package org.scitokens.servlet;

import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.OA2AuthorizedServlet;
import edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Errors;
import edu.uiuc.ncsa.security.oauth_2_0.OA2RedirectableError;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Scopes;
import java.util.ArrayList;
import java.util.Map;
import java.util.StringTokenizer;
import org.apache.commons.cli.HelpFormatter;
import org.scitokens.util.STTransaction;

/* loaded from: input_file:WEB-INF/classes/org/scitokens/servlet/STAuthorizedServlet.class */
public class STAuthorizedServlet extends OA2AuthorizedServlet {
    @Override // edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.OA2AuthorizedServlet
    protected ArrayList<String> resolveScopes(OA2ServiceTransaction oA2ServiceTransaction, Map<String, String> map, String str, String str2) {
        STTransaction sTTransaction = (STTransaction) oA2ServiceTransaction;
        String str3 = map.get("scope");
        if (str3 == null || str3.length() == 0) {
            throw new OA2RedirectableError(OA2Errors.INVALID_SCOPE, "Missing scopes parameter.", str, str2);
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str3);
        ArrayList<String> arrayList = new ArrayList<>();
        boolean z = false;
        String str4 = "";
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (!OA2Scopes.ScopeUtil.hasScope(nextToken) && nextToken.startsWith("demo:")) {
                str4 = str4 + HelpFormatter.DEFAULT_LONG_OPT_SEPARATOR + nextToken;
            }
            if (nextToken.equals(OA2Scopes.SCOPE_OPENID)) {
                z = true;
            }
            arrayList.add(nextToken);
        }
        if (!z) {
            throw new OA2RedirectableError(OA2Errors.INVALID_REQUEST, "Scopes must contain openid", str, str2);
        }
        sTTransaction.setStScopes(str4);
        return arrayList;
    }

    @Override // edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.OA2AuthorizedServlet
    protected OA2ServiceTransaction createNewTransaction(AuthorizationGrant authorizationGrant) {
        return new STTransaction(authorizationGrant);
    }
}
