package edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet;

import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE;
import edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.AbstractRegistrationServlet;
import edu.uiuc.ncsa.security.core.exceptions.RetryException;
import edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval;
import edu.uiuc.ncsa.security.delegation.storage.Client;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Client;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Scopes;
import edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfigurationUtil;
import edu.uiuc.ncsa.security.servlet.PresentableState;
import java.io.BufferedReader;
import java.io.StringReader;
import java.net.URI;
import java.security.SecureRandom;
import java.util.LinkedList;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.JSON;
import net.sf.json.JSONObject;
import net.sf.json.util.JSONUtils;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;

/* loaded from: input_file:WEB-INF/lib/oa4mp-server-loader-oauth2-3.5-SNAPSHOT.jar:edu/uiuc/ncsa/myproxy/oa4mp/oauth2/servlet/OA2RegistrationServlet.class */
public class OA2RegistrationServlet extends AbstractRegistrationServlet {
    protected static SecureRandom random = new SecureRandom();
    public static final String CALLBACK_URI = "callbackURI";
    public static final String REFRESH_TOKEN_LIFETIME = "rtLifetime";
    public static final String REFRESH_TOKEN_FIELD_VISIBLE = "rtFieldVisible";
    public static final String VO_NAME = "voName";
    public static final String LDAP_NAME = "ldap";
    public static final String ISSUER_NAME = "issuer";
    public static final String SCOPES_NAME = "scopes";

    protected OA2SE getOA2SE() {
        return (OA2SE) getServiceEnvironment();
    }

    @Override // edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.AbstractRegistrationServlet, edu.uiuc.ncsa.security.servlet.Presentable
    public void prepare(PresentableState presentableState) throws Throwable {
        super.prepare(presentableState);
        HttpServletRequest request = presentableState.getRequest();
        if (presentableState.getState() == 0) {
            String[] strArr = new String[getOA2SE().getScopes().size()];
            getOA2SE().getScopes().toArray(strArr);
            request.setAttribute("scopes", strArr);
            request.setAttribute(VO_NAME, VO_NAME);
            request.setAttribute("ldap", "ldap");
            request.setAttribute("issuer", "issuer");
            request.setAttribute("callbackURI", "callbackURI");
            request.setAttribute(getValueTag("callbackURI"), "Put your callbacks here, one per line.");
            request.setAttribute(REFRESH_TOKEN_LIFETIME, REFRESH_TOKEN_LIFETIME);
            if (getOA2SE().isRefreshTokenEnabled()) {
                request.setAttribute(REFRESH_TOKEN_FIELD_VISIBLE, HelpFormatter.DEFAULT_LONG_OPT_SEPARATOR);
            } else {
                request.setAttribute(REFRESH_TOKEN_FIELD_VISIBLE, " style=\"display: none;\"");
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected Client addNewClient(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws Throwable {
        boolean z2;
        OA2Client oA2Client = (OA2Client) super.addNewClient(httpServletRequest, httpServletResponse);
        String requiredParam = getRequiredParam(httpServletRequest, "callbackURI", oA2Client);
        String parameter = getParameter(httpServletRequest, REFRESH_TOKEN_LIFETIME);
        String[] parameterValues = httpServletRequest.getParameterValues("chkScopes");
        if (parameterValues != null) {
            LinkedList linkedList = new LinkedList();
            boolean z3 = false;
            for (String str : parameterValues) {
                if (OA2Scopes.SCOPE_OPENID.equals(str)) {
                    z3 = true;
                }
                linkedList.add(str);
            }
            if (!z3) {
                linkedList.add(OA2Scopes.SCOPE_OPENID);
            }
            oA2Client.setScopes(linkedList);
        }
        String parameter2 = getParameter(httpServletRequest, "issuer");
        String parameter3 = getParameter(httpServletRequest, "ldap");
        if (!isEmpty(parameter2)) {
            oA2Client.setIssuer(parameter2);
        }
        if (!isEmpty(parameter3)) {
            try {
                oA2Client.setLdaps(LDAPConfigurationUtil.fromJSON((JSON) JSONObject.fromObject(parameter3)));
            } catch (Throwable th) {
                warn("Could not parse LDAP string during client registration for \"" + oA2Client.getIdentifierString() + "\". Skipping...");
            }
        }
        try {
            URI.create(oA2Client.getHomeUri());
            if (parameter == null || parameter.length() == 0) {
                oA2Client.setRtLifetime(0L);
            } else {
                long j = 0;
                if (parameter != null && 0 < parameter.length()) {
                    try {
                        j = Long.parseLong(parameter) * 1000;
                        z2 = j >= 0;
                    } catch (Throwable th2) {
                        z2 = false;
                    }
                    if (!z2) {
                        info("Client requested illegal value for refresh token lifetime at registration of \"" + parameter + JSONUtils.DOUBLE_QUOTE);
                    }
                }
                oA2Client.setRtLifetime(Math.min(getOA2SE().getMaxClientRefreshTokenLifetime(), j));
            }
            byte[] bArr = new byte[getOA2SE().getClientSecretLength()];
            random.nextBytes(bArr);
            oA2Client.setSecret(Base64.encodeBase64URLSafeString(bArr));
            BufferedReader bufferedReader = new BufferedReader(new StringReader(requiredParam));
            LinkedList linkedList2 = new LinkedList();
            for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                if (!readLine.toLowerCase().startsWith("https:")) {
                    warn("Attempt to add bad callback uri for client " + oA2Client.getIdentifierString());
                    throw new AbstractRegistrationServlet.ClientRegistrationRetryException("The callback \"" + readLine + "\" is not secure.", null, oA2Client);
                }
                URI.create(readLine);
                linkedList2.add(readLine);
            }
            bufferedReader.close();
            oA2Client.setCallbackURIs(linkedList2);
            oA2Client.setSignTokens(true);
            ClientApproval clientApproval = (ClientApproval) getOA2SE().getClientApprovalStore().create();
            clientApproval.setApproved(false);
            clientApproval.setIdentifier(oA2Client.getIdentifier());
            getOA2SE().getClientApprovalStore().save(clientApproval);
            if (z) {
                fireNewClientEvent(oA2Client);
            }
            return oA2Client;
        } catch (Throwable th3) {
            throw new AbstractRegistrationServlet.ClientRegistrationRetryException("Error. The stated home uri is invalid: " + th3.getMessage(), null, oA2Client);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.AbstractRegistrationServlet
    public Client addNewClient(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable {
        return addNewClient(httpServletRequest, httpServletResponse, true);
    }

    @Override // edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.AbstractRegistrationServlet, edu.uiuc.ncsa.security.servlet.Presentable
    public void present(PresentableState presentableState) throws Throwable {
        super.present(presentableState);
        if (presentableState.getState() == 100) {
            if (!(presentableState instanceof AbstractRegistrationServlet.ClientState)) {
                throw new IllegalStateException("Error: An instance of ClientState was expected, but got an instance of \"" + presentableState.getClass().getName() + JSONUtils.DOUBLE_QUOTE);
            }
            AbstractRegistrationServlet.ClientState clientState = (AbstractRegistrationServlet.ClientState) presentableState;
            clientState.getClient().setSecret(DigestUtils.sha1Hex(clientState.getClient().getSecret()));
            getServiceEnvironment().getClientStore().save(clientState.getClient());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.AbstractRegistrationServlet
    public void setRetryParameters(HttpServletRequest httpServletRequest, RetryException retryException) {
        super.setRetryParameters(httpServletRequest, retryException);
        if (getOA2SE().isRefreshTokenEnabled()) {
            httpServletRequest.setAttribute(REFRESH_TOKEN_FIELD_VISIBLE, HelpFormatter.DEFAULT_LONG_OPT_SEPARATOR);
        } else {
            httpServletRequest.setAttribute(REFRESH_TOKEN_FIELD_VISIBLE, " style=\"display: none;\"");
        }
    }
}
