package at.gv.egovernment.moa.id.protocols.pvp2x;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IAction;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.data.Trible;
import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder;
import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.joda.time.DateTime;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.soap.common.SOAPException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;

@Service("AttributQueryAction")
/* loaded from: input_file:at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.class */
public class AttributQueryAction implements IAction {

    @Autowired
    private IAuthenticationSessionStoreage authenticationSessionStorage;

    @Autowired
    private IAuthenticationDataBuilder authDataBuilder;

    @Autowired
    private IDPCredentialProvider pvpCredentials;

    @Autowired
    private AuthConfiguration authConfig;

    @Autowired(required = true)
    private MOAMetadataProvider metadataProvider;

    @Autowired(required = true)
    ApplicationContext springContext;

    @Autowired
    private AttributQueryBuilder attributQueryBuilder;

    @Autowired
    private SAMLVerificationEngineSP samlVerificationEngine;

    @Autowired(required = true)
    IPVP2BasicConfiguration pvpBasicConfiguration;

    @Autowired(required = true)
    PVP2AssertionBuilder assertionBuilder;
    private static final List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList("urn:oid:1.2.40.0.10.2.1.1.261.96");
    private static final List<String> DEFAULTMANDATEATTRIBUTES = Arrays.asList("urn:oid:1.2.40.0.10.2.1.1.261.92", "urn:oid:1.2.40.0.10.2.1.1.261.86");

    public SLOInformationInterface processRequest(IRequest iRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IAuthData iAuthData) throws EAAFException {
        if (!(iRequest instanceof PVPSProfilePendingRequest) || !(((PVPSProfilePendingRequest) iRequest).getRequest() instanceof PVPSProfileRequest) || !(((PVPSProfilePendingRequest) iRequest).getRequest().getSamlRequest() instanceof AttributeQuery)) {
            Logger.error("Process AttributeQueryAction but request is NOT of type AttributQuery.");
            throw new MOAIDException("pvp2.13", (Object[]) null);
        }
        DateTime dateTime = new DateTime();
        try {
            AuthenticationSession internalSSOSession = this.authenticationSessionStorage.getInternalSSOSession(iRequest.getInternalSSOSessionIdentifier());
            if (internalSSOSession == null) {
                Logger.warn("No MOASession with ID:" + iRequest.getInternalSSOSessionIdentifier() + " FOUND.");
                throw new MOAIDException("auth.02", new Object[]{iRequest.getInternalSSOSessionIdentifier()});
            }
            InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID = this.authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(internalSSOSession.getSSOSessionID());
            AttributeQuery samlRequest = ((PVPSProfilePendingRequest) iRequest).getRequest().getSamlRequest();
            Trible<List<Attribute>, Date, String> buildResponseInformationForAttributQuery = buildResponseInformationForAttributQuery(iRequest, internalSSOSession, samlRequest.getAttributes(), searchInterfederatedIDPFORAttributeQueryWithSessionID);
            Logger.debug("AttributQuery return " + ((List) buildResponseInformationForAttributQuery.getFirst()).size() + " attributes with QAA-Level:" + ((String) buildResponseInformationForAttributQuery.getThird()) + " validTo:" + ((Date) buildResponseInformationForAttributQuery.getSecond()).toString());
            String iDPEntityId = this.pvpBasicConfiguration.getIDPEntityId(iRequest.getAuthURL());
            ((SoapBinding) this.springContext.getBean("PVPSOAPBinding", SoapBinding.class)).encodeRespone(httpServletRequest, httpServletResponse, AuthResponseBuilder.buildResponse(this.metadataProvider, iDPEntityId, samlRequest, dateTime, this.assertionBuilder.buildAssertion(iDPEntityId, samlRequest, (List) buildResponseInformationForAttributQuery.getFirst(), dateTime, new DateTime(((Date) buildResponseInformationForAttributQuery.getSecond()).getTime()), (String) buildResponseInformationForAttributQuery.getThird(), iAuthData.getSessionIndex()), this.authConfig.isPVP2AssertionEncryptionActive()), (String) null, (String) null, this.pvpCredentials.getIDPAssertionSigningCredential(), iRequest);
            return null;
        } catch (MessageEncodingException e) {
            Logger.error("Message Encoding exception", e);
            throw new MOAIDException("pvp2.01", (Object[]) null, e);
        } catch (MOADatabaseException e2) {
            Logger.error("MOASession with SessionID=" + iRequest.getInternalSSOSessionIdentifier() + " is not found in Database", e2);
            throw new MOAIDException("init.04", new Object[]{iRequest.getInternalSSOSessionIdentifier()});
        } catch (SecurityException e3) {
            Logger.error("Security exception", e3);
            throw new MOAIDException("pvp2.01", (Object[]) null, e3);
        }
    }

    public boolean needAuthentication(IRequest iRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return false;
    }

    public String getDefaultActionName() {
        return "AttributeQuery";
    }

    private Trible<List<Attribute>, Date, String> buildResponseInformationForAttributQuery(IRequest iRequest, AuthenticationSession authenticationSession, List<Attribute> list, InterfederationSessionStore interfederationSessionStore) throws MOAIDException, AssertionAttributeExtractorExeption, AttributQueryException, AssertionValidationExeption {
        try {
            if ((iRequest instanceof PVPSProfileRequest) && (((PVPSProfilePendingRequest) iRequest).getRequest() instanceof PVPSProfileRequest) && (((PVPSProfilePendingRequest) iRequest).getRequest().getInboundMessage() instanceof AttributeQuery)) {
                this.authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(authenticationSession, iRequest.getSPEntityId(), iRequest.requestedModule());
            }
            IOAAuthParameters buildFromAttributeQuery = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(list);
            if (interfederationSessionStore == null) {
                Logger.debug("Build authData for AttributQuery from local MOASession.");
                IAuthData buildAuthenticationData = this.authDataBuilder.buildAuthenticationData(iRequest);
                return Trible.newInstance(PVPAttributeBuilder.buildSetOfResponseAttributes(buildAuthenticationData, addDefaultAttributes(list, buildAuthenticationData)), buildAuthenticationData.getSsoSessionValidTo(), buildAuthenticationData.getEIDASQAALevel());
            }
            Logger.info("Find active federated IDP information.. --> Request next IDP:" + interfederationSessionStore.getIdpurlprefix() + " for authentication information.");
            IOAAuthParameters iOAAuthParameters = (IOAAuthParameters) this.authConfig.getServiceProviderConfiguration(interfederationSessionStore.getIdpurlprefix(), OAAuthParameterDecorator.class);
            if (iOAAuthParameters == null || !(iOAAuthParameters instanceof IOAAuthParameters)) {
                Logger.warn("Configuration for federated IDP:" + interfederationSessionStore.getIdpurlprefix() + "is not loadable.");
                throw new MOAIDException("auth.32", new Object[]{interfederationSessionStore.getIdpurlprefix()});
            }
            if (!iOAAuthParameters.isInboundSSOInterfederationAllowed()) {
                Logger.warn("Configuration for federated IDP:" + interfederationSessionStore.getIdpurlprefix() + "disallow inbound authentication messages.");
                throw new MOAIDException("auth.33", new Object[]{interfederationSessionStore.getIdpurlprefix()});
            }
            if (!buildFromAttributeQuery.hasBaseIdTransferRestriction() && iOAAuthParameters.hasBaseIdTransferRestriction()) {
                Logger.error("Interfederated IDP " + iOAAuthParameters.getPublicURLPrefix() + " is a BusinessService-IDP but requests PublicService attributes.");
                throw new MOAIDException("auth.34", new Object[]{interfederationSessionStore.getIdpurlprefix()});
            }
            AssertionAttributeExtractor authDataFromAttributeQuery = getAuthDataFromAttributeQuery(list, interfederationSessionStore.getUserNameID(), iOAAuthParameters, iRequest.getAuthURL() + "/sp/federated/metadata");
            if (interfederationSessionStore.isStoreSSOInformation()) {
                interfederationSessionStore.setAttributesRequested(true);
                this.authenticationSessionStorage.persistIdpInformation(interfederationSessionStore);
            } else {
                this.authenticationSessionStorage.deleteIdpInformation(interfederationSessionStore);
            }
            return Trible.newInstance(authDataFromAttributeQuery.getAllResponseAttributesFromFirstAttributeStatement(), authDataFromAttributeQuery.getAssertionNotOnOrAfter(), authDataFromAttributeQuery.getQAALevel());
        } catch (MOAIDException e) {
            throw e;
        } catch (EAAFConfigurationException e2) {
            throw new MOAIDException(e2.getErrorId(), e2.getParams(), e2);
        } catch (EAAFAuthenticationException e3) {
            throw new MOAIDException(e3.getErrorId(), e3.getParams(), e3);
        }
    }

    private List<String> addDefaultAttributes(List<Attribute> list, IAuthData iAuthData) {
        ArrayList arrayList = new ArrayList();
        Iterator<Attribute> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getName());
        }
        if (iAuthData.isForeigner() && !arrayList.containsAll(DEFAULTSTORKATTRIBUTES)) {
            for (String str : DEFAULTSTORKATTRIBUTES) {
                if (!arrayList.contains(str)) {
                    arrayList.add(str);
                }
            }
        }
        if ((iAuthData instanceof IMOAAuthData) && ((IMOAAuthData) iAuthData).isUseMandate() && !arrayList.containsAll(DEFAULTMANDATEATTRIBUTES)) {
            for (String str2 : DEFAULTMANDATEATTRIBUTES) {
                if (!arrayList.contains(str2)) {
                    arrayList.add(str2);
                }
            }
        }
        return arrayList;
    }

    public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> list, String str, IOAAuthParameters iOAAuthParameters, String str2) throws MOAIDException, AttributQueryException, AssertionValidationExeption {
        String publicURLPrefix = iOAAuthParameters.getPublicURLPrefix();
        try {
            Logger.debug("Starting AttributeQuery process ...");
            String iDPAttributQueryServiceURL = iOAAuthParameters.getIDPAttributQueryServiceURL();
            if (MiscUtil.isEmpty(iDPAttributQueryServiceURL)) {
                Logger.error("No AttributeQueryURL for interfederationIDP " + publicURLPrefix);
                throw new ConfigurationException("config.26", new Object[]{publicURLPrefix});
            }
            List<XMLObject> send = MOASAMLSOAPClient.send(iDPAttributQueryServiceURL, this.attributQueryBuilder.buildAttributQueryRequest(str2, str, iDPAttributQueryServiceURL, list));
            if (send.size() == 0) {
                Logger.error("Receive emptry AttributeQuery response-body.");
                throw new AttributQueryException("auth.27", new Object[]{publicURLPrefix, "Receive emptry AttributeQuery response-body."});
            }
            if (!(send.get(0) instanceof Response)) {
                Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
                throw new AttributQueryException("auth.27", new Object[]{publicURLPrefix, "Receive AttributeQuery response-body include no PVP 2.1 response"});
            }
            StatusResponseType statusResponseType = (Response) send.get(0);
            try {
                this.samlVerificationEngine.verifyIDPResponse(statusResponseType, TrustEngineFactory.getSignatureKnownKeysTrustEngine(this.metadataProvider));
                return new AssertionAttributeExtractor(statusResponseType);
            } catch (Exception e) {
                Logger.warn("PVP 2.1 assertion validation FAILED.", e);
                throw new AssertionValidationExeption("auth.27", new Object[]{publicURLPrefix, e.getMessage()}, e);
            }
        } catch (SOAPException e2) {
            throw new BuildException("builder.06", null, e2);
        } catch (SecurityException e3) {
            throw new BuildException("builder.06", null, e3);
        }
    }
}
