package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks;

import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20HttpBindingUtils;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moaspss.logging.Logger;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.jose4j.base64url.Base64Url;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("CreateQualeIDRequestTask")
/* loaded from: input_file:at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.class */
public class CreateQualeIDRequestTask extends AbstractAuthServletTask {

    @Autowired(required = true)
    private IJOSETools joseTools;

    @Autowired
    private AuthConfiguration moaAuthConfig;

    public void execute(ExecutionContext executionContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws TaskExecutionException {
        Logger.debug("Starting SL2.0 authentication process .... ");
        this.revisionsLogger.logEvent(this.pendingReq, 4111, "sl20auth");
        try {
            try {
                ISPConfiguration serviceProviderConfiguration = this.pendingReq.getServiceProviderConfiguration();
                String extractVDAURLForSpecificOA = extractVDAURLForSpecificOA(serviceProviderConfiguration, executionContext);
                if (MiscUtil.isEmpty(extractVDAURLForSpecificOA)) {
                    Logger.error("NO VDA URL for qualified eID (default)");
                    throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"});
                }
                this.revisionsLogger.logEvent(this.pendingReq, 4112, extractVDAURLForSpecificOA);
                String basicConfiguration = this.authConfig.getBasicConfiguration(Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID);
                if (MiscUtil.isEmpty(basicConfiguration)) {
                    Logger.error("NO AuthBlock Template identifier for qualified eID (modules.sl20.vda.authblock.id)");
                    throw new SL20Exception("sl20.03", new Object[]{"NO AuthBlock Template identifier for qualified eID"});
                }
                String buildDataURL = new DataURLBuilder().buildDataURL(this.pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_DATAURL, this.pendingReq.getPendingRequestId());
                HashMap hashMap = new HashMap();
                hashMap.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID, serviceProviderConfiguration.getUniqueIdentifier());
                hashMap.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, serviceProviderConfiguration.getFriendlyName());
                hashMap.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE, "AT");
                X509Certificate x509Certificate = null;
                if (this.authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_ENABLE_EID_ENCRYPTION, true)) {
                    x509Certificate = this.joseTools.getEncryptionCertificate();
                } else {
                    Logger.info("eID data encryption is disabled by configuration");
                }
                JsonObject createQualifiedeIDCommandParameters = SL20JSONBuilderUtils.createQualifiedeIDCommandParameters(basicConfiguration, buildDataURL, hashMap, x509Certificate);
                String secureIdentifier = SAML2Utils.getSecureIdentifier();
                JsonObject createGenericRequest = SL20JSONBuilderUtils.createGenericRequest(secureIdentifier, null, null, SL20JSONBuilderUtils.createSignedCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID, createQualifiedeIDCommandParameters, this.joseTools));
                CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient(SSLUtils.getSSLSocketFactory(this.moaAuthConfig, extractVDAURLForSpecificOA), this.moaAuthConfig.getBasicConfigurationBoolean("service.onlinemandates.ssl.validation.hostname", true));
                HttpPost httpPost = new HttpPost(new URIBuilder(extractVDAURLForSpecificOA).build());
                ArrayList arrayList = new ArrayList();
                arrayList.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(createGenericRequest.toString().getBytes())));
                httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
                httpPost.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE);
                Logger.trace("Request VDA via SL20 with: " + Base64Url.encode(createGenericRequest.toString().getBytes()));
                CloseableHttpResponse execute = httpClient.execute(httpPost);
                Logger.info("Receive response from VDA ... ");
                JsonObject sL20ContainerFromResponse = SL20JSONExtractorUtils.getSL20ContainerFromResponse(execute);
                VerificationResult extractSL20PayLoad = SL20JSONExtractorUtils.extractSL20PayLoad(sL20ContainerFromResponse, null, false);
                if (extractSL20PayLoad.isValidSigned() == null) {
                    Logger.debug("Receive unsigned payLoad from VDA");
                }
                JsonObject payload = extractSL20PayLoad.getPayload();
                if (!payload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString().equals(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT)) {
                    if (!payload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString().equals(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR)) {
                        Logger.warn("Received an unrecognized command: " + payload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString());
                        throw new SLCommandoParserException("Received an unrecognized command: \" + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString()");
                    }
                    JsonObject jSONObjectValue = SL20JSONExtractorUtils.getJSONObjectValue(payload, SL20Constants.SL20_COMMAND_CONTAINER_RESULT, false);
                    if (jSONObjectValue == null) {
                        jSONObjectValue = SL20JSONExtractorUtils.getJSONObjectValue(payload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, false);
                    }
                    String stringValue = SL20JSONExtractorUtils.getStringValue(jSONObjectValue, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true);
                    String stringValue2 = SL20JSONExtractorUtils.getStringValue(jSONObjectValue, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true);
                    Logger.info("Receive SL2.0 error. Code:" + stringValue + " Msg:" + stringValue2);
                    throw new SL20Exception("sl20.08", new Object[]{stringValue, stringValue2});
                }
                Logger.debug("Find 'redirect' command in VDA response ... ");
                JsonObject jSONObjectValue2 = SL20JSONExtractorUtils.getJSONObjectValue(payload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, true);
                String stringValue3 = SL20JSONExtractorUtils.getStringValue(jSONObjectValue2, "url", true);
                JsonObject jSONObjectValue3 = SL20JSONExtractorUtils.getJSONObjectValue(jSONObjectValue2, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, false);
                String stringValue4 = SL20JSONExtractorUtils.getStringValue(jSONObjectValue2, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false);
                JsonObject asJsonObject = sL20ContainerFromResponse.deepCopy().getAsJsonObject();
                SL20JSONBuilderUtils.addOnlyOnceOfTwo(asJsonObject, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, (JsonElement) jSONObjectValue3, stringValue4);
                this.pendingReq.setRawDataToTransaction("SL20_AUTH_reqID", secureIdentifier);
                this.requestStoreage.storePendingRequest(this.pendingReq);
                SL20HttpBindingUtils.writeIntoResponse(httpServletRequest, httpServletResponse, asJsonObject, stringValue3);
                TransactionIDUtils.removeTransactionId();
                TransactionIDUtils.removeSessionId();
            } catch (Exception e) {
                Logger.warn("SL2.0 Authentication FAILED with a generic error.", e);
                throw new TaskExecutionException(this.pendingReq, e.getMessage(), e);
            } catch (MOAIDException e2) {
                throw new TaskExecutionException(this.pendingReq, "SL2.0 Authentication FAILED. Msg: " + e2.getMessage(), e2);
            }
        } catch (Throwable th) {
            TransactionIDUtils.removeTransactionId();
            TransactionIDUtils.removeSessionId();
            throw th;
        }
    }

    private String extractVDAURLForSpecificOA(ISPConfiguration iSPConfiguration, ExecutionContext executionContext) {
        String configurationValue = iSPConfiguration.getConfigurationValue("auth.sl20.endpoints");
        Map basicConfigurationWithPrefix = this.moaAuthConfig.getBasicConfigurationWithPrefix("modules.sl20.vda.urls.qualeID.endpoint.");
        if (MiscUtil.isNotEmpty(configurationValue)) {
            basicConfigurationWithPrefix.putAll(KeyValueUtils.convertListToMap(KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(configurationValue))));
            Logger.debug("Find OA specific SL2.0 endpoints. Updating endPoint list ... ");
        }
        Logger.trace("Find #" + basicConfigurationWithPrefix.size() + " SL2.0 endpoints ... ");
        String str = (String) executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
        if (MiscUtil.isNotEmpty(str)) {
            String str2 = (String) basicConfigurationWithPrefix.get(str);
            if (MiscUtil.isNotEmpty(str2)) {
                return str2.trim();
            }
            Logger.info("Can NOT find VDA with Id: " + str + ". Use default VDA");
        }
        Logger.info("NO SP specific VDA endpoint found. Use default VDA");
        return (String) basicConfigurationWithPrefix.getOrDefault(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT, "modules.sl20.vda.urls.qualeID.endpoint.default");
    }
}
