package org.apache.airavata.credential.store.servlet;

import edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse;
import edu.uiuc.ncsa.myproxy.oa4mp.client.ClientEnvironment;
import edu.uiuc.ncsa.myproxy.oa4mp.client.OA4MPService;
import edu.uiuc.ncsa.myproxy.oa4mp.client.servlet.ClientServlet;
import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.servlet.JSPUtil;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.airavata.common.utils.DBUtil;
import org.apache.airavata.credential.store.credential.CommunityUser;
import org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential;
import org.apache.airavata.credential.store.store.impl.CertificateCredentialWriter;
import org.apache.airavata.credential.store.util.ConfigurationReader;
import org.apache.airavata.credential.store.util.CredentialStoreConstants;
import org.apache.airavata.credential.store.util.PrivateKeyStore;
import org.apache.airavata.credential.store.util.Utility;
import org.apache.log4j.spi.LocationInfo;
import org.apache.openjpa.persistence.util.SourceCode;

/* loaded from: input_file:WEB-INF/lib/airavata-credential-store-0.10.jar:org/apache/airavata/credential/store/servlet/CredentialStoreCallbackServlet.class */
public class CredentialStoreCallbackServlet extends ClientServlet {
    private OA4MPService oa4mpService;
    private CertificateCredentialWriter certificateCredentialWriter;
    private static ConfigurationReader configurationReader;

    @Override // edu.uiuc.ncsa.myproxy.oa4mp.client.servlet.ClientServlet, edu.uiuc.ncsa.security.servlet.AbstractServlet, javax.servlet.GenericServlet
    public void init() throws ServletException {
        try {
            DBUtil credentialStoreDBUtil = DBUtil.getCredentialStoreDBUtil();
            try {
                configurationReader = new ConfigurationReader();
                super.init();
                this.certificateCredentialWriter = new CertificateCredentialWriter(credentialStoreDBUtil);
                info("Credential store callback initialized successfully.");
            } catch (Exception e) {
                throw new ServletException("Error initializing configuration reader.", e);
            }
        } catch (Exception e2) {
            throw new ServletException("Error initializing database operations.", e2);
        }
    }

    @Override // edu.uiuc.ncsa.myproxy.oa4mp.client.servlet.ClientServlet
    public OA4MPService getOA4MPService() {
        return this.oa4mpService;
    }

    @Override // edu.uiuc.ncsa.myproxy.oa4mp.client.servlet.ClientServlet, edu.uiuc.ncsa.security.servlet.AbstractServlet
    public void loadEnvironment() throws IOException {
        environment = getConfigurationLoader().load();
        this.oa4mpService = new OA4MPService((ClientEnvironment) environment);
    }

    @Override // edu.uiuc.ncsa.security.servlet.AbstractServlet
    protected void doIt(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable {
        String parameter = httpServletRequest.getParameter(CredentialStoreConstants.GATEWAY_NAME_QUERY_PARAMETER);
        String parameter2 = httpServletRequest.getParameter(CredentialStoreConstants.PORTAL_USER_QUERY_PARAMETER);
        String parameter3 = httpServletRequest.getParameter("duration");
        String parameter4 = httpServletRequest.getParameter(CredentialStoreConstants.PORTAL_USER_EMAIL_QUERY_PARAMETER);
        String parameter5 = httpServletRequest.getParameter(CredentialStoreConstants.PORTAL_TOKEN_ID_ASSIGNED);
        long j = 800;
        if (parameter3 != null) {
            j = Long.parseLong(parameter3);
        }
        if (parameter5 == null) {
            error("Token given by portal is invalid.");
            httpServletRequest.setAttribute("exception", new GeneralException("Error: The token presented by portal is null."));
            JSPUtil.fwd(httpServletRequest, httpServletResponse, configurationReader.getErrorUrl());
            return;
        }
        info("Gateway name " + parameter);
        info("Portal user name " + parameter2);
        info("Community user contact email " + parameter4);
        info("Token id presented " + parameter5);
        info("2.a. Getting token and verifier.");
        String parameter6 = httpServletRequest.getParameter("oauth_token");
        String parameter7 = httpServletRequest.getParameter("oauth_verifier");
        if (parameter6 == null || parameter7 == null) {
            warn("2.a. The token is " + (parameter6 == null ? "null" : parameter6) + " and the verifier is " + (parameter7 == null ? "null" : parameter7));
            httpServletRequest.setAttribute("exception", new GeneralException("Error: This servlet requires parameters for the token and verifier. It cannot be called directly."));
            JSPUtil.fwd(httpServletRequest, httpServletResponse, configurationReader.getErrorUrl());
            return;
        }
        info("2.a Token and verifier found.");
        try {
            PrivateKey key = PrivateKeyStore.getPrivateKeyStore().getKey(parameter5);
            if (key != null) {
                info("Found private key for token " + parameter5);
            } else {
                info("Could not find private key for token " + parameter5);
            }
            info("2.a. Getting the cert(s) from the service");
            AssetResponse cert = getOA4MPService().getCert(parameter6, parameter7);
            X509Certificate[] x509Certificates = cert.getX509Certificates();
            info("2.b. Done! Displaying success page.");
            CertificateCredential certificateCredential = new CertificateCredential();
            certificateCredential.setNotBefore(Utility.convertDateToString(x509Certificates[0].getNotBefore()));
            certificateCredential.setNotAfter(Utility.convertDateToString(x509Certificates[0].getNotAfter()));
            certificateCredential.setCertificates(x509Certificates);
            certificateCredential.setPrivateKey(key);
            certificateCredential.setCommunityUser(new CommunityUser(parameter, cert.getUsername(), parameter4));
            certificateCredential.setPortalUserName(parameter2);
            certificateCredential.setLifeTime(j);
            certificateCredential.setToken(parameter5);
            this.certificateCredentialWriter.writeCredentials(certificateCredential);
            StringBuilder sb = new StringBuilder("Certificate for community user ");
            sb.append(cert.getUsername()).append(" successfully persisted.");
            sb.append(" Certificate DN - ").append(x509Certificates[0].getSubjectDN());
            info(sb.toString());
            if (isUrlInSameServer(configurationReader.getSuccessUrl())) {
                String contextPath = httpServletRequest.getContextPath();
                if (!contextPath.endsWith("/")) {
                    contextPath = contextPath + "/";
                }
                httpServletRequest.setAttribute("action", contextPath);
                httpServletRequest.setAttribute("tokenId", parameter5);
                JSPUtil.fwd(httpServletRequest, httpServletResponse, configurationReader.getSuccessUrl());
            } else {
                String decorateUrlWithToken = decorateUrlWithToken(configurationReader.getSuccessUrl(), parameter5);
                info("Redirecting to url - " + decorateUrlWithToken);
                httpServletResponse.sendRedirect(decorateUrlWithToken);
            }
            info("2.a. Completely finished with delegation.");
        } catch (Throwable th) {
            warn("2.a. Exception from the server: " + th.getCause().getMessage());
            error("Exception while trying to get cert. message:" + th.getMessage());
            httpServletRequest.setAttribute("exception", th);
            JSPUtil.fwd(httpServletRequest, httpServletResponse, configurationReader.getErrorUrl());
        }
    }

    private boolean isUrlInSameServer(String str) {
        return (str.toLowerCase().startsWith("http") || str.toLowerCase().startsWith("https")) ? false : true;
    }

    private String decorateUrlWithToken(String str, String str2) {
        StringBuilder sb = new StringBuilder(str);
        sb.append("?tokenId=").append(str2);
        return sb.toString();
    }

    private Map<String, String> createQueryParameters(String str, String str2, String str3, String str4) {
        String str5 = getEnvironment().getConstants().get(ClientEnvironment.CALLBACK_URI_KEY);
        StringBuilder sb = new StringBuilder(((ClientEnvironment) getEnvironment()).getCallback().toString());
        sb.append(LocationInfo.NA).append(CredentialStoreConstants.GATEWAY_NAME_QUERY_PARAMETER).append(SourceCode.EQUAL).append(str).append("&").append(CredentialStoreConstants.PORTAL_USER_QUERY_PARAMETER).append(SourceCode.EQUAL).append(str2).append("&").append(CredentialStoreConstants.PORTAL_USER_EMAIL_QUERY_PARAMETER).append(SourceCode.EQUAL).append(str3).append("&").append(CredentialStoreConstants.PORTAL_TOKEN_ID_ASSIGNED).append(SourceCode.EQUAL).append(str4);
        info("Callback URI is set to - " + sb.toString());
        HashMap hashMap = new HashMap();
        hashMap.put(str5, sb.toString());
        return hashMap;
    }
}
