package edu.uiuc.ncsa.security.oauth_1_0a.server;

import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.core.exceptions.NotImplementedException;
import edu.uiuc.ncsa.security.core.exceptions.UnsupportedProtocolException;
import edu.uiuc.ncsa.security.delegation.server.issuers.AGIssuer;
import edu.uiuc.ncsa.security.delegation.server.issuers.AbstractIssuer;
import edu.uiuc.ncsa.security.delegation.server.request.AGRequest;
import edu.uiuc.ncsa.security.delegation.server.request.AGResponse;
import edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant;
import edu.uiuc.ncsa.security.delegation.token.TokenForge;
import edu.uiuc.ncsa.security.oauth_1_0a.OAuthUtilities;
import edu.uiuc.ncsa.security.oauth_1_0a.client.OAClient;
import edu.uiuc.ncsa.security.util.pkcs.KeyUtil;
import java.net.URI;
import java.security.PublicKey;
import java.util.Map;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthMessage;

/* loaded from: input_file:WEB-INF/lib/ncsa-security-oauth-1.0a-3.3.jar:edu/uiuc/ncsa/security/oauth_1_0a/server/AGIImpl.class */
public class AGIImpl extends AbstractIssuer implements AGIssuer {
    public AGIImpl(TokenForge tokenForge, URI uri) {
        super(tokenForge, uri);
    }

    @Override // edu.uiuc.ncsa.security.delegation.server.issuers.AGIssuer
    public AGResponse processAGRequest(AGRequest aGRequest) {
        try {
            OAuthMessage message = OAuthUtilities.getMessage(aGRequest.getServletRequest());
            if (!(aGRequest.getClient() instanceof OAClient)) {
                throw new NotImplementedException("This is only implemented for OAuth client. The class found was " + aGRequest.getClient().getClass().getName());
            }
            OAClient oAClient = (OAClient) aGRequest.getClient();
            OAuthAccessor createOAuthAccessor = OAuthUtilities.createOAuthAccessor(this, oAClient);
            if (oAClient.getSignatureMethod().equals("RSA-SHA1")) {
                PublicKey fromX509PEM = KeyUtil.fromX509PEM(oAClient.getSecret());
                createOAuthAccessor.consumer.setProperty("RSA-SHA1.PublicKey", fromX509PEM);
                createOAuthAccessor.setProperty("RSA-SHA1.PublicKey", fromX509PEM);
            }
            OAuthUtilities.validate(message, createOAuthAccessor);
            AuthorizationGrant authorizationGrant = this.tokenForge.getAuthorizationGrant(new String[0]);
            AGResponseImpl aGResponseImpl = new AGResponseImpl();
            aGResponseImpl.setGrant(authorizationGrant);
            aGResponseImpl.setParameters(OAuthUtilities.getParameters(message));
            Map<String, String> parameters = aGResponseImpl.getParameters();
            if (isEmpty(parameters.get("certreq"))) {
                throw new GeneralException("Error: No cert request");
            }
            String str = parameters.get("certlifetime");
            long j = 0;
            if (!isEmpty(str)) {
                try {
                    j = Long.parseLong(str) * 1000;
                    if (j < 0) {
                        j = 0;
                    }
                } catch (NumberFormatException e) {
                }
            }
            parameters.put("certlifetime", Long.toString(j));
            String str2 = parameters.get("oauth_callback");
            if (isEmpty(str2)) {
                throw new GeneralException("Error: No callback specified");
            }
            URI create = URI.create(str2);
            if (create.getScheme() == null || !create.getScheme().equals("https")) {
                throw new UnsupportedProtocolException("Error: protocol in the callback must be https");
            }
            return aGResponseImpl;
        } catch (Exception e2) {
            if (e2 instanceof RuntimeException) {
                throw ((RuntimeException) e2);
            }
            throw new GeneralException(e2);
        }
    }

    private boolean isEmpty(String str) {
        return str == null || str.isEmpty();
    }
}
