package at.gv.egovernment.moa.id.auth.modules.federatedauth.tasks;

import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import java.lang.reflect.InvocationTargetException;
import java.security.NoSuchAlgorithmException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("CreateFederatedAuthnRequestTask")
/* loaded from: input_file:at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.class */
public class CreateAuthnRequestTask extends AbstractAuthServletTask {

    @Autowired
    PVPAuthnRequestBuilder authnReqBuilder;

    @Autowired
    FederatedAuthCredentialProvider credential;

    @Autowired(required = true)
    MOAMetadataProvider metadataProvider;

    @Autowired(required = true)
    ILoALevelMapper loaMapper;

    @Autowired(required = true)
    protected IConfigurationWithSP authConfigWithSp;

    public void execute(ExecutionContext executionContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws TaskExecutionException {
        try {
            try {
                String str = (String) this.pendingReq.getRawData("interIDPURL", String.class);
                if (MiscUtil.isEmpty(str)) {
                    Logger.info("Interfederation not possible -> not inderfederation IDP EntityID found!");
                    throw new TaskExecutionException(this.pendingReq, "Interfederation not possible", new MOAIDException("No inderfederation-IDP EntityID found.", (Object[]) null));
                }
                IOAAuthParameters iOAAuthParameters = (IOAAuthParameters) this.authConfigWithSp.getServiceProviderConfiguration(str, IOAAuthParameters.class);
                if (!iOAAuthParameters.isInderfederationIDP() || !iOAAuthParameters.isInboundSSOInterfederationAllowed()) {
                    Logger.info("Requested interfederation IDP " + str + " is not valid for interfederation.");
                    Logger.debug("isInderfederationIDP:" + String.valueOf(iOAAuthParameters.isInderfederationIDP()) + " isInboundSSOAllowed:" + String.valueOf(iOAAuthParameters.isInboundSSOInterfederationAllowed()));
                    handleAuthnRequestBuildProblem(executionContext, iOAAuthParameters, "sp.pvp2.01", new Object[]{FederatedAuthConstants.MODULE_NAME_FOR_LOGGING, str});
                    return;
                }
                EntityDescriptor entityDescriptor = this.metadataProvider.getEntityDescriptor(str);
                if (entityDescriptor == null) {
                    Logger.warn("Requested IDP " + str + " has no valid metadata or metadata is not found");
                    handleAuthnRequestBuildProblem(executionContext, iOAAuthParameters, "sp.pvp2.02", new Object[]{FederatedAuthConstants.MODULE_NAME_FOR_LOGGING, str});
                    return;
                }
                FederatedAuthnRequestBuilderConfiguration federatedAuthnRequestBuilderConfiguration = new FederatedAuthnRequestBuilderConfiguration();
                federatedAuthnRequestBuilderConfiguration.setIdpEntity(entityDescriptor);
                federatedAuthnRequestBuilderConfiguration.setPassive(iOAAuthParameters.isPassivRequestUsedForInterfederation());
                federatedAuthnRequestBuilderConfiguration.setSignCred(this.credential.getIDPAssertionSigningCredential());
                federatedAuthnRequestBuilderConfiguration.setSPEntityID(this.pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_METADATA);
                federatedAuthnRequestBuilderConfiguration.setQAA_Level(evaluateRequiredQAALevel());
                this.authnReqBuilder.buildAuthnRequest(this.pendingReq, federatedAuthnRequestBuilderConfiguration, httpServletResponse);
            } catch (MessageEncodingException | NoSuchAlgorithmException | SecurityException e) {
                Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e);
                throw new TaskExecutionException(this.pendingReq, e.getMessage(), e);
            }
        } catch (MetadataProviderException e2) {
            throw new TaskExecutionException(this.pendingReq, "Build PVP2.1 AuthnRequest for SSO inderfederation FAILED.", e2);
        } catch (Exception e3) {
            Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e3);
            throw new TaskExecutionException(this.pendingReq, e3.getMessage(), e3);
        }
    }

    private void handleAuthnRequestBuildProblem(ExecutionContext executionContext, IOAAuthParameters iOAAuthParameters, String str, Object[] objArr) throws AuthnRequestBuildException {
        if (!iOAAuthParameters.isPerformLocalAuthenticationOnInterfederationError()) {
            throw new AuthnRequestBuildException(str, objArr);
        }
        Logger.info("Switch to local authentication on this IDP ... ");
        executionContext.put("requireLocalAuthentication", true);
        executionContext.put("performBKUSelection", true);
        executionContext.remove("interfederationAuthentication");
    }

    private String evaluateRequiredQAALevel() {
        IOAAuthParameters iOAAuthParameters = (IOAAuthParameters) this.pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
        Object obj = null;
        Integer num = null;
        try {
            obj = Class.forName("at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest").newInstance();
            if (obj != null && this.pendingReq.getClass().isInstance(obj)) {
                Object invoke = this.pendingReq.getClass().getMethod("getStorkAuthnRequest", null).invoke(this.pendingReq, null);
                num = (Integer) invoke.getClass().getMethod("getQaa", null).invoke(invoke, null);
            }
        } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | SecurityException | InvocationTargetException e) {
        }
        if (iOAAuthParameters != null && iOAAuthParameters.isSTORKPVPGateway()) {
            String str = null;
            if (obj != null && this.pendingReq.getClass().isInstance(obj)) {
                try {
                    str = this.loaMapper.mapToSecClass("http://www.stork.gov.eu/1.0/citizenQAALevel/" + String.valueOf(num));
                } catch (Exception e2) {
                    Logger.warn("STORK-QAA level can not read from STORK request. Use default QAA 4", e2);
                }
            }
            return MiscUtil.isNotEmpty(str) ? str : FederatedAuthConstants.CONFIG_DEFAULT_QAA_SECCLASS_LEVEL;
        }
        if (obj != null && this.pendingReq.getClass().isInstance(obj)) {
            try {
                String str2 = "http://www.stork.gov.eu/1.0/citizenQAALevel/" + String.valueOf(num);
                Logger.debug("Use STORK-QAA level " + str2 + " from STORK request");
                return str2;
            } catch (Exception e3) {
                Logger.warn("Read STORK-QAA level FAILED with an exception.", e3);
            }
        }
        Logger.warn("STORK-QAA level can not read from STORK request. Use default QAA 4");
        return FederatedAuthConstants.CONFIG_DEFAULT_QAA_STORK_LEVEL;
    }
}
