package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks;

import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthRequestBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("CreateEidasCentrialAuthnRequestTask")
/* loaded from: input_file:at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.class */
public class CreateAuthnRequestTask extends AbstractAuthServletTask {

    @Autowired
    PVPAuthnRequestBuilder authnReqBuilder;

    @Autowired
    EidasCentralAuthCredentialProvider credential;

    @Autowired
    EidasCentralAuthMetadataProvider metadataService;

    public void execute(ExecutionContext executionContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws TaskExecutionException {
        try {
            this.revisionsLogger.logEvent(this.pendingReq, 6200);
            if (!Boolean.parseBoolean(this.pendingReq.getServiceProviderConfiguration().getConfigurationValue("auth.stork.enabled", String.valueOf(false)))) {
                Logger.info("eIDAS authentication is NOT enabled for OA: " + this.pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
                throw new MOAIDException("eIDAS authentication is NOT enabled for OA: " + this.pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(), (Object[]) null);
            }
            String centraleIDASNodeEntityId = Utils.getCentraleIDASNodeEntityId(this.pendingReq.getServiceProviderConfiguration(), this.authConfig);
            if (MiscUtil.isEmpty(centraleIDASNodeEntityId)) {
                Logger.info("eIDAS authentication not possible -> NO EntityID for central eIDAS node FOUND!");
                throw new MOAIDException("NO EntityID for central eIDAS node FOUND", (Object[]) null);
            }
            String basicConfiguration = this.authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_METADATAURL);
            if (MiscUtil.isNotEmpty(basicConfiguration)) {
                Logger.warn("Use not recommended metadata-provider initialization! SAML2 'Well-Known-Location' is the preferred methode.");
                Logger.info("Initialize 'ms-specific eIDAS node' metadata-provider with URL:" + basicConfiguration);
                this.metadataService.addMetadataWithMetadataURL(basicConfiguration);
            }
            EntityDescriptor entityDescriptor = this.metadataService.getEntityDescriptor(centraleIDASNodeEntityId);
            if (entityDescriptor == null) {
                Logger.error("Requested 'ms-specific eIDAS node' " + entityDescriptor + " has no valid metadata or metadata is not found");
                throw new MOAIDException("Requested 'ms-specific eIDAS node' " + entityDescriptor + " has no valid metadata or metadata is not found", (Object[]) null);
            }
            EidasCentralAuthRequestBuilderConfiguration eidasCentralAuthRequestBuilderConfiguration = new EidasCentralAuthRequestBuilderConfiguration();
            eidasCentralAuthRequestBuilderConfiguration.setRequestId(new SecureRandomIdentifierGenerator().generateIdentifier());
            eidasCentralAuthRequestBuilderConfiguration.setIdpEntity(entityDescriptor);
            eidasCentralAuthRequestBuilderConfiguration.setPassive(false);
            eidasCentralAuthRequestBuilderConfiguration.setSignCred(this.credential.getIDPAssertionSigningCredential());
            eidasCentralAuthRequestBuilderConfiguration.setSPEntityID(this.pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_METADATA);
            eidasCentralAuthRequestBuilderConfiguration.setQAA_Level(this.pendingReq.getServiceProviderConfiguration().getConfigurationValue("auth.stork.minqaalevel", EidasCentralAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL));
            eidasCentralAuthRequestBuilderConfiguration.setScopeRequesterId(this.pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
            eidasCentralAuthRequestBuilderConfiguration.setProviderName(this.pendingReq.getServiceProviderConfiguration().getFriendlyName());
            eidasCentralAuthRequestBuilderConfiguration.setRequestedAttributes(buildRequestedAttributes());
            this.authnReqBuilder.buildAuthnRequest(this.pendingReq, eidasCentralAuthRequestBuilderConfiguration, httpServletResponse);
            this.revisionsLogger.logEvent(this.pendingReq, 6201, eidasCentralAuthRequestBuilderConfiguration.getRequestID());
        } catch (Exception e) {
            Logger.error("Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED", e);
            throw new TaskExecutionException(this.pendingReq, e.getMessage(), e);
        } catch (MOAIDException e2) {
            throw new TaskExecutionException(this.pendingReq, e2.getMessage(), e2);
        } catch (MetadataProviderException e3) {
            throw new TaskExecutionException(this.pendingReq, "Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED.", new AuthnRequestBuildException("sp.pvp2.02", new Object[]{"'national central eIDASNode'"}, e3));
        } catch (MessageEncodingException | NoSuchAlgorithmException | SecurityException e4) {
            Logger.error("Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED", e4);
            throw new TaskExecutionException(this.pendingReq, e4.getMessage(), new AuthnRequestBuildException("sp.pvp2.13", new Object[]{"'national central eIDASNode'"}, e4));
        }
    }

    private List<EAAFRequestedAttribute> buildRequestedAttributes() {
        ArrayList arrayList = new ArrayList();
        OAAuthParameterDecorator oAAuthParameterDecorator = (OAAuthParameterDecorator) this.pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class);
        arrayList.add(SAML2Utils.generateReqAuthnAttributeSimple(PVPAttributeBuilder.buildEmptyAttribute("urn:oid:1.2.40.0.10.2.1.1.261.34"), true, oAAuthParameterDecorator.getAreaSpecificTargetIdentifier()));
        if (oAAuthParameterDecorator.isShowMandateCheckBox() && this.authConfig.getBasicConfigurationBoolean(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) {
            Logger.debug("SEMPER mode is active. Inject MandateProfiles into eIDAS MS-Connector request");
            arrayList.add(SAML2Utils.generateReqAuthnAttributeSimple(PVPAttributeBuilder.buildEmptyAttribute("urn:eidgvat:attributes.ServiceProviderMandateProfiles"), true, StringUtils.join(oAAuthParameterDecorator.getMandateProfiles(), ",")));
        }
        return arrayList;
    }
}
