package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;

import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.data.Trible;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.engine.core.eidas.spec.RepresentativeNaturalPersonSpec;
import java.security.MessageDigest;

@eIDASMetadata
/* loaded from: input_file:at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.class */
public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNaturalPersonBPKAttributeBuilder implements IeIDASAttribute {
    public String getName() {
        return RepresentativeNaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri().toString();
    }

    public <ATT> ATT build(ISPConfiguration iSPConfiguration, IAuthData iAuthData, IAttributeGenerator<ATT> iAttributeGenerator) throws AttributeBuilderException {
        try {
            Pair bpkForSp = getBpkForSp(iSPConfiguration, iAuthData);
            if (bpkForSp == null) {
                return null;
            }
            String str = (String) bpkForSp.getFirst();
            String str2 = (String) bpkForSp.getSecond();
            if (!eIDASAttributeProcessingUtils.validateEidasPersonalIdentifier(str)) {
                Logger.debug("preCalculated PersonalIdentifier does not include eIDAS conform prefixes ... add prefix now");
                if (MiscUtil.isEmpty(str2) || !str2.startsWith("urn:publicid:gv.at:eidasid")) {
                    Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + iAuthData.getBPKType());
                    throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation");
                }
                str = iAuthData.getBPKType().substring("urn:publicid:gv.at:eidasid".length() + 1).replaceAll("\\+", "/") + "/" + str;
            }
            Boolean bool = (Boolean) iAuthData.getGenericData(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, Boolean.class);
            if (bool != null && bool.booleanValue()) {
                str = generateTransientNameID(str);
            }
            return (ATT) iAttributeGenerator.buildStringAttribute((String) null, getName(), str);
        } catch (Exception e) {
            Logger.info("Can not generate eIDAS attr: " + getName() + ". Reason:" + e.getMessage());
            return null;
        }
    }

    public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> iAttributeGenerator) {
        return null;
    }

    private String generateTransientNameID(String str) {
        Trible<String, String, String> parseEidasPersonalIdentifier = eIDASAttributeProcessingUtils.parseEidasPersonalIdentifier(str);
        if (parseEidasPersonalIdentifier == null) {
            Logger.error("eIDAS 'PersonalIdentifier' has a wrong format. There had to be a ERROR in implementation!!!!");
            throw new IllegalStateException("eIDAS 'PersonalIdentifier' has a wrong format. There had to be a ERROR in implementation!!!!");
        }
        try {
            return ((String) parseEidasPersonalIdentifier.getFirst()) + "/" + ((String) parseEidasPersonalIdentifier.getSecond()) + "/" + Base64Utils.encode(MessageDigest.getInstance("SHA-1").digest((((String) parseEidasPersonalIdentifier.getThird()) + Random.nextLongRandom()).getBytes("ISO-8859-1")));
        } catch (Exception e) {
            Logger.error("Can not generate transient personal identifier!", e);
            return null;
        }
    }
}
