package at.gv.egovernment.moa.id.auth.parser;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider;
import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service("StartAuthentificationParameterParser")
/* loaded from: input_file:at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.class */
public class StartAuthentificationParameterParser extends MOAIDAuthConstants {

    @Autowired
    AuthConfiguration authConfig;

    public void parse(IAuthenticationSession iAuthenticationSession, String str, String str2, String str3, String str4, String str5, String str6, HttpServletRequest httpServletRequest, IRequest iRequest) throws WrongParametersException, MOAIDException, EAAFException {
        String str7;
        String str8 = null;
        String escapeHtml = StringEscapeUtils.escapeHtml(str);
        String escapeHtml2 = StringEscapeUtils.escapeHtml(str3);
        String escapeHtml3 = StringEscapeUtils.escapeHtml(str4);
        String escapeHtml4 = StringEscapeUtils.escapeHtml(str5);
        String escapeHtml5 = StringEscapeUtils.escapeHtml(str6);
        if (!ParamValidatorUtils.isValidUseMandate(escapeHtml4)) {
            throw new WrongParametersException("StartAuthentication", "useMandate", "auth.12");
        }
        if (!ParamValidatorUtils.isValidCCC(escapeHtml5)) {
            throw new WrongParametersException("StartAuthentication", "CCC", "auth.12");
        }
        String str9 = (escapeHtml4 == null || escapeHtml4.compareTo("") == 0) ? "false" : escapeHtml4;
        boolean z = str9.compareToIgnoreCase("true") == 0;
        iAuthenticationSession.setUseMandate(str9);
        IOAAuthParameters iOAAuthParameters = (IOAAuthParameters) iRequest.getServiceProviderConfiguration(IOAAuthParameters.class);
        if (iOAAuthParameters == null) {
            throw new AuthenticationException("auth.00", new Object[]{iRequest.getSPEntityId()});
        }
        String areaSpecificTargetIdentifier = iOAAuthParameters.getAreaSpecificTargetIdentifier();
        String areaSpecificTargetIdentifierFriendlyName = iOAAuthParameters.getAreaSpecificTargetIdentifierFriendlyName();
        if (!iRequest.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol") || StringUtils.isEmpty(escapeHtml)) {
            Logger.trace("Use oa sector-identifier from configuration");
            str7 = areaSpecificTargetIdentifier;
        } else {
            if (!ParamValidatorUtils.isValidTarget(escapeHtml)) {
                Logger.error("Selected target is invalid. Used target: " + escapeHtml);
                throw new WrongParametersException("StartAuthentication", "Target", "auth.12");
            }
            str7 = AuthenticationSession.TARGET_PREFIX_ + escapeHtml;
            String sectorNameViaTarget = TargetToSectorNameMapper.getSectorNameViaTarget(escapeHtml);
            if (MiscUtil.isNotEmpty(sectorNameViaTarget)) {
                str8 = sectorNameViaTarget;
            } else {
                int indexOf = escapeHtml.indexOf("-");
                if (indexOf > 0) {
                    str8 = TargetToSectorNameMapper.getSectorNameViaTarget(escapeHtml.substring(0, indexOf));
                }
            }
            if (MiscUtil.isNotEmpty(areaSpecificTargetIdentifier) && MiscUtil.isEmpty(str8)) {
                str8 = areaSpecificTargetIdentifierFriendlyName;
            }
            iRequest.setRawDataToTransaction("authProces_Target", str7);
            iRequest.setRawDataToTransaction("authProces_TargetFriendlyName", str8);
        }
        if (MiscUtil.isEmpty(str7)) {
            throw new WrongParametersException("StartAuthentication", "Target", "auth.05");
        }
        if (z && iOAAuthParameters.hasBaseIdInternalProcessingRestriction()) {
            Logger.error("Online-Mandate Mode for business application not supported.");
            throw new AuthenticationException("auth.17", null);
        }
        if (str7.startsWith(AuthenticationSession.TARGET_PREFIX_)) {
            Logger.debug("Service-Provider is of type 'PublicService' with DomainIdentifier:" + str7);
        } else {
            Logger.debug("Service-Provider is of type 'PrivateService' with DomainIdentifier:" + str7);
        }
        List bkuurl = iOAAuthParameters.getBKUURL();
        bkuurl.addAll(this.authConfig.getDefaultBKUURLs());
        if (!ParamValidatorUtils.isValidBKUURI(escapeHtml2, bkuurl)) {
            throw new WrongParametersException("StartAuthentication", "bkuURI", "auth.12");
        }
        iAuthenticationSession.setBkuURL(escapeHtml2);
        if (MiscUtil.isEmpty(escapeHtml3)) {
            List templateURL = iOAAuthParameters.getTemplateURL();
            List sLRequestTemplates = this.authConfig.getSLRequestTemplates();
            if (templateURL != null && !templateURL.isEmpty() && MiscUtil.isNotEmpty((String) templateURL.get(0))) {
                escapeHtml3 = FileUtils.makeAbsoluteURL((String) iOAAuthParameters.getTemplateURL().get(0), this.authConfig.getRootConfigFileDir());
                Logger.info("No SL-Template in request, load SL-Template from OA configuration (URL: " + escapeHtml3 + BPKListAttributeBuilder.LIST_ELEMENT_END);
            } else {
                if (sLRequestTemplates.isEmpty() || !MiscUtil.isNotEmpty((String) sLRequestTemplates.get(0))) {
                    Logger.error("NO SL-Tempalte found in OA config");
                    throw new WrongParametersException("StartAuthentication", "Template", "auth.12");
                }
                escapeHtml3 = FileUtils.makeAbsoluteURL((String) sLRequestTemplates.get(0), this.authConfig.getRootConfigFileDir());
                Logger.info("No SL-Template in request, load SL-Template from general configuration (URL: " + escapeHtml3 + BPKListAttributeBuilder.LIST_ELEMENT_END);
            }
        }
        if (!ParamValidatorUtils.isValidTemplate(httpServletRequest, escapeHtml3, iOAAuthParameters.getTemplateURL(), this.authConfig.getBasicConfigurationBoolean(PropertyBasedAuthConfigurationProvider.PROP_STRICT_SAML1_PARAM_VALIDATION, false))) {
            throw new WrongParametersException("StartAuthentication", "Template", "auth.12");
        }
        iRequest.setRawDataToTransaction("authProces_SecurityLayerTemplate", escapeHtml3);
        if (MiscUtil.isEmpty(this.authConfig.getSSOTagetIdentifier()) && iRequest.needSingleSignOnFunctionality()) {
            Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!");
            iRequest.setNeedSingleSignOnFunctionality(false);
        }
        if (iRequest.needSingleSignOnFunctionality() && z) {
            Logger.info("Usage of Mandate-Service does not allow Single Sign-On. --> SSO is disabled for this request.");
            iRequest.setNeedSingleSignOnFunctionality(false);
        }
    }

    public void parse(ExecutionContext executionContext, IAuthenticationSession iAuthenticationSession, HttpServletRequest httpServletRequest, IRequest iRequest) throws WrongParametersException, MOAIDException, EAAFException {
        String str = (String) executionContext.get("bkuURI");
        String str2 = (String) executionContext.get("Template");
        String str3 = (String) executionContext.get("useMandate");
        String str4 = (String) executionContext.get("CCC");
        if (iRequest.getServiceProviderConfiguration(IOAAuthParameters.class) != null && ((IOAAuthParameters) iRequest.getServiceProviderConfiguration(IOAAuthParameters.class)).isOnlyMandateAllowed()) {
            Logger.debug("Service " + ((IOAAuthParameters) iRequest.getServiceProviderConfiguration(IOAAuthParameters.class)).getPublicURLPrefix() + " only allows authentication with mandates. --> Set useMandate to TRUE.");
            str3 = String.valueOf(((IOAAuthParameters) iRequest.getServiceProviderConfiguration(IOAAuthParameters.class)).isOnlyMandateAllowed());
        }
        parse(iAuthenticationSession, (String) iRequest.getRawData("saml1_target", String.class), iRequest.getSPEntityId(), str, str2, str3, str4, httpServletRequest, iRequest);
    }
}
