package at.gv.egovernment.moa.id.config.webgui.validation.task.impl;

import at.gv.egiz.components.configuration.api.Configuration;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator;
import at.gv.egovernment.moa.util.MiscUtil;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.class */
public class ServicesAuthenticationInformationTask extends AbstractTaskValidator implements ITaskValidator {
    private static final Logger log = LoggerFactory.getLogger(ServicesAuthenticationInformationTask.class);
    private static final List<String> KEYWHITELIST = Collections.unmodifiableList(new ArrayList());

    @Override // at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator, at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator
    public String getKeyPrefix() {
        return "";
    }

    @Override // at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator, at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator
    public String getName() {
        return "Service - Authentication Configuration Task";
    }

    @Override // at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator, at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator
    public Map<String, String> postProcessing(Map<String, String> map, List<String> list, Configuration configuration) {
        HashMap hashMap = new HashMap();
        String str = map.get("auth.mandates.ovs.profiles");
        if (MiscUtil.isNotEmpty(str)) {
            hashMap.put("auth.mandates.ovs.profiles", KeyValueUtils.normalizeCSVValueString(str));
        }
        String str2 = map.get("auth.bku.template.legacy");
        if (MiscUtil.isNotEmpty(str2) && Boolean.parseBoolean(str2)) {
            if (!map.containsKey("auth.bku.template.first.url")) {
                list.add("auth.bku.template.first.url");
            }
            if (!map.containsKey("auth.bku.template.second.url")) {
                list.add("auth.bku.template.second.url");
            }
            if (!map.containsKey("auth.bku.template.third.url")) {
                list.add("auth.bku.template.third.url");
            }
        } else {
            list.add("auth.bku.template.first.url");
            list.add("auth.bku.template.second.url");
            list.add("auth.bku.template.third.url");
        }
        if (hashMap.isEmpty()) {
            return null;
        }
        return hashMap;
    }

    @Override // at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator
    protected void taskValidate(Map<String, String> map) throws ConfigurationTaskValidationException {
        ArrayList arrayList = new ArrayList();
        String str = map.get("auth.bku.handyBKU");
        if (MiscUtil.isNotEmpty(str) && !ValidationHelper.validateURL(str)) {
            log.info("Not valid Handy-BKU URL");
            arrayList.add(new ValidationObjectIdentifier("auth.bku.handyBKU", "BKU - Handy", LanguageHelper.getErrorString("validation.general.bku.handy.valid")));
        }
        String str2 = map.get("auth.bku.localBKU");
        if (MiscUtil.isNotEmpty(str2) && !ValidationHelper.validateURL(str2)) {
            log.info("Not valid Online-BKU URL");
            arrayList.add(new ValidationObjectIdentifier("auth.bku.localBKU", "BKU - Local", LanguageHelper.getErrorString("validation.general.bku.local.valid")));
        }
        String str3 = map.get("auth.bku.onlineBKU");
        if (MiscUtil.isNotEmpty(str3) && !ValidationHelper.validateURL(str3)) {
            log.info("Not valid Online-BKU URL");
            arrayList.add(new ValidationObjectIdentifier("auth.bku.onlineBKU", "BKU - Online", LanguageHelper.getErrorString("validation.general.bku.online.valid")));
        }
        String str4 = map.get("auth.bku.keyBoxIdentifier");
        if (MiscUtil.isEmpty(str4)) {
            log.info("Empty KeyBoxIdentifier");
        } else if (!MOAIDConfigurationConstants.ALLOWED_KEYBOXIDENTIFIER.contains(str4)) {
            log.info("Not valid KeyBoxIdentifier " + str4);
            arrayList.add(new ValidationObjectIdentifier("auth.bku.onlineBKU", "BKU - KeyBoxIdentifier", LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid")));
        }
        String str5 = map.get("auth.bku.template.legacy");
        if (MiscUtil.isNotEmpty(str5) && Boolean.parseBoolean(str5)) {
            if (MiscUtil.isEmpty(map.get("auth.bku.template.first.url")) && MiscUtil.isEmpty(map.get("auth.bku.template.second.url")) && MiscUtil.isEmpty(map.get("auth.bku.template.third.url"))) {
                log.info("Empty OA-specific SecurityLayer Templates");
                arrayList.add(new ValidationObjectIdentifier("auth.bku.template.legacy", "BKU - SecurityLayer Templates", LanguageHelper.getErrorString("validation.general.sltemplates.empty")));
            } else {
                String str6 = map.get("auth.bku.template.first.url");
                if (MiscUtil.isNotEmpty(str6) && ValidationHelper.isNotValidIdentityLinkSigner(str6)) {
                    log.info("First OA-specific SecurityLayer Templates is not valid");
                    arrayList.add(new ValidationObjectIdentifier("auth.bku.template.first.url", "BKU - 1. SecurityLayer Templates", LanguageHelper.getErrorString("validation.general.sltemplate1.valid")));
                }
                String str7 = map.get("auth.bku.template.second.url");
                if (MiscUtil.isNotEmpty(str7) && ValidationHelper.isNotValidIdentityLinkSigner(str7)) {
                    log.info("Second OA-specific SecurityLayer Templates is not valid");
                    arrayList.add(new ValidationObjectIdentifier("auth.bku.template.second.url", "BKU - 2. SecurityLayer Templates", LanguageHelper.getErrorString("validation.general.sltemplate2.valid")));
                }
                String str8 = map.get("auth.bku.template.third.url");
                if (MiscUtil.isNotEmpty(str8) && ValidationHelper.isNotValidIdentityLinkSigner(str8)) {
                    log.info("Third OA-specific SecurityLayer Templates is not valid");
                    arrayList.add(new ValidationObjectIdentifier("auth.bku.template.third.url", "BKU - 3. SecurityLayer Templates", LanguageHelper.getErrorString("validation.general.sltemplate3.valid")));
                }
            }
        }
        String str9 = map.get("auth.mandates.ovs.use");
        if (MiscUtil.isNotEmpty(str9) && Boolean.parseBoolean(str9)) {
            String str10 = map.get("auth.mandates.ovs.profiles");
            if (ValidationHelper.containsNotValidCharacter(str10, true)) {
                log.warn("MandateProfiles contains potentail XSS characters: " + str10);
                arrayList.add(new ValidationObjectIdentifier("auth.mandates.ovs.profiles", "Mandates - Profiles", LanguageHelper.getErrorString("validation.general.mandate.profiles", new Object[]{ValidationHelper.getNotValidCharacter(true)})));
            }
        }
        String str11 = map.get("auth.testcredentials.enabled");
        String str12 = map.get("auth.testcredentials.oids");
        if (MiscUtil.isNotEmpty(str11) && Boolean.parseBoolean(str11) && MiscUtil.isNotEmpty(str12)) {
            for (String str13 : str12.split(",")) {
                if (!str13.startsWith("1.2.40.0.10.2.4.1")) {
                    log.warn("Test credential OID does not start with test credential root OID");
                    arrayList.add(new ValidationObjectIdentifier("auth.testcredentials.oids", "Test-Identities - allowed OIDs", LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid", new Object[]{str13})));
                }
            }
        }
        String str14 = map.get("modules.mis.service.url");
        if (MiscUtil.isNotEmpty(str14) && !ValidationHelper.validateURL(str14)) {
            log.info("Not valid MIS Service URL");
            arrayList.add(new ValidationObjectIdentifier("modules.mis.service.url", "Mandates - MIS", LanguageHelper.getErrorString("validation.general.mandateservice.valid", new Object[]{str14})));
        }
        String str15 = map.get("modules.elga_mandate.service.entityID");
        if (MiscUtil.isNotEmpty(str15) && !ValidationHelper.validateURL(str15)) {
            log.info("Not valid ELGA Service URL");
            arrayList.add(new ValidationObjectIdentifier("modules.elga_mandate.service.entityID", "Mandates - ELGA", LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", new Object[]{str15})));
        }
        String str16 = map.get("modules.eidsystem.service.url");
        if (MiscUtil.isNotEmpty(str16) && !ValidationHelper.validateURL(str16)) {
            log.info("Not valid ELGA Service URL");
            arrayList.add(new ValidationObjectIdentifier("modules.eidsystem.service.url", "E-ID System", LanguageHelper.getErrorString("validation.general.eidsystem.valid", new Object[]{str16})));
        }
        String str17 = map.get("modules.szrgw.service.url");
        if (MiscUtil.isNotEmpty(str17) && !ValidationHelper.validateURL(str17)) {
            log.info("Not valid SZR-GW Service URL");
            arrayList.add(new ValidationObjectIdentifier("modules.szrgw.service.url", "SZR-Gateway - Service URL", LanguageHelper.getErrorString("validation.general.szrgw.url.valid", new Object[]{str17})));
        }
        String str18 = map.get("auth.sl20.endpoints");
        if (map.get("auth.sl20.enabled") != null && Boolean.valueOf(map.get("auth.sl20.enabled")).booleanValue() && MiscUtil.isNotEmpty(str18)) {
            log.debug("Validate SL2.0 configuration ... ");
            List<String> listOfCSVValues = KeyValueUtils.getListOfCSVValues(str18);
            if (listOfCSVValues.size() == 1) {
                String str19 = (String) listOfCSVValues.get(0);
                if (!str19.startsWith("default=") && str19.contains("=")) {
                    log.warn("SL2.0 endpoint '" + str19 + "' has wrong format");
                    arrayList.add(new ValidationObjectIdentifier("auth.sl20.endpoints", "SL2.0 - EndPoint URLs", LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{str19})));
                } else if (!str19.startsWith("default=") && !str19.contains("=")) {
                    log.info("Find one SL2.0 endpoint without 'default='. Start updateing ... ");
                    listOfCSVValues.remove(0);
                    listOfCSVValues.add("default=" + str19);
                }
            } else {
                boolean z = false;
                for (String str20 : listOfCSVValues) {
                    if (!str20.contains("=")) {
                        log.warn("SL2.0 endpoint '" + str20 + "' has wrong format");
                        arrayList.add(new ValidationObjectIdentifier("auth.sl20.endpoints", "SL2.0 - EndPoint URLs", LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{str20})));
                    } else if (str20.startsWith("default=")) {
                        log.debug("Find default endpoint.");
                        z = true;
                    } else {
                        try {
                            Integer.valueOf(str20.split("=")[0]);
                        } catch (NumberFormatException e) {
                            log.warn("SL2.0 endpoint '" + str20 + "' has wrong format", e);
                            arrayList.add(new ValidationObjectIdentifier("auth.sl20.endpoints", "SL2.0 - EndPoint URLs", LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{str20})));
                        }
                    }
                }
                if (!z) {
                    log.warn("SL2.0 endpoints contains NO default endpoint");
                    arrayList.add(new ValidationObjectIdentifier("auth.sl20.endpoints", "SL2.0 - EndPoint URLs", LanguageHelper.getErrorString("validation.general.sl20.endpoints.default", new Object[0])));
                }
            }
        }
        if (!arrayList.isEmpty()) {
            throw new ConfigurationTaskValidationException(arrayList);
        }
    }

    @Override // at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator, at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator
    public List<Pattern> getAllAllowedPatterns() {
        return generatePatternsFromKeys(KEYWHITELIST);
    }
}
