package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;

import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PVPEntityCategoryFilter;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataSignatureFilter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
import java.io.IOException;
import java.net.MalformedURLException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.MOAHttpClient;
import org.apache.commons.httpclient.params.HttpClientParams;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.xml.parse.BasicParserPool;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service("PVPMetadataProvider")
/* loaded from: input_file:at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.class */
public class MOAMetadataProvider extends AbstractChainingMetadataProvider {

    @Autowired(required = true)
    AuthConfiguration moaAuthConfig;

    protected String getMetadataURL(String str) throws EAAFConfigurationException {
        ISPConfiguration serviceProviderConfiguration = this.moaAuthConfig.getServiceProviderConfiguration(str);
        if (serviceProviderConfiguration != null) {
            return serviceProviderConfiguration.getConfigurationValue("protocols.pvp2x.URL");
        }
        Logger.debug("Can not process PVP2X metadata: NO onlineApplication with Id: " + str);
        return null;
    }

    protected MetadataProvider createNewMetadataProvider(String str) throws EAAFConfigurationException, IOException, CertificateException {
        ISPConfiguration serviceProviderConfiguration = this.moaAuthConfig.getServiceProviderConfiguration(str);
        if (serviceProviderConfiguration != null) {
            String configurationValue = serviceProviderConfiguration.getConfigurationValue("protocols.pvp2x.URL");
            String configurationValue2 = serviceProviderConfiguration.getConfigurationValue("protocols.pvp2x.certificate.data");
            if (MiscUtil.isNotEmpty(configurationValue2)) {
                return createNewSimpleMetadataProvider(configurationValue, buildMetadataFilterChain(serviceProviderConfiguration, configurationValue, Base64Utils.decode(configurationValue2, false)), serviceProviderConfiguration.getUniqueIdentifier(), getTimer(), new BasicParserPool(), createHttpClient(configurationValue));
            }
            Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata certificate for OA with Id: " + str);
        }
        Logger.debug("Can not process PVP2X metadata: NO onlineApplication with Id: " + str);
        return null;
    }

    protected List<String> getAllMetadataURLsFromConfiguration() throws EAAFConfigurationException {
        ArrayList arrayList = new ArrayList();
        Map configurationWithWildCard = this.moaAuthConfig.getConfigurationWithWildCard("moa.id.services.%.uniqueID");
        if (configurationWithWildCard != null) {
            Iterator it = configurationWithWildCard.entrySet().iterator();
            while (it.hasNext()) {
                ISPConfiguration serviceProviderConfiguration = this.moaAuthConfig.getServiceProviderConfiguration((String) ((Map.Entry) it.next()).getValue());
                if (serviceProviderConfiguration != null) {
                    String configurationValue = serviceProviderConfiguration.getConfigurationValue("protocols.pvp2x.URL");
                    if (MiscUtil.isNotEmpty(configurationValue)) {
                        arrayList.add(configurationValue);
                    } else {
                        Logger.trace("OA: " + serviceProviderConfiguration.getUniqueIdentifier() + " has NO PVP2 metadata URL");
                    }
                } else {
                    Logger.warn("Something is suspect! OA is in Set of OAs, but no specific OA configuration is found.");
                }
            }
        } else {
            Logger.debug("No OA configuration found.");
        }
        return arrayList;
    }

    private HttpClient createHttpClient(String str) {
        MOAHttpClient mOAHttpClient = new MOAHttpClient();
        HttpClientParams httpClientParams = new HttpClientParams();
        httpClientParams.setSoTimeout(20000);
        mOAHttpClient.setParams(httpClientParams);
        if (str.startsWith("https:")) {
            try {
                mOAHttpClient.setCustomSSLTrustStore(str, new MOAHttpProtocolSocketFactory(PVPConstants.SSLSOCKETFACTORYNAME, this.moaAuthConfig.getBasicConfigurationBoolean("configuration.ssl.useStandardJavaTrustStore", false), this.moaAuthConfig.getTrustedCACertificates(), (String) null, "pkix", this.moaAuthConfig.isTrustmanagerrevoationchecking(), this.moaAuthConfig.getRevocationMethodOrder(), this.moaAuthConfig.getBasicConfigurationBoolean("configuration.ssl.validation.hostname", false)));
            } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
                Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
            }
        }
        return mOAHttpClient;
    }

    private MetadataFilterChain buildMetadataFilterChain(ISPConfiguration iSPConfiguration, String str, byte[] bArr) throws CertificateException {
        MetadataFilterChain metadataFilterChain = new MetadataFilterChain();
        metadataFilterChain.getFilters().add(new SchemaValidationFilter(this.moaAuthConfig.isPVPSchemaValidationActive()));
        metadataFilterChain.getFilters().add(new MetadataSignatureFilter(str, bArr));
        metadataFilterChain.getFilters().add(new PVPEntityCategoryFilter(this.authConfig.getBasicConfigurationBoolean("protocols.pvp2.metadata.entitycategories.active", false)));
        if (new OAAuthParameterDecorator(iSPConfiguration).isInderfederationIDP()) {
            Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies");
            metadataFilterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(str, iSPConfiguration.hasBaseIdTransferRestriction()));
        }
        return metadataFilterChain;
    }
}
