package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks;

import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20SecurityException;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moaspss.logging.Logger;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
import java.io.IOException;
import java.io.StringWriter;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.entity.ContentType;
import org.jose4j.base64url.Base64Url;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("ReceiveQualeIDTask")
/* loaded from: input_file:at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.class */
public class ReceiveQualeIDTask extends AbstractAuthServletTask {

    @Autowired(required = true)
    private IJOSETools joseTools;

    public void execute(ExecutionContext executionContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws TaskExecutionException {
        JsonObject asJsonObject;
        String str;
        String stringValue;
        try {
            try {
                Logger.debug("Receiving SL2.0 response process .... ");
                try {
                    try {
                        String str2 = (String) getParameters(httpServletRequest).get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM);
                        if (MiscUtil.isEmpty(str2)) {
                            String readStream = StreamUtils.readStream(httpServletRequest.getInputStream(), "UTF-8");
                            if (!MiscUtil.isNotEmpty(readStream)) {
                                Logger.info("NO SL2.0 commando or result FOUND.");
                                throw new SL20Exception("sl20.04", null);
                            }
                            Logger.info("Use SIC Handy-Signature work-around!");
                            str2 = readStream.substring("slcommand=".length());
                        }
                        Logger.trace("Received SL2.0 result: " + str2);
                        this.revisionsLogger.logEvent(this.pendingReq, 4113, httpServletRequest.getRemoteAddr());
                        try {
                            asJsonObject = new JsonParser().parse(Base64Url.decodeToUtf8String(str2)).getAsJsonObject();
                            str = (String) this.pendingReq.getRawData("SL20_AUTH_reqID", String.class);
                            stringValue = SL20JSONExtractorUtils.getStringValue(asJsonObject, SL20Constants.SL20_INRESPTO, true);
                        } catch (JsonSyntaxException e) {
                            Logger.warn("SL2.0 command or result is NOT valid JSON.", e);
                            Logger.debug("SL2.0 msg: " + str2);
                            throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e);
                        }
                    } catch (Throwable th) {
                        this.requestStoreage.storePendingRequest(this.pendingReq);
                        if (0 != 0) {
                            buildResponse(httpServletRequest, httpServletResponse, null);
                        } else {
                            buildErrorResponse(httpServletRequest, httpServletResponse, "2000", "General transport Binding error");
                        }
                        throw th;
                    }
                } catch (Exception e2) {
                    Logger.warn("ERROR:", e2);
                    Logger.warn("SL2.0 Authentication FAILED with a generic error.", e2);
                    if (0 != 0) {
                        Logger.debug("Received SL2.0 result: " + ((String) null));
                    }
                    this.pendingReq.setRawDataToTransaction("SL20_AUTH_error", new TaskExecutionException(this.pendingReq, e2.getMessage(), e2));
                    this.requestStoreage.storePendingRequest(this.pendingReq);
                    if (0 != 0) {
                        buildResponse(httpServletRequest, httpServletResponse, null);
                    } else {
                        buildErrorResponse(httpServletRequest, httpServletResponse, "2000", "General transport Binding error");
                    }
                } catch (MOAIDException e3) {
                    Logger.warn("SL2.0 processing error:", e3);
                    if (0 != 0) {
                        Logger.debug("Received SL2.0 result: " + ((String) null));
                    }
                    this.pendingReq.setRawDataToTransaction("SL20_AUTH_error", new TaskExecutionException(this.pendingReq, "SL2.0 Authentication FAILED. Msg: " + e3.getMessage(), e3));
                    this.requestStoreage.storePendingRequest(this.pendingReq);
                    if (0 != 0) {
                        buildResponse(httpServletRequest, httpServletResponse, null);
                    } else {
                        buildErrorResponse(httpServletRequest, httpServletResponse, "2000", "General transport Binding error");
                    }
                }
                if (str == null || !str.equals(stringValue)) {
                    Logger.info("SL20 'reqId': " + str + " does NOT match to 'inResponseTo':" + stringValue);
                    throw new SL20SecurityException("SL20 'reqId': " + str + " does NOT match to 'inResponseTo':" + stringValue);
                }
                VerificationResult extractSL20PayLoad = SL20JSONExtractorUtils.extractSL20PayLoad(asJsonObject, this.joseTools, this.authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
                if (extractSL20PayLoad.isValidSigned() == null || !extractSL20PayLoad.isValidSigned().booleanValue()) {
                    if (this.authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
                        Logger.info("SL20 result from VDA was not valid signed");
                        throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."});
                    }
                    Logger.warn("SL20 result from VDA is NOT valid signed, but signatures-verification is DISABLED by configuration!");
                }
                extractSL20PayLoad.getCertChain();
                JsonObject payload = extractSL20PayLoad.getPayload();
                if (!SL20JSONExtractorUtils.getStringValue(payload, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true).equals(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID)) {
                    Logger.info("SL20 response is NOT a qualifiedeID result");
                    throw new SLCommandoParserException("SL20 response is NOT a qualifiedeID result");
                }
                Logger.debug("Find qualifiedeID result .... ");
                Map<String, String> mapOfStringElements = SL20JSONExtractorUtils.getMapOfStringElements(SL20JSONExtractorUtils.extractSL20Result(payload, this.joseTools, this.authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_ENCRYPTION, true)));
                String str3 = mapOfStringElements.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL);
                String str4 = mapOfStringElements.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK);
                String str5 = mapOfStringElements.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL);
                String str6 = mapOfStringElements.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA);
                if (MiscUtil.isEmpty(str3) || MiscUtil.isEmpty(str4) || MiscUtil.isEmpty(str6) || MiscUtil.isEmpty(str5)) {
                    Logger.info("SL20 'qualifiedeID' result does NOT contain all required attributes.");
                    throw new SLCommandoParserException("SL20 'qualifiedeID' result does NOT contain all required attributes.");
                }
                this.pendingReq.setRawDataToTransaction("SL20_AUTH_EID-IDENTITY-LINK", str3);
                this.pendingReq.setRawDataToTransaction("SL20_AUTH_EID-AUTH-BLOCK", str4);
                this.pendingReq.setRawDataToTransaction("SL20_AUTH_EID-CCS-URL", str5);
                this.pendingReq.setRawDataToTransaction("SL20_AUTH_EID-CITIZEN-QAA-LEVEL", str6);
                this.requestStoreage.storePendingRequest(this.pendingReq);
                if (asJsonObject != null) {
                    buildResponse(httpServletRequest, httpServletResponse, asJsonObject);
                } else {
                    buildErrorResponse(httpServletRequest, httpServletResponse, "2000", "General transport Binding error");
                }
                TransactionIDUtils.removeTransactionId();
                TransactionIDUtils.removeSessionId();
            } catch (Throwable th2) {
                TransactionIDUtils.removeTransactionId();
                TransactionIDUtils.removeSessionId();
                throw th2;
            }
        } catch (Exception e4) {
            Logger.warn("Can NOT build SL2.0 response. Reason: " + e4.getMessage(), e4);
            if (0 != 0) {
                Logger.debug("Received SL2.0 result: " + ((String) null));
            }
            try {
                httpServletResponse.sendError(500, "Internal Server Error.");
            } catch (IOException e5) {
                Logger.error("Can NOT send error message. SOMETHING IS REALY WRONG!", e4);
            }
            TransactionIDUtils.removeTransactionId();
            TransactionIDUtils.removeSessionId();
        }
    }

    private void buildErrorResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws Exception {
        JsonObject createGenericRequest = SL20JSONBuilderUtils.createGenericRequest(UUID.randomUUID().toString(), null, SL20JSONBuilderUtils.createErrorCommandResult(str, str2), null);
        Logger.debug("Client request containts 'native client' header ... ");
        Logger.trace("SL20 response to VDA: " + createGenericRequest);
        StringWriter stringWriter = new StringWriter();
        stringWriter.write(createGenericRequest.toString());
        byte[] bytes = stringWriter.toString().getBytes("UTF-8");
        httpServletResponse.setStatus(200);
        httpServletResponse.setContentLength(bytes.length);
        httpServletResponse.setContentType(ContentType.APPLICATION_JSON.toString());
        httpServletResponse.getOutputStream().write(bytes);
    }

    private void buildResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, JsonObject jsonObject) throws IOException, SL20Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("pendingid", this.pendingReq.getPendingRequestId());
        JsonObject createGenericRequest = SL20JSONBuilderUtils.createGenericRequest(UUID.randomUUID().toString(), SL20JSONExtractorUtils.getStringValue(jsonObject, SL20Constants.SL20_TRANSACTIONID, false), SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, SL20JSONBuilderUtils.createRedirectCommandParameters(new DataURLBuilder().buildDataURL(this.pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, (String) null), SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, SL20JSONBuilderUtils.createRedirectCommandParameters(generateICPRedirectURLForDebugging(), SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, SL20JSONBuilderUtils.createCallCommandParameters(new DataURLBuilder().buildDataURL(this.pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, (String) null), SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, false, hashMap)), null, true)), null, true)), null);
        if (httpServletRequest.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) == null || !httpServletRequest.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) {
        }
        Logger.debug("Client request containts 'native client' header ... ");
        Logger.trace("SL20 response to VDA: " + createGenericRequest);
        StringWriter stringWriter = new StringWriter();
        stringWriter.write(createGenericRequest.toString());
        byte[] bytes = stringWriter.toString().getBytes("UTF-8");
        httpServletResponse.setStatus(200);
        httpServletResponse.setContentLength(bytes.length);
        httpServletResponse.setContentType(ContentType.APPLICATION_JSON.toString());
        httpServletResponse.getOutputStream().write(bytes);
    }

    private String generateICPRedirectURLForDebugging() {
        String basicConfiguration = this.authConfig.getBasicConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL);
        if (!MiscUtil.isNotEmpty(basicConfiguration)) {
            return null;
        }
        if (basicConfiguration.contains("#PENDINGREQID#")) {
            Logger.trace("Find 'pendingReqId' pattern in IPC redirect URL. Update url ... ");
            basicConfiguration = basicConfiguration.replaceAll("#PENDINGREQID#", "pendingid=" + this.pendingReq.getPendingRequestId());
        }
        return basicConfiguration;
    }
}
