package at.gv.egovernment.moa.id.protocols.oauth20.protocol;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IAction;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OpenIdExpirationTimeAttribute;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil;
import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken;
import at.gv.egovernment.moa.logging.Logger;
import java.security.SignatureException;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service("OAuth20AuthAction")
/* loaded from: input_file:at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.class */
public class OAuth20AuthAction implements IAction {

    @Autowired
    protected IRevisionLogger revisionsLogger;

    @Autowired
    protected ITransactionStorage transactionStorage;

    public SLOInformationInterface processRequest(IRequest iRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IAuthData iAuthData) throws MOAIDException {
        OAuth20AuthRequest oAuth20AuthRequest = (OAuth20AuthRequest) iRequest;
        String responseType = oAuth20AuthRequest.getResponseType();
        this.revisionsLogger.logEvent(iRequest, 3200);
        String nextHexRandom32 = Random.nextHexRandom32();
        try {
            String uuid = UUID.randomUUID().toString();
            Logger.debug("Build OAuth20SessionObject from authenticationData.");
            OAuth20SessionObject oAuth20SessionObject = new OAuth20SessionObject();
            if (responseType.equals(OAuth20Constants.RESPONSE_CODE)) {
                oAuth20SessionObject.setScope(oAuth20AuthRequest.getScope());
                oAuth20SessionObject.setCode(nextHexRandom32);
                oAuth20SessionObject.setAuthDataSession(generateIDToken(oAuth20SessionObject, oAuth20AuthRequest, iAuthData, uuid));
            } else if (responseType.equals(OAuth20Constants.RESPONSE_TOKEN)) {
                throw new OAuth20ResponseTypeException();
            }
            this.transactionStorage.put(nextHexRandom32, oAuth20SessionObject, -1);
            Logger.debug("Saved OAuth20SessionObject in session with id: " + nextHexRandom32);
            httpServletResponse.setStatus(302);
            String addURLParameter = addURLParameter(addURLParameter(oAuth20AuthRequest.getRedirectUri(), OAuth20Constants.RESPONSE_CODE, nextHexRandom32), OAuth20Constants.PARAM_STATE, oAuth20AuthRequest.getState());
            httpServletResponse.addHeader("Location", addURLParameter);
            Logger.debug("REDIRECT TO: " + addURLParameter.toString());
            return new SLOInformationImpl(iRequest.getAuthURL(), iRequest.getServiceProviderConfiguration().getUniqueIdentifier(), uuid, (String) null, (String) null, iRequest.requestedModule());
        } catch (Exception e) {
            Logger.warn("An error occur during OpenID-Connect idToken generation.", e);
            if (this.transactionStorage.containsKey(nextHexRandom32)) {
                this.transactionStorage.remove(nextHexRandom32);
            }
            if (e instanceof OAuth20Exception) {
                throw ((OAuth20Exception) e);
            }
            throw new OAuth20ServerErrorException();
        }
    }

    public Map<String, Object> generateIDToken(OAuth20SessionObject oAuth20SessionObject, OAuth20AuthRequest oAuth20AuthRequest, IAuthData iAuthData, String str) throws SignatureException, MOAIDException {
        HashMap hashMap = new HashMap();
        hashMap.put(OAuth20Constants.RESPONSE_ACCESS_TOKEN, str);
        hashMap.put(OAuth20Constants.RESPONSE_TOKEN_TYPE, OAuth20Constants.RESPONSE_TOKEN_TYPE_VALUE_BEARER);
        hashMap.put(OAuth20Constants.RESPONSE_EXPIRES_IN, Integer.valueOf(OpenIdExpirationTimeAttribute.expirationTime));
        Pair<String, String> buildIdToken = buildIdToken(oAuth20SessionObject.getScope(), oAuth20AuthRequest, iAuthData);
        hashMap.put(OAuth20Constants.RESPONSE_ID_TOKEN, buildIdToken.getFirst());
        hashMap.put(OAuth20Constants.PARAM_SCOPE, buildIdToken.getSecond());
        Logger.debug("OpenID-Connect ID_TOKEN completed");
        Logger.trace("RESPONSE ID_TOKEN: " + ((String) buildIdToken.getFirst()));
        Logger.trace("RESPONSE SCOPE: " + ((String) buildIdToken.getSecond()));
        return hashMap;
    }

    private Pair<String, String> buildIdToken(String str, OAuth20AuthRequest oAuth20AuthRequest, IAuthData iAuthData) throws MOAIDException, SignatureException {
        ISPConfiguration serviceProviderConfiguration = oAuth20AuthRequest.getServiceProviderConfiguration();
        OAuthJsonToken oAuthJsonToken = new OAuthJsonToken(OAuth20SignatureUtil.loadSigner(iAuthData.getAuthenticationIssuer()));
        StringBuilder sb = new StringBuilder();
        OAuth20AttributeBuilder.addScopeOpenId(oAuthJsonToken.getPayloadAsJsonObject(), serviceProviderConfiguration, iAuthData, oAuth20AuthRequest);
        sb.append("openId");
        if (str != null) {
            for (String str2 : str.split(" ")) {
                if (str2.equalsIgnoreCase("profile")) {
                    OAuth20AttributeBuilder.addScopeProfile(oAuthJsonToken.getPayloadAsJsonObject(), serviceProviderConfiguration, iAuthData);
                    sb.append(" profile");
                } else if (str2.equalsIgnoreCase("eID")) {
                    OAuth20AttributeBuilder.addScopeEID(oAuthJsonToken.getPayloadAsJsonObject(), serviceProviderConfiguration, iAuthData);
                    sb.append(" eID");
                } else if (str2.equalsIgnoreCase("eID_gov")) {
                    OAuth20AttributeBuilder.addScopeEIDGov(oAuthJsonToken.getPayloadAsJsonObject(), serviceProviderConfiguration, iAuthData);
                    sb.append(" eID_gov");
                } else if (str2.equalsIgnoreCase("mandate")) {
                    OAuth20AttributeBuilder.addScopeMandate(oAuthJsonToken.getPayloadAsJsonObject(), serviceProviderConfiguration, iAuthData);
                    sb.append(" mandate");
                } else if (str2.equalsIgnoreCase("stork")) {
                    OAuth20AttributeBuilder.addScopeSTORK(oAuthJsonToken.getPayloadAsJsonObject(), serviceProviderConfiguration, iAuthData);
                    sb.append(" stork");
                }
            }
        }
        return Pair.newInstance(oAuthJsonToken.serializeAndSign(), sb.toString());
    }

    public boolean needAuthentication(IRequest iRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return true;
    }

    private String addURLParameter(String str, String str2, String str3) {
        String str4 = str2 + "=" + str3;
        return str.indexOf("?") < 0 ? str + "?" + str4 : str + "&" + str4;
    }

    public String getDefaultActionName() {
        return OAuth20Protocol.AUTH_ACTION;
    }
}
