package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;

import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASResponseNotSuccessException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.protocols.eidas.validator.eIDASResponseValidator;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.commons.EidasStringUtil;
import eu.eidas.auth.commons.protocol.IAuthenticationResponse;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("ReceiveAuthnResponseTask")
/* loaded from: input_file:at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.class */
public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {

    @Autowired(required = true)
    MOAeIDASChainingMetadataProvider eIDASMetadataProvider;

    public void execute(ExecutionContext executionContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws TaskExecutionException {
        try {
            String parameter = httpServletRequest.getParameter("SAMLResponse");
            if (MiscUtil.isEmpty(parameter)) {
                Logger.warn("No eIDAS SAMLReponse found in http request.");
                throw new MOAIDException("HTTP request includes no eIDAS SAML-Response element.", (Object[]) null);
            }
            byte[] decodeBytesFromBase64 = EidasStringUtil.decodeBytesFromBase64(parameter);
            IAuthenticationResponse unmarshallResponseAndValidate = SAMLEngineUtils.createSAMLEngine(this.eIDASMetadataProvider).unmarshallResponseAndValidate(decodeBytesFromBase64, httpServletRequest.getRemoteHost(), Constants.CONFIG_PROPS_SKEWTIME_BEFORE, Constants.CONFIG_PROPS_SKEWTIME_AFTER, this.pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA, (Collection) null, false);
            if (unmarshallResponseAndValidate.isEncrypted()) {
                Logger.info("Received encrypted eIDAS SAML-Response.");
            }
            if (!unmarshallResponseAndValidate.getStatusCode().equals("urn:oasis:names:tc:SAML:2.0:status:Success")) {
                Logger.info("Receice eIDAS Response with StatusCode:" + unmarshallResponseAndValidate.getStatusCode() + " Subcode:" + unmarshallResponseAndValidate.getSubStatusCode() + " Msg:" + unmarshallResponseAndValidate.getStatusMessage());
                throw new EIDASResponseNotSuccessException("eIDAS.11", new Object[]{unmarshallResponseAndValidate.getStatusMessage()});
            }
            eIDASResponseValidator.validateResponse(this.pendingReq, unmarshallResponseAndValidate, this.authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"));
            Logger.debug("Store eIDAS response information into MOA-session.");
            AuthenticationSessionWrapper authenticationSessionWrapper = (AuthenticationSessionWrapper) this.pendingReq.getSessionData(AuthenticationSessionWrapper.class);
            authenticationSessionWrapper.setGenericDataToSession("direct_qaaLevel", unmarshallResponseAndValidate.getLevelOfAssurance());
            authenticationSessionWrapper.setGenericDataToSession("eIDAS_attributeList", unmarshallResponseAndValidate.getAttributes());
            authenticationSessionWrapper.setGenericDataToSession("eIDAS_response", decodeBytesFromBase64);
            authenticationSessionWrapper.setGenericDataToSession("urn:oid:1.2.40.0.10.2.1.1.261.32", unmarshallResponseAndValidate.getCountry());
            this.requestStoreage.storePendingRequest(this.pendingReq);
            this.revisionsLogger.logEvent(this.pendingReq, 6102, unmarshallResponseAndValidate.getId());
        } catch (Exception e) {
            Logger.warn("eIDAS Response processing FAILED.", e);
            this.revisionsLogger.logEvent(this.pendingReq, 6103);
            throw new TaskExecutionException(this.pendingReq, e.getMessage(), new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e));
        } catch (MOADatabaseException e2) {
            this.revisionsLogger.logEvent(this.pendingReq, 6103);
            throw new TaskExecutionException(this.pendingReq, "eIDAS Response processing FAILED.", new MOAIDException("init.04", new Object[]{""}, e2));
        } catch (EIDASSAMLEngineException e3) {
            Logger.warn("eIDAS Response validation FAILED.", e3);
            Logger.debug("eIDAS response was: " + httpServletRequest.getParameter("SAMLResponse"));
            this.revisionsLogger.logEvent(this.pendingReq, 6103);
            throw new TaskExecutionException(this.pendingReq, "eIDAS Response processing FAILED.", new EIDASEngineException("eIDAS.09", new Object[]{e3.getMessage()}, e3));
        } catch (MOAIDException e4) {
            throw new TaskExecutionException(this.pendingReq, "eIDAS Response processing FAILED.", e4);
        }
    }
}
