package edu.uiuc.ncsa.security.oauth_1_0a.client;

import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.core.exceptions.ServerRedirectException;
import edu.uiuc.ncsa.security.core.exceptions.ServerSideException;
import edu.uiuc.ncsa.security.core.exceptions.UnknownClientException;
import edu.uiuc.ncsa.security.core.util.MapUtilities;
import edu.uiuc.ncsa.security.delegation.client.request.AGRequest;
import edu.uiuc.ncsa.security.delegation.client.request.AGResponse;
import edu.uiuc.ncsa.security.delegation.client.request.ATRequest;
import edu.uiuc.ncsa.security.delegation.client.request.ATResponse;
import edu.uiuc.ncsa.security.delegation.client.server.AGServer;
import edu.uiuc.ncsa.security.delegation.client.server.ATServer;
import edu.uiuc.ncsa.security.delegation.server.UnapprovedClientException;
import edu.uiuc.ncsa.security.delegation.services.AddressableServer;
import edu.uiuc.ncsa.security.delegation.services.Request;
import edu.uiuc.ncsa.security.delegation.services.Response;
import edu.uiuc.ncsa.security.delegation.token.impl.AccessTokenImpl;
import edu.uiuc.ncsa.security.delegation.token.impl.AuthorizationGrantImpl;
import edu.uiuc.ncsa.security.delegation.token.impl.VerifierImpl;
import edu.uiuc.ncsa.security.oauth_1_0a.OAuthUtilities;
import java.net.URI;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLPeerUnverifiedException;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import net.oauth.client.OAuthClient;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;

/* loaded from: input_file:WEB-INF/lib/ncsa-security-oauth-1.0a-3.1.jar:edu/uiuc/ncsa/security/oauth_1_0a/client/AuthorizationServerImpl.class */
public class AuthorizationServerImpl implements AddressableServer, AGServer, ATServer {
    public static final String DEBUG_STACKTRACE_KEY = "stacktrace";
    URI address;

    @Override // edu.uiuc.ncsa.security.delegation.services.AddressableServer
    public URI getAddress() {
        return this.address;
    }

    public AuthorizationServerImpl(URI uri) {
        this.address = uri;
    }

    @Override // edu.uiuc.ncsa.security.delegation.services.Server
    public Response process(Request request) {
        return request.process(this);
    }

    @Override // edu.uiuc.ncsa.security.delegation.client.server.AGServer
    public AGResponse processAGRequest(AGRequest aGRequest) {
        return getAuthorizationGrant(aGRequest);
    }

    @Override // edu.uiuc.ncsa.security.delegation.client.server.ATServer
    public ATResponse processATRequest(ATRequest aTRequest) {
        return getAccessToken(aTRequest);
    }

    protected ATResponse getAccessToken(ATRequest aTRequest) {
        OAClient oAClient = (OAClient) aTRequest.getClient();
        OAuthAccessor createOAuthAccessor = OAuthUtilities.createOAuthAccessor(this, oAClient);
        if (!(aTRequest.getAuthorizationGrant() instanceof AuthorizationGrantImpl)) {
            throw new GeneralException("Internal Error: Incorrect authorization grant found. Should have been a TempCred but was a " + aTRequest.getAuthorizationGrant().getClass());
        }
        AuthorizationGrantImpl authorizationGrantImpl = (AuthorizationGrantImpl) aTRequest.getAuthorizationGrant();
        if (aTRequest.getVerifier() == null) {
            throw new GeneralException("Error: No verifier found. This is required by the OAuth spec.");
        }
        if (!(aTRequest.getVerifier() instanceof VerifierImpl)) {
            throw new GeneralException("Internal Error: Incorrect verifier instance found. Should have been a VerifierImpl but was a " + aTRequest.getVerifier());
        }
        VerifierImpl verifierImpl = (VerifierImpl) aTRequest.getVerifier();
        if (authorizationGrantImpl.getSharedSecret() != null) {
            createOAuthAccessor.tokenSecret = authorizationGrantImpl.getSharedSecret().toString();
        }
        if (oAClient.getSignatureMethod().equals("RSA-SHA1")) {
            createOAuthAccessor.setProperty("RSA-SHA1.PrivateKey", oAClient.getSecret());
            createOAuthAccessor.consumer.setProperty("RSA-SHA1.PrivateKey", oAClient.getSecret());
        }
        try {
            OAuthClient newOAuthClient = OAuthUtilities.newOAuthClient(getAddress());
            ArrayList arrayList = new ArrayList();
            arrayList.add(OAuth.OAUTH_VERIFIER);
            arrayList.add(verifierImpl.getURIToken().toString());
            for (String str : aTRequest.getParameters().keySet()) {
                arrayList.add(str);
                arrayList.add(aTRequest.getParameters().get(str));
            }
            OAuthMessage accessToken = newOAuthClient.getAccessToken(createOAuthAccessor, "GET", OAuth.newList((String[]) arrayList.toArray(new String[arrayList.size()])));
            HashMap whittleParameters = OAuthUtilities.whittleParameters(accessToken);
            ATResponse aTResponse = new ATResponse(new AccessTokenImpl(URI.create(accessToken.getParameter(OAuth.OAUTH_TOKEN)), URI.create(accessToken.getParameter(OAuth.OAUTH_TOKEN_SECRET))));
            aTResponse.setParameters(whittleParameters);
            return aTResponse;
        } catch (Exception e) {
            handleException(e);
            return null;
        }
    }

    protected AGResponse getAuthorizationGrant(AGRequest aGRequest) {
        List<Map.Entry<String, String>> list = MapUtilities.toList(aGRequest.getParameters());
        OAClient oAClient = (OAClient) aGRequest.getClient();
        OAuthAccessor createOAuthAccessor = OAuthUtilities.createOAuthAccessor(this, oAClient);
        if (oAClient.getSignatureMethod().equals("RSA-SHA1")) {
            createOAuthAccessor.consumer.setProperty("RSA-SHA1.PrivateKey", oAClient.getSecret());
            createOAuthAccessor.setProperty("RSA-SHA1.PrivateKey", oAClient.getSecret());
        }
        try {
            OAuthMessage requestTokenResponse = OAuthUtilities.newOAuthClient(getAddress()).getRequestTokenResponse(createOAuthAccessor, "GET", list);
            String parameter = requestTokenResponse.getParameter(OAuth.OAUTH_TOKEN);
            if (parameter == null || parameter.length() == 0) {
                throw new IllegalArgumentException("Error: delegation server did not return a request token");
            }
            String parameter2 = requestTokenResponse.getParameter(OAuth.OAUTH_TOKEN_SECRET);
            if (!((OAClient) aGRequest.getClient()).getSignatureMethod().equals("RSA-SHA1") && (parameter2 == null || parameter2.length() == 0)) {
                throw new IllegalArgumentException("Error: delegation server did not return a shared secret");
            }
            AGResponse aGResponse = new AGResponse(new AuthorizationGrantImpl(URI.create(parameter), URI.create(parameter2)));
            aGResponse.setParameters(OAuthUtilities.whittleParameters(requestTokenResponse));
            return aGResponse;
        } catch (Throwable th) {
            handleException(th);
            return null;
        }
    }

    protected void handleException(Throwable th) {
        if (th instanceof RuntimeException) {
            throw ((RuntimeException) th);
        }
        if (th instanceof OAuthProblemException) {
            OAuthProblemException oAuthProblemException = (OAuthProblemException) th;
            int httpStatusCode = oAuthProblemException.getHttpStatusCode();
            if ((httpStatusCode == 200 && oAuthProblemException.getParameters().containsKey(OAuth.Problems.OAUTH_PARAMETERS_ABSENT)) || httpStatusCode == 302) {
                throw new GeneralException("Server attempted to redirect to another page. This is not permitted. Please contact the site administrator");
            }
            if (httpStatusCode == 404) {
                throw new GeneralException("Page not found");
            }
            if (500 <= httpStatusCode) {
                String str = "Server Error -- unknown cause";
                Iterator<String> it = oAuthProblemException.getParameters().keySet().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String next = it.next();
                    if (next.toLowerCase().startsWith("<html>")) {
                        str = oAuthProblemException.getParameters().get(next).toString();
                        if (str.contains(UnknownClientException.class.getCanonicalName())) {
                            throw new UnknownClientException("Unknown client. Be sure to register your client.  Is your client id correct?");
                        }
                        if (str.contains(UnapprovedClientException.class.getCanonicalName())) {
                            throw new UnapprovedClientException("Your client has been registered, but the administrator has not approved it yet", null);
                        }
                    }
                }
                throw new GeneralException(str);
            }
            if (oAuthProblemException.getParameters().get("Location") != null) {
                ServerSideException serverSideException = new ServerSideException(th);
                URI create = URI.create(oAuthProblemException.getParameters().get("Location").toString());
                String query = create.getQuery();
                HashMap hashMap = new HashMap();
                for (String str2 : query.split("&")) {
                    String[] split = str2.split("=");
                    if (split.length >= 2) {
                        String str3 = split[0];
                        String str4 = split[1];
                        if (str3.toLowerCase().equals(DEBUG_STACKTRACE_KEY)) {
                            try {
                                str4 = new String(Base64.decodeBase64(str4));
                            } catch (Throwable th2) {
                                str4 = "(none)";
                            }
                        }
                        hashMap.put(str3, str4);
                    }
                }
                serverSideException.setQueryParameters(hashMap);
                serverSideException.setRedirect(create);
                throw serverSideException;
            }
            Map<String, Object> parameters = oAuthProblemException.getParameters();
            if (oAuthProblemException.getHttpStatusCode() == 200 && parameters.containsKey(OAuth.Problems.OAUTH_PARAMETERS_ABSENT)) {
                ServerRedirectException serverRedirectException = new ServerRedirectException("Server exception with redirect. The server is trying to redirect to an error page, but the OAuth 1.0a libraries cannot process this and fail.");
                for (String str5 : parameters.keySet()) {
                    if (str5.toLowerCase().startsWith("<html>")) {
                        String str6 = str5;
                        Object obj = parameters.get(str5);
                        if (obj != null) {
                            str6 = str6 + obj.toString();
                        }
                        serverRedirectException.setWebpage(str6);
                        throw serverRedirectException;
                    }
                }
                throw serverRedirectException;
            }
        }
        if (!(th instanceof SSLPeerUnverifiedException)) {
            throw new GeneralException("Error invoking OAuth client", th);
        }
        throw new GeneralException("Error: could not connect to the server. Is your trusted roots store up to date?", th);
    }

    public String toString() {
        return "AuthorizationServerImpl[address=" + getAddress() + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END;
    }
}
