package com.ibm.ws.security.openid20.consumer;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.openid20.OpenidClientConfig;
import com.ibm.ws.security.openid20.TraceConstants;
import javax.net.ssl.SSLContext;
import org.openid4java.association.AssociationException;
import org.openid4java.association.AssociationSessionType;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.InMemoryConsumerAssociationStore;
import org.openid4java.consumer.InMemoryNonceVerifier;
import org.openid4java.discovery.Discovery;
import org.openid4java.discovery.html.HtmlResolver;
import org.openid4java.discovery.yadis.YadisResolver;
import org.openid4java.server.RealmVerifierFactory;
import org.openid4java.util.HttpFetcherFactory;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/openid20/consumer/ConsumerManagerFactory.class */
public class ConsumerManagerFactory {
    static final TraceComponent tc = Tr.register(ConsumerManagerFactory.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);
    public ConsumerManager consumerManager;
    static final long serialVersionUID = -6683434808831389760L;

    public ConsumerManagerFactory(ConsumerManager consumerManager) {
        this.consumerManager = consumerManager;
    }

    public ConsumerManager getConsumerManager(OpenidClientConfig openidClientConfig, SSLContext sSLContext) {
        HttpFetcherFactory httpFetcherFactory = getHttpFetcherFactory(sSLContext, openidClientConfig);
        YadisResolver yadisResolver = new YadisResolver(httpFetcherFactory);
        this.consumerManager = createConsumerManager(httpFetcherFactory, new RealmVerifierFactory(yadisResolver), new Discovery(new HtmlResolver(httpFetcherFactory), yadisResolver, Discovery.getXriResolver()), openidClientConfig);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "discover socket time out: " + this.consumerManager.getDiscovery().getYadisResolver().getHttpFetcher().getRequestOptions().getSocketTimeout(), new Object[0]);
            Tr.debug(tc, "discover conection time out: " + this.consumerManager.getDiscovery().getYadisResolver().getHttpFetcher().getRequestOptions().getConnTimeout(), new Object[0]);
        }
        return this.consumerManager;
    }

    protected ConsumerManager createConsumerManager(HttpFetcherFactory httpFetcherFactory, RealmVerifierFactory realmVerifierFactory, Discovery discovery, OpenidClientConfig openidClientConfig) {
        ConsumerManager consumerManager = new ConsumerManager(realmVerifierFactory, discovery, httpFetcherFactory);
        consumerManager.setSocketTimeout((int) openidClientConfig.getSocketTimeout());
        consumerManager.setConnectTimeout((int) openidClientConfig.getConnectTimeout());
        consumerManager.setAllowStateless(openidClientConfig.getAllowStateless());
        consumerManager.setMaxAssocAttempts(openidClientConfig.getMaxAssociationAttemps());
        if (openidClientConfig.getMaxAssociationAttemps() > 0) {
            try {
                AssociationSessionType create = AssociationSessionType.create(openidClientConfig.getSessionEncryptionType(), openidClientConfig.getSignatureAlgorithm());
                consumerManager.setPrefAssocSessEnc(create);
                consumerManager.setMinAssocSessEnc(create);
            } catch (AssociationException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.openid20.consumer.ConsumerManagerFactory", "83", this, new Object[]{httpFetcherFactory, realmVerifierFactory, discovery, openidClientConfig});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Un-expected exception while performing association type create", new Object[]{e});
                }
            }
        }
        consumerManager.setAssociations(new InMemoryConsumerAssociationStore());
        consumerManager.setNonceVerifier(new InMemoryNonceVerifier((int) openidClientConfig.getNonceValidTime()));
        consumerManager.setMaxNonceAge((int) openidClientConfig.getNonceValidTime());
        consumerManager.setImmediateAuth(openidClientConfig.isCheckImmediate());
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "isImmediateAuth:" + consumerManager.isImmediateAuth(), new Object[0]);
        }
        return consumerManager;
    }

    protected HttpFetcherFactory getHttpFetcherFactory(SSLContext sSLContext, OpenidClientConfig openidClientConfig) {
        return openidClientConfig.isHostNameVerificationEnabled() ? new OpenidHttpFetcherFactory(sSLContext, openidClientConfig) : new OpenidHttpFetcherFactory(sSLContext, new DefaultHostnameVerifier(), openidClientConfig);
    }
}
