package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;

import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator;
import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egiz.eid4u.api.attributes.Definitions;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants;
import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper;
import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthAction;
import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol;
import at.gv.egovernment.moa.id.util.CookieUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import com.google.common.collect.UnmodifiableIterator;
import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("CollectAddtionalAttributesTask")
/* loaded from: input_file:at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.class */
public class CollectAddtionalAttributesTask extends AbstractAuthServletTask {

    @Autowired
    private OAuth20AuthAction openIDAuthAction;

    @Autowired
    private ITransactionStorage transactionStorage;

    @Autowired
    private AuthenticationDataBuilder authDataBuilder;

    @Autowired(required = true)
    protected IConfigurationWithSP authConfigWithSp;

    public void execute(ExecutionContext executionContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws TaskExecutionException {
        try {
            executionContext.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, false);
            if (this.pendingReq instanceof EIDASData) {
                EIDASData eIDASData = this.pendingReq;
                Logger.debug("Find eIDAS Auth. Req. Check if eID4U attributes are requested ...");
                ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder();
                ImmutableAttributeMap eidasRequestedAttributes = eIDASData.getEidasRequestedAttributes();
                for (String str : Definitions.EID4UATTRIBUTEELIST) {
                    if (eidasRequestedAttributes.getAttributeValuesByNameUri(str) != null) {
                        Logger.debug("Find eID4U attr: " + str);
                        builder.put(eidasRequestedAttributes.getDefinitionByNameUri(str));
                    }
                }
                ImmutableAttributeMap build = builder.build();
                if (build == null || build.size() <= 0) {
                    Logger.debug("No eID4U attributes found. Skip eID4U attribute collection");
                } else {
                    Logger.info("Starting eID4U attribute collection process ... ");
                    executionContext.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, true);
                    String basicConfiguration = this.authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_ENTITYID);
                    String basicConfiguration2 = this.authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_URL);
                    String basicConfiguration3 = this.authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_SCOPES);
                    if (MiscUtil.isEmpty(basicConfiguration3)) {
                        basicConfiguration3 = mapReqAttributesIntoScopes(build);
                    }
                    if (MiscUtil.isEmpty(basicConfiguration3)) {
                        basicConfiguration3 = AttributeScopeMapper.EmailStud;
                        Logger.info("Add dummy-scope: '" + basicConfiguration3 + "' because its emtpy!!");
                    }
                    Logger.debug("Load eID4U AP-Config: EntityID: " + basicConfiguration + " RedirectURL:" + basicConfiguration2 + " Scopes: " + basicConfiguration3);
                    OAuth20AuthRequest oAuth20AuthRequest = new OAuth20AuthRequest();
                    oAuth20AuthRequest.initialize(httpServletRequest, this.authConfigWithSp);
                    oAuth20AuthRequest.setSPEntityId(basicConfiguration);
                    oAuth20AuthRequest.setModule(OAuth20Protocol.NAME);
                    oAuth20AuthRequest.setOnlineApplicationConfiguration(this.authConfigWithSp.getServiceProviderConfiguration(basicConfiguration));
                    oAuth20AuthRequest.setScope("openId profile");
                    oAuth20AuthRequest.setRawDataToTransaction(((AuthenticationSessionWrapper) this.pendingReq.getSessionData(AuthenticationSessionWrapper.class)).getKeyValueRepresentationFromAuthSession());
                    IAuthData buildAuthenticationData = this.authDataBuilder.buildAuthenticationData(oAuth20AuthRequest);
                    String nextHexRandom32 = Random.nextHexRandom32();
                    OAuth20SessionObject oAuth20SessionObject = new OAuth20SessionObject();
                    oAuth20SessionObject.setScope(oAuth20AuthRequest.getScope());
                    oAuth20SessionObject.setCode(nextHexRandom32);
                    oAuth20SessionObject.setAuthDataSession(this.openIDAuthAction.generateIDToken(oAuth20SessionObject, oAuth20AuthRequest, buildAuthenticationData, nextHexRandom32));
                    this.transactionStorage.put(nextHexRandom32, oAuth20SessionObject, -1);
                    httpServletResponse.setStatus(302);
                    String addURLParameter = addURLParameter(addURLParameter(addURLParameter(addURLParameter(basicConfiguration2, "openid_code", nextHexRandom32), "scope", basicConfiguration3), "state", this.pendingReq.getPendingRequestId()), "redirect_uri", this.pendingReq.getAuthURL() + eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN);
                    httpServletResponse.addHeader("Location", addURLParameter);
                    Logger.debug("REDIRECT TO: " + addURLParameter.toString());
                    CookieUtils.setCookie(httpServletRequest, httpServletResponse, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME, this.pendingReq.getPendingRequestId(), -1);
                    this.pendingReq.setRawDataToTransaction(eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, new BPKAttributeBuilder().build(oAuth20AuthRequest.getServiceProviderConfiguration(), buildAuthenticationData, new SimpleStringAttributeGenerator()));
                    this.requestStoreage.storePendingRequest(this.pendingReq);
                }
            } else {
                Logger.debug("No eIDAS Request found. Skip eID4U attribute collection");
            }
        } catch (Exception e) {
            Logger.error("eID4U AttributeProvider communication FAILED.", e);
            throw new TaskExecutionException(this.pendingReq, "eID4U AttributeProvider communication FAILED", e);
        }
    }

    private String mapReqAttributesIntoScopes(ImmutableAttributeMap immutableAttributeMap) {
        String str = "";
        UnmodifiableIterator it = immutableAttributeMap.entrySet().iterator();
        while (it.hasNext()) {
            String tUGScopesForAttribute = AttributeScopeMapper.getInstance().getTUGScopesForAttribute(((ImmutableAttributeMap.ImmutableAttributeEntry) it.next()).getKey().getNameUri().toString());
            str = str.isEmpty() ? tUGScopesForAttribute : str + AttributeScopeMapper.Scope_Delimiter + tUGScopesForAttribute;
        }
        return str;
    }
}
