package at.gv.egovernment.moa.id.protocols.eidas;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IAction;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeBuilder;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.logging.Logger;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.UnmodifiableIterator;
import eu.eidas.auth.commons.EidasStringUtil;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
import eu.eidas.auth.commons.attribute.AttributeValue;
import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
import eu.eidas.auth.commons.protocol.IResponseMessage;
import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.auth.engine.core.eidas.spec.RepresentativeLegalPersonSpec;
import eu.eidas.auth.engine.core.eidas.spec.RepresentativeNaturalPersonSpec;
import java.io.StringWriter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service("eIDASAuthenticationRequest")
/* loaded from: input_file:at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.class */
public class eIDASAuthenticationRequest implements IAction {

    @Autowired
    protected IRevisionLogger revisionsLogger;

    @Autowired(required = true)
    MOAeIDASChainingMetadataProvider eIDASMetadataProvider;

    public SLOInformationInterface processRequest(IRequest iRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IAuthData iAuthData) throws MOAIDException {
        if (!(iRequest instanceof EIDASData)) {
            throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[]{iRequest.getClass().toString(), EIDASData.class.toString()});
        }
        EIDASData eIDASData = (EIDASData) iRequest;
        ProtocolEngineI createSAMLEngine = SAMLEngineUtils.createSAMLEngine(this.eIDASMetadataProvider);
        ImmutableAttributeMap eidasRequestedAttributes = eIDASData.getEidasRequestedAttributes();
        if ((iAuthData instanceof IMOAAuthData) && ((IMOAAuthData) iAuthData).isUseMandate()) {
            Logger.trace("eMandates are used. Starting eIDAS requsted attr. update process ....");
            ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder(eidasRequestedAttributes);
            UnmodifiableIterator it = RepresentativeNaturalPersonSpec.REGISTRY.getAttributes().iterator();
            while (it.hasNext()) {
                AttributeDefinition attributeDefinition = (AttributeDefinition) it.next();
                if (!eIDASAttributeBuilder.getAllProvideableeIDASAttributes().contains(attributeDefinition.getNameUri().toString())) {
                    Logger.trace("eIDAS attribute: " + attributeDefinition.getNameUri().toString() + " is not providable by Austrian eIDAS node.");
                } else if (eidasRequestedAttributes.getDefinitionByNameUri(attributeDefinition.getNameUri()) == null) {
                    Logger.debug("Add eIDAS attr: " + attributeDefinition.getNameUri().toString() + " to requested attributes");
                    builder.put(AttributeDefinition.builder(attributeDefinition).required(false).build());
                }
            }
            UnmodifiableIterator it2 = RepresentativeLegalPersonSpec.REGISTRY.getAttributes().iterator();
            while (it2.hasNext()) {
                AttributeDefinition attributeDefinition2 = (AttributeDefinition) it2.next();
                if (!eIDASAttributeBuilder.getAllProvideableeIDASAttributes().contains(attributeDefinition2.getNameUri().toString())) {
                    Logger.trace("eIDAS attribute: " + attributeDefinition2.getNameUri().toString() + " is not providable by Austrian eIDAS node.");
                } else if (eidasRequestedAttributes.getDefinitionByNameUri(attributeDefinition2.getNameUri()) == null) {
                    Logger.debug("Add eIDAS attr: " + attributeDefinition2.getNameUri().toString() + " to requested attributes");
                    builder.put(AttributeDefinition.builder(attributeDefinition2).required(false).build());
                }
            }
            eidasRequestedAttributes = builder.build();
            Logger.trace("eIDAS requsted attr. update process finished");
        }
        Logger.trace("Starting eIDAS response generation ....");
        ImmutableAttributeMap.Builder builder2 = ImmutableAttributeMap.builder();
        UnmodifiableIterator it3 = eidasRequestedAttributes.getDefinitions().iterator();
        while (it3.hasNext()) {
            buildAndAddAttribute(builder2, (AttributeDefinition) it3.next(), eIDASData, iAuthData);
        }
        ImmutableAttributeMap build = builder2.build();
        AuthenticationResponse.Builder builder3 = new AuthenticationResponse.Builder();
        builder3.id(eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils.generateNCName());
        builder3.inResponseTo(eIDASData.getEidasRequest().getId());
        builder3.issuer(iRequest.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
        builder3.levelOfAssurance(iAuthData.getEIDASQAALevel());
        builder3.attributes(build);
        builder3.statusCode("urn:oasis:names:tc:SAML:2.0:status:Success");
        try {
            IResponseMessage generateResponseMessage = createSAMLEngine.generateResponseMessage(eIDASData.getEidasRequest(), builder3.build(), true, eIDASData.getRemoteAddress());
            String encodeToBase64 = EidasStringUtil.encodeToBase64(generateResponseMessage.getMessageBytes());
            this.revisionsLogger.logEvent(iRequest, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHRESPONSE, generateResponseMessage.getResponse().getId());
            try {
                Template template = VelocityProvider.getClassPathVelocityEngine().getTemplate("/resources/templates/eidas_postbinding_template.vm");
                VelocityContext velocityContext = new VelocityContext();
                velocityContext.put("RelayState", eIDASData.getRemoteRelayState());
                velocityContext.put("SAMLResponse", encodeToBase64);
                Logger.debug("SAMLResponse original: " + encodeToBase64);
                Logger.debug("Putting assertion consumer url as action: " + eIDASData.getEidasRequest().getAssertionConsumerServiceURL());
                velocityContext.put("action", eIDASData.getEidasRequest().getAssertionConsumerServiceURL());
                Logger.trace("Starting template merge");
                StringWriter stringWriter = new StringWriter();
                Logger.trace("Doing template merge");
                template.merge(velocityContext, stringWriter);
                Logger.trace("Template merge done");
                byte[] bytes = stringWriter.getBuffer().toString().getBytes("UTF-8");
                httpServletResponse.setContentType("text/html; charset=UTF-8");
                httpServletResponse.setContentLength(bytes.length);
                httpServletResponse.getOutputStream().write(bytes);
                SLOInformationImpl sLOInformationImpl = null;
                try {
                    sLOInformationImpl = new SLOInformationImpl(iRequest.getAuthURL(), eIDASData.getEidasRequest().getIssuer(), (String) null, (String) null, eIDASData.getEidasRequest().getNameIdFormat(), EIDASProtocol.NAME);
                } catch (Exception e) {
                    Logger.error("Can not generate container with SSO information!", e);
                }
                return sLOInformationImpl;
            } catch (Exception e2) {
                Logger.error("Velocity error: " + e2.getMessage());
                throw new MOAIDException("eIDAS.13", new Object[]{e2.getMessage()}, e2);
            }
        } catch (Exception e3) {
            Logger.error("eIDAS Response encoding error.", e3);
            throw new MOAIDException("eIDAS.13", new Object[]{e3.getMessage()}, e3);
        }
    }

    public boolean needAuthentication(IRequest iRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return true;
    }

    public String getDefaultActionName() {
        return "eIDAS_AuthnRequest";
    }

    private void buildAndAddAttribute(ImmutableAttributeMap.Builder builder, AttributeDefinition<?> attributeDefinition, IRequest iRequest, IAuthData iAuthData) throws MOAIDException {
        Pair<?, ImmutableSet<AttributeValue<?>>> buildAttribute = eIDASAttributeBuilder.buildAttribute(attributeDefinition, iRequest.getServiceProviderConfiguration(), iAuthData);
        if (buildAttribute != null) {
            builder.put((AttributeDefinition) buildAttribute.getFirst(), (ImmutableSet) buildAttribute.getSecond());
        } else if (attributeDefinition.isRequired()) {
            Logger.info("eIDAS Attr:" + attributeDefinition.getNameUri() + " is marked as 'Required' but not available.");
        } else {
            Logger.debug("eIDAS Attr:" + attributeDefinition.getNameUri() + " is not available.");
        }
    }
}
