package edu.uiuc.ncsa.oa4mp.oauth2.client;

import edu.uiuc.ncsa.myproxy.oa4mp.client.Asset;
import edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse;
import edu.uiuc.ncsa.myproxy.oa4mp.client.ClientEnvironment;
import edu.uiuc.ncsa.myproxy.oa4mp.client.OA4MPService;
import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.core.exceptions.NFWException;
import edu.uiuc.ncsa.security.delegation.client.request.DelegatedAssetRequest;
import edu.uiuc.ncsa.security.delegation.client.request.DelegatedAssetResponse;
import edu.uiuc.ncsa.security.delegation.client.request.RTRequest;
import edu.uiuc.ncsa.security.delegation.client.request.RTResponse;
import edu.uiuc.ncsa.security.delegation.client.request.UIRequest;
import edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant;
import edu.uiuc.ncsa.security.delegation.token.Verifier;
import edu.uiuc.ncsa.security.oauth_2_0.NonceHerder;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Scopes;
import edu.uiuc.ncsa.security.oauth_2_0.UserInfo;
import edu.uiuc.ncsa.security.oauth_2_0.client.ATResponse2;
import edu.uiuc.ncsa.security.oauth_2_0.client.DS2;
import edu.uiuc.ncsa.security.oauth_2_0.server.InvalidNonceException;
import edu.uiuc.ncsa.security.util.pkcs.CertUtil;
import edu.uiuc.ncsa.security.util.pkcs.KeyUtil;
import edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest;
import edu.uiuc.ncsa.security.util.pkcs.PEMFormatUtil;
import java.net.URLEncoder;
import java.security.KeyPair;
import java.util.Date;
import java.util.HashSet;
import java.util.Map;
import net.sf.json.JSONObject;

/* loaded from: input_file:edu/uiuc/ncsa/oa4mp/oauth2/client/OA2MPService.class */
public class OA2MPService extends OA4MPService {
    private static final boolean MANUAL_TEST = false;
    protected String requestedScopes;

    public void preGetCert(Asset asset, Map map) {
        KeyPair generateKeyPair;
        super.preGetCert(asset, map);
        map.put("certreq", PEMFormatUtil.bytesToChunkedString(asset.getCertReq().getEncoded()));
        if (!map.containsKey(getEnvironment().getConstants().get("oa4mp:callback_uri"))) {
            map.put(getEnvironment().getConstants().get("oa4mp:callback_uri"), getEnvironment().getCallback().toString());
        }
        if (0 <= getEnvironment().getCertLifetime()) {
            map.put("certlifetime", Long.valueOf(getEnvironment().getCertLifetime()));
        }
        if (asset.getCertificates() != null) {
            MyPKCS10CertRequest certReq = asset.getCertReq();
            if (certReq == null) {
                try {
                    generateKeyPair = KeyUtil.generateKeyPair();
                    asset.setPrivateKey(generateKeyPair.getPrivate());
                } catch (Throwable th) {
                    getEnvironment().getMyLogger().warn("Unable to generate a new keypair.", th);
                    if (!(th instanceof RuntimeException)) {
                        throw new GeneralException("Unable to generate a new keypair.", th);
                    }
                    throw ((RuntimeException) th);
                }
            } else {
                generateKeyPair = new KeyPair(certReq.getPublicKey(), asset.getPrivateKey());
            }
            if (asset.getPrivateKey() == null) {
                NFWException nFWException = new NFWException("Error: The private key is missing. The internal state of the asset is invalid");
                getEnvironment().getMyLogger().warn("Error: The private key is missing. The internal state of the asset is invalid", nFWException);
                throw nFWException;
            }
            try {
                asset.setCertReq(CertUtil.createCertRequest(generateKeyPair));
            } catch (Throwable th2) {
                getEnvironment().getMyLogger().warn("Error: could not create cert request.", th2);
                if (!(th2 instanceof RuntimeException)) {
                    throw new GeneralException("Error: could not create cert request.", th2);
                }
                throw ((RuntimeException) th2);
            }
        }
    }

    protected Map<String, String> getATParameters(Asset asset, AuthorizationGrant authorizationGrant, Verifier verifier) {
        Map<String, String> aTParameters = super.getATParameters(asset, authorizationGrant, verifier);
        OA2Asset oA2Asset = (OA2Asset) asset;
        if (oA2Asset == null) {
            throw new GeneralException("Asset not found. You may need to clear your browser cookies.");
        }
        aTParameters.put("nonce", oA2Asset.getNonce());
        aTParameters.put("state", oA2Asset.getState());
        return aTParameters;
    }

    public String getRequestedScopes() {
        if (this.requestedScopes == null) {
            boolean z = true;
            String[] strArr = OA2Scopes.basicScopes;
            HashSet<String> hashSet = new HashSet();
            hashSet.addAll(((OA2ClientEnvironment) getEnvironment()).getScopes());
            int length = strArr.length;
            for (int i = MANUAL_TEST; i < length; i++) {
                hashSet.add(strArr[i]);
            }
            this.requestedScopes = "";
            for (String str : hashSet) {
                if (z) {
                    this.requestedScopes = str;
                    z = MANUAL_TEST;
                } else {
                    this.requestedScopes += " " + str;
                }
            }
        }
        return this.requestedScopes;
    }

    public void preRequestCert(Asset asset, Map map) {
        if (!map.containsKey(getEnvironment().getConstants().get("oa4mp:callback_uri"))) {
            map.put(getEnvironment().getConstants().get("oa4mp:callback_uri"), getEnvironment().getCallback().toString());
        }
        OA2Asset oA2Asset = (OA2Asset) asset;
        oA2Asset.setState(NonceHerder.createNonce());
        oA2Asset.setNonce(NonceHerder.createNonce());
        map.put("response_type", "code");
        map.put("scope", getRequestedScopes());
        map.put("state", oA2Asset.getState());
        map.put("nonce", oA2Asset.getNonce());
        map.put("prompt", "login");
    }

    public OA2MPService(ClientEnvironment clientEnvironment) {
        super(clientEnvironment);
    }

    public ATResponse2 getAccessToken(OA2Asset oA2Asset, AuthorizationGrant authorizationGrant) {
        DelegatedAssetRequest delegatedAssetRequest = new DelegatedAssetRequest();
        delegatedAssetRequest.setAuthorizationGrant(authorizationGrant);
        delegatedAssetRequest.setClient(getEnvironment().getClient());
        delegatedAssetRequest.setParameters(getATParameters(oA2Asset, authorizationGrant, null));
        ATResponse2 at = getEnvironment().getDelegationService().getAT(delegatedAssetRequest);
        oA2Asset.setIssuedAt((Date) at.getParameters().get("iat"));
        oA2Asset.setUsername((String) at.getParameters().get("sub"));
        if (!NonceHerder.hasNonce((String) at.getParameters().get("nonce"))) {
            throw new InvalidNonceException("Unknown nonce.");
        }
        NonceHerder.removeNonce((String) at.getParameters().get("nonce"));
        oA2Asset.setAccessToken(at.getAccessToken());
        oA2Asset.setRefreshToken(at.getRefreshToken());
        getAssetStore().save(oA2Asset);
        return at;
    }

    protected AssetResponse manualTest(OA2Asset oA2Asset, Map<String, String> map) {
        try {
            System.err.println(getClass().getSimpleName() + ".getAccessToken: Returned parameters");
            System.err.println("access token=" + URLEncoder.encode(oA2Asset.getAccessToken().getToken(), "UTF-8") + "");
            System.err.println("&client_id=" + URLEncoder.encode(getEnvironment().getClient().getIdentifierString(), "UTF-8") + "");
            System.err.println("&client_secret=" + URLEncoder.encode(getEnvironment().getClient().getSecret(), "UTF-8") + "");
            System.err.println("&certreq=" + URLEncoder.encode(map.get("certreq"), "UTF-8") + "");
            return null;
        } catch (Throwable th) {
            System.err.println(getClass().getSimpleName() + ".getCert: attempt to get response parameters failed.");
            th.printStackTrace();
            return null;
        }
    }

    public AssetResponse getCert(OA2Asset oA2Asset, ATResponse2 aTResponse2) {
        KeyPair nextKeyPair = getNextKeyPair();
        try {
            MyPKCS10CertRequest createCertRequest = CertUtil.createCertRequest(nextKeyPair, oA2Asset.getUsername());
            oA2Asset.setPrivateKey(nextKeyPair.getPrivate());
            oA2Asset.setCertReq(createCertRequest);
            Map assetParameters = getAssetParameters(oA2Asset);
            preGetCert(oA2Asset, assetParameters);
            DelegatedAssetResponse cert = getEnvironment().getDelegationService().getCert(aTResponse2, getEnvironment().getClient(), assetParameters);
            AssetResponse assetResponse = new AssetResponse();
            assetResponse.setX509Certificates(cert.getProtectedAsset().getX509Certificates());
            postGetCert(oA2Asset, assetResponse);
            oA2Asset.setCertificates(assetResponse.getX509Certificates());
            getEnvironment().getAssetStore().save(oA2Asset);
            return assetResponse;
        } catch (Throwable th) {
            if (th instanceof RuntimeException) {
                throw ((RuntimeException) th);
            }
            throw new GeneralException("Could no create cert request", th);
        }
    }

    protected AssetResponse getCert(Asset asset, AuthorizationGrant authorizationGrant, Verifier verifier) {
        OA2Asset oA2Asset = (OA2Asset) asset;
        return getCert(oA2Asset, getAccessToken(oA2Asset, authorizationGrant));
    }

    public OA2Asset refresh(String str) {
        OA2Asset oA2Asset = (OA2Asset) getAssetStore().get(str);
        if (oA2Asset == null) {
            return null;
        }
        DS2 delegationService = getEnvironment().getDelegationService();
        RTRequest rTRequest = new RTRequest(getEnvironment().getClient(), (Map) null);
        rTRequest.setAccessToken(oA2Asset.getAccessToken());
        rTRequest.setRefreshToken(oA2Asset.getRefreshToken());
        RTResponse refresh = delegationService.refresh(rTRequest);
        oA2Asset.setAccessToken(refresh.getAccessToken());
        oA2Asset.setRefreshToken(refresh.getRefreshToken());
        getAssetStore().remove(oA2Asset.getIdentifier());
        getAssetStore().save(oA2Asset);
        return oA2Asset;
    }

    public UserInfo getUserInfo(String str) {
        OA2Asset asset2 = getAsset2(str);
        if (asset2 == null || asset2.getAccessToken() == null) {
            return null;
        }
        UIRequest uIRequest = new UIRequest(asset2.getAccessToken());
        uIRequest.setClient(getEnvironment().getClient());
        JSONObject fromObject = JSONObject.fromObject(getEnvironment().getDelegationService().getUserInfo(uIRequest).getRawJSON());
        UserInfo userInfo = new UserInfo();
        userInfo.setMap(fromObject);
        return userInfo;
    }

    protected OA2Asset getAsset2(String str) {
        return (OA2Asset) getAssetStore().get(str);
    }

    public OA2Asset getCert(String str) {
        OA2Asset oA2Asset = (OA2Asset) getAssetStore().get(str);
        AssetResponse cert = getCert(oA2Asset.getAccessToken().getToken(), (String) null);
        oA2Asset.setCertificates(cert.getX509Certificates());
        oA2Asset.setUsername(cert.getUsername());
        getAssetStore().save(oA2Asset);
        return oA2Asset;
    }
}
