package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;

import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesRequestBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("RequestELGAMandateTask")
/* loaded from: input_file:at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.class */
public class RequestELGAMandateTask extends AbstractAuthServletTask {

    @Autowired
    PVPAuthnRequestBuilder authnReqBuilder;

    @Autowired
    ELGAMandatesCredentialProvider credential;

    @Autowired
    AuthConfiguration authConfig;

    @Autowired
    ELGAMandateServiceMetadataProvider metadataService;

    public void execute(ExecutionContext executionContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws TaskExecutionException {
        String str;
        try {
            String configurationValue = this.pendingReq.getServiceProviderConfiguration().getConfigurationValue(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID);
            if (MiscUtil.isEmpty(configurationValue)) {
                Logger.info("No Online-Application specific ELGA Mandate-Service found. Use first entry in general MOA-ID configuration");
                List listOfCSVValues = KeyValueUtils.getListOfCSVValues(this.authConfig.getConfigurationWithKey("moa.id.general.modules.elga_mandate.service.entityID"));
                if (listOfCSVValues.size() > 0) {
                    configurationValue = (String) listOfCSVValues.get(0);
                }
            }
            if (MiscUtil.isEmpty(configurationValue)) {
                Logger.info("Connect ELGA Mandate-Service FAILED -> not EntityID found!");
                throw new TaskExecutionException(this.pendingReq, "Connect ELGA Mandate-Service FAILED", new MOAIDException("service.10", new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "Not EntityID found"}));
            }
            String basicConfiguration = this.authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL);
            if (MiscUtil.isNotEmpty(basicConfiguration)) {
                Logger.warn("Use not recommended metadata-provider initialization! SAML2 'Well-Known-Location' is the preferred methode.");
                Logger.info("Initialize ELGA Mandate-Service metadata-provider with URL:" + basicConfiguration);
                this.metadataService.addMetadataWithMetadataURL(basicConfiguration);
            }
            EntityDescriptor entityDescriptor = this.metadataService.getEntityDescriptor(configurationValue);
            AuthenticationSessionWrapper authenticationSessionWrapper = (AuthenticationSessionWrapper) this.pendingReq.getSessionData(AuthenticationSessionWrapper.class);
            ELGAMandatesRequestBuilderConfiguration eLGAMandatesRequestBuilderConfiguration = new ELGAMandatesRequestBuilderConfiguration();
            eLGAMandatesRequestBuilderConfiguration.setIdpEntity(entityDescriptor);
            eLGAMandatesRequestBuilderConfiguration.setPassive(false);
            eLGAMandatesRequestBuilderConfiguration.setSignCred(this.credential.getIDPAssertionSigningCredential());
            eLGAMandatesRequestBuilderConfiguration.setSPEntityID(this.pendingReq.getAuthURL() + ELGAMandatesAuthConstants.ENDPOINT_METADATA);
            String basicConfiguration2 = this.authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_SUBJECTNAMEID_TARGET);
            if (MiscUtil.isEmpty(basicConfiguration2)) {
                Logger.warn("Connect ELGA Mandate-Service FAILED -> No bPK-Type for SubjectNameID found.");
                throw new MOAIDException("service.10", new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "No bPK-Type for SubjectNameID found in configuration."});
            }
            if (!basicConfiguration2.startsWith("urn:publicid:gv.at:cdid")) {
                Logger.warn("Connect ELGA Mandate-Service FAILED -> bPK-Type for SubjectNameID has wrong format.");
                throw new MOAIDException("service.10", new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "bPK-Type for SubjectNameID has wrong format."});
            }
            if (authenticationSessionWrapper.getIdentityLink() == null) {
                Logger.error("Connect ELGA Mandate-Service FAILED -> NO identityLink in moaSession DAO");
                throw new MOAIDException("service.10", new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "NO identityLink in moaSession DAO."});
            }
            String identificationType = authenticationSessionWrapper.getIdentityLink().getIdentificationType();
            String identificationValue = authenticationSessionWrapper.getIdentityLink().getIdentificationValue();
            if (identificationType.startsWith("urn:publicid:gv.at:baseid")) {
                new BPKBuilder();
                str = (String) BPKBuilder.generateAreaSpecificPersonIdentifier(identificationValue, basicConfiguration2).getFirst();
            } else {
                Logger.debug("No 'SourcePin' found for representative. Check sourcePinType against target from configuration.");
                if (!basicConfiguration2.equals(identificationType)) {
                    Logger.warn("Connect ELGA Mandate-Service FAILED -> Generate bPK for configurated bPK-Type is not possible.");
                    throw new MOAIDException("service.10", new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "Generate bPK for configurated bPK-Type is not possible."});
                }
                str = identificationValue;
            }
            String str2 = null;
            if (basicConfiguration2.startsWith("urn:publicid:gv.at:wbpk")) {
                str2 = basicConfiguration2.substring("urn:publicid:gv.at:wbpk+".length());
            } else if (basicConfiguration2.startsWith("urn:publicid:gv.at:cdid")) {
                str2 = basicConfiguration2.substring("urn:publicid:gv.at:cdid+".length());
            }
            if (str2 == null) {
                throw new MOAIDException("service.10", new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "Configurated bPK-Type is wrong."});
            }
            eLGAMandatesRequestBuilderConfiguration.setSubjectNameID(str2 + ":" + str);
            eLGAMandatesRequestBuilderConfiguration.setRequestID(authenticationSessionWrapper.getMandateReferenceValue());
            this.pendingReq.setRawDataToTransaction("authnReqID", eLGAMandatesRequestBuilderConfiguration.getRequestID());
            eLGAMandatesRequestBuilderConfiguration.setSubjectConformationDate(authenticationSessionWrapper.getIdentityLink().getGivenName(), authenticationSessionWrapper.getIdentityLink().getFamilyName(), authenticationSessionWrapper.getIdentityLink().getDateOfBirth());
            this.requestStoreage.storePendingRequest(this.pendingReq);
            this.authnReqBuilder.buildAuthnRequest(this.pendingReq, eLGAMandatesRequestBuilderConfiguration, httpServletResponse);
            this.revisionsLogger.logEvent(this.pendingReq, 6004, configurationValue);
            this.revisionsLogger.logEvent(this.pendingReq, 6000, authenticationSessionWrapper.getMandateReferenceValue());
        } catch (Exception e) {
            Logger.error("Build PVP2.1 AuthnRequest for ELGA Mandate-Service FAILED", e);
            throw new TaskExecutionException(this.pendingReq, e.getMessage(), e);
        } catch (MessageEncodingException | NoSuchAlgorithmException | SecurityException e2) {
            Logger.error("Build PVP2.1 AuthnRequest for ELGA Mandate-Service FAILED", e2);
            throw new TaskExecutionException(this.pendingReq, e2.getMessage(), e2);
        } catch (MOAIDException e3) {
            throw new TaskExecutionException(this.pendingReq, "Build PVP2.1 AuthnRequest for ELGA Mandate-Service FAILED.", e3);
        } catch (MetadataProviderException e4) {
            throw new TaskExecutionException(this.pendingReq, "ELGA Mandate-Service metadata problem", new ELGAMetadataException("service.10", new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, e4.getMessage()}, e4));
        }
    }
}
