package at.gv.egovernment.moa.id.moduls;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager;
import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException;
import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.CookieUtils;
import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import java.util.Date;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service("MOAID_SSOManager")
/* loaded from: input_file:at/gv/egovernment/moa/id/moduls/SSOManager.class */
public class SSOManager implements ISSOManager {
    private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
    private static final String HTMLTEMPLATEFULL = "slo_template.html";
    public static String CONTEXTPATH = "contextPath";
    private static final String SSOCOOKIE = "MOA_ID_SSO";
    private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO";
    private static final int INTERFEDERATIONCOOKIEMAXAGE = 300;
    public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL";
    public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse";
    public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID";

    @Autowired
    private IAuthenticationSessionStoreage authenticatedSessionStore;

    @Autowired
    private AuthConfiguration authConfig;

    @Autowired
    private IRevisionLogger revisionsLogger;

    public boolean checkAndValidateSSOSession(IRequest iRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws EAAFSSOException {
        String existsOldSSOSession;
        try {
            String sSOSessionID = getSSOSessionID(httpServletRequest);
            checkInterfederationIsRequested(httpServletRequest, httpServletResponse, iRequest);
            if (sSOSessionID != null && (existsOldSSOSession = existsOldSSOSession(sSOSessionID)) != null) {
                Logger.warn("Request sends an old SSO Session ID(" + sSOSessionID + ")! Invalidate the corresponding MOASession with ID=" + existsOldSSOSession);
                this.revisionsLogger.logEvent(iRequest, -1);
                this.authenticatedSessionStore.destroyInternalSSOSession(existsOldSSOSession);
                deleteSSOSessionID(httpServletRequest, httpServletResponse);
            }
            return isValidSSOSession(sSOSessionID, iRequest);
        } catch (SessionDataStorageException | ConfigurationException | EAAFStorageException e) {
            Logger.warn("Cann not process SSO session. Reason: " + e.getMessage(), e);
            Logger.info("All SSO session will be ignored.");
            return false;
        }
    }

    public void isSSOAllowedForSP(IRequest iRequest, HttpServletRequest httpServletRequest) {
        IOAAuthParameters iOAAuthParameters = (IOAAuthParameters) iRequest.getServiceProviderConfiguration(OAAuthParameterDecorator.class);
        try {
            iRequest.setNeedSingleSignOnFunctionality((iOAAuthParameters.useSSO() || iOAAuthParameters.isInderfederationIDP()) && !LegacyHelper.isUseMandateRequested(httpServletRequest));
            iRequest.setNeedUserConsent(iOAAuthParameters.useSSOQuestion());
        } catch (WrongParametersException e) {
            Logger.warn("Find suspect http parameter for mandates! Reason: " + e.getMessage());
        }
    }

    public void populatePendingRequestWithSSOInformation(IRequest iRequest) throws EAAFSSOException {
        try {
            AuthenticationSession internalSSOSession = this.authenticatedSessionStore.getInternalSSOSession(iRequest.getInternalSSOSessionIdentifier());
            if (internalSSOSession == null) {
                Logger.info("No MOASession FOUND with provided SSO-Cookie.");
            } else {
                Logger.debug("Found authenticated MOASession with provided SSO-Cookie.");
                this.revisionsLogger.logEvent(iRequest, -1);
                Logger.trace("Populatint pending request with SSO session information .... ");
                Map<String, Object> keyValueRepresentationFromAuthSession = internalSSOSession.getKeyValueRepresentationFromAuthSession();
                if (Logger.isTraceEnabled()) {
                    Logger.trace("Full SSO DataSet:  ");
                    for (Map.Entry<String, Object> entry : keyValueRepresentationFromAuthSession.entrySet()) {
                        Logger.trace("  Key: " + entry.getKey() + " Value: " + entry.getValue());
                    }
                }
                iRequest.setRawDataToTransaction(keyValueRepresentationFromAuthSession);
                iRequest.setAuthenticated(true);
            }
        } catch (EAAFStorageException e) {
            Logger.warn("Can NOT populate pending request from SSO session.", e);
            throw new EAAFSSOException("", new Object[0], e);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:9:0x0044 A[Catch: ConfigurationException | SessionDataStorageException | EAAFStorageException -> 0x0095, ConfigurationException | SessionDataStorageException | EAAFStorageException -> 0x0095, ConfigurationException | SessionDataStorageException | EAAFStorageException -> 0x0095, TryCatch #0 {ConfigurationException | SessionDataStorageException | EAAFStorageException -> 0x0095, blocks: (B:19:0x0007, B:19:0x0007, B:19:0x0007, B:21:0x0013, B:21:0x0013, B:21:0x0013, B:7:0x003c, B:7:0x003c, B:7:0x003c, B:9:0x0044, B:9:0x0044, B:9:0x0044, B:11:0x0056, B:11:0x0056, B:11:0x0056, B:14:0x005d, B:4:0x001e, B:4:0x001e, B:4:0x001e, B:6:0x002f, B:6:0x002f, B:6:0x002f), top: B:18:0x0007 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean destroySSOSessionOnIDPOnly(javax.servlet.http.HttpServletRequest r5, javax.servlet.http.HttpServletResponse r6, at.gv.egiz.eaaf.core.api.IRequest r7) throws at.gv.egiz.eaaf.core.exceptions.EAAFSSOException {
        /*
            r4 = this;
            r0 = 0
            r8 = r0
            r0 = r7
            if (r0 == 0) goto L1e
            r0 = r7
            java.lang.String r0 = r0.getInternalSSOSessionIdentifier()     // Catch: java.lang.Throwable -> L95 java.lang.Throwable -> L95 java.lang.Throwable -> L95
            boolean r0 = at.gv.egovernment.moa.util.MiscUtil.isNotEmpty(r0)     // Catch: java.lang.Throwable -> L95 java.lang.Throwable -> L95 java.lang.Throwable -> L95
            if (r0 == 0) goto L1e
            r0 = r7
            java.lang.String r0 = r0.getInternalSSOSessionIdentifier()     // Catch: java.lang.Throwable -> L95 java.lang.Throwable -> L95 java.lang.Throwable -> L95
            r8 = r0
            goto L3c
        L1e:
            r0 = r4
            r1 = r5
            java.lang.String r0 = r0.getSSOSessionID(r1)     // Catch: java.lang.Throwable -> L95 java.lang.Throwable -> L95 java.lang.Throwable -> L95
            r9 = r0
            r0 = r4
            r1 = r9
            r2 = 0
            boolean r0 = r0.isValidSSOSession(r1, r2)     // Catch: java.lang.Throwable -> L95 java.lang.Throwable -> L95 java.lang.Throwable -> L95
            if (r0 == 0) goto L3c
            r0 = r4
            at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage r0 = r0.authenticatedSessionStore     // Catch: java.lang.Throwable -> L95 java.lang.Throwable -> L95 java.lang.Throwable -> L95
            r1 = r9
            java.lang.String r0 = r0.getInternalSSOSessionWithSSOID(r1)     // Catch: java.lang.Throwable -> L95 java.lang.Throwable -> L95 java.lang.Throwable -> L95
            r8 = r0
        L3c:
            r0 = r8
            boolean r0 = org.apache.commons.lang3.StringUtils.isNotEmpty(r0)     // Catch: java.lang.Throwable -> L95 java.lang.Throwable -> L95 java.lang.Throwable -> L95
            if (r0 == 0) goto L92
            r0 = r4
            at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage r0 = r0.authenticatedSessionStore     // Catch: java.lang.Throwable -> L95 java.lang.Throwable -> L95 java.lang.Throwable -> L95
            r1 = r8
            at.gv.egovernment.moa.id.auth.data.AuthenticationSession r0 = r0.getInternalSSOSession(r1)     // Catch: java.lang.Throwable -> L95 java.lang.Throwable -> L95 java.lang.Throwable -> L95
            r9 = r0
            r0 = r9
            if (r0 != 0) goto L5d
            java.lang.String r0 = "No internal MOA SSO-Session found. Nothing to destroy"
            at.gv.egovernment.moa.logging.Logger.info(r0)     // Catch: java.lang.Throwable -> L95 java.lang.Throwable -> L95 java.lang.Throwable -> L95
            r0 = 0
            return r0
        L5d:
            r0 = r9
            r1 = 0
            r0.setAuthenticated(r1)     // Catch: java.lang.Throwable -> L95
            r0 = r4
            at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage r0 = r0.authenticatedSessionStore     // Catch: java.lang.Throwable -> L95
            r1 = r9
            java.lang.String r1 = r1.getSSOSessionID()     // Catch: java.lang.Throwable -> L95
            at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions r0 = r0.getAuthenticationSessionExtensions(r1)     // Catch: java.lang.Throwable -> L95
            r10 = r0
            r0 = r4
            at.gv.egiz.eaaf.core.api.logging.IRevisionLogger r0 = r0.revisionsLogger     // Catch: java.lang.Throwable -> L95
            r1 = 1001(0x3e9, float:1.403E-42)
            r2 = r10
            java.lang.String r2 = r2.getUniqueSessionId()     // Catch: java.lang.Throwable -> L95
            r0.logEvent(r1, r2)     // Catch: java.lang.Throwable -> L95
            r0 = r4
            at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage r0 = r0.authenticatedSessionStore     // Catch: java.lang.Throwable -> L95
            r1 = r9
            java.lang.String r1 = r1.getSSOSessionID()     // Catch: java.lang.Throwable -> L95
            r0.destroyInternalSSOSession(r1)     // Catch: java.lang.Throwable -> L95
        L92:
            goto Lb0
        L95:
            r9 = move-exception
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            r1 = r0
            r1.<init>()
            java.lang.String r1 = "NO MOA Authentication data for ID "
            java.lang.StringBuilder r0 = r0.append(r1)
            r1 = r8
            java.lang.StringBuilder r0 = r0.append(r1)
            java.lang.String r0 = r0.toString()
            at.gv.egovernment.moa.logging.Logger.info(r0)
            r0 = 0
            return r0
        Lb0:
            r0 = r4
            r1 = r5
            r2 = r6
            r0.deleteSSOSessionID(r1, r2)
            r0 = 1
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: at.gv.egovernment.moa.id.moduls.SSOManager.destroySSOSessionOnIDPOnly(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egiz.eaaf.core.api.IRequest):boolean");
    }

    public String createNewSSOSessionCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IRequest iRequest) throws EAAFSSOException {
        Logger.debug("Creating new SSO session-cookie for http response ... ");
        String nextHexRandom32 = Random.nextHexRandom32();
        if (StringUtils.isNotEmpty(nextHexRandom32)) {
            setSSOSessionID(httpServletRequest, httpServletResponse, nextHexRandom32);
        } else {
            deleteSSOSessionID(httpServletRequest, httpServletResponse);
        }
        return nextHexRandom32;
    }

    public void createNewSSOSession(IRequest iRequest, String str) throws EAAFSSOException {
        try {
            iRequest.setInternalSSOSessionIdentifier(this.authenticatedSessionStore.createInternalSSOSession(iRequest).getSSOSessionID());
        } catch (MOADatabaseException | BuildException e) {
            Logger.warn("Can NOT create SSO session.", e);
            throw new EAAFSSOException("builder.10", (Object[]) null, e);
        }
    }

    public void updateSSOSession(IRequest iRequest, String str, SLOInformationInterface sLOInformationInterface) throws EAAFSSOException {
        try {
            this.authenticatedSessionStore.addSSOInformation(iRequest.getInternalSSOSessionIdentifier(), str, sLOInformationInterface, iRequest);
        } catch (AuthenticationException e) {
            Logger.warn("Can NOT update SSO session.", e);
            throw new EAAFSSOException("builder.10", (Object[]) null, e);
        }
    }

    public void checkInterfederationIsRequested(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IRequest iRequest) throws SessionDataStorageException, EAAFStorageException {
        String parameter = httpServletRequest.getParameter("interIDP");
        String str = (String) iRequest.getRawData(DATAID_INTERFEDERATIOIDP_URL, String.class);
        if (MiscUtil.isNotEmpty(str)) {
            Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + str);
            return;
        }
        if (!(iRequest instanceof RequestImpl)) {
            Logger.warn("Request is not of type RequestImpl");
            return;
        }
        RequestImpl requestImpl = (RequestImpl) iRequest;
        if (MiscUtil.isNotEmpty(parameter)) {
            Logger.info("Receive SSO request for interfederation IDP " + parameter);
            requestImpl.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, parameter);
            return;
        }
        String valueFromCookie = CookieUtils.getValueFromCookie(httpServletRequest, SSOINTERFEDERATION);
        if (MiscUtil.isNotEmpty(valueFromCookie)) {
            Logger.info("Receive SSO request for interfederated IDP from Cookie " + valueFromCookie);
            requestImpl.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, valueFromCookie);
            CookieUtils.deleteCookie(httpServletRequest, httpServletResponse, SSOINTERFEDERATION);
        }
    }

    public void setInterfederationIDPCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        CookieUtils.setCookie(httpServletRequest, httpServletResponse, SSOINTERFEDERATION, str, INTERFEDERATIONCOOKIEMAXAGE);
    }

    public boolean isValidSSOSession(String str, IRequest iRequest) throws ConfigurationException, SessionDataStorageException, EAAFStorageException {
        if (str == null) {
            Logger.info("No SSO Session cookie found.");
            return false;
        }
        AuthenticatedSessionStore isValidSessionWithSSOID = this.authenticatedSessionStore.isValidSessionWithSSOID(str);
        if (isValidSessionWithSSOID == null) {
            return false;
        }
        if (new Date().after(new Date(isValidSessionWithSSOID.getCreated().getTime() + (this.authConfig.getSSOCreatedTimeOut() * 1000)))) {
            Logger.info("Found outdated SSO session information. Start reauthentication process ... ");
            return false;
        }
        if (iRequest == null || !isValidSessionWithSSOID.isInterfederatedSSOSession()) {
            if (iRequest == null) {
                return true;
            }
            iRequest.setInternalSSOSessionIdentifier(isValidSessionWithSSOID.getSessionid());
            return true;
        }
        if (!MiscUtil.isEmpty((String) iRequest.getRawData(DATAID_INTERFEDERATIOIDP_URL, String.class))) {
            return false;
        }
        InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession = this.authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASession(isValidSessionWithSSOID.getSessionid());
        if (searchInterfederatedIDPFORSSOWithMOASession != null) {
            Logger.info("SSO Session refer to federated IDP: " + searchInterfederatedIDPFORSSOWithMOASession.getIdpurlprefix());
            iRequest.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, searchInterfederatedIDPFORSSOWithMOASession.getIdpurlprefix());
            return false;
        }
        Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
        try {
            this.authenticatedSessionStore.destroyInternalSSOSession(isValidSessionWithSSOID.getSessionid());
            return false;
        } catch (MOADatabaseException e) {
            Logger.error("Delete MOASession with ID:" + isValidSessionWithSSOID.getSessionid() + " FAILED!", e);
            return false;
        }
    }

    public String getUniqueSessionIdentifier(String str) {
        try {
            if (MiscUtil.isNotEmpty(str)) {
                String internalSSOSessionWithSSOID = this.authenticatedSessionStore.getInternalSSOSessionWithSSOID(str);
                if (MiscUtil.isNotEmpty(internalSSOSessionWithSSOID)) {
                    AuthenticationSessionExtensions authenticationSessionExtensions = this.authenticatedSessionStore.getAuthenticationSessionExtensions(internalSSOSessionWithSSOID);
                    if (authenticationSessionExtensions != null) {
                        return authenticationSessionExtensions.getUniqueSessionId();
                    }
                    Logger.warn("Extended SSO-Session Information ARE NULL. Something looks wrong!");
                }
            }
            return null;
        } catch (MOADatabaseException e) {
            Logger.debug("No SSO Session with SSO sessionID: " + str);
            return null;
        }
    }

    public String getSSOSessionID(HttpServletRequest httpServletRequest) {
        return CookieUtils.getValueFromCookie(httpServletRequest, SSOCOOKIE);
    }

    public boolean removeInterfederatedSSOIDP(String str, HttpServletRequest httpServletRequest) {
        AuthenticatedSessionStore isValidSessionWithSSOID;
        String sSOSessionID = getSSOSessionID(httpServletRequest);
        if (!MiscUtil.isNotEmpty(sSOSessionID) || (isValidSessionWithSSOID = this.authenticatedSessionStore.isValidSessionWithSSOID(sSOSessionID)) == null) {
            return false;
        }
        InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID = this.authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASessionIDPID(isValidSessionWithSSOID.getSessionid(), str);
        if (searchInterfederatedIDPFORSSOWithMOASessionIDPID == null) {
            Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
            return true;
        }
        Logger.info("Delete interfederated IDP " + searchInterfederatedIDPFORSSOWithMOASessionIDPID.getIdpurlprefix() + " from MOASession " + isValidSessionWithSSOID.getSessionid());
        this.authenticatedSessionStore.deleteIdpInformation(searchInterfederatedIDPFORSSOWithMOASessionIDPID);
        return true;
    }

    private String existsOldSSOSession(String str) {
        Logger.trace("Check that the SSOID has already been used");
        OldSSOSessionIDStore checkSSOTokenAlreadyUsed = this.authenticatedSessionStore.checkSSOTokenAlreadyUsed(str);
        if (checkSSOTokenAlreadyUsed == null) {
            Logger.debug("SSO session-cookie was not used in parst");
            return null;
        }
        AuthenticatedSessionStore moasession = checkSSOTokenAlreadyUsed.getMoasession();
        if (moasession != null) {
            return moasession.getSessionid();
        }
        Logger.info("Get request with old SSO SessionID but no corresponding SSO Session is found.");
        return null;
    }

    private void setSSOSessionID(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        CookieUtils.setCookie(httpServletRequest, httpServletResponse, SSOCOOKIE, str, -1);
    }

    private void deleteSSOSessionID(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        CookieUtils.deleteCookie(httpServletRequest, httpServletResponse, SSOCOOKIE);
    }
}
