package edu.uiuc.ncsa.oa4mp.oauth2.client;

import edu.uiuc.ncsa.myproxy.oa4mp.client.Asset;
import edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse;
import edu.uiuc.ncsa.myproxy.oa4mp.client.ClientEnvironment;
import edu.uiuc.ncsa.myproxy.oa4mp.client.OA4MPService;
import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.core.exceptions.NFWException;
import edu.uiuc.ncsa.security.core.util.DateUtils;
import edu.uiuc.ncsa.security.delegation.client.request.RTRequest;
import edu.uiuc.ncsa.security.delegation.client.request.RTResponse;
import edu.uiuc.ncsa.security.delegation.client.request.UIRequest;
import edu.uiuc.ncsa.security.oauth_2_0.UserInfo;
import edu.uiuc.ncsa.security.oauth_2_0.client.DS2;
import edu.uiuc.ncsa.security.util.pkcs.CertUtil;
import edu.uiuc.ncsa.security.util.pkcs.KeyUtil;
import edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest;
import java.security.KeyPair;
import java.util.Map;
import net.sf.json.JSONObject;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:WEB-INF/lib/oa4mp-client-loader-oauth2-1.2.1.jar:edu/uiuc/ncsa/oa4mp/oauth2/client/OA2MPService.class */
public class OA2MPService extends OA4MPService {
    @Override // edu.uiuc.ncsa.myproxy.oa4mp.client.OA4MPService, edu.uiuc.ncsa.myproxy.oa4mp.client.AbstractOA4MPService
    public void preGetCert(Asset asset, Map map) {
        KeyPair generateKeyPair;
        super.preGetCert(asset, map);
        map.put("certreq", Base64.encodeBase64String(asset.getCertReq().getEncoded()));
        if (!map.containsKey(getEnvironment().getConstants().get(ClientEnvironment.CALLBACK_URI_KEY))) {
            map.put(getEnvironment().getConstants().get(ClientEnvironment.CALLBACK_URI_KEY), getEnvironment().getCallback().toString());
        }
        if (0 <= getEnvironment().getCertLifetime()) {
            map.put("certlifetime", Long.valueOf(getEnvironment().getCertLifetime()));
        }
        if (asset.getCertificates() != null) {
            MyPKCS10CertRequest certReq = asset.getCertReq();
            if (certReq == null) {
                try {
                    generateKeyPair = KeyUtil.generateKeyPair();
                    asset.setPrivateKey(generateKeyPair.getPrivate());
                } catch (Throwable th) {
                    getEnvironment().getMyLogger().warn("Unable to generate a new keypair.", th);
                    if (!(th instanceof RuntimeException)) {
                        throw new GeneralException("Unable to generate a new keypair.", th);
                    }
                    throw ((RuntimeException) th);
                }
            } else {
                generateKeyPair = new KeyPair(certReq.getPublicKey(), asset.getPrivateKey());
            }
            if (asset.getPrivateKey() == null) {
                NFWException nFWException = new NFWException("Error: The private key is missing. The internal state of the asset is invalid");
                getEnvironment().getMyLogger().warn("Error: The private key is missing. The internal state of the asset is invalid", nFWException);
                throw nFWException;
            }
            try {
                asset.setCertReq(CertUtil.createCertRequest(generateKeyPair));
            } catch (Throwable th2) {
                getEnvironment().getMyLogger().warn("Error: could not create cert request.", th2);
                if (!(th2 instanceof RuntimeException)) {
                    throw new GeneralException("Error: could not create cert request.", th2);
                }
                throw ((RuntimeException) th2);
            }
        }
    }

    @Override // edu.uiuc.ncsa.myproxy.oa4mp.client.OA4MPService, edu.uiuc.ncsa.myproxy.oa4mp.client.AbstractOA4MPService
    public void preRequestCert(Asset asset, Map map) {
        if (map.containsKey(getEnvironment().getConstants().get(ClientEnvironment.CALLBACK_URI_KEY))) {
            return;
        }
        map.put(getEnvironment().getConstants().get(ClientEnvironment.CALLBACK_URI_KEY), getEnvironment().getCallback().toString());
    }

    public OA2MPService(ClientEnvironment clientEnvironment) {
        super(clientEnvironment);
    }

    public OA2Asset refresh(String str) {
        OA2Asset oA2Asset = (OA2Asset) getAssetStore().get(str);
        if (oA2Asset == null) {
            return null;
        }
        DS2 ds2 = (DS2) getEnvironment().getDelegationService();
        RTRequest rTRequest = new RTRequest(getEnvironment().getClient(), null);
        rTRequest.setAccessToken(oA2Asset.getAccessToken());
        rTRequest.setRefreshToken(oA2Asset.getRefreshToken());
        RTResponse refresh = ds2.refresh(rTRequest);
        oA2Asset.setAccessToken(refresh.getAccessToken());
        oA2Asset.setRefreshToken(refresh.getRefreshToken());
        return oA2Asset;
    }

    public boolean isAccessTokenValid(String str) {
        OA2Asset asset2 = getAsset2(str);
        if (asset2 == null) {
            throw new NoSuchAssetException("Error: the asset with identifier \"" + str + "\" was not found.");
        }
        try {
            DateUtils.checkTimestamp(asset2.getAccessToken().getToken(), 900000L);
            return true;
        } catch (Throwable th) {
            return false;
        }
    }

    public UserInfo getUserInfo(String str) {
        OA2Asset asset2 = getAsset2(str);
        if (asset2 == null || asset2.getAccessToken() == null) {
            return null;
        }
        UIRequest uIRequest = new UIRequest(asset2.getAccessToken());
        uIRequest.setClient(getEnvironment().getClient());
        return (UserInfo) JSONObject.toBean(JSONObject.fromObject(((DS2) getEnvironment().getDelegationService()).getUserInfo(uIRequest).getRawJSON()), UserInfo.class);
    }

    protected OA2Asset getAsset2(String str) {
        return (OA2Asset) getAssetStore().get(str);
    }

    public OA2Asset getCert(String str) {
        OA2Asset oA2Asset = (OA2Asset) getAssetStore().get(str);
        AssetResponse cert = getCert(oA2Asset.getAccessToken().getToken(), null);
        oA2Asset.setCertificates(cert.getX509Certificates());
        oA2Asset.setUsername(cert.getUsername());
        getAssetStore().save(oA2Asset);
        return oA2Asset;
    }
}
