package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks;

import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moaspss.logging.Logger;
import java.io.ByteArrayInputStream;
import java.util.Calendar;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;

@Component("VerifyQualifiedeIDTask")
/* loaded from: input_file:at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.class */
public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
    public void execute(ExecutionContext executionContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws TaskExecutionException {
        Logger.debug("Verify qualified eID data from SL20 response .... ");
        try {
            try {
                TaskExecutionException taskExecutionException = (TaskExecutionException) this.pendingReq.getRawData("SL20_AUTH_error", TaskExecutionException.class);
                if (taskExecutionException != null) {
                    Logger.info("Found SL2.0 error after redirect ... ");
                    throw taskExecutionException;
                }
                String str = (String) this.pendingReq.getRawData("SL20_AUTH_reqID", String.class);
                String str2 = (String) this.pendingReq.getRawData("SL20_AUTH_EID-IDENTITY-LINK", String.class);
                String str3 = (String) this.pendingReq.getRawData("SL20_AUTH_EID-AUTH-BLOCK", String.class);
                String str4 = (String) this.pendingReq.getRawData("SL20_AUTH_EID-CCS-URL", String.class);
                String str5 = (String) this.pendingReq.getRawData("SL20_AUTH_EID-CITIZEN-QAA-LEVEL", String.class);
                IIdentityLink parseIdentityLink = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(str2, false))).parseIdentityLink();
                IVerifiyXMLSignatureResponse iVerifiyXMLSignatureResponse = null;
                try {
                    AssertionAttributeExtractor assertionAttributeExtractor = new AssertionAttributeExtractor(QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(str3));
                    QualifiedeIDVerifier.verifyIdentityLink(parseIdentityLink, (IOAAuthParameters) this.pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), this.authConfig);
                    this.revisionsLogger.logEvent(this.pendingReq, 4220);
                    iVerifiyXMLSignatureResponse = QualifiedeIDVerifier.verifyAuthBlock(str3, (IOAAuthParameters) this.pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), this.authConfig);
                    QualifiedeIDVerifier.checkConsistencyOfeIDData(str, parseIdentityLink, assertionAttributeExtractor, iVerifiyXMLSignatureResponse);
                    this.revisionsLogger.logEvent(this.pendingReq, 4222);
                } catch (MOAIDException e) {
                    if (!this.authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_VALIDATION, false)) {
                        throw e;
                    }
                    Logger.warn("SL20 eID data validation IS DISABLED!!");
                    Logger.warn("SL20 eID data IS NOT VALID!!! Reason: " + e.getMessage(), e);
                }
                AuthenticationSessionWrapper authenticationSessionWrapper = (AuthenticationSessionWrapper) this.pendingReq.getSessionData(AuthenticationSessionWrapper.class);
                authenticationSessionWrapper.setIdentityLink(parseIdentityLink);
                authenticationSessionWrapper.setBkuURL(str4);
                authenticationSessionWrapper.setQAALevel(str5);
                if (iVerifiyXMLSignatureResponse != null) {
                    authenticationSessionWrapper.setIssueInstant(DateTimeUtils.buildDateTimeUTC(iVerifiyXMLSignatureResponse.getSigningDateTime()));
                    authenticationSessionWrapper.setSignerCertificate(iVerifiyXMLSignatureResponse.getX509certificate());
                } else {
                    authenticationSessionWrapper.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()));
                }
                this.pendingReq.setNeedUserConsent(false);
                this.requestStoreage.storePendingRequest(this.pendingReq);
                TransactionIDUtils.removeTransactionId();
                TransactionIDUtils.removeSessionId();
            } catch (Exception e2) {
                Logger.warn("ERROR:", e2);
                Logger.warn("SL2.0 Authentication FAILED with a generic error.", e2);
                throw new TaskExecutionException(this.pendingReq, e2.getMessage(), e2);
            } catch (MOAIDException e3) {
                Logger.warn("ERROR:", e3);
                throw new TaskExecutionException(this.pendingReq, "SL2.0 Authentication FAILED. Msg: " + e3.getMessage(), e3);
            }
        } catch (Throwable th) {
            TransactionIDUtils.removeTransactionId();
            TransactionIDUtils.removeSessionId();
            throw th;
        }
    }
}
