break;
            }
            i2++;
        }
        if (!z2) {
            return "";
        }
        updateParameters(parameters, request);
        return "removed request assoc_handle;";
    }

    private String removeResponseAssociationHandle(Request request) {
        NamedValue[] parameters = getParameters(request);
        if (parameters == null) {
            return "";
        }
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= parameters.length) {
                break;
            }
            String name = parameters[i].getName();
            String urlDecode = Encoding.urlDecode(parameters[i].getValue());
            if (!"openid.mode".equals(name)) {
                i++;
            } else if (Message.MODE_IDRES.equals(urlDecode)) {
                z = true;
            }
        }
        if (!z) {
            return "";
        }
        boolean z2 = false;
        int i2 = 0;
        while (true) {
            if (i2 >= parameters.length) {
                break;
            }
            if ("openid.assoc_handle".equals(parameters[i2].getName())) {
                parameters[i2] = null;
                z2 = true;
                break;
            }
            i2++;
        }
        if (!z2) {
            return "";
        }
        updateParameters(parameters, request);
        return "removed response assoc_handle;";
    }

    private String removeRequestedAttribute(Request request) {
        NamedValue[] parameters = getParameters(request);
        if (parameters == null) {
            return "";
        }
        String str = null;
        int i = 0;
        while (true) {
            if (i < parameters.length) {
                String name = parameters[i].getName();
                String urlDecode = Encoding.urlDecode(parameters[i].getValue());
                if (name.startsWith("openid.ns.") && AxMessage.OPENID_NS_AX.equals(urlDecode)) {
                    str = name.substring("openid.ns.".length());
                    break;
                }
                i++;
            } else {
                break;
            }
        }
        if (str == null) {
            return "";
        }
        HashSet hashSet = new HashSet();
        int i2 = -1;
        int i3 = 0;
        while (true) {
            if (i3 >= parameters.length) {
                break;
            }
            String name2 = parameters[i3].getName();
            String urlDecode2 = Encoding.urlDecode(parameters[i3].getValue());
            if (name2.equals("openid." + str + ".required")) {
                hashSet.addAll(Arrays.asList(urlDecode2.split(CodeFormatter.DEFAULT_S_DELIM)));
                i2 = i3;
                break;
            }
            i3++;
        }
        HashSet hashSet2 = new HashSet();
        int i4 = -1;
        int i5 = 0;
        while (true) {
            if (i5 >= parameters.length) {
                break;
            }
            String name3 = parameters[i5].getName();
            String urlDecode3 = Encoding.urlDecode(parameters[i5].getValue());
            if (name3.equals("openid." + str + ".if_available")) {
                hashSet2.addAll(Arrays.asList(urlDecode3.split(CodeFormatter.DEFAULT_S_DELIM)));
                i4 = i5;
                break;
            }
            i5++;
        }
        String str2 = null;
        String removeAttributeType = this.openIdProxyConfig.getRemoveAttributeType();
        int i6 = 0;
        while (true) {
            if (i6 < parameters.length) {
                String name4 = parameters[i6].getName();
                String urlDecode4 = Encoding.urlDecode(parameters[i6].getValue());
                if (name4.startsWith("openid." + str + ".type.") && urlDecode4.equals(removeAttributeType)) {
                    str2 = name4.substring(("openid." + str + ".type.").length());
                    parameters[i6] = null;
                    break;
                }
                i6++;
            } else {
                break;
            }
        }
        if (str2 == null) {
            return "";
        }
        hashSet.remove(str2);
        Iterator it = hashSet.iterator();
        String str3 = "";
        while (it.hasNext()) {
            str3 = String.valueOf(str3) + ((String) it.next());
            if (it.hasNext()) {
                str3 = String.valueOf(str3) + CodeFormatter.DEFAULT_S_DELIM;
            }
        }
        parameters[i2] = new NamedValue(parameters[i2].getName(), str3);
        hashSet2.remove(str2);
        Iterator it2 = hashSet2.iterator();
        String str4 = "";
        while (it2.hasNext()) {
            str4 = String.valueOf(str4) + ((String) it2.next());
            if (it2.hasNext()) {
                str4 = String.valueOf(str4) + CodeFormatter.DEFAULT_S_DELIM;
            }
        }
        parameters[i4] = new NamedValue(parameters[i4].getName(), str4);
        updateParameters(parameters, request);
        return "removed attribute request;";
    }

    private String appendAttribute(Request request) {
        NamedValue[] parameters = getParameters(request);
        if (parameters == null) {
            return "";
        }
        boolean z = false;
        int i = 0;
        while (true) {
            if (i < parameters.length) {
                String name = parameters[i].getName();
                String urlDecode = Encoding.urlDecode(parameters[i].getValue());
                if ("openid.mode".equals(name) && Message.MODE_IDRES.equals(urlDecode)) {
                    z = true;
                    break;
                }
                i++;
            } else {
                break;
            }
        }
        if (!z) {
            return "";
        }
        String str = null;
        int i2 = 0;
        while (true) {
            if (i2 < parameters.length) {
                String name2 = parameters[i2].getName();
                String urlDecode2 = Encoding.urlDecode(parameters[i2].getValue());
                if (name2.startsWith("openid.ns.") && AxMessage.OPENID_NS_AX.equals(urlDecode2)) {
                    str = name2.substring("openid.ns.".length());
                    break;
                }
                i2++;
            } else {
                break;
            }
        }
        LinkedList linkedList = new LinkedList();
        if (str == null) {
            str = "ax";
            linkedList.add(new NamedValue("openid.ns." + str, AxMessage.OPENID_NS_AX));
            linkedList.add(new NamedValue("openid." + str + ".mode", "fetch_response"));
        }
        String appendAttributeAlias = this.openIdProxyConfig.getAppendAttributeAlias();
        String appendAttributeType = this.openIdProxyConfig.getAppendAttributeType();
        String appendAttributeValue = this.openIdProxyConfig.getAppendAttributeValue();
        linkedList.add(new NamedValue("openid." + str + ".type." + appendAttributeAlias, Encoding.urlEncode(appendAttributeType)));
        linkedList.add(new NamedValue("openid." + str + ".value." + appendAttributeAlias, Encoding.urlEncode(appendAttributeValue)));
        updateParameters(parameters, linkedList, request);
        return "add attribute response;";
    }
}
