package at.gv.egovernment.moa.id.moduls;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import java.util.Enumeration;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service("MOAID_AuthenticationManager")
/* loaded from: input_file:at/gv/egovernment/moa/id/moduls/AuthenticationManager.class */
public class AuthenticationManager extends AbstractAuthenticationManager {
    public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA";
    public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes";
    public static final String MOA_SESSION = "MoaAuthenticationSession";
    public static final String MOA_AUTHENTICATED = "MoaAuthenticated";

    @Autowired
    private IAuthenticationSessionStoreage authenticatedSessionStore;

    @Autowired(required = false)
    private SingleLogOutBuilder sloBuilder;

    public ISLOInformationContainer performSingleLogOut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IRequest iRequest, String str) throws EAAFException {
        String nextLongRandom;
        String str2 = null;
        String str3 = "notSet";
        PVPSProfilePendingRequest pVPSProfilePendingRequest = null;
        Logger.debug("Start technical Single LogOut process ... ");
        if (iRequest != null) {
            str3 = iRequest.getUniqueSessionIdentifier();
            nextLongRandom = iRequest.getUniqueTransactionIdentifier();
            if (iRequest instanceof PVPSProfileRequest) {
                pVPSProfilePendingRequest = (PVPSProfilePendingRequest) iRequest;
                str2 = pVPSProfilePendingRequest.getRequest().getSamlRequest().getIssuer().getValue();
            }
            if (MiscUtil.isEmpty(str)) {
                str = iRequest.getInternalSSOSessionIdentifier();
            }
        } else {
            try {
                AuthenticationSessionExtensions authenticationSessionExtensions = this.authenticatedSessionStore.getAuthenticationSessionExtensions(str);
                if (authenticationSessionExtensions != null) {
                    str3 = authenticationSessionExtensions.getUniqueSessionId();
                }
            } catch (MOADatabaseException e) {
                Logger.error("Error during database communication. Can not evaluate 'uniqueSessionIdentifier'", e);
            }
            nextLongRandom = Random.nextLongRandom();
            this.revisionsLogger.logEvent(str3, nextLongRandom, MOAIDEventConstants.AUTHPROCESS_IDP_SLO_REQUESTED);
        }
        List<OASessionStore> allActiveOAFromMOASession = this.authenticatedSessionStore.getAllActiveOAFromMOASession(str);
        List<InterfederationSessionStore> allActiveIDPsFromMOASession = this.authenticatedSessionStore.getAllActiveIDPsFromMOASession(str);
        SLOInformationContainer sLOInformationContainer = new SLOInformationContainer();
        sLOInformationContainer.setTransactionID(nextLongRandom);
        sLOInformationContainer.setSessionID(str3);
        sLOInformationContainer.setSloRequest(pVPSProfilePendingRequest);
        if (this.sloBuilder != null) {
            Logger.trace("Parse active SPs into SLOContainer ... ");
            this.sloBuilder.parseActiveIDPs(sLOInformationContainer, allActiveIDPsFromMOASession, str2);
            this.sloBuilder.parseActiveOAs(sLOInformationContainer, allActiveOAFromMOASession, str2);
        } else {
            Logger.warn("NO SLOBuilder in ClassPath / Single LogOut NOT possible! Mark SLO as FAILED");
            sLOInformationContainer.putFailedOA(pVPSProfilePendingRequest.getAuthURL());
            Logger.info("Only the IDP session will be closed soon ...");
        }
        Logger.debug("Active SSO Service-Provider:  BackChannel:" + sLOInformationContainer.getActiveBackChannelOAs().size() + " FrontChannel:" + sLOInformationContainer.getActiveFrontChannalOAs().size() + " NO_SLO_Support:" + sLOInformationContainer.getSloFailedOAs().size());
        try {
            this.authenticatedSessionStore.destroyInternalSSOSession(str);
            this.ssoManager.destroySSOSessionOnIDPOnly(httpServletRequest, httpServletResponse, iRequest);
            this.revisionsLogger.logEvent(1001, str3);
            Logger.debug("Active SSO Session on IDP is remove.");
        } catch (MOADatabaseException e2) {
            Logger.warn("Delete MOASession FAILED.");
            sLOInformationContainer.putFailedOA(pVPSProfilePendingRequest.getAuthURL());
        }
        return sLOInformationContainer;
    }

    protected void populateExecutionContext(ExecutionContext executionContext, RequestImpl requestImpl, HttpServletRequest httpServletRequest) throws EAAFException {
        boolean z = false;
        if (this.authConfig instanceof AuthConfiguration) {
            z = this.authConfig.getLegacyAllowedProtocols().contains(requestImpl.requestedModule());
        } else {
            Logger.info("Base configuration is NOT of type 'AuthConfiguration'. LegacyMode is disabled");
        }
        boolean areAllLegacyParametersAvailable = ParamValidatorUtils.areAllLegacyParametersAvailable(httpServletRequest);
        executionContext.put("interfederationAuthentication", Boolean.valueOf(MiscUtil.isNotEmpty((String) requestImpl.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class))));
        boolean z2 = z && areAllLegacyParametersAvailable;
        executionContext.put("isLegacyRequest", Boolean.valueOf(z2));
        executionContext.put("performBKUSelection", Boolean.valueOf(!z2 && MiscUtil.isEmpty((String) requestImpl.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class))));
        if (z2) {
            Enumeration parameterNames = httpServletRequest.getParameterNames();
            while (parameterNames.hasMoreElements()) {
                String str = (String) parameterNames.nextElement();
                if (StringUtils.isNotEmpty(str) && MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(str)) {
                    executionContext.put(str, StringEscapeUtils.escapeHtml(httpServletRequest.getParameter(str)));
                }
            }
        }
    }
}
