package edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet;

import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.clients.OA2Client;
import edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.AbstractRegistrationServlet;
import edu.uiuc.ncsa.security.core.exceptions.NFWException;
import edu.uiuc.ncsa.security.delegation.storage.Client;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Errors;
import edu.uiuc.ncsa.security.oauth_2_0.OA2GeneralError;
import edu.uiuc.ncsa.security.servlet.ServletDebugUtil;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.StringReader;
import java.net.URI;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.StringTokenizer;
import net.sf.json.util.JSONUtils;
import org.apache.commons.cli.HelpFormatter;
import org.apache.http.HttpHost;

/* loaded from: input_file:WEB-INF/lib/oa4mp-server-loader-oauth2-4.3.jar:edu/uiuc/ncsa/myproxy/oa4mp/oauth2/servlet/OA2ClientUtils.class */
public class OA2ClientUtils {

    /* loaded from: input_file:WEB-INF/lib/oa4mp-server-loader-oauth2-4.3.jar:edu/uiuc/ncsa/myproxy/oa4mp/oauth2/servlet/OA2ClientUtils$InvalidRedirectError.class */
    public static class InvalidRedirectError extends OA2GeneralError {
        public InvalidRedirectError(String str, String str2, int i) {
            super(str, str2, i);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/oa4mp-server-loader-oauth2-4.3.jar:edu/uiuc/ncsa/myproxy/oa4mp/oauth2/servlet/OA2ClientUtils$NoClientIDException.class */
    public static class NoClientIDException extends OA2GeneralError {
        public NoClientIDException(String str, String str2, int i) {
            super(str, str2, i);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/oa4mp-server-loader-oauth2-4.3.jar:edu/uiuc/ncsa/myproxy/oa4mp/oauth2/servlet/OA2ClientUtils$NoRegisteredRedirectError.class */
    public static class NoRegisteredRedirectError extends OA2GeneralError {
        public NoRegisteredRedirectError(String str, String str2, int i) {
            super(str, str2, i);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/oa4mp-server-loader-oauth2-4.3.jar:edu/uiuc/ncsa/myproxy/oa4mp/oauth2/servlet/OA2ClientUtils$NoScopesError.class */
    public static class NoScopesError extends OA2GeneralError {
        public NoScopesError(String str, String str2, int i) {
            super(str, str2, i);
        }
    }

    public static void check(Client client, String str) {
        if (client == null) {
            throw new NoClientIDException(OA2Errors.INVALID_REQUEST, "no client id", 400);
        }
        if (!(client instanceof OA2Client)) {
            throw new NFWException("Internal error: Client is not an OA2Client");
        }
        OA2Client oA2Client = (OA2Client) client;
        boolean z = false;
        if (oA2Client.getCallbackURIs() == null) {
            throw new NoRegisteredRedirectError(OA2Errors.INVALID_REQUEST, "client has not registered any callback URIs", 400);
        }
        Iterator<String> it = oA2Client.getCallbackURIs().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (it.next().equals(str)) {
                z = true;
                break;
            }
        }
        if (z) {
            return;
        }
        ServletDebugUtil.trace(OA2ClientUtils.class, "invalid redirect uri for client \"" + oA2Client.getIdentifierString() + "\": \"" + str + JSONUtils.DOUBLE_QUOTE);
        throw new InvalidRedirectError(OA2Errors.INVALID_REQUEST, "The given redirect \"" + str + "\" is not valid for this client", 400);
    }

    public static LinkedList<String> createCallbacks(List<String> list, List<String> list2) throws IOException {
        LinkedList<String> linkedList = new LinkedList<>();
        for (String str : list) {
            if (str != null && !str.isEmpty() && !str.trim().isEmpty()) {
                try {
                    URI create = URI.create(str);
                    String host = create.getHost();
                    String scheme = create.getScheme();
                    ServletDebugUtil.trace(OA2ClientUtils.class, "createCallbacks, processing callback \"" + str + JSONUtils.DOUBLE_QUOTE);
                    if (scheme != null && scheme.toLowerCase().equals("https")) {
                        linkedList.add(str);
                    } else if (isPrivate(host, scheme)) {
                        linkedList.add(str);
                    } else if (create.getAuthority() == null || create.getAuthority().isEmpty()) {
                        linkedList.add(str);
                    } else {
                        list2.add(str);
                    }
                } catch (IllegalArgumentException e) {
                    list2.add(str);
                }
            }
        }
        return linkedList;
    }

    public static LinkedList<String> createCallbacksForWebUI(OA2Client oA2Client, String str) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new StringReader(str));
        LinkedList linkedList = new LinkedList();
        LinkedList linkedList2 = new LinkedList();
        for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
            linkedList.add(readLine);
        }
        bufferedReader.close();
        LinkedList<String> createCallbacks = createCallbacks(linkedList, linkedList2);
        if (0 >= linkedList2.size()) {
            return createCallbacks;
        }
        String str2 = "</br>";
        boolean z = linkedList2.size() == 1;
        Iterator it = linkedList2.iterator();
        while (it.hasNext()) {
            str2 = str2 + ((String) it.next()) + "</br>";
        }
        throw new AbstractRegistrationServlet.ClientRegistrationRetryException("The callback" + (z ? HelpFormatter.DEFAULT_LONG_OPT_SEPARATOR : "s ") + str2 + (z ? "is" : "are") + " not valid.", null, oA2Client);
    }

    protected static int[] toQuad(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ".");
        if (!stringTokenizer.hasMoreTokens()) {
            return null;
        }
        int[] iArr = new int[4];
        for (int i = 0; i < 4; i++) {
            if (!stringTokenizer.hasMoreTokens()) {
                return null;
            }
            try {
                iArr[i] = Integer.parseInt(stringTokenizer.nextToken());
                if (0 > iArr[i] || iArr[i] > 255) {
                    return null;
                }
            } catch (NumberFormatException e) {
                return null;
            }
        }
        if (stringTokenizer.hasMoreTokens()) {
            return null;
        }
        return iArr;
    }

    protected static boolean isOnPrivateNetwork(String str) {
        int[] quad;
        if (!str.matches("\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b") || (quad = toQuad(str)) == null) {
            return false;
        }
        if (quad[0] == 10) {
            return true;
        }
        if (quad[0] == 192 && quad[1] == 168) {
            return true;
        }
        if (quad[0] != 172 || 16 > quad[1] || quad[1] > 31) {
            return quad[0] == 127 && quad[1] == 0 && quad[2] == 0 && quad[3] == 1;
        }
        return true;
    }

    protected static boolean isPrivate(String str, String str2) {
        if (str != null && isOnPrivateNetwork(str)) {
            return true;
        }
        if (str2 == null || !str2.toLowerCase().equals(HttpHost.DEFAULT_SCHEME_NAME)) {
            return false;
        }
        return str.toLowerCase().equals("localhost") || str.equals("[::1]");
    }
}
