package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.tasks;

import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.config.EIDAuthRequestBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthCredentialProvider;
import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.Utils;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import java.security.NoSuchAlgorithmException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("CreateEIDSystemAuthnRequestTask")
/* loaded from: input_file:at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.class */
public class CreateAuthnRequestTask extends AbstractAuthServletTask {

    @Autowired
    PVPAuthnRequestBuilder authnReqBuilder;

    @Autowired
    EIDAuthCredentialProvider credential;

    @Autowired
    EIDAuthMetadataProvider metadataService;

    public void execute(ExecutionContext executionContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws TaskExecutionException {
        try {
            this.revisionsLogger.logEvent(this.pendingReq, 6300);
            String eIDSystemEntityId = Utils.getEIDSystemEntityId(this.pendingReq.getServiceProviderConfiguration(), this.authConfig);
            if (MiscUtil.isEmpty(eIDSystemEntityId)) {
                Logger.info("E-ID authentication not possible -> NO EntityID for E-ID System FOUND!");
                throw new MOAIDException("NO EntityID for E-ID System FOUND", (Object[]) null);
            }
            String basicConfiguration = this.authConfig.getBasicConfiguration(EIDProxyAuthConstants.CONFIG_PROPS_NODE_METADATAURL);
            if (MiscUtil.isNotEmpty(basicConfiguration)) {
                Logger.warn("Use not recommended metadata-provider initialization! SAML2 'Well-Known-Location' is the preferred methode.");
                Logger.info("Initialize 'E-ID System' metadata-provider with URL:" + basicConfiguration);
                this.metadataService.addMetadataWithMetadataURL(basicConfiguration);
            }
            EntityDescriptor entityDescriptor = this.metadataService.getEntityDescriptor(eIDSystemEntityId);
            if (entityDescriptor == null) {
                Logger.error("Requested 'E-ID System' " + entityDescriptor + " has no valid metadata or metadata is not found");
                throw new MOAIDException("Requested 'E-ID System' " + entityDescriptor + " has no valid metadata or metadata is not found", (Object[]) null);
            }
            EIDAuthRequestBuilderConfiguration eIDAuthRequestBuilderConfiguration = new EIDAuthRequestBuilderConfiguration();
            eIDAuthRequestBuilderConfiguration.setRequestId(new SecureRandomIdentifierGenerator().generateIdentifier());
            eIDAuthRequestBuilderConfiguration.setIdpEntity(entityDescriptor);
            eIDAuthRequestBuilderConfiguration.setPassive(false);
            eIDAuthRequestBuilderConfiguration.setSignCred(this.credential.getIDPAssertionSigningCredential());
            eIDAuthRequestBuilderConfiguration.setSPEntityID(this.pendingReq.getAuthURL() + EIDProxyAuthConstants.ENDPOINT_METADATA);
            eIDAuthRequestBuilderConfiguration.setScopeRequesterId(Utils.getEidSystemApplicationId(this.pendingReq.getServiceProviderConfiguration(), this.pendingReq.getAuthURL(), this.authConfig));
            this.authnReqBuilder.buildAuthnRequest(this.pendingReq, eIDAuthRequestBuilderConfiguration, httpServletResponse);
            this.revisionsLogger.logEvent(this.pendingReq, 6301, eIDAuthRequestBuilderConfiguration.getRequestID());
        } catch (MessageEncodingException | NoSuchAlgorithmException | SecurityException e) {
            Logger.error("Build PVP2.1 AuthnRequest to connect 'E-ID System' FAILED", e);
            throw new TaskExecutionException(this.pendingReq, e.getMessage(), new AuthnRequestBuildException("sp.pvp2.13", new Object[]{"'E-ID System'"}, e));
        } catch (MOAIDException e2) {
            throw new TaskExecutionException(this.pendingReq, e2.getMessage(), e2);
        } catch (Exception e3) {
            Logger.error("Build PVP2.1 AuthnRequest to connect 'E-ID System' FAILED", e3);
            throw new TaskExecutionException(this.pendingReq, e3.getMessage(), e3);
        } catch (MetadataProviderException e4) {
            throw new TaskExecutionException(this.pendingReq, "Build PVP2.1 AuthnRequest to connect 'E-ID System' FAILED.", new AuthnRequestBuildException("sp.pvp2.02", new Object[]{"'E-ID System'"}, e4));
        }
    }
}
