package com.ibm.ws.security.openid20.client;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.security.openid20.util.MessageHelper;
import com.ibm.ws.security.openid20.util.OidUtil;
import javax.net.ssl.SSLContext;
import org.openid4java.association.AssociationException;
import org.openid4java.association.AssociationSessionType;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.InMemoryConsumerAssociationStore;
import org.openid4java.consumer.InMemoryNonceVerifier;
import org.openid4java.discovery.Discovery;
import org.openid4java.discovery.html.HtmlResolver;
import org.openid4java.discovery.yadis.YadisResolver;
import org.openid4java.message.AuthRequest;
import org.openid4java.server.RealmVerifierFactory;
import org.openid4java.util.HttpFetcherFactory;

/* loaded from: input_file:com/ibm/ws/security/openid20/client/ConsumerManagerFactory.class */
public class ConsumerManagerFactory {
    private static final TraceComponent tc = Tr.register(ConsumerManagerFactory.class, MessageHelper._TR_GROUP, MessageHelper._MSG_FILE);
    private ConsumerManager consumerManager;

    public ConsumerManagerFactory(ConsumerManager consumerManager) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "ConsumerManagerFactory(consumerManager[" + OidUtil.getObjState(consumerManager) + "])");
        }
        this.consumerManager = consumerManager;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addToSubjectAsPublicCredentials");
        }
    }

    public ConsumerManager getConsumerManager(OpenIDClientConfig openIDClientConfig, SSLContext sSLContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getConsumerManager(openidClientConfig[" + OidUtil.getObjState(openIDClientConfig) + "],sslContext[" + OidUtil.getObjState(sSLContext) + "])");
        }
        HttpFetcherFactory httpFetcherFactory = getHttpFetcherFactory(sSLContext, openIDClientConfig);
        YadisResolver yadisResolver = new YadisResolver(httpFetcherFactory);
        this.consumerManager = createConsumerManager(httpFetcherFactory, new RealmVerifierFactory(yadisResolver), new Discovery(new HtmlResolver(httpFetcherFactory), yadisResolver, Discovery.getXriResolver()), openIDClientConfig);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getConsumerManager returns consumerManager [" + OidUtil.getObjState(this.consumerManager) + "]");
        }
        return this.consumerManager;
    }

    protected ConsumerManager createConsumerManager(HttpFetcherFactory httpFetcherFactory, RealmVerifierFactory realmVerifierFactory, Discovery discovery, OpenIDClientConfig openIDClientConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createConsumerManager(httpFetcherFactory[" + OidUtil.getObjState(httpFetcherFactory) + "],realmFactory[" + OidUtil.getObjState(realmVerifierFactory) + "],discovery[" + OidUtil.getObjState(discovery) + "],openidClientConfig[" + OidUtil.getObjState(openIDClientConfig) + "])");
        }
        ConsumerManager consumerManager = new ConsumerManager(realmVerifierFactory, discovery, httpFetcherFactory);
        consumerManager.setSocketTimeout((int) openIDClientConfig.getSocketTimeout());
        consumerManager.setConnectTimeout((int) openIDClientConfig.getConnectTimeout());
        consumerManager.setAllowStateless(openIDClientConfig.getAllowStateless());
        consumerManager.setMaxAssocAttempts(openIDClientConfig.getMaxAssociationAttemps());
        if (openIDClientConfig.getMaxAssociationAttemps() > 0) {
            try {
                AssociationSessionType create = AssociationSessionType.create(openIDClientConfig.getSessionEncryptionType(), openIDClientConfig.getSignatureAlgorithm());
                consumerManager.setPrefAssocSessEnc(create);
                consumerManager.setMinAssocSessEnc(create);
            } catch (AssociationException e) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Un-expected exception while performing association type create", e);
                }
            }
        }
        consumerManager.setAssociations(new InMemoryConsumerAssociationStore());
        consumerManager.setNonceVerifier(new InMemoryNonceVerifier((int) openIDClientConfig.getNonceValidTime()));
        consumerManager.setMaxNonceAge((int) openIDClientConfig.getNonceValidTime());
        if (AuthRequest.MODE_IMMEDIATE.equals(openIDClientConfig.getAuthenticationMode())) {
            consumerManager.setImmediateAuth(true);
        } else {
            consumerManager.setImmediateAuth(false);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "isImmediateAuth:" + consumerManager.isImmediateAuth());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createConsumerManager returns consumerManager [" + OidUtil.getObjState(consumerManager) + "]");
        }
        return consumerManager;
    }

    protected HttpFetcherFactory getHttpFetcherFactory(SSLContext sSLContext, OpenIDClientConfig openIDClientConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getHttpFetcherFactory(sslContext[" + OidUtil.getObjState(sSLContext) + "],openidClientConfig[" + OidUtil.getObjState(openIDClientConfig) + "])");
        }
        OpenIDHttpFetcherFactory openIDHttpFetcherFactory = openIDClientConfig.isHostNameVerificationEnabled() ? new OpenIDHttpFetcherFactory(sSLContext, openIDClientConfig) : new OpenIDHttpFetcherFactory(sSLContext, new OpenIDDefaultHostnameVerifier(), openIDClientConfig);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getHttpFetcherFactory returns HttpFetcherFactory [" + OidUtil.getObjState(openIDHttpFetcherFactory) + "]");
        }
        return openIDHttpFetcherFactory;
    }
}
