package at.gv.egovernment.moa.id.protocols.pvp2x.builder;

import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.SamlAttributeGenerator;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
import at.gv.egovernment.moa.logging.Logger;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.impl.AttributeQueryBuilder;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureException;
import org.opensaml.xml.signature.Signer;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service("AttributQueryBuilder")
/* loaded from: input_file:at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.class */
public class AttributQueryBuilder {

    @Autowired
    IDPCredentialProvider credentialProvider;

    public List<Attribute> buildSAML2AttributeList(IOAAuthParameters iOAAuthParameters, Iterator<String> it) throws ConfigurationException {
        Logger.debug("Build OA specific Attributes for AttributQuery request");
        ArrayList arrayList = new ArrayList();
        SamlAttributeGenerator samlAttributeGenerator = new SamlAttributeGenerator();
        while (it.hasNext()) {
            String next = it.next();
            Attribute buildEmptyAttribute = PVPAttributeBuilder.buildEmptyAttribute(next);
            if (buildEmptyAttribute == null) {
                Logger.warn("Attribut " + next + " has no valid Name");
            } else {
                if (next.equals("urn:oid:1.2.40.0.10.2.1.1.261.34")) {
                    buildEmptyAttribute = samlAttributeGenerator.buildStringAttribute(buildEmptyAttribute.getFriendlyName(), buildEmptyAttribute.getName(), iOAAuthParameters.getAreaSpecificTargetIdentifier());
                }
                arrayList.add(buildEmptyAttribute);
            }
        }
        return arrayList;
    }

    public AttributeQuery buildAttributQueryRequest(String str, String str2, String str3, List<Attribute> list) throws AttributQueryException {
        try {
            AttributeQuery buildObject = new AttributeQueryBuilder().buildObject();
            Subject subject = (Subject) SAML2Utils.createSAMLObject(Subject.class);
            NameID nameID = (NameID) SAML2Utils.createSAMLObject(NameID.class);
            nameID.setValue(str2);
            nameID.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
            subject.setNameID(nameID);
            buildObject.setSubject(subject);
            buildObject.getAttributes().addAll(list);
            buildObject.setIssueInstant(new DateTime());
            Issuer issuer = (Issuer) SAML2Utils.createSAMLObject(Issuer.class);
            issuer.setValue(str);
            issuer.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
            buildObject.setIssuer(issuer);
            buildObject.setID(SAML2Utils.getSecureIdentifier());
            buildObject.setDestination(str3);
            X509Credential iDPAssertionSigningCredential = this.credentialProvider.getIDPAssertionSigningCredential();
            Signature signature = (Signature) SAML2Utils.createSAMLObject(Signature.class);
            signature.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
            signature.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
            signature.setSigningCredential(iDPAssertionSigningCredential);
            buildObject.setSignature(signature);
            Configuration.getMarshallerFactory().getMarshaller(buildObject).marshall(buildObject, DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument());
            Signer.signObject(signature);
            return buildObject;
        } catch (CredentialsNotAvailableException e) {
            Logger.error("Build AttributQuery Request FAILED.", e);
            throw new AttributQueryException("Build AttributQuery Request FAILED.", (Object[]) null, e);
        } catch (ParserConfigurationException e2) {
            Logger.error("Build AttributQuery Request FAILED.", e2);
            throw new AttributQueryException("Build AttributQuery Request FAILED.", (Object[]) null, e2);
        } catch (SignatureException e3) {
            Logger.error("Build AttributQuery Request FAILED.", e3);
            throw new AttributQueryException("Build AttributQuery Request FAILED.", (Object[]) null, e3);
        } catch (MarshallingException e4) {
            Logger.error("Build AttributQuery Request FAILED.", e4);
            throw new AttributQueryException("Build AttributQuery Request FAILED.", (Object[]) null, e4);
        }
    }
}
