package org.scitokens.servlet;

import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.OA2ATServlet;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.OA2DiscoveryServlet;
import edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.IssuerTransactionState;
import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.core.util.DebugUtil;
import edu.uiuc.ncsa.security.delegation.token.AccessToken;
import edu.uiuc.ncsa.security.delegation.token.impl.AccessTokenImpl;
import edu.uiuc.ncsa.security.oauth_2_0.JWTUtil;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Client;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Constants;
import edu.uiuc.ncsa.security.oauth_2_0.server.ATIResponse2;
import edu.uiuc.ncsa.security.oauth_2_0.server.OA2Claims;
import edu.uiuc.ncsa.security.util.jwk.JSONWebKey;
import edu.uiuc.ncsa.security.util.jwk.JSONWebKeys;
import java.io.PrintWriter;
import java.net.URI;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.JSONObject;
import org.scitokens.util.STConstants;
import org.scitokens.util.STTransaction;

/* loaded from: input_file:WEB-INF/classes/org/scitokens/servlet/STATServlet.class */
public class STATServlet extends OA2ATServlet {
    /* JADX INFO: Access modifiers changed from: protected */
    @Override // edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.OA2ATServlet
    public IssuerTransactionState doAT(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OA2Client oA2Client) throws Throwable {
        IssuerTransactionState doAT = super.doAT(httpServletRequest, httpServletResponse, oA2Client);
        ATIResponse2 aTIResponse2 = (ATIResponse2) doAT.getIssuerResponse();
        aTIResponse2.setAccessToken(new AccessTokenImpl(URI.create(getRawSciToken((STTransaction) doAT.getTransaction(), aTIResponse2.getAccessToken(), aTIResponse2.getParameters(), ((OA2SE) getServiceEnvironment()).getJsonWebKeys().getDefault())), null));
        return doAT;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.OA2ATServlet
    public boolean executeByGrant(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable {
        AccessToken accessToken;
        if (!str.equals(STConstants.TOKEN_EXCHANGE_GRANT_TYPE)) {
            return super.executeByGrant(str, httpServletRequest, httpServletResponse);
        }
        String firstParameterValue = getFirstParameterValue(httpServletRequest, "subject_token");
        if (firstParameterValue == null) {
            throw new GeneralException("Error: missing access token");
        }
        JSONWebKeys jsonWebKeys = ((OA2SE) getServiceEnvironment()).getJsonWebKeys();
        try {
            accessToken = getServiceEnvironment().getTokenForge().getAccessToken(JWTUtil.verifyAndReadJWT(firstParameterValue, jsonWebKeys).getString(STConstants.JWT_ID));
        } catch (Throwable th) {
            accessToken = getServiceEnvironment().getTokenForge().getAccessToken(firstParameterValue);
        }
        STTransaction sTTransaction = (STTransaction) getTransactionStore().get(accessToken);
        if (sTTransaction == null) {
            throw new GeneralException("Error: no pending transaction found.");
        }
        HashMap hashMap = new HashMap();
        hashMap.put(OA2Claims.ISSUER, OA2DiscoveryServlet.getIssuer(httpServletRequest));
        hashMap.put(OA2Claims.SUBJECT, sTTransaction.getUsername());
        String rawSciToken = getRawSciToken(sTTransaction, accessToken, hashMap, jsonWebKeys.getDefault());
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(OA2Constants.ACCESS_TOKEN, rawSciToken);
        jSONObject.put("issued_token_type", STConstants.SUBJECT_TOKEN_TYPE);
        jSONObject.put(OA2Constants.TOKEN_TYPE, OA2Constants.BEARER_TOKEN_TYPE);
        jSONObject.put(OA2Constants.EXPIRES_IN, Long.toString(Long.valueOf((System.currentTimeMillis() / 1000) + 900).longValue()));
        PrintWriter writer = httpServletResponse.getWriter();
        jSONObject.write(writer);
        writer.flush();
        writer.close();
        return true;
    }

    public String getRawSciToken(STTransaction sTTransaction, AccessToken accessToken, Map<String, String> map, JSONWebKey jSONWebKey) throws Throwable {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(STConstants.JWT_ID, accessToken.getToken());
        jSONObject.put(OA2Claims.ISSUER, map.get(OA2Claims.ISSUER));
        jSONObject.put(OA2Claims.SUBJECT, map.get(OA2Claims.SUBJECT));
        jSONObject.put("exp", Long.valueOf((System.currentTimeMillis() / 1000) + 900));
        jSONObject.put(OA2Claims.ISSUED_AT, Long.valueOf(System.currentTimeMillis() / 1000));
        jSONObject.put("path", "/user/" + sTTransaction.getUsername());
        jSONObject.put(STConstants.ST_SCOPE, "read:/protected");
        DebugUtil.dbg(STATServlet.class, "scitoken=" + jSONObject.toString(2));
        return JWTUtil.createJWT(jSONObject, jSONWebKey);
    }
}
