package at.gv.egovernment.moa.id.auth;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.exception.ServiceException;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.logging.SpecificTraceLogger;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moaspss.logging.LogMsg;
import iaik.asn1.ObjectID;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Calendar;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.xpath.XPathAPI;
import org.opensaml.xml.util.Base64;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.Base64Utils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

@Service("CitizenCardAuthenticationServer")
/* loaded from: input_file:at/gv/egovernment/moa/id/auth/AuthenticationServer.class */
public class AuthenticationServer extends BaseAuthenticationServer {

    @Autowired
    private MOAReversionLogger revisionsLogger;

    @Autowired
    private AuthConfiguration authConfig;

    public String startAuthentication(IAuthenticationSession iAuthenticationSession, HttpServletRequest httpServletRequest, IRequest iRequest) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
        String build;
        if (iAuthenticationSession == null) {
            throw new AuthenticationException("auth.18", new Object[0]);
        }
        IOAAuthParameters iOAAuthParameters = (IOAAuthParameters) iRequest.getServiceProviderConfiguration(IOAAuthParameters.class);
        if (iOAAuthParameters == null) {
            throw new AuthenticationException("auth.00", new Object[]{iRequest.getSPEntityId()});
        }
        String str = (String) iRequest.getRawData("authProces_SecurityLayerTemplate", String.class);
        if (!MiscUtil.isNotEmpty(str)) {
            throw new AuthenticationException("auth.04", new Object[]{"SecurityLayerTemplate", "No template definde"});
        }
        try {
            String str2 = new String(FileUtils.readURL(str));
            String sSOTagetIdentifier = this.authConfig.getSSOTagetIdentifier();
            if (MiscUtil.isNotEmpty(sSOTagetIdentifier) && iRequest.needSingleSignOnFunctionality()) {
                Logger.debug("SSO Login requested");
                build = new InfoboxReadRequestBuilder().build(sSOTagetIdentifier.startsWith("urn:publicid:gv.at:wbpk+"), sSOTagetIdentifier);
            } else {
                Logger.debug("Non-SSO Login requested or SSO not allowed/possible");
                build = new InfoboxReadRequestBuilder().build(iOAAuthParameters.hasBaseIdInternalProcessingRestriction(), iOAAuthParameters.getAreaSpecificTargetIdentifier());
            }
            try {
                return new GetIdentityLinkFormBuilder().build(str2, iAuthenticationSession.getBkuURL(), build, new DataURLBuilder().buildDataURL(iRequest.getAuthURL(), "VerifyIdentityLink", iRequest.getPendingRequestId()), null, null, "", iOAAuthParameters, StringEscapeUtils.escapeHtml(httpServletRequest.getParameter("heigth")), StringEscapeUtils.escapeHtml(httpServletRequest.getParameter("width")), iRequest.getAuthURL());
            } catch (BuildException e) {
                throw new BuildException("builder.07", (Object[]) null, e);
            }
        } catch (IOException e2) {
            throw new AuthenticationException("auth.03", new Object[]{str, e2.toString()}, e2);
        }
    }

    public String verifyIdentityLink(IRequest iRequest, IAuthenticationSession iAuthenticationSession, Map<String, String> map) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, BKUException {
        if (iAuthenticationSession == null) {
            throw new AuthenticationException("auth.10", new Object[]{"VerifyIdentityLink", "MOASessionID"});
        }
        String str = map.get("XMLResponse");
        if (isEmpty(str)) {
            throw new AuthenticationException("auth.10", new Object[]{"VerifyIdentityLink", "XMLResponse"});
        }
        if (str.indexOf("ErrorCode>2911") != -1) {
            Logger.info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als auslaendische eID.");
            return null;
        }
        if (str.indexOf("ErrorCode>4002") != -1) {
            Logger.info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als auslaendische eID.");
            return null;
        }
        IIdentityLink parseIdentityLink = new InfoboxReadResponseParser(str).parseIdentityLink();
        IdentityLinkValidator.getInstance().validate(parseIdentityLink);
        VerifyXMLSignatureResponseValidator.getInstance().validate(new VerifyXMLSignatureResponseParser(SignatureVerificationInvoker.getInstance().verifyXMLSignature(new VerifyXMLSignatureRequestBuilder().build(parseIdentityLink, this.authConfig.getMoaSpIdentityLinkTrustProfileID(((IOAAuthParameters) iRequest.getServiceProviderConfiguration(IOAAuthParameters.class)).isUseIDLTestTrustStore())))).parseData(), this.authConfig.getIdentityLinkX509SubjectNames(), "IdentityLink", (IOAAuthParameters) iRequest.getServiceProviderConfiguration(IOAAuthParameters.class), this.authConfig);
        iAuthenticationSession.setIdentityLink(parseIdentityLink);
        this.revisionsLogger.logEvent(iRequest, 4220);
        return "found!";
    }

    public void verifyCertificate(IAuthenticationSession iAuthenticationSession, X509Certificate x509Certificate, IRequest iRequest) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, MOAIDException {
        try {
            Iterator it = MOAIDAuthConstants.OW_LIST.iterator();
            while (it.hasNext()) {
                if (x509Certificate.getExtension((ObjectID) it.next()) != null) {
                    iAuthenticationSession.setOW(true);
                }
            }
        } catch (X509ExtensionInitException e) {
            Logger.warn("Certificate extension is not readable.");
            iAuthenticationSession.setOW(false);
        }
    }

    public void verifyMandate(IRequest iRequest, IAuthenticationSession iAuthenticationSession, IMISMandate iMISMandate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException {
        if (iAuthenticationSession == null) {
            throw new AuthenticationException("auth.10", new Object[]{"GetMISSessionID", "MOASessionID"});
        }
        IOAAuthParameters iOAAuthParameters = (IOAAuthParameters) iRequest.getServiceProviderConfiguration(IOAAuthParameters.class);
        try {
            setExtendedSAMLAttributeForMandatesOID(iAuthenticationSession, iMISMandate, iOAAuthParameters.hasBaseIdTransferRestriction());
            validateExtendedSAMLAttributeForMandates(iAuthenticationSession, iMISMandate, iOAAuthParameters.hasBaseIdTransferRestriction());
        } catch (IOException e) {
            throw new AuthenticationException("auth.15", new Object[]{"GetMISSessionID"}, e);
        } catch (ParserConfigurationException e2) {
            throw new AuthenticationException("auth.15", new Object[]{"GetMISSessionID"}, e2);
        } catch (TransformerException e3) {
            throw new AuthenticationException("auth.15", new Object[]{"GetMISSessionID"}, e3);
        } catch (SAXException e4) {
            throw new AuthenticationException("auth.15", new Object[]{"GetMISSessionID"}, e4);
        }
    }

    public String getCreateXMLSignatureRequestAuthBlockOrRedirect(IAuthenticationSession iAuthenticationSession, IRequest iRequest) throws ConfigurationException, BuildException, ValidateException, EAAFBuilderException {
        IOAAuthParameters iOAAuthParameters = (IOAAuthParameters) iRequest.getServiceProviderConfiguration(IOAAuthParameters.class);
        String build = new CreateXMLSignatureRequestBuilder().build(buildAuthenticationBlock(iAuthenticationSession, iOAAuthParameters, iRequest), iOAAuthParameters.getKeyBoxIdentifier(), this.authConfig.getTransformsInfos());
        SpecificTraceLogger.trace("Req. Authblock: " + Base64Utils.encodeToString(build.getBytes()));
        SpecificTraceLogger.trace("OA config: " + ((IOAAuthParameters) iRequest.getServiceProviderConfiguration(IOAAuthParameters.class)).toString());
        SpecificTraceLogger.trace("saml1RequestedTarget: " + ((String) iRequest.getRawData("authProces_Target", String.class)));
        SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + ((String) iRequest.getRawData("authProces_TargetFriendlyName", String.class)));
        return build;
    }

    public String createXMLSignatureRequestForeignID(IRequest iRequest, X509Certificate x509Certificate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException {
        return new CreateXMLSignatureRequestBuilder().buildForeignID(x509Certificate.getSubjectDN().toString(), iRequest);
    }

    public X509Certificate getCertificate(IRequest iRequest, Map<String, String> map) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, BKUException {
        String str = map.get("XMLResponse");
        if (isEmpty(str)) {
            throw new AuthenticationException("auth.10", new Object[]{"VerifyCertificate", "XMLResponse"});
        }
        X509Certificate parseCertificate = new InfoboxReadResponseParser(str).parseCertificate();
        this.revisionsLogger.logEvent(iRequest, 4221);
        return parseCertificate;
    }

    private String buildAuthenticationBlock(IAuthenticationSession iAuthenticationSession, IOAAuthParameters iOAAuthParameters, IRequest iRequest) throws BuildException, ConfigurationException, EAAFBuilderException {
        String str;
        String str2;
        String buildAuthBlock;
        IIdentityLink identityLink = iAuthenticationSession.getIdentityLink();
        String replaceAll = identityLink.getName().replaceAll("'", "&#39;");
        String dateOfBirth = identityLink.getDateOfBirth();
        String str3 = null;
        String authURL = iRequest.getAuthURL();
        String str4 = (String) iRequest.getRawData("authProces_Target", String.class);
        String str5 = (String) iRequest.getRawData("authProces_TargetFriendlyName", String.class);
        if (iAuthenticationSession.isOW() || iRequest.needSingleSignOnFunctionality() || iOAAuthParameters.isRemovePBKFromAuthBlock()) {
            str = "";
            str2 = "";
        } else if (!identityLink.getIdentificationType().equals("urn:publicid:gv.at:baseid")) {
            str2 = identityLink.getIdentificationValue();
            str = identityLink.getIdentificationType();
            str3 = iOAAuthParameters.getAreaSpecificTargetIdentifierFriendlyName();
        } else if (MiscUtil.isNotEmpty(str4)) {
            Logger.debug("Build AuthBlock bPK from SAML1 requested target");
            new BPKBuilder();
            Pair generateAreaSpecificPersonIdentifier = BPKBuilder.generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(), identityLink.getIdentificationType(), str4);
            str2 = (String) generateAreaSpecificPersonIdentifier.getFirst();
            str = (String) generateAreaSpecificPersonIdentifier.getSecond();
            str3 = str5;
        } else {
            new BPKBuilder();
            Pair generateAreaSpecificPersonIdentifier2 = BPKBuilder.generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(), identityLink.getIdentificationType(), iOAAuthParameters.getAreaSpecificTargetIdentifier());
            str2 = (String) generateAreaSpecificPersonIdentifier2.getFirst();
            str = (String) generateAreaSpecificPersonIdentifier2.getSecond();
            str3 = iOAAuthParameters.getAreaSpecificTargetIdentifierFriendlyName();
        }
        String buildDateTimeUTC = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance());
        iAuthenticationSession.setIssueInstant(buildDateTimeUTC);
        List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH = iAuthenticationSession.getExtendedSAMLAttributesAUTH();
        Map<String, String> generateSpezialAuthBlockPatternMap = AuthenticationBlockAssertionBuilder.generateSpezialAuthBlockPatternMap(iRequest, replaceAll, dateOfBirth, buildDateTimeUTC);
        if (iRequest.needSingleSignOnFunctionality()) {
            String authURL2 = iRequest.getAuthURL();
            if (MiscUtil.isNotEmpty(authURL2)) {
                authURL2 = authURL2.replaceAll("&", "&amp;");
            }
            buildAuthBlock = new AuthenticationBlockAssertionBuilder().buildAuthBlockSSO(replaceAll, buildDateTimeUTC, authURL, authURL2, dateOfBirth, extendedSAMLAttributesAUTH, iAuthenticationSession, iOAAuthParameters, generateSpezialAuthBlockPatternMap);
        } else {
            buildAuthBlock = new AuthenticationBlockAssertionBuilder().buildAuthBlock(replaceAll, buildDateTimeUTC, authURL, str2, str, dateOfBirth, iOAAuthParameters.getPublicURLPrefix().replaceAll("&", "&amp;"), str3, extendedSAMLAttributesAUTH, iAuthenticationSession, iOAAuthParameters, generateSpezialAuthBlockPatternMap);
        }
        iAuthenticationSession.setExtendedSAMLAttributesAUTH(extendedSAMLAttributesAUTH);
        return buildAuthBlock;
    }

    private void validateExtendedSAMLAttributeForMandates(IAuthenticationSession iAuthenticationSession, IMISMandate iMISMandate, boolean z) throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException {
        ExtendedSAMLAttribute[] addExtendedSamlAttributes = addExtendedSamlAttributes(iMISMandate, z, false);
        int length = addExtendedSamlAttributes.length;
        for (int i = 0; i < length; i++) {
            verifySAMLAttribute(addExtendedSamlAttributes[i], i, "MISService", "MISService");
        }
    }

    private void setExtendedSAMLAttributeForMandatesOID(IAuthenticationSession iAuthenticationSession, IMISMandate iMISMandate, boolean z) throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException {
        AddAdditionalSAMLAttributes(iAuthenticationSession, addExtendedSamlAttributesOID(iMISMandate, z), "MISService", "MISService");
    }

    private static void AddAdditionalSAMLAttributes(IAuthenticationSession iAuthenticationSession, ExtendedSAMLAttribute[] extendedSAMLAttributeArr, String str, String str2) throws ValidateException {
        if (extendedSAMLAttributeArr == null) {
            return;
        }
        List extendedSAMLAttributesOA = iAuthenticationSession.getExtendedSAMLAttributesOA();
        if (extendedSAMLAttributesOA == null) {
            extendedSAMLAttributesOA = new Vector();
        }
        List extendedSAMLAttributesAUTH = iAuthenticationSession.getExtendedSAMLAttributesAUTH();
        if (extendedSAMLAttributesAUTH == null) {
            extendedSAMLAttributesAUTH = new Vector();
        }
        int length = extendedSAMLAttributeArr.length;
        for (int i = 0; i < length; i++) {
            ExtendedSAMLAttribute extendedSAMLAttribute = extendedSAMLAttributeArr[i];
            Object verifySAMLAttribute = verifySAMLAttribute(extendedSAMLAttribute, i, str, str2);
            if (!(verifySAMLAttribute instanceof String) && !(verifySAMLAttribute instanceof Element)) {
                Logger.info("The type of SAML-Attribute number " + (i + 1) + " returned from " + str + "-infobox validator is not valid. Must be either \"java.Lang.String\" or \"org.w3c.dom.Element\"");
                throw new ValidateException("validator.46", new Object[]{str, String.valueOf(i + 1)});
            }
            switch (extendedSAMLAttribute.getAddToAUTHBlock()) {
                case 0:
                    replaceExtendedSAMLAttribute(extendedSAMLAttributesOA, extendedSAMLAttribute);
                    break;
                case 1:
                    replaceExtendedSAMLAttribute(extendedSAMLAttributesAUTH, extendedSAMLAttribute);
                    replaceExtendedSAMLAttribute(extendedSAMLAttributesOA, extendedSAMLAttribute);
                    break;
                case 2:
                    replaceExtendedSAMLAttribute(extendedSAMLAttributesAUTH, extendedSAMLAttribute);
                    break;
                default:
                    Logger.info("Invalid return value from method \"getAddToAUTHBlock()\" (" + extendedSAMLAttribute.getAddToAUTHBlock() + ") in SAML attribute number " + (i + 1) + " for infobox " + str);
                    throw new ValidateException("validator.47", new Object[]{str2, String.valueOf(i + 1)});
            }
        }
        iAuthenticationSession.setExtendedSAMLAttributesAUTH(extendedSAMLAttributesAUTH);
        iAuthenticationSession.setExtendedSAMLAttributesOA(extendedSAMLAttributesOA);
    }

    protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes(IMISMandate iMISMandate, boolean z, boolean z2) throws SAXException, IOException, ParserConfigurationException, TransformerException {
        Vector vector = new Vector();
        vector.clear();
        Element mandateToElement = mandateToElement(iMISMandate);
        Element createElement = mandateToElement.getOwnerDocument().createElement("NameSpaceNode");
        createElement.setAttribute("xmlns:pr", "http://reference.e-government.gv.at/namespace/persondata/20020228#");
        createElement.setAttribute("xmlns:md", "http://reference.e-government.gv.at/namespace/mandates/20040701#");
        Element element = (Element) XPathAPI.selectSingleNode(mandateToElement, "//md:Mandate/md:Mandator", createElement);
        vector.add(new ExtendedSAMLAttributeImpl("Mandate", mandateToElement, "http://reference.e-government.gv.at/namespace/mandates/20040701#", 0));
        String extractMandatorWbpk = ParepUtils.extractMandatorWbpk(element);
        if (!ParepUtils.isEmpty(extractMandatorWbpk)) {
            if (!ParepUtils.isPhysicalPerson(element)) {
                String extractMandatorIdentificationType = ParepUtils.extractMandatorIdentificationType(element);
                if (!ParepUtils.isEmpty(extractMandatorIdentificationType) && extractMandatorIdentificationType.startsWith("urn:publicid:gv.at:baseid")) {
                    vector.add(new ExtendedSAMLAttributeImpl("MandatorDomainIdentifier", ParepUtils.getRegisterString(extractMandatorIdentificationType) + ": " + extractMandatorWbpk, "http://reference.e-government.gv.at/namespace/mandates/20040701#", 2));
                }
            } else if (z) {
                vector.add(new ExtendedSAMLAttributeImpl("MandatorWbpk", extractMandatorWbpk, "http://reference.e-government.gv.at/namespace/mandates/20040701#", 2));
            }
        }
        ExtendedSAMLAttribute[] extendedSAMLAttributeArr = new ExtendedSAMLAttribute[vector.size()];
        vector.copyInto(extendedSAMLAttributeArr);
        Logger.debug("ExtendedSAML Attributes: " + extendedSAMLAttributeArr.length);
        return extendedSAMLAttributeArr;
    }

    private static ExtendedSAMLAttribute[] addExtendedSamlAttributesOID(IMISMandate iMISMandate, boolean z) throws SAXException, IOException, ParserConfigurationException, TransformerException {
        Vector vector = new Vector();
        vector.clear();
        vector.add(new ExtendedSAMLAttributeImpl("RepresentationType", "Vollmachtsvertreter", "http://reference.e-government.gv.at/namespace/mandates/20040701#", 0));
        String profRep = iMISMandate.getProfRep();
        if (profRep != null) {
            vector.add(new ExtendedSAMLAttributeImpl("OID", profRep, "http://reference.e-government.gv.at/namespace/mandates/20040701#", 0));
            vector.add(new ExtendedSAMLAttributeImpl("OIDTextualDescription", iMISMandate.getTextualDescriptionOfOID(), "http://reference.e-government.gv.at/namespace/mandates/20040701#", 0));
        }
        ExtendedSAMLAttribute[] extendedSAMLAttributeArr = new ExtendedSAMLAttribute[vector.size()];
        vector.copyInto(extendedSAMLAttributeArr);
        Logger.debug("ExtendedSAML Attributes: " + extendedSAMLAttributeArr.length);
        return extendedSAMLAttributeArr;
    }

    private static Element mandateToElement(IMISMandate iMISMandate) throws SAXException, IOException, ParserConfigurationException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(iMISMandate.getMandate());
        Document parseDocumentSimple = DOMUtils.parseDocumentSimple(byteArrayInputStream);
        byteArrayInputStream.close();
        return parseDocumentSimple.getDocumentElement();
    }

    protected static void replaceExtendedSAMLAttribute(List<ExtendedSAMLAttribute> list, ExtendedSAMLAttribute extendedSAMLAttribute) {
        if (null == list) {
            new Vector();
            return;
        }
        String name = extendedSAMLAttribute.getName();
        int size = list.size();
        for (int i = 0; i < size; i++) {
            if (name.equals(list.get(i).getName())) {
                list.set(i, extendedSAMLAttribute);
                return;
            }
        }
        list.add(extendedSAMLAttribute);
    }

    public void verifyAuthenticationBlock(IRequest iRequest, IAuthenticationSession iAuthenticationSession, String str) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException, BKUException, EAAFBuilderException {
        if (iAuthenticationSession == null) {
            throw new AuthenticationException("auth.10", new Object[]{"VerifyAuthBlock", "MOASessionID"});
        }
        if (isEmpty(str)) {
            throw new AuthenticationException("auth.10", new Object[]{"VerifyAuthBlock", "XMLResponse"});
        }
        CreateXMLSignatureResponse parseResponse = new CreateXMLSignatureResponseParser(str).parseResponse();
        try {
            iAuthenticationSession.setAuthBlock(DOMUtils.serializeNode(parseResponse.getSamlAssertion()));
            if (iRequest.needSingleSignOnFunctionality()) {
                new CreateXMLSignatureResponseValidator().validateSSO(parseResponse, iAuthenticationSession, iRequest);
            } else {
                new CreateXMLSignatureResponseValidator().validate(parseResponse, iAuthenticationSession, iRequest, this.authConfig.getBasicConfigurationBoolean("configuration.validate.authblock.targetfriendlyname", true));
            }
            Element build = new VerifyXMLSignatureRequestBuilder().build(parseResponse, this.authConfig.getMoaSpAuthBlockVerifyTransformsInfoIDs(), this.authConfig.getMoaSpAuthBlockTrustProfileID(((IOAAuthParameters) iRequest.getServiceProviderConfiguration(IOAAuthParameters.class)).isUseAuthBlockTestTestStore()));
            Element verifyXMLSignature = SignatureVerificationInvoker.getInstance().verifyXMLSignature(build);
            IVerifiyXMLSignatureResponse parseData = new VerifyXMLSignatureResponseParser(verifyXMLSignature).parseData();
            if (Logger.isTraceEnabled() && verifyXMLSignature != null) {
                try {
                    String serializeNode = DOMUtils.serializeNode(verifyXMLSignature, true);
                    Logger.trace("Signature from BKU: " + new LogMsg(str));
                    Logger.trace("Signature verification request: " + new LogMsg(DOMUtils.serializeNode(build, true)));
                    Logger.trace("Signature verification result: " + new LogMsg(serializeNode));
                } catch (Throwable th) {
                    th.printStackTrace();
                    Logger.info(new LogMsg(th.getStackTrace()));
                }
            }
            VerifyXMLSignatureResponseValidator.getInstance().validate(parseData, (List) null, "AuthBlock", (IOAAuthParameters) iRequest.getServiceProviderConfiguration(IOAAuthParameters.class), this.authConfig);
            CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(parseResponse);
            try {
                VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(parseData, iAuthenticationSession.getIdentityLink());
                iAuthenticationSession.setXMLVerifySignatureResponse(parseData);
                iAuthenticationSession.setSignerCertificate(parseData.getX509certificate());
                parseData.setX509certificate((X509Certificate) null);
                iAuthenticationSession.setForeigner(false);
                iAuthenticationSession.setQAALevel("http://eidas.europa.eu/LoA/high");
                this.revisionsLogger.logEvent(iRequest, 4222);
                this.revisionsLogger.logPersonalInformationEvent(iRequest, iAuthenticationSession.getIdentityLink());
            } catch (ValidateException e) {
                Logger.error("Signature verification error. ", e);
                Logger.error("Signed Data: " + iAuthenticationSession.getAuthBlock());
                try {
                    Logger.error("VerifyRequest: " + DOMUtils.serializeNode(build));
                    Logger.error("VerifyResponse: " + DOMUtils.serializeNode(verifyXMLSignature));
                } catch (IOException e2) {
                    e2.printStackTrace();
                } catch (TransformerException e3) {
                    e3.printStackTrace();
                }
                throw e;
            }
        } catch (IOException e4) {
            throw new ParseException("parser.04", new Object[]{"VerifyAuthBlock", "XMLResponse"}, e4);
        } catch (TransformerException e5) {
            throw new ParseException("parser.04", new Object[]{"VerifyAuthBlock", "XMLResponse"}, e5);
        }
    }

    protected Element createIdentificationBPK(Element element, String str, String str2) throws BuildException, EAAFBuilderException {
        Element createElementNS = element.getOwnerDocument().createElementNS("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Identification");
        Element createElementNS2 = element.getOwnerDocument().createElementNS("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Value");
        new BPKBuilder();
        createElementNS2.appendChild(element.getOwnerDocument().createTextNode((String) BPKBuilder.generateAreaSpecificPersonIdentifier(str, str2).getFirst()));
        Element createElementNS3 = element.getOwnerDocument().createElementNS("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Type");
        createElementNS3.appendChild(element.getOwnerDocument().createTextNode("urn:publicid:gv.at:cdid+bpk"));
        createElementNS.appendChild(createElementNS2);
        createElementNS.appendChild(createElementNS3);
        return createElementNS;
    }

    protected String getBaseId(Element element) throws TransformerException, IOException {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Identification");
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            Element element2 = (Element) elementsByTagNameNS.item(i);
            if (((Element) element2.getElementsByTagNameNS("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Type").item(0)).getTextContent().compareToIgnoreCase("urn:publicid:gv.at:baseid") == 0) {
                return ((Element) element2.getElementsByTagNameNS("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Value").item(0)).getTextContent();
            }
        }
        return null;
    }

    public void getForeignAuthenticationData(IAuthenticationSession iAuthenticationSession) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException {
        if (iAuthenticationSession == null) {
            throw new AuthenticationException("auth.10", new Object[]{"VerifyAuthBlock", "MOASessionID"});
        }
        VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponse();
        verifyXMLSignatureResponse.setX509certificate(iAuthenticationSession.getSignerCertificate());
        iAuthenticationSession.setXMLVerifySignatureResponse(verifyXMLSignatureResponse);
        iAuthenticationSession.setSignerCertificate(verifyXMLSignatureResponse.getX509certificate());
        verifyXMLSignatureResponse.setX509certificate((X509Certificate) null);
        iAuthenticationSession.setForeigner(true);
    }

    private boolean isEmpty(String str) {
        return str == null || str.length() == 0;
    }

    protected static Object verifySAMLAttribute(ExtendedSAMLAttribute extendedSAMLAttribute, int i, String str, String str2) throws ValidateException {
        String name = extendedSAMLAttribute.getName();
        if (name == null) {
            Logger.info("The name of SAML-Attribute number " + (i + 1) + " returned from " + str + "-infobox validator is null.");
            throw new ValidateException("validator.45", new Object[]{str2, "Name", String.valueOf(i + 1), "null"});
        }
        if (name == "") {
            Logger.info("The name of SAML-Attribute number " + (i + 1) + " returned from " + str + "-infobox validator is empty.");
            throw new ValidateException("validator.45", new Object[]{str2, "Name", String.valueOf(i + 1), "leer"});
        }
        if (extendedSAMLAttribute.getNameSpace() == null) {
            Logger.info("The namespace of SAML-Attribute number " + (i + 1) + " returned from " + str + "-infobox validator is null.");
            throw new ValidateException("validator.45", new Object[]{str2, "Namespace", String.valueOf(i + 1), "null"});
        }
        Object value = extendedSAMLAttribute.getValue();
        if (value != null) {
            return value;
        }
        Logger.info("The value of SAML-Attribute number " + (i + 1) + " returned from " + str + "-infobox validator is null.");
        throw new ValidateException("validator.45", new Object[]{str2, "Wert", String.valueOf(i + 1), "null"});
    }

    public static X509Certificate getCertificateFromXML(Element element) throws CertificateException {
        CertificateException certificateException;
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "X509Certificate");
        String str = null;
        if (elementsByTagNameNS != null && elementsByTagNameNS.getLength() != 0) {
            str = elementsByTagNameNS.item(0).getTextContent();
        }
        if (StringUtils.isEmpty(str)) {
            Logger.error("XML does not contain a X509Certificate element.");
            throw new CertificateException("XML does not contain a X509Certificate element.");
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decode(str));
        try {
            try {
                return new X509Certificate(byteArrayInputStream);
            } finally {
            }
        } finally {
            try {
                byteArrayInputStream.close();
            } catch (IOException e) {
                Logger.warn("Close InputStream failed.", e);
            }
        }
    }
}
