package edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet;

import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction;
import edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.AbstractInitServlet;
import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.delegation.server.ServiceTransaction;
import edu.uiuc.ncsa.security.delegation.server.request.AGResponse;
import edu.uiuc.ncsa.security.delegation.server.request.IssuerResponse;
import edu.uiuc.ncsa.security.oauth_2_0.NonceHerder;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Constants;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLEncoder;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.spi.LocationInfo;

/* loaded from: input_file:WEB-INF/lib/oa4mp-server-loader-oauth2-1.1.2.jar:edu/uiuc/ncsa/myproxy/oa4mp/oauth2/servlet/OA2InitServlet.class */
public class OA2InitServlet extends AbstractInitServlet {

    /* loaded from: input_file:WEB-INF/lib/oa4mp-server-loader-oauth2-1.1.2.jar:edu/uiuc/ncsa/myproxy/oa4mp/oauth2/servlet/OA2InitServlet$LoginException.class */
    protected static class LoginException extends GeneralException {
        LoginException(String str) {
            super(str);
        }
    }

    @Override // edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.MyProxyDelegationServlet
    public ServiceTransaction verifyAndGet(IssuerResponse issuerResponse) throws UnsupportedEncodingException {
        AGResponse aGResponse = (AGResponse) issuerResponse;
        Map<String, String> parameters = aGResponse.getParameters();
        NonceHerder.checkNonce(parameters.get(OA2Constants.NONCE));
        String str = parameters.get(OA2Constants.SCOPE);
        if (str == null || str.length() == 0 || str.indexOf("openid ") == -1) {
            throw new IllegalArgumentException("Error: unsupported/missing scope.");
        }
        OA2ServiceTransaction oA2ServiceTransaction = new OA2ServiceTransaction(aGResponse.getGrant());
        oA2ServiceTransaction.setAuthGrantValid(false);
        oA2ServiceTransaction.setAccessTokenValid(false);
        OA2ClientCheck.check(aGResponse.getClient(), parameters.get(OA2Constants.REDIRECT_URI));
        oA2ServiceTransaction.setCallback(URI.create(parameters.get(OA2Constants.REDIRECT_URI)));
        if (parameters.get(OA2Constants.PROMPT).equals(OA2Constants.PROMPT_LOGIN)) {
            return oA2ServiceTransaction;
        }
        String str2 = (oA2ServiceTransaction.getCallback().toString() + LocationInfo.NA + OA2Constants.ERROR + "=" + URLEncoder.encode(OA2Constants.ERROR_CODE_LOGIN_REQUIRED, "UTF-8")) + "&" + OA2Constants.ERROR_DESCRIPTION + "=" + URLEncoder.encode("Error:This requires a login", "UTF-8");
        if (parameters.containsKey(OA2Constants.STATE)) {
            str2 = str2 + "&" + OA2Constants.STATE + "=" + URLEncoder.encode(parameters.get(OA2Constants.STATE), "UTF-8");
        }
        throw new LoginException(str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.MyProxyDelegationServlet, edu.uiuc.ncsa.security.servlet.AbstractServlet
    public void handleException(Throwable th, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        if (th instanceof LoginException) {
            httpServletResponse.sendRedirect(th.getMessage());
        } else {
            super.handleException(th, httpServletRequest, httpServletResponse);
        }
    }
}
