package org.openid4java.server;

import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.openid4java.discovery.yadis.YadisResolver;

/* loaded from: input_file:org/openid4java/server/RealmVerifier.class */
public class RealmVerifier {
    private static Log _log;
    private static final boolean DEBUG;
    public static final int OK = 0;
    public static final int DENIED_REALM = 1;
    public static final int MALFORMED_REALM = 2;
    public static final int MALFORMED_RETURN_TO_URL = 3;
    public static final int FRAGMENT_NOT_ALLOWED = 4;
    public static final int PROTOCOL_MISMATCH = 5;
    public static final int PORT_MISMATCH = 6;
    public static final int PATH_MISMATCH = 7;
    public static final int DOMAIN_MISMATCH = 8;
    public static final int RP_DISCOVERY_FAILED = 9;
    public static final int RP_INVALID_ENDPOINT = 10;
    private List _deniedRealmDomains = new ArrayList();
    private List _deniedRealmRegExps;
    private YadisResolver _yadisResolver;
    private boolean _enforceRpId;
    static Class class$org$openid4java$server$RealmVerifier;

    public RealmVerifier() {
        addDeniedRealmDomain("\\*\\.[^\\.]+");
        addDeniedRealmDomain("\\*\\.[a-z]{2}\\.[a-z]{2}");
        this._yadisResolver = new YadisResolver();
        this._enforceRpId = true;
    }

    public void addDeniedRealmDomain(String str) {
        this._deniedRealmDomains.add(str);
        compileDeniedRealms();
    }

    public List getDeniedRealmDomains() {
        return this._deniedRealmDomains;
    }

    public void setDeniedRealmDomains(List list) {
        this._deniedRealmDomains = list;
        compileDeniedRealms();
    }

    private void compileDeniedRealms() {
        this._deniedRealmRegExps = new ArrayList(this._deniedRealmDomains.size());
        for (int i = 0; i < this._deniedRealmDomains.size(); i++) {
            this._deniedRealmRegExps.add(Pattern.compile((String) this._deniedRealmDomains.get(i), 2));
        }
    }

    public boolean getEnforceRpId() {
        return this._enforceRpId;
    }

    public void setEnforceRpId(boolean z) {
        this._enforceRpId = z;
    }

    public int validate(String str, String str2) {
        return validate(str, str2, this._enforceRpId);
    }

    /* JADX WARN: Code restructure failed: missing block: B:20:0x00c6, code lost:
    
        org.openid4java.server.RealmVerifier._log.info(new java.lang.StringBuffer().append("Return URL: ").append(r7).append(" matched discovered RP endpoint: ").append(r0).toString());
        r9 = 0;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public int validate(java.lang.String r6, java.lang.String r7, boolean r8) {
        /*
            Method dump skipped, instructions count: 412
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.openid4java.server.RealmVerifier.validate(java.lang.String, java.lang.String, boolean):int");
    }

    public int match(String str, String str2) {
        if (DEBUG) {
            _log.debug(new StringBuffer().append("Verifying realm: ").append(str).append(" on return URL: ").append(str2).toString());
        }
        try {
            URL url = new URL(str);
            String host = url.getHost();
            if (isDeniedRealmDomain(host)) {
                _log.warn(new StringBuffer().append("Blacklisted realm domain: ").append(host).toString());
                return 1;
            }
            try {
                URL url2 = new URL(str2);
                if (url.getRef() != null) {
                    if (!DEBUG) {
                        return 4;
                    }
                    _log.debug("Realm verification failed: URL fragments are not allowed.");
                    return 4;
                }
                if (!url.getProtocol().equalsIgnoreCase(url2.getProtocol())) {
                    if (!DEBUG) {
                        return 5;
                    }
                    _log.debug("Realm verification failed: protocol mismatch.");
                    return 5;
                }
                if (!domainMatch(host, url2.getHost())) {
                    if (!DEBUG) {
                        return 8;
                    }
                    _log.debug("Realm verification failed: domain mismatch.");
                    return 8;
                }
                if (!portMatch(url, url2)) {
                    if (!DEBUG) {
                        return 6;
                    }
                    _log.debug("Realm verification failed: port mismatch.");
                    return 6;
                }
                if (pathMatch(url, url2)) {
                    _log.info(new StringBuffer().append("Return URL: ").append(str2).append(" matches realm: ").append(str).toString());
                    return 0;
                }
                if (!DEBUG) {
                    return 7;
                }
                _log.debug("Realm verification failed: path mismatch.");
                return 7;
            } catch (MalformedURLException e) {
                _log.error(new StringBuffer().append("Invalid return URL: ").append(str2).toString());
                return 3;
            }
        } catch (MalformedURLException e2) {
            _log.error(new StringBuffer().append("Invalid realm URL: ").append(str).toString(), e2);
            return 2;
        }
    }

    private boolean isDeniedRealmDomain(String str) {
        for (int i = 0; i < this._deniedRealmRegExps.size(); i++) {
            if (((Pattern) this._deniedRealmRegExps.get(i)).matcher(str).matches()) {
                return true;
            }
        }
        return false;
    }

    private boolean portMatch(URL url, URL url2) {
        int port = url.getPort();
        int port2 = url2.getPort();
        if (port == -1) {
            port = url.getDefaultPort();
        }
        if (port2 == -1) {
            port2 = url2.getDefaultPort();
        }
        return port == port2;
    }

    private boolean pathMatch(URL url, URL url2) {
        String path = url.getPath();
        String path2 = url2.getPath();
        if (!path.endsWith("/")) {
            path = new StringBuffer().append(path).append("/").toString();
        }
        if (!path2.endsWith("/")) {
            path2 = new StringBuffer().append(path2).append("/").toString();
        }
        return path2.startsWith(path);
    }

    private boolean domainMatch(String str, String str2) {
        if (!str.startsWith("*.")) {
            return str.equalsIgnoreCase(str2);
        }
        return new StringBuffer().append(".").append(str2.toLowerCase()).toString().endsWith(str.substring(1).toLowerCase());
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$openid4java$server$RealmVerifier == null) {
            cls = class$("org.openid4java.server.RealmVerifier");
            class$org$openid4java$server$RealmVerifier = cls;
        } else {
            cls = class$org$openid4java$server$RealmVerifier;
        }
        _log = LogFactory.getLog(cls);
        DEBUG = _log.isDebugEnabled();
    }
}
