package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task;

import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
import com.google.common.net.MediaType;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import iaik.x509.X509Certificate;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.math.BigInteger;
import java.security.MessageDigest;
import javax.crypto.spec.DHPublicKeySpec;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.BooleanUtils;
import org.joda.time.DateTime;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("RestoreSSOSessionTask")
/* loaded from: input_file:at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.class */
public class RestoreSSOSessionTask extends AbstractAuthServletTask {

    @Autowired
    SSOContainerUtils ssoTransferUtils;

    @Autowired
    IGUIFormBuilder guiBuilder;

    public void execute(ExecutionContext executionContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws TaskExecutionException {
        Logger.debug("Receive " + getClass().getName() + " request");
        StringBuffer stringBuffer = new StringBuffer();
        String str = null;
        try {
            BufferedReader reader = httpServletRequest.getReader();
            while (true) {
                String readLine = reader.readLine();
                if (readLine == null) {
                    break;
                } else {
                    stringBuffer.append(readLine);
                }
            }
            str = stringBuffer.toString();
        } catch (IOException e) {
            Logger.warn("Received POST-message produce an ERROR.", e);
        }
        String str2 = (String) this.pendingReq.getRawData("nonce", String.class);
        SSOTransferContainer sSOTransferContainer = (SSOTransferContainer) this.pendingReq.getRawData(SSOTransferConstants.PENDINGREQ_DH, SSOTransferContainer.class);
        if (sSOTransferContainer == null) {
            throw new TaskExecutionException(this.pendingReq, "NO DH-Params in pending-request", new MOAIDException("NO DH-Params in pending-request", (Object[]) null));
        }
        if (!MiscUtil.isNotEmpty(str)) {
            Logger.debug("Reveive NO POST-message data. Start check-session process ... ");
            if (BooleanUtils.isTrue((Boolean) executionContext.get(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED))) {
                Logger.info("Found restored SSO session. Resume authentication process ...");
                executionContext.remove(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED);
                executionContext.put("sessionRestoreFinished", true);
                return;
            } else {
                if (new DateTime(((AuthenticationSessionWrapper) this.pendingReq.getSessionData(AuthenticationSessionWrapper.class)).getSessionCreated().getTime()).plusMinutes(1).isBeforeNow()) {
                    Logger.warn("No SSO session-container received. Stop authentication process after time-out.");
                    throw new TaskExecutionException(this.pendingReq, "No SSO container received from smartphone app.", new MOAIDException("No SSO container received from smartphone app.", (Object[]) null));
                }
                Logger.debug("No restored SSO session found --> Wait a few minutes and check again.");
                executionContext.put("sessionRestoreFinished", false);
                try {
                    String extractAuthURLFromRequest = HTTPUtils.extractAuthURLFromRequest(httpServletRequest);
                    if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(extractAuthURLFromRequest)) {
                        Logger.warn("Requested URL is not allowed.");
                        httpServletResponse.sendError(500, "Requested URL is not allowed.");
                    }
                    GUIUtils.buildSSOTransferGUI(this.guiBuilder, httpServletRequest, httpServletResponse, extractAuthURLFromRequest, this.pendingReq.getPendingRequestId(), str2, sSOTransferContainer.getDhParams().getF());
                    return;
                } catch (IOException | MOAIDException e2) {
                    throw new TaskExecutionException(this.pendingReq, e2.getMessage(), e2);
                }
            }
        }
        Logger.debug("Receive POST-Message data. Start data-validation process ... ");
        JsonObject jsonObject = new JsonObject();
        try {
            Logger.debug("Unformated Msg:" + str);
            JsonObject parse = new JsonParser().parse(stringBuffer.toString());
            JsonObject asJsonObject = parse.get(SSOTransferConstants.SSOCONTAINER_KEY_SESSION).getAsJsonObject();
            Logger.debug("Received Session-Object:" + asJsonObject.toString());
            String asString = parse.get(SSOTransferConstants.SSOCONTAINER_KEY_SIGNATURE).getAsString();
            String asString2 = parse.get(SSOTransferConstants.SSOCONTAINER_KEY_DH_PUBKEY).getAsString();
            String asString3 = asJsonObject.get("nonce").getAsString();
            String asString4 = asJsonObject.get(SSOTransferConstants.SSOCONTAINER_KEY_BLOB).getAsString();
            Logger.debug("Receive PubKey:" + asString2 + " | SessionBlob:" + asString4 + " | Nonce:" + asString3 + " | Signature:" + asString + " | SignedData:" + asJsonObject.toString());
            if (MiscUtil.isEmpty(asString3) || !asString3.equals(str2)) {
                Logger.warn("Received 'nonce':" + asString3 + " does not match to stored 'nonce':" + str2);
                throw new TaskExecutionException(this.pendingReq, "Received 'nonce':" + asString3 + " does not match to stored 'nonce':" + str2, new MOAIDException("Received 'nonce':" + asString3 + " does not match to stored 'nonce':" + str2, (Object[]) null));
            }
            byte[] secret = this.ssoTransferUtils.getSecret(new DHPublicKeySpec(new BigInteger(Base64Utils.decode(asString2, true)), sSOTransferContainer.getDhParams().getF().getP(), sSOTransferContainer.getDhParams().getF().getG()), sSOTransferContainer.getDhParams().getS());
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.reset();
            byte[] digest = messageDigest.digest(secret);
            Logger.debug("Finished Diffie-Hellman key exchange.  --> Starting SessionBlob decryption ...");
            byte[] decode = Base64Utils.decode(asString4, true);
            Logger.debug("EncSessionBlob:" + Base64Utils.encode(decode) + " | Key:" + Base64Utils.encode(digest));
            String str3 = new String(this.ssoTransferUtils.enOrDeCryptCSR(decode, digest, 2), "UTF-8");
            Logger.debug("DecSessionBlob:" + str3);
            AssertionAttributeExtractor assertionAttributeExtractor = new AssertionAttributeExtractor(this.ssoTransferUtils.validateReceivedSSOContainer(str3));
            Logger.debug("Found HolderOfKey Certificate:" + new X509Certificate(Base64Utils.decode(assertionAttributeExtractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.xx.xx"), false)).getSubjectDN().toString());
            Logger.debug("MobileDevice is valid. --> Starting session reconstruction ...");
            this.ssoTransferUtils.parseSSOContainerToMOASessionDataObject(this.pendingReq, (AuthenticationSessionWrapper) this.pendingReq.getSessionData(AuthenticationSessionWrapper.class), assertionAttributeExtractor);
            this.pendingReq.setNeedUserConsent(false);
            this.requestStoreage.storePendingRequest(this.pendingReq);
            executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true);
            executionContext.put("sessionRestoreFinished", false);
            jsonObject.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_STATUS, "OK");
            httpServletResponse.setStatus(200);
            httpServletResponse.setContentType(MediaType.HTML_UTF_8.toString());
            PrintWriter printWriter = new PrintWriter((OutputStream) httpServletResponse.getOutputStream());
            printWriter.print(jsonObject.toString());
            printWriter.flush();
        } catch (Exception e3) {
            Logger.error("Parse reveived JSON data-object " + stringBuffer.toString() + " FAILED!", e3);
            try {
                jsonObject.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_STATUS, "FAILED");
                httpServletResponse.setStatus(200);
                httpServletResponse.setContentType("text/html;charset=UTF-8");
                PrintWriter printWriter2 = new PrintWriter((OutputStream) httpServletResponse.getOutputStream());
                printWriter2.print(jsonObject.toString());
                printWriter2.flush();
            } catch (IOException e4) {
                e4.printStackTrace();
            }
        }
    }
}
