package edu.uiuc.ncsa.security.oauth_2_0.client;

import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.core.util.DebugUtil;
import edu.uiuc.ncsa.security.delegation.client.request.ATRequest;
import edu.uiuc.ncsa.security.delegation.client.request.ATResponse;
import edu.uiuc.ncsa.security.delegation.client.server.ATServer;
import edu.uiuc.ncsa.security.delegation.token.AccessToken;
import edu.uiuc.ncsa.security.delegation.token.RefreshToken;
import edu.uiuc.ncsa.security.delegation.token.impl.AccessTokenImpl;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Constants;
import edu.uiuc.ncsa.security.oauth_2_0.OA2RefreshTokenImpl;
import edu.uiuc.ncsa.security.oauth_2_0.server.claims.OA2Claims;
import edu.uiuc.ncsa.security.servlet.ServiceClient;
import edu.uiuc.ncsa.security.servlet.ServletDebugUtil;
import java.net.URI;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import net.sf.json.JSONObject;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;

/* loaded from: input_file:WEB-INF/lib/ncsa-security-oauth-2.0-4.3.jar:edu/uiuc/ncsa/security/oauth_2_0/client/ATServer2.class */
public class ATServer2 extends TokenAwareServer implements ATServer {
    static HashMap<String, IDTokenEntry> idTokenStore = new HashMap<>();
    boolean useBasicAuth;

    /* loaded from: input_file:WEB-INF/lib/ncsa-security-oauth-2.0-4.3.jar:edu/uiuc/ncsa/security/oauth_2_0/client/ATServer2$IDTokenEntry.class */
    public static class IDTokenEntry {
        public JSONObject idToken;
        public String rawToken;

        public String toString() {
            return getClass().getSimpleName() + "[idToken=" + (this.idToken == null ? "(null)" : this.idToken.toString(2)) + ", rawToken=" + (this.rawToken == null ? "(null)" : this.rawToken) + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END;
        }
    }

    public static HashMap<String, IDTokenEntry> getIDTokenStore() {
        return idTokenStore;
    }

    public ATServer2(ServiceClient serviceClient, String str, boolean z, boolean z2) {
        super(serviceClient, str, z);
        this.useBasicAuth = false;
        this.useBasicAuth = z2;
    }

    @Override // edu.uiuc.ncsa.security.delegation.client.server.ATServer
    public ATResponse processATRequest(ATRequest aTRequest) {
        return getAccessToken(aTRequest);
    }

    protected ATResponse2 getAccessToken(ATRequest aTRequest) {
        Map parameters = aTRequest.getParameters();
        if (parameters.get(OA2Constants.REDIRECT_URI) == null) {
            throw new GeneralException("Error: the client redirect uri was not set in the request.");
        }
        DebugUtil.trace(this, "getting access token, use http header for token? " + this.useBasicAuth);
        HashMap hashMap = new HashMap();
        hashMap.put(OA2Constants.AUTHORIZATION_CODE, aTRequest.getAuthorizationGrant().getToken());
        hashMap.put(OA2Constants.GRANT_TYPE, OA2Constants.AUTHORIZATION_CODE_VALUE);
        String identifierString = aTRequest.getClient().getIdentifierString();
        String secret = aTRequest.getClient().getSecret();
        if (!this.useBasicAuth) {
            hashMap.put(OA2Constants.CLIENT_ID, identifierString);
            hashMap.put(OA2Constants.CLIENT_SECRET, secret);
        }
        hashMap.put(OA2Constants.REDIRECT_URI, parameters.get(OA2Constants.REDIRECT_URI));
        JSONObject andCheckResponse = getAndCheckResponse(this.useBasicAuth ? getServiceClient().getRawResponse(hashMap, identifierString, secret) : getServiceClient().getRawResponse(hashMap));
        if (!andCheckResponse.containsKey(OA2Constants.ACCESS_TOKEN)) {
            throw new IllegalArgumentException("Error: No access token found in server response");
        }
        AccessTokenImpl accessTokenImpl = new AccessTokenImpl(URI.create(andCheckResponse.getString(OA2Constants.ACCESS_TOKEN)));
        OA2RefreshTokenImpl oA2RefreshTokenImpl = null;
        if (andCheckResponse.containsKey(OA2Constants.REFRESH_TOKEN)) {
            oA2RefreshTokenImpl = new OA2RefreshTokenImpl(URI.create(andCheckResponse.getString(OA2Constants.REFRESH_TOKEN)));
            try {
                if (andCheckResponse.containsKey(OA2Constants.EXPIRES_IN)) {
                    oA2RefreshTokenImpl.setExpiresIn(Long.parseLong(andCheckResponse.getString(OA2Constants.EXPIRES_IN)) * 1000);
                }
            } catch (NumberFormatException e) {
            }
        }
        ServletDebugUtil.trace(this, "Is OIDC enabled? " + this.oidcEnabled);
        if (this.oidcEnabled) {
            ServletDebugUtil.trace(this, "Processing id token entry");
            IDTokenEntry iDTokenEntry = new IDTokenEntry();
            ServletDebugUtil.trace(this, "created new idTokenEntry ");
            JSONObject andCheckIDToken = getAndCheckIDToken(andCheckResponse, aTRequest);
            ServletDebugUtil.trace(this, "got id token = " + andCheckIDToken.toString(2));
            if (andCheckResponse.containsKey(OA2Constants.ID_TOKEN)) {
                parameters.put(OA2Constants.RAW_ID_TOKEN, andCheckResponse.getString(OA2Constants.ID_TOKEN));
                iDTokenEntry.rawToken = (String) parameters.get(OA2Constants.RAW_ID_TOKEN);
                ServletDebugUtil.trace(this, "raw token = " + iDTokenEntry.rawToken);
            }
            iDTokenEntry.idToken = andCheckIDToken;
            ServletDebugUtil.trace(this, "idTokenEntry= " + iDTokenEntry);
            if (!andCheckIDToken.getString(OA2Constants.NONCE).equals(aTRequest.getParameters().get(OA2Constants.NONCE))) {
                throw new GeneralException("Error: Incorrect nonce \"" + aTRequest.getParameters().get(OA2Constants.NONCE) + "\" returned from server");
            }
            parameters.put(OA2Claims.ISSUED_AT, new Date(andCheckIDToken.getLong(OA2Claims.ISSUED_AT) * 1000));
            parameters.put(OA2Claims.SUBJECT, andCheckIDToken.getString(OA2Claims.SUBJECT));
            if (andCheckIDToken.containsKey("auth_time")) {
                parameters.put("auth_time", Long.valueOf(andCheckIDToken.getLong("auth_time")));
            }
            parameters.put(OA2Constants.ID_TOKEN, andCheckIDToken);
            ServletDebugUtil.trace(this, "Adding idTokenEntry with id = " + accessTokenImpl.getToken() + " to the ID Token store. Store has " + getIDTokenStore().size() + " entries");
            getIDTokenStore().put(accessTokenImpl.getToken(), iDTokenEntry);
            ServletDebugUtil.trace(this, "ID Token store=" + getIDTokenStore().size());
            ServletDebugUtil.trace(this, "Added idTokenEntry to the ID Token store. Store now has " + getIDTokenStore().size() + " entries");
        } else {
            ServletDebugUtil.trace(this, "Skipping id token entry...");
        }
        ATResponse2 createResponse = createResponse(accessTokenImpl, oA2RefreshTokenImpl);
        createResponse.setParameters(parameters);
        return createResponse;
    }

    protected ATResponse2 createResponse(AccessToken accessToken, RefreshToken refreshToken) {
        return new ATResponse2(accessToken, refreshToken);
    }
}
