package edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet;

import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction;
import edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.ACS2;
import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.core.util.DateUtils;
import edu.uiuc.ncsa.security.delegation.server.ServiceTransaction;
import edu.uiuc.ncsa.security.delegation.server.request.IssuerResponse;
import edu.uiuc.ncsa.security.delegation.server.request.PAResponse;
import edu.uiuc.ncsa.security.delegation.token.AccessToken;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Error;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Errors;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Scopes;
import java.io.IOException;
import java.security.GeneralSecurityException;
import net.sf.json.util.JSONUtils;

/* loaded from: input_file:WEB-INF/lib/oa4mp-server-loader-oauth2-3.2.jar:edu/uiuc/ncsa/myproxy/oa4mp/oauth2/servlet/OA2CertServlet.class */
public class OA2CertServlet extends ACS2 {
    @Override // edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.MyProxyDelegationServlet
    public ServiceTransaction verifyAndGet(IssuerResponse issuerResponse) throws IOException {
        AccessToken accessToken = ((PAResponse) issuerResponse).getAccessToken();
        OA2ServiceTransaction oA2ServiceTransaction = (OA2ServiceTransaction) getTransactionStore().get(accessToken);
        if (!oA2ServiceTransaction.getScopes().contains(OA2Scopes.SCOPE_MYPROXY)) {
            throw new OA2Error(OA2Errors.ACCESS_DENIED, "Certificate request is out of scope.", "", oA2ServiceTransaction.getCallback());
        }
        if (oA2ServiceTransaction == null) {
            throw new GeneralException("Error: no transaction found for access token \"" + accessToken + JSONUtils.DOUBLE_QUOTE);
        }
        if (!oA2ServiceTransaction.isAccessTokenValid()) {
            throw new GeneralException("Error: invalid access token. Request refused");
        }
        checkClient(oA2ServiceTransaction.getClient());
        DateUtils.checkTimestamp(accessToken.getToken());
        return oA2ServiceTransaction;
    }

    protected void checkMPConnection(OA2ServiceTransaction oA2ServiceTransaction) throws GeneralSecurityException {
        if (hasMPConnection(oA2ServiceTransaction)) {
            return;
        }
        createMPConnection(oA2ServiceTransaction.getIdentifier(), oA2ServiceTransaction.getMyproxyUsername(), "", oA2ServiceTransaction.getLifetime(), "");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.CRServlet
    public void doRealCertRequest(ServiceTransaction serviceTransaction, String str) throws Throwable {
        if (!serviceTransaction.getCertReq().getCN().equals(serviceTransaction.getUsername())) {
            throw new OA2Error(OA2Errors.ACCESS_DENIED, "The common name on the cert request is \"" + serviceTransaction.getCertReq().getCN() + "\" which does not match the username \"" + serviceTransaction.getUsername() + JSONUtils.DOUBLE_QUOTE, "", serviceTransaction.getCallback());
        }
        OA2ServiceTransaction oA2ServiceTransaction = (OA2ServiceTransaction) serviceTransaction;
        checkMPConnection(oA2ServiceTransaction);
        doCertRequest(oA2ServiceTransaction, str);
    }
}
