package edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.util.client;

import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.util.AbstractDDServer;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.util.RequestFactory;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.util.permissions.PermissionServer;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.clients.OA2Client;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.clients.OA2ClientApprovalKeys;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.clients.OA2ClientKeys;
import edu.uiuc.ncsa.myproxy.oa4mp.server.admin.permissions.Permission;
import edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.actions.ActionAdd;
import edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission;
import edu.uiuc.ncsa.security.core.Identifier;
import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval;
import edu.uiuc.ncsa.security.storage.sql.internals.ColumnMap;
import java.security.SecureRandom;
import java.util.Iterator;
import net.sf.json.JSON;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;

/* loaded from: input_file:edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/util/client/ClientServer.class */
public class ClientServer extends AbstractDDServer {
    SecureRandom random;

    public ClientServer(OA2SE oa2se) {
        super(oa2se);
        this.random = new SecureRandom();
    }

    public ClientResponse approve(ApproveRequest approveRequest) {
        ClientApproval create;
        canApprove(approveRequest);
        Identifier identifier = approveRequest.getClient().getIdentifier();
        OA2ClientApprovalKeys oA2ClientApprovalKeys = new OA2ClientApprovalKeys();
        if (getClientApprovalStore().containsKey(identifier)) {
            create = (ClientApproval) getClientApprovalStore().get(identifier);
        } else {
            create = getClientApprovalStore().create();
            create.setIdentifier(identifier);
        }
        if (approveRequest.getAttributes() == null || !approveRequest.getAttributes().containsKey(oA2ClientApprovalKeys.approver(new String[0]))) {
            create.setApprover(approveRequest.getAdminClient().getIdentifierString());
        } else {
            create.setApprover(String.valueOf(approveRequest.getAttributes().get(oA2ClientApprovalKeys.approver(new String[0]))));
        }
        create.setApproved(true);
        getClientApprovalStore().save(create);
        return new ClientResponse();
    }

    public ClientResponse unapprove(UnapproveRequest unapproveRequest) {
        canApprove(unapproveRequest);
        ClientApproval clientApproval = (ClientApproval) getClientApprovalStore().get(unapproveRequest.getClient().getIdentifier());
        OA2ClientApprovalKeys oA2ClientApprovalKeys = new OA2ClientApprovalKeys();
        if (unapproveRequest.getAttributes() == null || !unapproveRequest.getAttributes().containsKey(oA2ClientApprovalKeys.approver(new String[0]))) {
            clientApproval.setApprover(unapproveRequest.getAdminClient().getIdentifierString());
        } else {
            clientApproval.setApprover(String.valueOf(unapproveRequest.getAttributes().get(oA2ClientApprovalKeys.approver(new String[0]))));
        }
        clientApproval.setApproved(false);
        getClientApprovalStore().save(clientApproval);
        return new ClientResponse();
    }

    public CreateResponse create(CreateRequest createRequest) {
        String encodeBase64URLSafeString;
        if (createRequest.getAdminClient() != null && (createRequest.getAdminClient().getIdentifier() == null || createRequest.getAdminClient().getIdentifierString().length() == 0)) {
            throw new GeneralException("Error: An admin client was specified, but no identifier for this client was given. Request rejected.");
        }
        ColumnMap columnMap = new ColumnMap();
        columnMap.putAll(createRequest.getAttributes());
        OA2ClientKeys keys = getClientStore().getMapConverter().getKeys();
        OA2Client create = getClientStore().create();
        columnMap.put(keys.identifier(new String[0]), create.getIdentifier());
        columnMap.put(keys.creationTS(new String[0]), create.getCreationTS());
        if (columnMap.containsKey(keys.secret(new String[0]))) {
            encodeBase64URLSafeString = (String) columnMap.get(keys.secret(new String[0]));
        } else {
            byte[] bArr = new byte[this.cose.getClientSecretLength()];
            this.random.nextBytes(bArr);
            encodeBase64URLSafeString = Base64.encodeBase64URLSafeString(bArr);
        }
        columnMap.put(keys.secret(new String[0]), DigestUtils.sha1Hex(encodeBase64URLSafeString));
        getClientStore().getMapConverter().fromMap(columnMap, create);
        getClientStore().save(create);
        if (createRequest.getAdminClient() != null) {
            new PermissionServer(this.cose).process(RequestFactory.createRequest(createRequest.getAdminClient(), new TypePermission(), new ActionAdd(), create, (JSON) null));
        }
        ClientApproval create2 = getClientApprovalStore().create();
        create2.setApproved(false);
        create2.setIdentifier(create.getIdentifier());
        getClientApprovalStore().save(create2);
        return new CreateResponse(create, encodeBase64URLSafeString);
    }

    public ClientResponse remove(RemoveRequest removeRequest) {
        canDelete(removeRequest);
        Identifier identifier = removeRequest.getClient().getIdentifier();
        getClientApprovalStore().remove(identifier);
        Iterator it = getPermissionStore().getAdmins(identifier).iterator();
        while (it.hasNext()) {
            Iterator it2 = getPermissionStore().get((Identifier) it.next(), identifier).iterator();
            while (it2.hasNext()) {
                getPermissionStore().remove(((Permission) it2.next()).getIdentifier());
            }
        }
        getClientStore().remove(identifier);
        return new ClientResponse();
    }

    public ClientResponse get(GetRequest getRequest) {
        canRead(getRequest);
        OA2Client oA2Client = (OA2Client) getClientStore().get(getRequest.getClient().getIdentifier());
        oA2Client.setSecret("");
        return new GetResponse(oA2Client, this.cose.getClientApprovalStore().isApproved(oA2Client.getIdentifier()));
    }
}
