package at.gv.egovernment.moa.id.protocols.saml1;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.URLEncoder;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
/* loaded from: input_file:at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.class */
public class SAML1Protocol extends AbstractController implements IModulInfo {

    @Autowired
    private SAML1AuthenticationServer saml1AuthServer;
    public static final String REQ_DATA_SOURCEID = "saml1_sourceID";
    public static final String REQ_DATA_TARGET = "saml1_target";
    public static final String PATH = "id_saml1";
    public static final String GETARTIFACT = "GetArtifact";

    @Autowired(required = true)
    AuthConfiguration moaAuthConfig;
    public static final String NAME = SAML1Protocol.class.getName();
    public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList("urn:oid:1.2.40.0.10.2.1.1.149", "urn:oid:1.2.40.0.10.2.1.1.261.34", "urn:oid:2.5.4.42", "urn:oid:1.2.40.0.10.2.1.1.261.20", "urn:oid:1.2.40.0.10.2.1.1.55", "urn:oid:1.2.40.0.10.2.1.1.261.64", "urn:oid:1.2.40.0.10.2.1.1.261.94", "urn:oid:1.2.40.0.10.2.1.1.261.38", "urn:oid:1.2.40.0.10.2.1.1.261.36", "urn:oid:1.2.40.0.10.2.1.1.261.104");

    public String getName() {
        return NAME;
    }

    public String getAuthProtocolIdentifier() {
        return PATH;
    }

    @RequestMapping(value = {"/StartAuthentication"}, method = {RequestMethod.POST, RequestMethod.GET})
    public void SAML1AuthnRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, EAAFException {
        if (!this.moaAuthConfig.getAllowedProtocols().isSAML1Active()) {
            Logger.info("SAML1 is deaktivated!");
            throw new ProtocolNotActiveException("auth.22", new Object[]{"SAML 1"});
        }
        SAML1RequestImpl sAML1RequestImpl = (SAML1RequestImpl) this.applicationContext.getBean(SAML1RequestImpl.class);
        sAML1RequestImpl.initialize(httpServletRequest, this.authConfig);
        sAML1RequestImpl.setModule(NAME);
        this.revisionsLogger.logEvent(1000, sAML1RequestImpl.getUniqueSessionIdentifier());
        this.revisionsLogger.logEvent(1100, sAML1RequestImpl.getUniqueTransactionIdentifier());
        this.revisionsLogger.logEvent(sAML1RequestImpl.getUniqueSessionIdentifier(), sAML1RequestImpl.getUniqueTransactionIdentifier(), 1102, httpServletRequest.getRemoteAddr());
        preProcess(httpServletRequest, httpServletResponse, sAML1RequestImpl);
        this.protAuthService.performAuthentication(httpServletRequest, httpServletResponse, sAML1RequestImpl);
    }

    public void preProcess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SAML1RequestImpl sAML1RequestImpl) throws MOAIDException, InvalidProtocolRequestException, EAAFConfigurationException, EAAFStorageException {
        try {
            String parameter = httpServletRequest.getParameter("OA");
            String escapeHtml = StringEscapeUtils.escapeHtml(httpServletRequest.getParameter("Target"));
            String escapeHtml2 = StringEscapeUtils.escapeHtml(httpServletRequest.getParameter("sourceID"));
            if (escapeHtml != null && escapeHtml.startsWith("http")) {
                parameter = escapeHtml;
                escapeHtml = null;
            }
            if (MiscUtil.isEmpty(parameter)) {
                Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!");
                throw new WrongParametersException("StartAuthentication", "OA", "auth.12");
            }
            if (!ParamValidatorUtils.isValidOA(parameter)) {
                throw new WrongParametersException("StartAuthentication", "OA", "auth.12");
            }
            sAML1RequestImpl.setSPEntityId(parameter);
            Logger.info("Dispatch SAML1 Request: OAURL=" + parameter);
            if (!ParamValidatorUtils.isValidSourceID(escapeHtml2)) {
                throw new WrongParametersException("StartAuthentication", "sourceID", "auth.12");
            }
            IOAAuthParameters iOAAuthParameters = (IOAAuthParameters) this.authConfig.getServiceProviderConfiguration(parameter, IOAAuthParameters.class);
            if (iOAAuthParameters == null) {
                throw new InvalidProtocolRequestException("auth.00", new Object[]{null});
            }
            SAML1ConfigurationParameters sAML1Parameter = iOAAuthParameters.getSAML1Parameter();
            if (sAML1Parameter == null || sAML1Parameter.isIsActive() == null || !sAML1Parameter.isIsActive().booleanValue()) {
                Logger.info("Online-Application " + parameter + " can not use SAML1 for authentication.");
                throw new InvalidProtocolRequestException("auth.00", new Object[]{null});
            }
            sAML1RequestImpl.setOnlineApplicationConfiguration(iOAAuthParameters);
            if (iOAAuthParameters.getSAML1Parameter() == null || !MiscUtil.isNotEmpty(iOAAuthParameters.getSAML1Parameter().getSourceID())) {
                sAML1RequestImpl.setSourceID(escapeHtml2);
            } else {
                sAML1RequestImpl.setSourceID(iOAAuthParameters.getSAML1Parameter().getSourceID());
            }
            this.revisionsLogger.logEvent(sAML1RequestImpl, 3300);
            if (MiscUtil.isNotEmpty(escapeHtml)) {
                sAML1RequestImpl.setRawDataToTransaction(REQ_DATA_TARGET, escapeHtml);
                sAML1RequestImpl.setTarget("urn:publicid:gv.at:cdid+" + escapeHtml);
            } else {
                String areaSpecificTargetIdentifier = iOAAuthParameters.getAreaSpecificTargetIdentifier();
                sAML1RequestImpl.setTarget(areaSpecificTargetIdentifier);
                if (areaSpecificTargetIdentifier.startsWith("urn:publicid:gv.at:cdid+")) {
                    sAML1RequestImpl.setRawDataToTransaction(REQ_DATA_TARGET, areaSpecificTargetIdentifier.substring("urn:publicid:gv.at:cdid+".length()));
                }
            }
            sAML1RequestImpl.setNeedAuthentication(true);
            sAML1RequestImpl.setAction(GetArtifactAction.class.getName());
        } catch (InvalidProtocolRequestException e) {
            throw e;
        } catch (WrongParametersException e2) {
            throw new InvalidProtocolRequestException(e2.getMessageId(), e2.getParameters());
        }
    }

    public boolean generateErrorMessage(Throwable th, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IRequest iRequest) throws Throwable {
        if (!((IOAAuthParameters) iRequest.getServiceProviderConfiguration(IOAAuthParameters.class)).getSAML1Parameter().isProvideAllErrors().booleanValue()) {
            return false;
        }
        String encodeRedirectURL = httpServletResponse.encodeRedirectURL(addURLParameter(addURLParameter(iRequest.getAuthURL() + "/RedirectServlet", "redirecturl", URLEncoder.encode(iRequest.getSPEntityId(), "UTF-8")), "SAMLArtifact", URLEncoder.encode(this.saml1AuthServer.BuildErrorAssertion(th, iRequest), "UTF-8")));
        httpServletResponse.setContentType("text/html");
        httpServletResponse.setStatus(302);
        httpServletResponse.addHeader("Location", encodeRedirectURL);
        Logger.debug("REDIRECT TO: " + encodeRedirectURL);
        return true;
    }

    public boolean validate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IRequest iRequest) {
        return true;
    }

    protected static String addURLParameter(String str, String str2, String str3) {
        String str4 = str2 + "=" + str3;
        return str.indexOf("?") < 0 ? str + "?" + str4 : str + "&" + str4;
    }
}
