package at.gv.egovernment.moa.id.auth.builder;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.EAAFParserException;
import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egiz.eaaf.core.exceptions.XPathException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator;
import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
import at.gv.egovernment.moa.id.util.LoALevelMapper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.util.client.szr.SZRClient;
import at.gv.util.config.EgovUtilPropertiesConfiguration;
import at.gv.util.ex.EgovUtilException;
import at.gv.util.wsdl.szr.SZRException;
import at.gv.util.xsd.szr.PersonInfoType;
import at.gv.util.xsd.szr.persondata.IdentificationType;
import at.gv.util.xsd.szr.persondata.PersonNameType;
import at.gv.util.xsd.szr.persondata.PhysicalPersonType;
import iaik.x509.X509Certificate;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.w3c.dom.DOMException;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

@Service("AuthenticationDataBuilder")
/* loaded from: input_file:at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.class */
public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder {
    public static final String CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS = "configuration.foreignsectors.pubkey";

    @Autowired
    private IAuthenticationSessionStoreage authenticatedSessionStorage;

    @Autowired
    protected AuthConfiguration authConfig;

    @Autowired
    protected LoALevelMapper loaLevelMapper;
    private Map<String, X509Certificate> encKeyMap = new HashMap();

    @PostConstruct
    private void initialize() {
        for (Map.Entry entry : this.authConfig.getBasicConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS).entrySet()) {
            try {
                this.encKeyMap.put((String) entry.getKey(), new X509Certificate(Base64Utils.decode((String) entry.getValue(), false)));
                Logger.info("Load foreign bPK encryption certificate for sector: " + ((String) entry.getKey()));
            } catch (Exception e) {
                if (Logger.isDebugEnabled()) {
                    Logger.warn("Can NOT load foreign bPK encryption certificate for sector: " + ((String) entry.getKey()), e);
                } else {
                    Logger.info("Can NOT load foreign bPK encryption certificate for sector: " + ((String) entry.getKey()));
                }
            }
        }
    }

    protected IAuthData buildDeprecatedAuthData(IRequest iRequest) throws EAAFException {
        try {
            return buildAuthenticationData(iRequest, (IAuthenticationSession) iRequest.getSessionData(AuthenticationSessionWrapper.class), (IOAAuthParameters) iRequest.getServiceProviderConfiguration(OAAuthParameterDecorator.class));
        } catch (ConfigurationException | BuildException | DynamicOABuildException | WrongParametersException | EAAFBuilderException e) {
            Logger.warn("Can not build authentication data from session information");
            throw new EAAFAuthenticationException("builder.11", new Object[]{e.getMessage()}, e);
        }
    }

    private IAuthData buildAuthenticationData(IRequest iRequest, IAuthenticationSession iAuthenticationSession, IOAAuthParameters iOAAuthParameters) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException, EAAFBuilderException {
        MOAAuthenticationData mOAAuthenticationData;
        try {
            Class<?> cls = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl");
            IAuthData iAuthData = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").getConstructor(LoALevelMapper.class).newInstance(this.loaLevelMapper);
            if (cls == null || !cls.isInstance(iRequest)) {
                mOAAuthenticationData = new MOAAuthenticationData(this.loaLevelMapper);
            } else {
                if (iAuthenticationSession.getExtendedSAMLAttributesOA() == null) {
                    iAuthData.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(iAuthData, new ArrayList());
                } else {
                    iAuthData.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(iAuthData, iAuthenticationSession.getExtendedSAMLAttributesOA());
                }
                mOAAuthenticationData = (MOAAuthenticationData) iAuthData;
            }
        } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | SecurityException | InvocationTargetException e) {
            mOAAuthenticationData = new MOAAuthenticationData(this.loaLevelMapper);
        }
        OASessionStore searchActiveOASSOSession = this.authenticatedSessionStorage.searchActiveOASSOSession(iAuthenticationSession, iRequest.getSPEntityId(), iRequest.requestedModule());
        if (searchActiveOASSOSession != null) {
            mOAAuthenticationData.setSessionIndex(searchActiveOASSOSession.getAssertionSessionID());
            mOAAuthenticationData.setNameID(searchActiveOASSOSession.getUserNameID());
            mOAAuthenticationData.setNameIDFormat(searchActiveOASSOSession.getUserNameIDFormat());
        }
        if (iOAAuthParameters.isSTORKPVPGateway()) {
            iOAAuthParameters = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(iOAAuthParameters, iRequest);
        }
        Boolean bool = (Boolean) iRequest.getRawData("useMinimalFrontChannelResponse", Boolean.class);
        if (bool == null || !bool.booleanValue()) {
            buildAuthDataFormMOASession(mOAAuthenticationData, iAuthenticationSession, iOAAuthParameters, iRequest);
        } else {
            mOAAuthenticationData.setQAALevel((String) iRequest.getRawData("federatedQAALevel", String.class));
            mOAAuthenticationData.setBPK((String) iRequest.getRawData("federatedNameID", String.class));
        }
        return mOAAuthenticationData;
    }

    private void buildAuthDataFormMOASession(MOAAuthenticationData mOAAuthenticationData, IAuthenticationSession iAuthenticationSession, IOAAuthParameters iOAAuthParameters, IRequest iRequest) throws BuildException, ConfigurationException, EAAFBuilderException {
        String str;
        try {
            generateDeprecatedBasicAuthData(mOAAuthenticationData, iRequest, iAuthenticationSession);
            mOAAuthenticationData.setIseIDNewDemoMode(Boolean.parseBoolean(iOAAuthParameters.getConfigurationValue("auth.austrianeIDdemomode", String.valueOf(false))) || Boolean.parseBoolean(iOAAuthParameters.getConfigurationValue("auth.austrianeIDproxymode", String.valueOf(false))));
            if (mOAAuthenticationData.isIseIDNewDemoMode()) {
                Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true");
                mOAAuthenticationData.setBaseIDTransferRestrication(true);
            }
            this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.64");
            if (MiscUtil.isNotEmpty(iAuthenticationSession.getBkuURL())) {
                mOAAuthenticationData.setBkuURL(iAuthenticationSession.getBkuURL());
            } else {
                mOAAuthenticationData.setBkuURL((String) iAuthenticationSession.getGenericDataFromSession("urn:oid:1.2.40.0.10.2.1.1.261.64", String.class));
            }
            if (MiscUtil.isNotEmpty(mOAAuthenticationData.getEIDASQAALevel())) {
                Logger.debug("Find eIDAS LoA. Map it to STORK QAA");
                mOAAuthenticationData.setQAALevel(this.loaLevelMapper.mapeIDASQAAToSTORKQAA(mOAAuthenticationData.getEIDASQAALevel()));
            } else {
                Logger.info("Find NO eIDAS Loa. Starting STORK QAA processing as backup ... ");
                this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.94");
                if (MiscUtil.isNotEmpty(iAuthenticationSession.getQAALevel())) {
                    str = iAuthenticationSession.getQAALevel();
                } else {
                    str = (String) iAuthenticationSession.getGenericDataFromSession("urn:oid:1.2.40.0.10.2.1.1.261.94", String.class);
                    if (MiscUtil.isNotEmpty(str)) {
                        Logger.debug("Find PVP-Attr 'EID-CITIZEN-QAA-LEVEL':" + str + " --> Parse QAA-Level from that attribute.");
                    }
                }
                if (MiscUtil.isNotEmpty(str)) {
                    if (str.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
                        mOAAuthenticationData.setQAALevel(str);
                        mOAAuthenticationData.seteIDASLoA(this.loaLevelMapper.mapSTORKQAAToeIDASQAA(str));
                    } else if (str.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
                        mOAAuthenticationData.setQAALevel(this.loaLevelMapper.mapeIDASQAAToSTORKQAA(str));
                        mOAAuthenticationData.seteIDASLoA(str);
                    } else {
                        Logger.debug("Found PVP SecClass. QAA mapping process starts ... ");
                        String mapSecClassToQAALevel = this.loaLevelMapper.mapSecClassToQAALevel(str);
                        if (MiscUtil.isNotEmpty(mapSecClassToQAALevel)) {
                            mOAAuthenticationData.setQAALevel(mapSecClassToQAALevel);
                            mOAAuthenticationData.seteIDASLoA(this.loaLevelMapper.mapSTORKQAAToeIDASQAA(mapSecClassToQAALevel));
                        }
                    }
                }
            }
            if (MiscUtil.isEmpty(mOAAuthenticationData.getEIDASQAALevel())) {
                Logger.info("No QAA level found. Set to default level http://eidas.europa.eu/LoA/low");
                mOAAuthenticationData.setQAALevel(PVPConstants.STORK_QAA_1_1);
                mOAAuthenticationData.seteIDASLoA(PVPConstants.EIDAS_QAA_LOW);
            }
            this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.66");
            if (iAuthenticationSession.getEncodedSignerCertificate() != null) {
                mOAAuthenticationData.setSignerCertificate(iAuthenticationSession.getEncodedSignerCertificate());
            } else {
                String str2 = (String) iAuthenticationSession.getGenericDataFromSession("urn:oid:1.2.40.0.10.2.1.1.261.66", String.class);
                if (MiscUtil.isNotEmpty(str2)) {
                    Logger.debug("Find PVP-Attr: EID-SIGNER-CERTIFICATE");
                    try {
                        mOAAuthenticationData.setSignerCertificate(Base64Utils.decode(str2, false));
                    } catch (IOException e) {
                        Logger.error("SignerCertificate received via federated IDP is NOT valid", e);
                    }
                } else {
                    Logger.info("NO SignerCertificate in MOASession.");
                }
            }
            this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.62");
            if (MiscUtil.isNotEmpty(iAuthenticationSession.getAuthBlock())) {
                mOAAuthenticationData.setAuthBlock(iAuthenticationSession.getAuthBlock());
            } else {
                String str3 = (String) iAuthenticationSession.getGenericDataFromSession("urn:oid:1.2.40.0.10.2.1.1.261.62", String.class);
                if (MiscUtil.isNotEmpty(str3)) {
                    Logger.debug("Find PVP-Attr: EID-AUTH-BLOCK");
                    try {
                        mOAAuthenticationData.setAuthBlock(new String(Base64Utils.decode(str3, false), "UTF-8"));
                    } catch (IOException e2) {
                        Logger.error("AuthBlock received via federated IDP is NOT valid", e2);
                    }
                } else {
                    Logger.info("NO AuthBlock in MOASession.");
                }
            }
            this.includedToGenericAuthData.remove(AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO);
            Date date = (Date) iAuthenticationSession.getGenericDataFromSession(AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO, Date.class);
            if (date != null) {
                mOAAuthenticationData.setSsoSessionValidTo(date);
                Logger.debug("Use idToken validTo periode from federated IDP response.");
            } else if (mOAAuthenticationData.isSsoSession()) {
                mOAAuthenticationData.setSsoSessionValidTo(new Date(iAuthenticationSession.getSessionCreated().getTime() + (this.authConfig.getSSOCreatedTimeOut() * 1000)));
            } else {
                mOAAuthenticationData.setSsoSessionValidTo(new Date(new Date().getTime() + 300000));
            }
            if (iAuthenticationSession.isMandateUsed()) {
                this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.90");
                if (MiscUtil.isNotEmpty(iAuthenticationSession.getMandateReferenceValue())) {
                    mOAAuthenticationData.setMandateReferenceValue(iAuthenticationSession.getMandateReferenceValue());
                } else {
                    String str4 = (String) iAuthenticationSession.getGenericDataFromSession("urn:oid:1.2.40.0.10.2.1.1.261.90", String.class);
                    if (MiscUtil.isNotEmpty(str4)) {
                        mOAAuthenticationData.setMandateReferenceValue(str4);
                        Logger.debug("Find PVP-Attr: MANDATE-REFERENCE-VALUE");
                    }
                }
                IMISMandate mISMandate = iAuthenticationSession.getMISMandate();
                if (mISMandate != null) {
                    mOAAuthenticationData.setMISMandate(mISMandate);
                    mOAAuthenticationData.setUseMandate(iAuthenticationSession.isMandateUsed());
                } else {
                    String str5 = (String) iAuthenticationSession.getGenericDataFromSession("urn:oid:1.2.40.0.10.2.1.1.261.92", String.class);
                    if (MiscUtil.isNotEmpty(str5)) {
                        Logger.debug("Find PVP-Attr: MANDATE-FULL-MANDATE");
                        try {
                            byte[] decode = Base64Utils.decode(str5, false);
                            MISMandate mISMandate2 = new MISMandate();
                            mISMandate2.setMandate(decode);
                            String str6 = (String) iAuthenticationSession.getGenericDataFromSession("urn:oid:1.2.40.0.10.2.1.1.261.86", String.class);
                            if (MiscUtil.isNotEmpty(str6)) {
                                mISMandate2.setProfRep(str6);
                                Logger.debug("Find PVP-Attr: urn:oid:1.2.40.0.10.2.1.1.261.86");
                            }
                            NodeList childNodes = mISMandate2.getMandateDOM().getChildNodes();
                            for (int i = 0; i < childNodes.getLength(); i++) {
                                Element element = (Element) childNodes.item(i);
                                if (element.hasAttribute("OWbPK")) {
                                    mISMandate2.setOWbPK(element.getAttribute("OWbPK"));
                                    iAuthenticationSession.setOW(true);
                                }
                            }
                            mOAAuthenticationData.setMISMandate(mISMandate2);
                            mOAAuthenticationData.setUseMandate(true);
                            if (mOAAuthenticationData.isUseMandate() && iAuthenticationSession.isOW() && mISMandate2 != null && MiscUtil.isNotEmpty(mISMandate2.getOWbPK())) {
                                mOAAuthenticationData.setBPK(mISMandate2.getOWbPK());
                                mOAAuthenticationData.setBPKType("urn:publicid:gv.at:cdid+OW");
                                Logger.trace("Authenticated User is OW: " + mISMandate2.getOWbPK());
                                Logger.debug("User is an OW. Set original IDL into authdata ... ");
                                mOAAuthenticationData.setIdentityLink(iAuthenticationSession.getIdentityLink());
                            }
                        } catch (IOException e3) {
                            Logger.error("Base64 decoding of PVP-Attr:MANDATE-FULL-MANDATE FAILED.", e3);
                        }
                    } else {
                        Logger.debug("No full MIS-Mandate found --> Use single PVP attributes for mandate information.");
                        if (MiscUtil.isNotEmpty((String) iAuthenticationSession.getGenericDataFromSession("urn:oid:1.2.40.0.10.2.1.1.261.68", String.class))) {
                            Logger.info("AuthDataBuilder find directly included 'MandateType' PVP-attribute. --> Switch to mandate-mode for authdata generation.");
                            mOAAuthenticationData.setUseMandate(true);
                        }
                    }
                }
                if (mOAAuthenticationData.getMISMandate() != null) {
                    this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.92");
                    this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.68");
                    this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.84");
                    this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.100");
                    this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.76");
                    this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.80");
                    this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.78");
                    this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.82");
                    this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.98");
                    this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.70");
                    this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.102");
                    this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.88");
                    this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.86");
                }
            }
            this.includedToGenericAuthData.remove("urn:oid:1.2.40.0.10.2.1.1.261.30");
            String str7 = (String) iAuthenticationSession.getGenericDataFromSession("urn:oid:1.2.40.0.10.2.1.1.261.30", String.class);
            if (MiscUtil.isNotEmpty(str7)) {
                Iterator it = Arrays.asList(str7.split(BPKListAttributeBuilder.DELIMITER_BPK_LIST)).iterator();
                while (it.hasNext()) {
                    mOAAuthenticationData.addAuthenticationRole(AuthenticationRoleFactory.buildFormPVPole((String) it.next()));
                }
            }
            this.includedToGenericAuthData.remove("urn:oid:2.5.4.11");
            String str8 = (String) iAuthenticationSession.getGenericDataFromSession("urn:oid:2.5.4.11", String.class);
            if (MiscUtil.isNotEmpty(str8)) {
                mOAAuthenticationData.setPvpAttribute_OU(str8);
                Logger.debug("Found PVP 'OU' attribute in response -> " + mOAAuthenticationData.getPvpAttribute_OU());
            }
            IVerifiyXMLSignatureResponse xMLVerifySignatureResponse = iAuthenticationSession.getXMLVerifySignatureResponse();
            if (xMLVerifySignatureResponse != null) {
                mOAAuthenticationData.setQualifiedCertificate(xMLVerifySignatureResponse.isQualifiedCertificate());
                mOAAuthenticationData.setPublicAuthority(xMLVerifySignatureResponse.isPublicAuthority());
                mOAAuthenticationData.setPublicAuthorityCode(xMLVerifySignatureResponse.getPublicAuthorityCode());
            } else {
                Logger.info("No authBlock signature-verfication response found. Maybe IDP federation is in use.");
                if (PVPConstants.STORK_QAA_1_4.equals(mOAAuthenticationData.getQAALevel())) {
                    mOAAuthenticationData.setQualifiedCertificate(true);
                } else {
                    mOAAuthenticationData.setQualifiedCertificate(false);
                }
                mOAAuthenticationData.setPublicAuthority(false);
            }
            generateForeignbPK(iOAAuthParameters, mOAAuthenticationData);
            Logger.debug("Search for additional bPKs");
            generateAdditonalbPK(mOAAuthenticationData, iOAAuthParameters.additionalbPKSectorsRequested());
            if (Boolean.parseBoolean(iOAAuthParameters.getConfigurationValue("auth.austrianeIDdemomode", String.valueOf(false))) || Boolean.parseBoolean(iOAAuthParameters.getConfigurationValue("auth.austrianeIDproxymode", String.valueOf(false)))) {
                Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... ");
                Logger.debug("Clearing identitylink ... ");
                mOAAuthenticationData.setIdentityLink(null);
                Logger.debug("Clearing authBlock ... ");
                mOAAuthenticationData.setAuthBlock(null);
                Logger.info("Post-Processing for Austrian eID finished");
            }
            injectNewEidAttributes(mOAAuthenticationData, iAuthenticationSession);
            for (String str9 : this.includedToGenericAuthData) {
                try {
                    mOAAuthenticationData.setGenericData(str9, iAuthenticationSession.getGenericDataFromSession(str9));
                } catch (EAAFStorageException e4) {
                    Logger.warn("Can not add generic authData with key:" + str9, e4);
                }
            }
        } catch (EAAFBuilderException e5) {
            throw e5;
        } catch (Throwable th) {
            throw new BuildException("builder.00", new Object[]{"AuthenticationData", th.toString()}, th);
        }
    }

    private void injectNewEidAttributes(MOAAuthenticationData mOAAuthenticationData, IAuthenticationSession iAuthenticationSession) {
        try {
            String str = (String) iAuthenticationSession.getGenericDataFromSession("urn:oid:1.2.40.0.10.2.1.1.261.39", String.class);
            if (StringUtils.isNoneEmpty(new CharSequence[]{str})) {
                mOAAuthenticationData.seteIDToken(Base64Utils.decode(str, true));
            }
        } catch (IOException e) {
            Logger.warn("Attribute: urn:oid:1.2.40.0.10.2.1.1.261.39 found, but injection failed: " + e.getMessage());
        }
    }

    protected Pair<String, String> getbaseIDFromSZR(AuthenticationData authenticationData, String str, String str2) {
        try {
            EgovUtilPropertiesConfiguration egovUtilPropertiesConfiguration = this.authConfig.geteGovUtilsConfig();
            if (egovUtilPropertiesConfiguration == null) {
                Logger.debug("No SZR clieht configuration found.");
                return null;
            }
            Logger.info("bPK in MOASession (bPK-Type:" + str2 + " does no match to Service-Provider configuration. --> Request SZR to get correct bPK.");
            SZRClient sZRClient = new SZRClient(egovUtilPropertiesConfiguration);
            Logger.debug("Create SZR request to get baseID ... ");
            PersonInfoType personInfoType = new PersonInfoType();
            PhysicalPersonType physicalPersonType = new PhysicalPersonType();
            personInfoType.setPerson(physicalPersonType);
            PersonNameType personNameType = new PersonNameType();
            physicalPersonType.setName(personNameType);
            IdentificationType identificationType = new IdentificationType();
            physicalPersonType.setIdentification(identificationType);
            identificationType.setValue(authenticationData.getBPK());
            identificationType.setType(authenticationData.getBPKType());
            personNameType.setGivenName(authenticationData.getGivenName());
            personNameType.setFamilyName(authenticationData.getFamilyName());
            if (authenticationData.getDateOfBirth() != null) {
                physicalPersonType.setDateOfBirth(authenticationData.getFormatedDateOfBirth());
            }
            return Pair.newInstance(sZRClient.getStammzahl(personInfoType), "urn:publicid:gv.at:baseid");
        } catch (EgovUtilException e) {
            Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
            return null;
        } catch (SZRException e2) {
            Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e2);
            return null;
        }
    }

    protected Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthProcessDataContainer iAuthProcessDataContainer, AuthenticationData authenticationData, ISPConfiguration iSPConfiguration) throws EAAFBuilderException {
        if (!(authenticationData instanceof MOAAuthenticationData) || !(iSPConfiguration instanceof IOAAuthParameters)) {
            Logger.warn("AuthData: " + authenticationData.getClass().getName() + " or spConfig: " + iSPConfiguration.getClass().getName() + " are not MOAID data-objects");
            return null;
        }
        String str = (String) iAuthProcessDataContainer.getGenericDataFromSession("urn:oid:1.2.40.0.10.2.1.1.261.22", String.class);
        if (!MiscUtil.isNotEmpty(str)) {
            return null;
        }
        List<String> asList = Arrays.asList(str.split(BPKListAttributeBuilder.DELIMITER_BPK_LIST));
        ((MOAAuthenticationData) authenticationData).setEncbPKList(asList);
        for (String str2 : asList) {
            int indexOf = str2.indexOf(EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET);
            if (indexOf >= 0) {
                String substring = str2.substring(indexOf + 1);
                String substring2 = str2.substring(0, indexOf);
                int indexOf2 = substring2.indexOf("+");
                if (indexOf2 >= 0) {
                    String areaSpecificTargetIdentifier = iSPConfiguration.getAreaSpecificTargetIdentifier();
                    if (areaSpecificTargetIdentifier.startsWith(AuthenticationSession.TARGET_PREFIX_)) {
                        String substring3 = areaSpecificTargetIdentifier.substring(AuthenticationSession.TARGET_PREFIX_.length());
                        if (substring3.equals(substring2.substring(indexOf2 + 1))) {
                            Logger.debug("Found encrypted bPK for online-application " + iSPConfiguration.getUniqueIdentifier() + " Start decryption process ...");
                            PrivateKey bPKDecBpkDecryptionKey = ((IOAAuthParameters) iSPConfiguration).getBPKDecBpkDecryptionKey();
                            if (bPKDecBpkDecryptionKey != null) {
                                try {
                                    String decryptBPK = BPKBuilder.decryptBPK(substring, substring3, bPKDecBpkDecryptionKey);
                                    if (MiscUtil.isNotEmpty(decryptBPK)) {
                                        Logger.info("bPK decryption process finished successfully.");
                                        return Pair.newInstance(decryptBPK, areaSpecificTargetIdentifier);
                                    }
                                    Logger.error("bPK decryption FAILED.");
                                } catch (EAAFBuilderException e) {
                                    Logger.error("bPK decryption FAILED.", e);
                                }
                            } else {
                                Logger.info("bPK decryption FAILED, because no valid decryption key is found.");
                            }
                        } else {
                            Logger.info("Found encrypted bPK but encrypted bPK target does not match to online-application target");
                        }
                    } else {
                        Logger.info("Encrypted bPKs are only allowed for public services with prefix: urn:publicid:gv.at:cdid+ BUT oaTarget is " + areaSpecificTargetIdentifier);
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    protected IIdentityLink buildOAspecificIdentityLink(ISPConfiguration iSPConfiguration, IIdentityLink iIdentityLink, String str, String str2) throws EAAFConfigurationException, XPathException, DOMException, EAAFParserException {
        if (!iSPConfiguration.hasBaseIdTransferRestriction()) {
            return iIdentityLink;
        }
        try {
            Element samlAssertion = iIdentityLink.getSamlAssertion();
            XPathUtils.selectSingleNode(samlAssertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH).getFirstChild().setNodeValue(str);
            XPathUtils.selectSingleNode(samlAssertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH).getFirstChild().setNodeValue(str2);
            IIdentityLink parseIdentityLink = new IdentityLinkAssertionParser(samlAssertion).parseIdentityLink();
            return new IdentityLinkAssertionParser(this.authConfig.isIdentityLinkResigning() ? IdentityLinkReSigner.getInstance().resignIdentityLink(parseIdentityLink.getSamlAssertion(), this.authConfig.getIdentityLinkResigningKey()) : parseIdentityLink.getSamlAssertion()).parseIdentityLink();
        } catch (MOAIDException e) {
            Logger.warn("Can not build OA specific IDL. Reason: " + e.getMessage(), e);
            throw new EAAFParserException("TODO", (Object[]) null, e);
        }
    }

    protected Pair<String, String> buildOAspecificbPK(IRequest iRequest, AuthenticationData authenticationData) throws EAAFBuilderException {
        Pair<String, String> newInstance;
        ISPConfiguration serviceProviderConfiguration = iRequest.getServiceProviderConfiguration();
        String identificationValue = authenticationData.getIdentificationValue();
        String identificationType = authenticationData.getIdentificationType();
        if ("urn:publicid:gv.at:baseid".equals(identificationType)) {
            String str = null;
            try {
                Class<?> cls = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl");
                if (cls != null && cls.isInstance(iRequest)) {
                    str = (String) iRequest.getClass().getMethod("getTarget", new Class[0]).invoke(iRequest, new Object[0]);
                }
            } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | NoSuchMethodException | SecurityException | InvocationTargetException e) {
            }
            if (MiscUtil.isEmpty(str)) {
                str = serviceProviderConfiguration.getAreaSpecificTargetIdentifier();
                Logger.debug("Use OA target identifier '" + str + "' from configuration");
            } else {
                Logger.info("Use OA target identifier '" + str + "' from SAML1 request for bPK calculation");
            }
            new BPKBuilder();
            newInstance = BPKBuilder.generateAreaSpecificPersonIdentifier(identificationValue, str);
        } else {
            Logger.fatal("!!!baseID-element does not include a baseID. This should not be happen any more!!!");
            newInstance = Pair.newInstance(identificationValue, identificationType);
        }
        Logger.trace("Authenticate user with bPK:" + ((String) newInstance.getFirst()) + " Type:" + ((String) newInstance.getSecond()));
        return newInstance;
    }

    private void generateForeignbPK(IOAAuthParameters iOAAuthParameters, MOAAuthenticationData mOAAuthenticationData) {
        List<String> foreignbPKSectorsRequested = iOAAuthParameters.foreignbPKSectorsRequested();
        if (foreignbPKSectorsRequested == null || foreignbPKSectorsRequested.isEmpty()) {
            Logger.debug("No foreign bPKs required for this service provider");
            return;
        }
        Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");
        String str = null;
        String str2 = null;
        boolean z = false;
        if (mOAAuthenticationData.isUseMandate()) {
            try {
                Logger.trace("Mandates are used. Extracting mandators sourceID from mandate to calculate foreign encrypted bPKs... ");
                boolean isBaseIDTransferRestrication = mOAAuthenticationData.isBaseIDTransferRestrication();
                mOAAuthenticationData.setBaseIDTransferRestrication(false);
                str = (String) new MandateNaturalPersonSourcePinAttributeBuilder().build(iOAAuthParameters, mOAAuthenticationData, new SimpleStringAttributeGenerator());
                str2 = (String) new MandateNaturalPersonSourcePinTypeAttributeBuilder().build(iOAAuthParameters, mOAAuthenticationData, new SimpleStringAttributeGenerator());
                mOAAuthenticationData.setBaseIDTransferRestrication(isBaseIDTransferRestrication);
                z = StringUtils.isNotEmpty(str) && StringUtils.isNotEmpty(str2);
                if (!z) {
                    Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate.");
                }
            } catch (Exception e) {
                Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate. Reason: " + e.getMessage());
                if (Logger.isTraceEnabled()) {
                    Logger.warn("Detail: ", e);
                }
            }
        }
        for (String str3 : foreignbPKSectorsRequested) {
            Logger.trace("Process sector: " + str3 + " ... ");
            if (this.encKeyMap.containsKey(str3)) {
                try {
                    String str4 = null;
                    if (str3.startsWith("wbpk")) {
                        Logger.trace("Find foreign private sector " + str3);
                        str4 = "urn:publicid:gv.at:" + str3;
                    } else {
                        String[] split = str3.split("+");
                        if (split.length != 2) {
                            Logger.warn("Foreign sector: " + str3 + " looks WRONG. IGNORE IT!");
                        } else {
                            Logger.trace("Find foreign public sector. VKZ: " + split[0] + " Target: " + split[1]);
                            str4 = AuthenticationSession.TARGET_PREFIX_ + split[1];
                        }
                    }
                    if (str4 != null) {
                        new BPKBuilder();
                        Pair generateAreaSpecificPersonIdentifier = BPKBuilder.generateAreaSpecificPersonIdentifier(mOAAuthenticationData.getIdentificationValue(), mOAAuthenticationData.getIdentificationType(), str4);
                        mOAAuthenticationData.getEncbPKList().add(Pair.newInstance(BPKBuilder.encryptBPK((String) generateAreaSpecificPersonIdentifier.getFirst(), (String) generateAreaSpecificPersonIdentifier.getSecond(), this.encKeyMap.get(str3).getPublicKey()), str3));
                        Logger.debug("Foreign bPK for sector: " + str3 + " created.");
                        if (z) {
                            new BPKBuilder();
                            Pair generateAreaSpecificPersonIdentifier2 = BPKBuilder.generateAreaSpecificPersonIdentifier(str, str2, str4);
                            mOAAuthenticationData.getEncMandateNaturalPersonbPKList().add(Pair.newInstance(BPKBuilder.encryptBPK((String) generateAreaSpecificPersonIdentifier2.getFirst(), (String) generateAreaSpecificPersonIdentifier2.getSecond(), this.encKeyMap.get(str3).getPublicKey()), str3));
                            Logger.debug("Foreign mandator bPK for sector: " + str3 + " created.");
                        }
                    }
                } catch (Exception e2) {
                    Logger.info("Foreign bPK generation FAILED for sector: " + str3);
                    if (Logger.isDebugEnabled()) {
                        Logger.warn("Details: ", e2);
                    }
                }
            } else {
                Logger.info("NO encryption cerfificate FOUND in configuration for sector: " + str3);
                Logger.info("Foreign bPK for sector: " + str3 + " is NOT possible");
            }
        }
    }

    private void generateAdditonalbPK(MOAAuthenticationData mOAAuthenticationData, List<String> list) throws EAAFBuilderException {
        if (list == null || list.isEmpty()) {
            return;
        }
        Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");
        try {
            for (String str : list) {
                Logger.trace("Process sector: " + str + " ... ");
                new BPKBuilder();
                Pair generateAreaSpecificPersonIdentifier = BPKBuilder.generateAreaSpecificPersonIdentifier(mOAAuthenticationData.getIdentificationValue(), mOAAuthenticationData.getIdentificationType(), str);
                Logger.trace("Calculate additional bPK for sector: " + ((String) generateAreaSpecificPersonIdentifier.getSecond()) + " with value: " + ((String) generateAreaSpecificPersonIdentifier.getFirst()));
                mOAAuthenticationData.addAdditionalbPKPair(generateAreaSpecificPersonIdentifier);
            }
        } catch (Exception e) {
            Logger.info("Can NOT generate additional bPKs. Reason: " + e.getMessage());
            if (Logger.isDebugEnabled()) {
                Logger.warn("StackTrace: ", e);
            }
        }
    }

    protected boolean matchsReceivedbPKToOnlineApplication(ISPConfiguration iSPConfiguration, String str) {
        boolean matchsReceivedbPKToOnlineApplication = super.matchsReceivedbPKToOnlineApplication(iSPConfiguration, str);
        if (!matchsReceivedbPKToOnlineApplication) {
            Logger.trace("bPKType does not match to Online-Application. Checking if it is Prof.Rep. bPK ... ");
            if ("urn:publicid:gv.at:cdid+OW".equals(str)) {
                Logger.debug("Find Prof.Rep. bPKType. This matchs on every SP-Target");
                matchsReceivedbPKToOnlineApplication = true;
            } else {
                Logger.trace("bPKType is not of type: urn:publicid:gv.at:cdid+OW Matching failed.");
            }
        }
        return matchsReceivedbPKToOnlineApplication;
    }

    protected IAuthData getAuthDataInstance(IRequest iRequest) throws EAAFException {
        throw new RuntimeException("This method is NOT supported by MOA-ID");
    }

    protected void buildServiceSpecificAuthenticationData(IAuthData iAuthData, IRequest iRequest) throws EAAFException {
        throw new RuntimeException("This method is NOT supported by MOA-ID");
    }
}
