package edu.uiuc.ncsa.myproxy.oauth2.tools;

import edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse;
import edu.uiuc.ncsa.myproxy.oa4mp.client.ClientEnvironment;
import edu.uiuc.ncsa.myproxy.oa4mp.client.OA4MPResponse;
import edu.uiuc.ncsa.myproxy.oa4mp.client.storage.AssetStoreUtil;
import edu.uiuc.ncsa.myproxy.oa4mp.server.testing.TestCommands;
import edu.uiuc.ncsa.oa4mp.oauth2.client.OA2Asset;
import edu.uiuc.ncsa.oa4mp.oauth2.client.OA2MPService;
import edu.uiuc.ncsa.security.core.Identifier;
import edu.uiuc.ncsa.security.core.util.DateUtils;
import edu.uiuc.ncsa.security.core.util.MyLoggingFacade;
import edu.uiuc.ncsa.security.delegation.client.request.RTResponse;
import edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant;
import edu.uiuc.ncsa.security.delegation.token.impl.AuthorizationGrantImpl;
import edu.uiuc.ncsa.security.oauth_2_0.UserInfo;
import edu.uiuc.ncsa.security.oauth_2_0.client.ATResponse2;
import edu.uiuc.ncsa.security.util.cli.InputLine;
import edu.uiuc.ncsa.security.util.pkcs.CertUtil;
import java.io.BufferedWriter;
import java.io.FileWriter;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.util.Date;
import java.util.HashMap;
import java.util.StringTokenizer;
import net.sf.json.JSONObject;

/* loaded from: input_file:edu/uiuc/ncsa/myproxy/oauth2/tools/OA2TestCommands.class */
public class OA2TestCommands extends TestCommands {
    protected OA2MPService service;
    SecureRandom secureRandom;
    static String encoding = "UTF-8";
    AuthorizationGrant grant;
    boolean canGetGrant;
    boolean canGetAT;
    boolean canGetCert;
    boolean canGetRT;
    OA2Asset dummyAsset;
    String rawIdToken;
    JSONObject claims;
    ATResponse2 currentATResponse;
    AssetResponse assetResponse;
    public static final String CLAIMS_FLAG = "-claims";

    public OA2TestCommands(MyLoggingFacade myLoggingFacade, ClientEnvironment clientEnvironment) {
        super(myLoggingFacade, clientEnvironment);
        this.secureRandom = new SecureRandom();
        this.canGetGrant = false;
        this.canGetAT = false;
        this.canGetCert = false;
        this.canGetRT = false;
        this.rawIdToken = null;
        this.claims = null;
        this.assetResponse = null;
    }

    protected OA2MPService getOA2S() {
        return m2getService();
    }

    /* renamed from: getService, reason: merged with bridge method [inline-methods] */
    public OA2MPService m2getService() {
        if (this.service == null) {
            this.service = new OA2MPService(getCe());
        }
        return this.service;
    }

    public void getURIHelp() {
        say("Usage: This will create the correct URL to pass to your browser.");
        say("       This URL should be pasted exactly into the location bar.");
        say("       You must then authenticate. After you authenticate, the");
        say("       service will attempt a call back to a client endpoint which will");
        say("       fail (this is the hook that lets us do this manually).");
        say("       Next Step: You should invoke setgrant with the callback uri from the server.");
    }

    protected String getRandomString() {
        return Long.toHexString(this.secureRandom.nextLong());
    }

    public void geturi(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            getURIHelp();
            return;
        }
        Identifier createID = AssetStoreUtil.createID();
        OA4MPResponse requestCert = m2getService().requestCert(createID);
        this.dummyAsset = getCe().getAssetStore().get(createID.toString());
        say(requestCert.getRedirect().toString());
    }

    protected String createURI(String str, HashMap<String, String> hashMap) throws UnsupportedEncodingException {
        String str2 = str;
        boolean z = true;
        for (String str3 : hashMap.keySet()) {
            str2 = str2 + (z ? "?" : "&") + str3 + "=" + encode(hashMap.get(str3));
            if (z) {
                z = false;
            }
        }
        this.canGetGrant = true;
        return str2;
    }

    String encode(String str) throws UnsupportedEncodingException {
        return str == null ? "" : URLEncoder.encode(str, encoding);
    }

    String decode(String str) throws UnsupportedEncodingException {
        return str == null ? "" : URLDecoder.decode(str, encoding);
    }

    public void setgrant(InputLine inputLine) throws Exception {
        if (inputLine.size() != 2 || showHelp(inputLine)) {
            setGrantHelp();
            return;
        }
        String arg = inputLine.getArg(1);
        if (!arg.startsWith(getCe().getCallback().toString())) {
            say("The callback in the configuration does not match that in the argument you gave");
            return;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(arg.substring(arg.indexOf("?") + 1), "&");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.startsWith("code=")) {
                URI create = URI.create(decode(nextToken.substring(5)));
                say("grant=" + create.toString());
                this.grant = new AuthorizationGrantImpl(create);
            }
        }
    }

    public OA2Asset getDummyAsset() {
        return this.dummyAsset;
    }

    public void clear(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            getClearHelp();
            return;
        }
        this.dummyAsset = null;
        this.assetResponse = null;
        this.currentATResponse = null;
        this.grant = null;
        this.rawIdToken = null;
        this.claims = null;
        this.canGetCert = false;
        this.canGetGrant = false;
        this.canGetRT = false;
        this.canGetAT = false;
    }

    protected void getClearHelp() {
        say("clear: reset all internal state and restart. You should do this rather than just starting over");
        say("       as you may run into old state.");
    }

    protected void saveCertHelp() {
        say("savecert filename");
        say("This will save the cert (be sure to do a getcert call first so you have one) to the");
        say("fully qualified filename");
        say("If there is no cert available, no file will be written, but a message will be printed.");
    }

    public void savecert(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            saveCertHelp();
            return;
        }
        if (this.assetResponse == null) {
            say("Sorry, but there is no cert to save. Please do a successful getcert call first.");
            return;
        }
        String pem = CertUtil.toPEM(this.assetResponse.getX509Certificates());
        if (!inputLine.hasArgs()) {
            say("Sorry. You did not specify a file so the cert cannot be saved.");
            return;
        }
        String arg = inputLine.getArg(1);
        BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(arg));
        bufferedWriter.write(pem + "\n");
        bufferedWriter.flush();
        bufferedWriter.close();
        say("File \"" + arg + "\" saved successfully.");
    }

    protected void showRawTokenHelp() {
        sayi("showRawToken - This will show the raw id token, i.e., the JWT. ");
        sayi("               If you wish to see the contents of this JWT");
        sayi("               you should probably invoke showClaims instead.");
    }

    public void showrawtoken(InputLine inputLine) throws Exception {
        if (this.grant == null || showHelp(inputLine)) {
            getATHelp();
            return;
        }
        if (this.rawIdToken == null) {
            sayi("No id token.");
        } else if (this.rawIdToken.length() == 0) {
            sayi("Empty id token");
        } else {
            sayi(this.rawIdToken);
        }
    }

    public void showclaims(InputLine inputLine) throws Exception {
        if (this.grant == null || showHelp(inputLine)) {
            showClaimsHelp();
        } else if (this.claims == null || this.claims.isEmpty()) {
            say("(no claims found)");
        } else {
            say(this.claims.toString(2));
        }
    }

    protected void showClaimsHelp() {
        sayi("showClaims - This will show the most recent set of claims. You must get an access token");
        sayi("             before this is set.");
        sayi("             You may also see the raw version of this (simply the JWT) by calling showRawToken.");
    }

    public void getat(InputLine inputLine) throws Exception {
        if (this.grant == null || showHelp(inputLine)) {
            getATHelp();
            return;
        }
        this.currentATResponse = getOA2S().getAccessToken(getDummyAsset(), this.grant);
        Object obj = this.currentATResponse.getParameters().get("raw_id_token");
        if (obj != null) {
            this.rawIdToken = obj.toString();
        }
        this.claims = (JSONObject) this.currentATResponse.getParameters().get("id_token");
        if (inputLine.hasArg(CLAIMS_FLAG)) {
            if (this.claims.isEmpty()) {
                say("(no claims found)");
            } else {
                say(this.claims.toString(2));
            }
        }
        printTokens();
    }

    protected void getCertHelp() {
        say("getcert: This will get the requested cert chain from the server.");
    }

    protected void getUIHelp() {
        say("getuserinfo: This will get the user info from the server. You must have already authenticated");
        say("             *and* gotten a valid access token by this point. Just a list of these it printed.");
        say("             What is returned is dependant upon what the server supports.");
    }

    public void getuserinfo(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            getUIHelp();
            return;
        }
        UserInfo userInfo = getOA2S().getUserInfo(this.dummyAsset.getIdentifier().toString());
        say("user info:");
        for (String str : userInfo.getMap().keySet()) {
            say("          " + str + " = " + userInfo.getMap().get(str));
        }
    }

    public void getcert(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            getCertHelp();
            return;
        }
        this.assetResponse = getOA2S().getCert(this.dummyAsset, this.currentATResponse);
        if (this.assetResponse.getUsername() != null) {
            say("returned username=" + this.assetResponse.getUsername());
        }
        say("X509Certs:");
        say(CertUtil.toPEM(this.assetResponse.getX509Certificates()));
    }

    protected void getRTHelp() {
        say("getrt [-claims]:");
        say("       Get a new refresh token. You must have already called getat to have gotten an access token");
        say("       first. This will print out a summary of the expiration time.");
        say("       If the -claims flag is supplied, the id token will be printed");
    }

    protected void printTokens() {
        if (this.dummyAsset.getAccessToken() != null) {
            say(" access token = " + this.dummyAsset.getAccessToken().getToken());
        }
        if (this.dummyAsset.getRefreshToken() != null) {
            say("refresh token = " + this.dummyAsset.getRefreshToken().getToken());
            say("RT expires in = " + this.dummyAsset.getRefreshToken().getExpiresIn() + " ms.");
            Date date = DateUtils.getDate(this.dummyAsset.getRefreshToken().getToken());
            date.setTime(date.getTime() + this.dummyAsset.getRefreshToken().getExpiresIn());
            say("   expires at " + date);
        }
    }

    public void getrt(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            getRTHelp();
            return;
        }
        RTResponse refresh = getOA2S().refresh(this.dummyAsset.getIdentifier().toString());
        this.dummyAsset = getCe().getAssetStore().get(this.dummyAsset.getIdentifier().toString());
        this.currentATResponse = new ATResponse2(this.dummyAsset.getAccessToken(), this.dummyAsset.getRefreshToken());
        this.currentATResponse.setParameters(refresh.getParameters());
        JSONObject fromObject = JSONObject.fromObject(this.currentATResponse.getParameters());
        this.claims = fromObject;
        if (inputLine.hasArg(CLAIMS_FLAG)) {
            if (fromObject.isEmpty()) {
                say("(no claims found)");
            } else {
                say(fromObject.toString(2));
            }
        }
        printTokens();
    }

    protected void getATHelp() {
        say("getat [-claims]:");
        say("       Gets the access token and refresh token (if supported on the server) for a given grant. ");
        say("       Your argument is the output from the setgrant call here.");
        say("       A summary of the refresh token and its expiration is printed, if applicable.");
        say("       If the --claims flag is supplied, the id token will be printed");
    }

    protected void setGrantHelp() {
        say("setgrant: The assumption is that you use geturi to get the correct authorization uri and have ");
        say("          logged in. Your browser *should* have a call back to your client. Cut and paste that");
        say("          as the argument to this call. This will return a string with the grant in it. You can use");
        say("          that to get an access token.");
    }
}
