package edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet;

import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE;
import edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.AbstractRegistrationServlet;
import edu.uiuc.ncsa.security.core.exceptions.RetryException;
import edu.uiuc.ncsa.security.delegation.storage.Client;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Client;
import edu.uiuc.ncsa.security.servlet.PresentableState;
import java.io.BufferedReader;
import java.io.StringReader;
import java.net.URI;
import java.security.SecureRandom;
import java.util.LinkedList;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;

/* loaded from: input_file:edu/uiuc/ncsa/myproxy/oa4mp/oauth2/servlet/OA2RegistrationServlet.class */
public class OA2RegistrationServlet extends AbstractRegistrationServlet {
    protected static SecureRandom random = new SecureRandom();
    public static final String CALLBACK_URI = "callbackURI";
    public static final String REFRESH_TOKEN_LIFETIME = "rtLifetime";
    public static final String REFRESH_TOKEN_FIELD_VISIBLE = "rtFieldVisible";

    protected OA2SE getOA2SE() {
        return getServiceEnvironment();
    }

    public void prepare(PresentableState presentableState) throws Throwable {
        super.prepare(presentableState);
        HttpServletRequest request = presentableState.getRequest();
        if (presentableState.getState() == 0) {
            request.setAttribute(CALLBACK_URI, CALLBACK_URI);
            request.setAttribute(getValueTag(CALLBACK_URI), "Put your callbacks here, one per line.");
            request.setAttribute(REFRESH_TOKEN_LIFETIME, REFRESH_TOKEN_LIFETIME);
            if (getOA2SE().isRefreshTokenEnabled()) {
                request.setAttribute(REFRESH_TOKEN_FIELD_VISIBLE, " ");
            } else {
                request.setAttribute(REFRESH_TOKEN_FIELD_VISIBLE, " style=\"display: none;\"");
            }
        }
    }

    protected Client addNewClient(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable {
        boolean z;
        OA2Client addNewClient = super.addNewClient(httpServletRequest, httpServletResponse);
        String requiredParam = getRequiredParam(httpServletRequest, CALLBACK_URI);
        String parameter = getParameter(httpServletRequest, REFRESH_TOKEN_LIFETIME);
        try {
            URI.create(addNewClient.getHomeUri());
            if (parameter == null || parameter.length() == 0) {
                addNewClient.setRtLifetime(Long.MIN_VALUE);
            } else {
                long j = 0;
                if (parameter != null && 0 < parameter.length()) {
                    try {
                        j = Long.parseLong(parameter) * 1000;
                        z = j >= 0;
                    } catch (Throwable th) {
                        z = false;
                    }
                    if (!z) {
                        info("Client requested illegal value for refresh token lifetime at registration of \"" + parameter + "\"");
                    }
                }
                addNewClient.setRtLifetime(j);
            }
            byte[] bArr = new byte[getOA2SE().getClientSecretLength()];
            random.nextBytes(bArr);
            addNewClient.setSecret(Base64.encodeBase64URLSafeString(bArr));
            BufferedReader bufferedReader = new BufferedReader(new StringReader(requiredParam));
            LinkedList linkedList = new LinkedList();
            for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                if (!readLine.toLowerCase().startsWith("https:")) {
                    warn("Attempt to add bad callback uri for client " + addNewClient.getIdentifierString());
                    throw new RetryException("The callback \"" + readLine + "\" is not secure.");
                }
                URI.create(readLine);
                linkedList.add(readLine);
            }
            bufferedReader.close();
            addNewClient.setCallbackURIs(linkedList);
            fireNewClientEvent(addNewClient);
            return addNewClient;
        } catch (Throwable th2) {
            throw new RetryException("Error. The stated home uri is invalid: " + th2.getMessage());
        }
    }

    public void present(PresentableState presentableState) throws Throwable {
        super.present(presentableState);
        if (presentableState.getState() == 100) {
            if (!(presentableState instanceof AbstractRegistrationServlet.ClientState)) {
                throw new IllegalStateException("Error: An instance of ClientState was expected, but got an instance of \"" + presentableState.getClass().getName() + "\"");
            }
            AbstractRegistrationServlet.ClientState clientState = (AbstractRegistrationServlet.ClientState) presentableState;
            clientState.getClient().setSecret(DigestUtils.shaHex(clientState.getClient().getSecret()));
            getServiceEnvironment().getClientStore().save(clientState.getClient());
        }
    }

    protected void setRetryParameters(HttpServletRequest httpServletRequest, RetryException retryException) {
        super.setRetryParameters(httpServletRequest, retryException);
        if (getOA2SE().isRefreshTokenEnabled()) {
            httpServletRequest.setAttribute(REFRESH_TOKEN_FIELD_VISIBLE, " ");
        } else {
            httpServletRequest.setAttribute(REFRESH_TOKEN_FIELD_VISIBLE, " style=\"display: none;\"");
        }
    }
}
