package at.gv.egovernment.moa.id.auth.modules.eidas.config;

import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.UnmodifiableIterator;
import com.sun.istack.Nullable;
import eu.eidas.auth.commons.EidasErrorKey;
import eu.eidas.auth.commons.io.ReloadableProperties;
import eu.eidas.auth.engine.configuration.SamlEngineConfigurationException;
import eu.eidas.auth.engine.configuration.dom.EncryptionKey;
import eu.eidas.auth.engine.core.impl.CertificateValidator;
import eu.eidas.auth.engine.core.impl.KeyStoreSamlEngineEncryption;
import eu.eidas.auth.engine.xml.opensaml.CertificateUtil;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
import java.security.cert.X509Certificate;
import java.util.Map;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.class */
public class ModifiedEncryptionSW extends KeyStoreSamlEngineEncryption {
    private final ImmutableMap<String, String> properties;
    private final ReloadableProperties encryptionActivationProperties;

    private static ReloadableProperties initActivationConf(Map<String, String> map) {
        String str = (String) EncryptionKey.ENCRYPTION_ACTIVATION.getAsString(map);
        Logger.debug("File containing encryption configuration: \"" + str + "\"");
        return new ReloadableProperties(str, (String) null);
    }

    public ModifiedEncryptionSW(Map<String, String> map, String str) throws SamlEngineConfigurationException {
        super(map, (String) null);
        this.properties = ImmutableMap.copyOf(map);
        this.encryptionActivationProperties = initActivationConf(map);
    }

    @Nullable
    public X509Certificate getEncryptionCertificate(@Nullable String str) throws EIDASSAMLEngineException {
        if (!isEncryptionEnabled(str)) {
            return null;
        }
        String str2 = EncryptionKey.RESPONSE_TO_POINT_ISSUER_PREFIX.getKey() + str;
        String str3 = (String) this.properties.get(EncryptionKey.RESPONSE_TO_POINT_SERIAL_NUMBER_PREFIX.getKey() + str);
        String str4 = (String) this.properties.get(str2);
        if (!StringUtils.isNotBlank(str4)) {
            Logger.error("Encryption of SAML Response NOT done, because no \"" + str2 + "\" configured!");
            return null;
        }
        UnmodifiableIterator it = getEncryptionCertificates().iterator();
        while (it.hasNext()) {
            X509Certificate x509Certificate = (X509Certificate) it.next();
            if (CertificateUtil.matchesCertificate(str3, str4, x509Certificate)) {
                if (isDisallowedSelfSignedCertificate()) {
                    CertificateValidator.checkCertificateIssuer(x509Certificate);
                }
                if (isCheckedValidityPeriod()) {
                    CertificateValidator.checkCertificateValidityPeriod(x509Certificate);
                }
                return x509Certificate;
            }
        }
        throw new EIDASSAMLEngineException(EidasErrorKey.SAML_ENGINE_INVALID_CERTIFICATE.errorCode(), EidasErrorKey.SAML_ENGINE_INVALID_CERTIFICATE.errorMessage());
    }

    public boolean isEncryptionEnabled(String str) {
        try {
            Boolean isXMLSignatureSupported = AuthConfigurationProviderFactory.getInstance().getStorkConfig().getCPEPSWithCC(str).isXMLSignatureSupported();
            Logger.debug("eIDAS respone for country " + str + (isXMLSignatureSupported.booleanValue() ? " using encryption" : " do not use encrpytion"));
            return isXMLSignatureSupported.booleanValue();
        } catch (NullPointerException | ConfigurationException e) {
            try {
                return !Boolean.valueOf(AuthConfigurationProviderFactory.getInstance().getBasicConfiguration("moa.id.protocols.eIDAS.encryption.disabled", "false")).booleanValue();
            } catch (ConfigurationException e2) {
                Logger.warn("failed to gather information about encryption for countryCode " + str + " - thus, enabling encryption");
                if (!Logger.isDebugEnabled()) {
                    return true;
                }
                e.printStackTrace();
                return true;
            }
        }
    }
}
