package edu.uiuc.ncsa.security.oauth_2_0.client;

import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.delegation.client.request.RTRequest;
import edu.uiuc.ncsa.security.delegation.client.request.RTResponse;
import edu.uiuc.ncsa.security.delegation.client.server.RTServer;
import edu.uiuc.ncsa.security.delegation.services.Response;
import edu.uiuc.ncsa.security.delegation.storage.Client;
import edu.uiuc.ncsa.security.delegation.token.AccessToken;
import edu.uiuc.ncsa.security.delegation.token.RefreshToken;
import edu.uiuc.ncsa.security.delegation.token.impl.AccessTokenImpl;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Constants;
import edu.uiuc.ncsa.security.oauth_2_0.OA2RefreshTokenImpl;
import edu.uiuc.ncsa.security.servlet.ServiceClient;
import java.net.URI;
import java.util.HashMap;
import net.sf.json.JSONObject;

/* loaded from: input_file:WEB-INF/lib/ncsa-security-oauth-2.0-3.3.0.2.jar:edu/uiuc/ncsa/security/oauth_2_0/client/RTServer2.class */
public class RTServer2 extends ASImpl implements RTServer {
    ServiceClient serviceClient;

    public ServiceClient getServiceClient() {
        return this.serviceClient;
    }

    public RTServer2(ServiceClient serviceClient) {
        super(serviceClient.host(new URI[0]));
        this.serviceClient = serviceClient;
    }

    @Override // edu.uiuc.ncsa.security.delegation.client.server.RTServer
    public Response processRTRequest(RTRequest rTRequest) {
        AccessToken accessToken = rTRequest.getAccessToken();
        RefreshToken refreshToken = rTRequest.getRefreshToken();
        if (refreshToken == null) {
            throw new GeneralException("Error: There is no refresh token, so it is not possible to refresh it.");
        }
        String rTResponse = getRTResponse(getAddress(), refreshToken, rTRequest.getClient());
        try {
            JSONObject fromObject = JSONObject.fromObject(rTResponse);
            String string = fromObject.getString(OA2Constants.ACCESS_TOKEN);
            if (accessToken.getToken().equals(string)) {
                throw new IllegalArgumentException("Error: The returned access token from the server should not match the one in the request.");
            }
            if (!OA2Constants.BEARER_TOKEN_TYPE.equals(fromObject.getString(OA2Constants.TOKEN_TYPE))) {
                throw new IllegalArgumentException("Error: Returned token type is unrecognized or missing");
            }
            String string2 = fromObject.getString(OA2Constants.EXPIRES_IN);
            if (string2 == null || string2.length() == 0) {
                throw new IllegalArgumentException("Error: missing expires_in field from server");
            }
            long parseLong = Long.parseLong(string2) * 1000;
            OA2RefreshTokenImpl oA2RefreshTokenImpl = new OA2RefreshTokenImpl(URI.create(fromObject.getString(OA2Constants.REFRESH_TOKEN)));
            AccessTokenImpl accessTokenImpl = new AccessTokenImpl(URI.create(string));
            oA2RefreshTokenImpl.setExpiresIn(parseLong);
            return new RTResponse(accessTokenImpl, oA2RefreshTokenImpl);
        } catch (Throwable th) {
            throw new GeneralException("error parsing response as JSON:" + rTResponse);
        }
    }

    protected String getRTResponse(URI uri, RefreshToken refreshToken, Client client) {
        HashMap hashMap = new HashMap();
        hashMap.put(OA2Constants.GRANT_TYPE, OA2Constants.REFRESH_TOKEN);
        hashMap.put(OA2Constants.REFRESH_TOKEN, refreshToken.getToken());
        hashMap.put(OA2Constants.CLIENT_ID, client.getIdentifierString());
        hashMap.put(OA2Constants.CLIENT_SECRET, client.getSecret());
        hashMap.put("scope", "edu.uiuc.ncsa.myproxy");
        return getServiceClient().getRawResponse(hashMap);
    }
}
