package edu.uiuc.ncsa.myproxy.oa4mp.server.servlet;

import edu.uiuc.ncsa.myproxy.MPConnectionProvider;
import edu.uiuc.ncsa.myproxy.MyProxyConnectable;
import edu.uiuc.ncsa.myproxy.oa4mp.server.util.JGlobusUtil;
import edu.uiuc.ncsa.security.core.Identifier;
import edu.uiuc.ncsa.security.core.exceptions.ConnectionException;
import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.delegation.server.ServiceTransaction;
import edu.uiuc.ncsa.security.delegation.token.MyX509Certificates;
import edu.uiuc.ncsa.security.util.pkcs.CertUtil;
import edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.LinkedList;

/* loaded from: input_file:WEB-INF/lib/oa4mp-server-api-3.1.2.jar:edu/uiuc/ncsa/myproxy/oa4mp/server/servlet/CRServlet.class */
public abstract class CRServlet extends MyProxyDelegationServlet {
    /* JADX INFO: Access modifiers changed from: protected */
    public abstract void doRealCertRequest(ServiceTransaction serviceTransaction, String str) throws Throwable;

    /* JADX INFO: Access modifiers changed from: protected */
    public void doCertRequest(ServiceTransaction serviceTransaction, String str) throws Throwable {
        if (!hasMPConnection(serviceTransaction)) {
            throw new ConnectionException("Error: There is no currently active MyProxy connection.");
        }
        MyPKCS10CertRequest certReq = serviceTransaction.getCertReq();
        KeyPair keyPair = null;
        if (serviceTransaction.getClient().isProxyLimited()) {
            info("3.b. starting proxy limited for " + serviceTransaction.getClient().getIdentifier() + ". Generating keypair and cert request.");
            try {
                keyPair = getServiceEnvironment().getKeyPair();
                certReq = CertUtil.createCertRequest(keyPair);
            } catch (GeneralSecurityException e) {
                error("3.b. " + e.getMessage());
            }
        }
        LinkedList x509Certificates = getX509Certificates(serviceTransaction, certReq, str);
        debug("3.b. Got cert from server, count=" + x509Certificates.size());
        LinkedList linkedList = new LinkedList();
        if (serviceTransaction.getClient().isProxyLimited()) {
            info("3.b. Limited proxy for client " + serviceTransaction.getClient().getIdentifier() + ", creating limited cert and signing it.");
            linkedList.addAll(x509Certificates);
            linkedList.addFirst(JGlobusUtil.createProxyCertificate(x509Certificates.getLast(), keyPair.getPrivate(), serviceTransaction.getCertReq().getPublicKey(), (int) (serviceTransaction.getLifetime() / 1000)));
            x509Certificates = linkedList;
        }
        debug("3.b. Preparing to return cert chain of " + x509Certificates.size() + " to client.");
        MyX509Certificates myX509Certificates = new MyX509Certificates(x509Certificates);
        serviceTransaction.setProtectedAsset(myX509Certificates);
        String username = serviceTransaction.getUsername();
        if (getServiceEnvironment().getAuthorizationServletConfig().isReturnDnAsUsername()) {
            if (myX509Certificates.getX509Certificates().length > 0) {
                username = myX509Certificates.getX509Certificates()[0].getSubjectX500Principal().getName();
                if (getServiceEnvironment().getAuthorizationServletConfig().isConvertDNToGlobusID()) {
                    username = JGlobusUtil.toGlobusID(username);
                }
                debug(str + ": USERNAME = " + username);
            } else {
                username = "no_certificates_found";
            }
            serviceTransaction.setUsername(username);
            info("3.c. Set username returned to client to first certificate's DN: " + username);
        }
        serviceTransaction.setUsername(username);
        serviceTransaction.setVerifier(MyProxyDelegationServlet.getServiceEnvironment().getTokenForge().getVerifier(new String[0]));
        getServiceEnvironment().getTransactionStore().save(serviceTransaction);
        getMPConnection(serviceTransaction.getIdentifier()).close();
    }

    protected LinkedList<X509Certificate> getX509Certificates(ServiceTransaction serviceTransaction, MyPKCS10CertRequest myPKCS10CertRequest, String str) throws GeneralSecurityException {
        LinkedList<X509Certificate> certs = getMPConnection(serviceTransaction).getCerts(myPKCS10CertRequest);
        if (certs.isEmpty()) {
            info(str + "Error: MyProxy service returned no certs.");
            throw new GeneralException("Error: MyProxy service returned no certs.");
        }
        info(str + "Got cert from MyProxy, issuing a limited proxy & storing it.");
        return certs;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MyProxyConnectable createMPConnection(Identifier identifier, String str, String str2, long j, String str3) throws GeneralSecurityException {
        return createMPConnection(identifier, str, str2, j, null, str3);
    }

    protected MyProxyConnectable createMPConnection(Identifier identifier, String str, String str2, long j, String str3, String str4) throws GeneralSecurityException {
        info("Attempting to open myproxy connection for " + str4);
        MyProxyConnectable findConnection = new MPConnectionProvider(getMyLogger(), MyProxyDelegationServlet.getServiceEnvironment().getMyProxyServices()).findConnection(identifier, str, str2, str3, j);
        getMyproxyConnectionCache().add(findConnection);
        return findConnection;
    }
}
