package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.gui.GroupDefinition;
import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.math.BigInteger;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.util.Date;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import javax.security.cert.CertificateException;
import javax.security.cert.X509Certificate;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.glxn.qrgen.QRCode;
import net.glxn.qrgen.image.ImageType;
import org.apache.commons.lang.StringEscapeUtils;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCSException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
/* loaded from: input_file:at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.class */
public class SSOTransferServlet {
    private static final long transmisionTimeOut = 90000;

    @Autowired
    SSOManager ssomanager;

    @Autowired
    IAuthenticationSessionStoreage authenticationSessionStorage;

    @Autowired
    SSOContainerUtils ssoTransferUtils;

    @Autowired
    ITransactionStorage transactionStorage;

    @Autowired
    IDPCredentialProvider idpCredentials;

    @Autowired
    AuthConfiguration authConfig;

    @Autowired
    IGUIFormBuilder guiBuilder;

    public SSOTransferServlet() {
        Logger.debug("Registering servlet " + getClass().getName() + " with mapping {'/TransferSSOSession','/TransmitSSOSession'} Development-EndPoints: {'/TestTransferSSOSession','/TestTransmitSSOSession'}.");
    }

    @RequestMapping(value = {"/TestTransferSSOSession"}, method = {RequestMethod.GET})
    public void testTransferSSOSessionGUIWithoutAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            String extractAuthURLFromRequest = HTTPUtils.extractAuthURLFromRequest(httpServletRequest);
            if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(extractAuthURLFromRequest)) {
                Logger.warn("Requested URL is not allowed.");
                httpServletResponse.sendError(500, "Requested URL is not allowed.");
            }
            internalCreateQRCodeForTransfer(httpServletRequest, httpServletResponse, extractAuthURLFromRequest, "123456", "/TestTransmitSSOSession", new DefaultGUIFormBuilderConfiguration(extractAuthURLFromRequest, "sso_transfer_template.html", (String) null));
        } catch (Exception e) {
            e.printStackTrace();
            httpServletResponse.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
        } catch (MOAIDException | MOADatabaseException e2) {
            e2.printStackTrace();
            httpServletResponse.sendError(500, StringEscapeUtils.escapeHtml(e2.getMessage()));
        } catch (NoSuchAlgorithmException | InvalidParameterSpecException e3) {
            e3.printStackTrace();
            httpServletResponse.sendError(500, StringEscapeUtils.escapeHtml(e3.getMessage()));
        }
    }

    @RequestMapping(value = {"/TestTransmitSSOSession"}, method = {RequestMethod.GET, RequestMethod.POST})
    public void testTransferToPhone(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Logger.debug("Receive " + getClass().getName() + " request");
        String parameter = httpServletRequest.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN);
        if (parameter == null || !(parameter instanceof String)) {
            Logger.info("Servlet " + getClass().getName() + " receive a NOT valid request.");
            httpServletResponse.sendError(404, "Request not valid.");
            return;
        }
        String escapeHtml = StringEscapeUtils.escapeHtml(parameter);
        try {
            Logger.debug("Load token:" + escapeHtml + " from storage.");
            SSOTransferContainer sSOTransferContainer = (SSOTransferContainer) this.transactionStorage.get(escapeHtml, SSOTransferContainer.class, 90000000L);
            if (sSOTransferContainer != null) {
                AuthenticationSession authenticationSession = new AuthenticationSession("123456", new Date());
                authenticationSession.setIdentityLink(new IdentityLinkAssertionParser(new URL(FileUtils.makeAbsoluteURL(this.authConfig.getMonitoringTestIdentityLinkURL(), this.authConfig.getRootConfigFileDir())).openStream()).parseIdentityLink());
                internalTransferPersonalInformation(httpServletRequest, httpServletResponse, sSOTransferContainer, authenticationSession, true);
            } else {
                Logger.info("Servlet " + getClass().getName() + " receive a token:" + escapeHtml + ", which references an empty data object.");
                httpServletResponse.sendError(500, "Empty data object.");
            }
        } catch (EAAFException e) {
            Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e.getMessage()));
        } catch (InvalidKeyException e2) {
            Logger.warn("Device inpersonisation FAILED: " + e2.getMessage(), e2);
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e2.getMessage()));
        } catch (IllegalBlockSizeException e3) {
            Logger.warn("Device inpersonisation FAILED: " + e3.getMessage(), e3);
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e3.getMessage()));
        } catch (CertificateException e4) {
            Logger.warn("Device inpersonisation FAILED: " + e4.getMessage(), e4);
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e4.getMessage()));
        } catch (OperatorCreationException e5) {
            Logger.warn("Device inpersonisation FAILED: " + e5.getMessage(), e5);
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e5.getMessage()));
        } catch (AuthenticationException e6) {
            Logger.info("Servlet " + getClass().getName() + " receive a token:" + escapeHtml + ", which has a timeout.");
            httpServletResponse.sendError(401, "Single Sign-On session transfer token is not valid any more.");
        } catch (MOADatabaseException e7) {
            Logger.info("Servlet " + getClass().getName() + " receive a token:" + escapeHtml + ", which is UNKNOWN.");
            httpServletResponse.sendError(404, "Transfer token is UNKOWN:");
        } catch (NoSuchPaddingException e8) {
            Logger.warn("Device inpersonisation FAILED: " + e8.getMessage(), e8);
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e8.getMessage()));
        } catch (PKCSException e9) {
            Logger.warn("Device inpersonisation FAILED: " + e9.getMessage(), e9);
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e9.getMessage()));
        } catch (NoSuchAlgorithmException e10) {
            Logger.warn("Device inpersonisation FAILED: " + e10.getMessage(), e10);
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e10.getMessage()));
        } catch (InvalidKeySpecException e11) {
            Logger.warn("Device inpersonisation FAILED: " + e11.getMessage(), e11);
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e11.getMessage()));
        } catch (BadPaddingException e12) {
            Logger.warn("Device inpersonisation FAILED: " + e12.getMessage(), e12);
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e12.getMessage()));
        } catch (SessionDataStorageException e13) {
            Logger.warn("Device inpersonisation FAILED: " + e13.getMessage(), e13);
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e13.getMessage()));
        } catch (ParseException e14) {
            Logger.warn("Device inpersonisation FAILED: " + e14.getMessage(), e14);
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e14.getMessage()));
        } catch (CredentialsNotAvailableException e15) {
            Logger.warn("Device inpersonisation FAILED: " + e15.getMessage(), e15);
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e15.getMessage()));
        } catch (ConfigurationException e16) {
            Logger.warn("Device inpersonisation FAILED: " + e16.getMessage(), e16);
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e16.getMessage()));
        }
    }

    @RequestMapping(value = {SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE}, method = {RequestMethod.GET, RequestMethod.POST})
    public void transferToPhone(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Logger.debug("Receive " + getClass().getName() + " request");
        String parameter = httpServletRequest.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN);
        if (parameter == null || !(parameter instanceof String)) {
            Logger.info("Servlet " + getClass().getName() + " receive a NOT valid request.");
            httpServletResponse.sendError(404, "Request not valid.");
            return;
        }
        String escapeHtml = StringEscapeUtils.escapeHtml(parameter);
        try {
            SSOTransferContainer sSOTransferContainer = (SSOTransferContainer) this.transactionStorage.get(escapeHtml, SSOTransferContainer.class, transmisionTimeOut);
            if (sSOTransferContainer != null) {
                AuthenticationSession internalSSOSession = this.authenticationSessionStorage.getInternalSSOSession(sSOTransferContainer.getMoaSessionID());
                if (internalSSOSession != null) {
                    internalTransferPersonalInformation(httpServletRequest, httpServletResponse, sSOTransferContainer, internalSSOSession, false);
                } else {
                    Logger.info("Servlet " + getClass().getName() + " receive a token:" + escapeHtml + ", but the corresponding MOASession is empty");
                    httpServletResponse.sendError(500, "No MOASession.");
                }
            } else {
                Logger.info("Servlet " + getClass().getName() + " receive a token:" + escapeHtml + ", which references an empty data object.");
                httpServletResponse.sendError(500, "Empty data object.");
            }
        } catch (BadPaddingException e) {
            e.printStackTrace();
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e.getMessage()));
        } catch (NoSuchPaddingException e2) {
            e2.printStackTrace();
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e2.getMessage()));
        } catch (CertificateException e3) {
            e3.printStackTrace();
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e3.getMessage()));
        } catch (CredentialsNotAvailableException e4) {
            e4.printStackTrace();
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e4.getMessage()));
        } catch (InvalidKeyException e5) {
            e5.printStackTrace();
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e5.getMessage()));
        } catch (IllegalBlockSizeException e6) {
            e6.printStackTrace();
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e6.getMessage()));
        } catch (SessionDataStorageException e7) {
            e7.printStackTrace();
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e7.getMessage()));
        } catch (OperatorCreationException e8) {
            e8.printStackTrace();
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e8.getMessage()));
        } catch (AuthenticationException e9) {
            Logger.info("Servlet " + getClass().getName() + " receive a token:" + escapeHtml + ", which has a timeout.");
            httpServletResponse.sendError(401, "Single Sign-On session transfer token is not valid any more.");
        } catch (MOADatabaseException e10) {
            Logger.info("Servlet " + getClass().getName() + " receive a token:" + escapeHtml + ", which is UNKNOWN.");
            httpServletResponse.sendError(404, "Transfer token is UNKOWN:");
        } catch (PKCSException e11) {
            e11.printStackTrace();
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e11.getMessage()));
        } catch (InvalidKeySpecException e12) {
            e12.printStackTrace();
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e12.getMessage()));
        } catch (EAAFException e13) {
            e13.printStackTrace();
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e13.getMessage()));
        } catch (NoSuchAlgorithmException e14) {
            e14.printStackTrace();
            httpServletResponse.sendError(400, StringEscapeUtils.escapeHtml(e14.getMessage()));
        }
    }

    @RequestMapping(value = {SSOTransferConstants.SERVLET_SSOTRANSFER_GUI}, method = {RequestMethod.GET, RequestMethod.POST})
    public void transferSSOSessionGUI(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String internalSSOSessionWithSSOID;
        String sSOSessionID = this.ssomanager.getSSOSessionID(httpServletRequest);
        try {
            try {
                String extractAuthURLFromRequest = HTTPUtils.extractAuthURLFromRequest(httpServletRequest);
                if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(extractAuthURLFromRequest)) {
                    Logger.warn("Requested URL is not allowed.");
                    httpServletResponse.sendError(500, "Requested URL is not allowed.");
                }
                DefaultGUIFormBuilderConfiguration defaultGUIFormBuilderConfiguration = new DefaultGUIFormBuilderConfiguration(extractAuthURLFromRequest, "sso_transfer_template.html", (String) null);
                if (this.ssomanager.isValidSSOSession(sSOSessionID, (IRequest) null) && (internalSSOSessionWithSSOID = this.authenticationSessionStorage.getInternalSSOSessionWithSSOID(sSOSessionID)) != null) {
                    internalCreateQRCodeForTransfer(httpServletRequest, httpServletResponse, extractAuthURLFromRequest, internalSSOSessionWithSSOID, SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, defaultGUIFormBuilderConfiguration);
                } else {
                    defaultGUIFormBuilderConfiguration.putCustomParameter((GroupDefinition) null, "errorMsg", "No active Single Sign-On session found! SSO Session transfer is not possible.");
                    this.guiBuilder.build(httpServletRequest, httpServletResponse, defaultGUIFormBuilderConfiguration, "SSO-Transfer-Module");
                }
            } catch (Exception e) {
                e.printStackTrace();
                httpServletResponse.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
            }
        } catch (NoSuchAlgorithmException | InvalidParameterSpecException e2) {
            e2.printStackTrace();
            httpServletResponse.sendError(500, StringEscapeUtils.escapeHtml(e2.getMessage()));
        } catch (MOAIDException | MOADatabaseException e3) {
            e3.printStackTrace();
            httpServletResponse.sendError(500, StringEscapeUtils.escapeHtml(e3.getMessage()));
        }
    }

    private void internalTransferPersonalInformation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SSOTransferContainer sSOTransferContainer, IAuthenticationSession iAuthenticationSession, boolean z) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, EAAFStorageException {
        Logger.debug("");
        JsonObject jSONObjectFromPostMessage = getJSONObjectFromPostMessage(httpServletRequest, z);
        if (jSONObjectFromPostMessage == null) {
            Logger.warn("No data received");
            throw new IOException("No data received");
        }
        String asString = jSONObjectFromPostMessage.get(SSOTransferConstants.SSOCONTAINER_KEY_DH_PUBKEY).getAsString();
        String asString2 = jSONObjectFromPostMessage.get(SSOTransferConstants.SSOCONTAINER_KEY_CSR).getAsString();
        Logger.debug("Receive PubKey:" + asString + " | CSR:" + asString2);
        byte[] secret = this.ssoTransferUtils.getSecret(new DHPublicKeySpec(new BigInteger(Base64Utils.decode(asString, true)), sSOTransferContainer.getDhParams().getF().getP(), sSOTransferContainer.getDhParams().getF().getG()), sSOTransferContainer.getDhParams().getS());
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.reset();
        byte[] digest = messageDigest.digest(secret);
        Logger.debug("Finished Diffie-Hellman key exchange.  --> Starting CSR decryption ...");
        byte[] decode = Base64Utils.decode(asString2, true);
        Logger.debug("EncCSR:" + Base64Utils.encode(decode) + " | Key:" + Base64Utils.encode(digest));
        byte[] enOrDeCryptCSR = this.ssoTransferUtils.enOrDeCryptCSR(decode, digest, 2);
        Logger.debug("DecCSR:" + Base64Utils.encode(enOrDeCryptCSR));
        Logger.debug("CSR decryption finished. --> Starting CSR validation and signing ...");
        X509Certificate signCSRWithMOAKey = signCSRWithMOAKey(enOrDeCryptCSR);
        Logger.debug("CSR validation finished. --> Starting personData generation ... ");
        iAuthenticationSession.setGenericDataToSession(SSOTransferConstants.MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE, signCSRWithMOAKey.getEncoded());
        String generateSignedAndEncryptedSSOContainer = this.ssoTransferUtils.generateSignedAndEncryptedSSOContainer(sSOTransferContainer.getAuthURL(), iAuthenticationSession, new Date(), digest);
        Logger.debug("PersonData:" + generateSignedAndEncryptedSSOContainer);
        Logger.debug("PersonData generation finished. --> Starting personData encryption ... ");
        Logger.debug("Encrypt personData finished. --> Send token to device.");
        httpServletResponse.setContentType("text/html;charset=UTF-8");
        PrintWriter printWriter = new PrintWriter((OutputStream) httpServletResponse.getOutputStream());
        printWriter.print(generateSignedAndEncryptedSSOContainer);
        printWriter.flush();
    }

    private void internalCreateQRCodeForTransfer(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, DefaultGUIFormBuilderConfiguration defaultGUIFormBuilderConfiguration) throws Exception {
        SSOTransferContainer sSOTransferContainer = new SSOTransferContainer();
        String nextRandom = Random.nextRandom();
        sSOTransferContainer.setAuthURL(str);
        sSOTransferContainer.setTokkenID(nextRandom);
        sSOTransferContainer.setMoaSessionID(str2);
        Security.addProvider(new BouncyCastleProvider());
        DHParameterSpec dHParameterSpec = new DHParameterSpec(new BigInteger(Base64Utils.decode(SSOTransferConstants.DH_PRIME_BASE64, false)), new BigInteger(Base64Utils.decode(SSOTransferConstants.DH_GENERATOR_BASE64, false)), 1024);
        Pair<DHPublicKeySpec, PrivateKey> createSpecificKey = this.ssoTransferUtils.createSpecificKey(dHParameterSpec.getP(), dHParameterSpec.getG());
        sSOTransferContainer.setDhParams(createSpecificKey);
        this.transactionStorage.put(nextRandom, sSOTransferContainer, 90000);
        String str4 = str + str3 + "?" + SSOTransferConstants.REQ_PARAM_TOKEN + "=" + nextRandom;
        JsonObject jsonObject = new JsonObject();
        jsonObject.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_PERSIST);
        jsonObject.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, str4);
        jsonObject.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_DH_PUBKEY, Base64Utils.encode(createSpecificKey.getF().getY().toByteArray()));
        jsonObject.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_DH_PRIME, Base64Utils.encode(createSpecificKey.getF().getP().toByteArray()));
        jsonObject.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_DH_GENERATOR, Base64Utils.encode(createSpecificKey.getF().getG().toByteArray()));
        defaultGUIFormBuilderConfiguration.putCustomParameter((GroupDefinition) null, "QRImage", Base64Utils.encode(QRCode.from(jsonObject.toString()).to(ImageType.GIF).withSize(350, 350).stream().toByteArray()));
        defaultGUIFormBuilderConfiguration.putCustomParameterWithOutEscaption((GroupDefinition) null, "successMsg", "Scan the QR-Code with your <i>SSO-Transfer App</i> to start the transfer operation.");
        this.guiBuilder.build(httpServletRequest, httpServletResponse, defaultGUIFormBuilderConfiguration, "SSO-Session Transfer-Module");
    }

    private X509Certificate signCSRWithMOAKey(byte[] bArr) throws IOException, OperatorCreationException, PKCSException, CredentialsNotAvailableException, CertificateException {
        PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest(bArr);
        pKCS10CertificationRequest.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(new BouncyCastleProvider()).build(pKCS10CertificationRequest.getSubjectPublicKeyInfo()));
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name("CN=IDP"), new BigInteger(32, new SecureRandom()), new Date(), new Date(System.currentTimeMillis() + 60480000000L), pKCS10CertificationRequest.getSubject(), pKCS10CertificationRequest.getSubjectPublicKeyInfo());
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
        return X509Certificate.getInstance(x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").build(this.idpCredentials.getIDPAssertionSigningCredential().getPrivateKey())).getEncoded());
    }

    private JsonObject getJSONObjectFromPostMessage(HttpServletRequest httpServletRequest, boolean z) {
        StringBuffer stringBuffer = new StringBuffer();
        String str = null;
        try {
            BufferedReader reader = httpServletRequest.getReader();
            while (true) {
                String readLine = reader.readLine();
                if (readLine == null) {
                    break;
                }
                stringBuffer.append(readLine);
            }
            str = stringBuffer.toString();
        } catch (IOException e) {
            Logger.warn("Received POST-message produce an ERROR.", e);
            Logger.info("Msg: " + str);
        }
        JsonParser jsonParser = new JsonParser();
        JsonObject jsonObject = null;
        Logger.debug("JSON POST msg: " + stringBuffer.toString());
        if (MiscUtil.isNotEmpty(str)) {
            jsonObject = (JsonObject) jsonParser.parse(stringBuffer.toString());
        } else if (z && MiscUtil.isNotEmpty(httpServletRequest.getParameter(SSOTransferConstants.SSOCONTAINER_KEY_BLOB))) {
            jsonObject = jsonParser.parse(httpServletRequest.getParameter(SSOTransferConstants.SSOCONTAINER_KEY_BLOB));
        }
        return jsonObject;
    }
}
