package edu.uiuc.ncsa.oa4mp.oauth2.client.servlet;

import edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse;
import edu.uiuc.ncsa.myproxy.oa4mp.client.ClientEnvironment;
import edu.uiuc.ncsa.myproxy.oa4mp.client.loader.AbstractClientLoader;
import edu.uiuc.ncsa.myproxy.oa4mp.client.servlet.ClientServlet;
import edu.uiuc.ncsa.oa4mp.oauth2.client.OA2Asset;
import edu.uiuc.ncsa.oa4mp.oauth2.client.OA2ClientEnvironment;
import edu.uiuc.ncsa.oa4mp.oauth2.client.OA2MPService;
import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.core.util.BasicIdentifier;
import edu.uiuc.ncsa.security.delegation.token.impl.AuthorizationGrantImpl;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Constants;
import edu.uiuc.ncsa.security.oauth_2_0.OA2RedirectableError;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Scopes;
import edu.uiuc.ncsa.security.oauth_2_0.UserInfo;
import edu.uiuc.ncsa.security.oauth_2_0.client.ATResponse2;
import edu.uiuc.ncsa.security.servlet.JSPUtil;
import edu.uiuc.ncsa.security.util.pkcs.CertUtil;
import java.net.URI;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.util.JSONUtils;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.log4j.spi.Configurator;

/* loaded from: input_file:WEB-INF/lib/oa4mp-client-loader-oauth2-3.3.jar:edu/uiuc/ncsa/oa4mp/oauth2/client/servlet/OA2ReadyServlet.class */
public class OA2ReadyServlet extends ClientServlet {
    @Override // edu.uiuc.ncsa.security.servlet.AbstractServlet
    protected void doIt(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable {
        UserInfo userInfo;
        if (httpServletRequest.getParameterMap().containsKey(OA2Constants.ERROR)) {
            throw new OA2RedirectableError(httpServletRequest.getParameter(OA2Constants.ERROR), httpServletRequest.getParameter(OA2Constants.ERROR_DESCRIPTION), httpServletRequest.getParameter(OA2Constants.STATE));
        }
        info("2.a. Getting token and verifier.");
        String parameter = httpServletRequest.getParameter(CONST(ClientEnvironment.TOKEN));
        String parameter2 = httpServletRequest.getParameter(OA2Constants.STATE);
        if (parameter == null) {
            warn("2.a. The token is " + (parameter == null ? Configurator.NULL : parameter) + DefaultExpressionEngine.DEFAULT_PROPERTY_DELIMITER);
            httpServletRequest.setAttribute("exception", new GeneralException("Error: This servlet requires parameters for the token and possibly verifier."));
            JSPUtil.fwd(httpServletRequest, httpServletResponse, getCE().getErrorPagePath());
            return;
        }
        info("2.a Token found.");
        AuthorizationGrantImpl authorizationGrantImpl = new AuthorizationGrantImpl(URI.create(parameter));
        info("2.a. Getting the cert(s) from the service");
        String clearCookie = clearCookie(httpServletRequest, httpServletResponse);
        OA2Asset oA2Asset = null;
        if (clearCookie == null) {
            oA2Asset = (OA2Asset) getCE().getAssetStore().getByToken(BasicIdentifier.newID(parameter));
            if (oA2Asset != null) {
                clearCookie = oA2Asset.getIdentifierString();
            }
        }
        AssetResponse assetResponse = null;
        OA2MPService oA2MPService = (OA2MPService) getOA4MPService();
        boolean contains = ((OA2ClientEnvironment) getCE()).getScopes().contains(OA2Scopes.SCOPE_MYPROXY);
        if (clearCookie == null) {
            warn("Error: no cookie found. Cannot save certificates");
            debug("No cookie found");
            ATResponse2 accessToken = oA2MPService.getAccessToken(oA2Asset, authorizationGrantImpl);
            userInfo = oA2MPService.getUserInfo(accessToken.getAccessToken().toString());
            if (contains) {
                assetResponse = oA2MPService.getCert(oA2Asset, accessToken);
            }
        } else {
            OA2Asset oA2Asset2 = (OA2Asset) getCE().getAssetStore().get(clearCookie);
            if (oA2Asset2.getState() == null || !oA2Asset2.getState().equals(parameter2)) {
                warn("The expected state from the server was \"" + oA2Asset2.getState() + "\", but instead \"" + parameter2 + "\" was returned. Transaction aborted.");
                throw new IllegalArgumentException("Error: The state returned by the server is invalid.");
            }
            ATResponse2 accessToken2 = oA2MPService.getAccessToken(oA2Asset2, authorizationGrantImpl);
            userInfo = oA2MPService.getUserInfo(clearCookie);
            if (contains) {
                assetResponse = oA2MPService.getCert(oA2Asset2, accessToken2);
            }
        }
        info("2.b. Done! Displaying success page.");
        if (!contains) {
            httpServletRequest.setAttribute("certSubject", "(no cert requested)");
        } else if (assetResponse.getX509Certificates() == null) {
            httpServletRequest.setAttribute("certSubject", "(no cert returned)");
        } else {
            httpServletRequest.setAttribute("certSubject", assetResponse.getX509Certificates()[0].getSubjectDN());
            httpServletRequest.setAttribute("cert", CertUtil.toPEM(assetResponse.getX509Certificates()));
            httpServletRequest.setAttribute("username", assetResponse.getUsername());
        }
        if (userInfo != null) {
            httpServletRequest.setAttribute(AbstractClientLoader.USER_INFO_ENDPOINT, JSONUtils.valueToString(userInfo.toJSon(), 4, 2));
        } else {
            httpServletRequest.setAttribute(AbstractClientLoader.USER_INFO_ENDPOINT, "no user info returned.");
        }
        String contextPath = httpServletRequest.getContextPath();
        if (!contextPath.endsWith("/")) {
            contextPath = contextPath + "/";
        }
        httpServletRequest.setAttribute("action", contextPath);
        info("2.a. Completely finished with delegation.");
        JSPUtil.fwd(httpServletRequest, httpServletResponse, getCE().getSuccessPagePath());
    }
}
