package at.gv.egiz.eaaf.core.impl.idp.auth.services;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.IRequestStorage;
import at.gv.egiz.eaaf.core.api.IStatusMessenger;
import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory;
import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration;
import at.gv.egiz.eaaf.core.api.idp.IAction;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager;
import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService;
import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy;
import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException;
import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderConfiguration;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.Arrays;
import java.util.List;
import javax.naming.ConfigurationException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.text.StringEscapeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.lang.NonNull;
import org.springframework.lang.Nullable;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.class */
public class ProtocolAuthenticationService implements IProtocolAuthenticationService {
    private static final Logger log = LoggerFactory.getLogger(ProtocolAuthenticationService.class);
    private static final List<String> ERROR_LOGGER_ON_INFO_LEVEL = Arrays.asList("auth.21");

    @Autowired(required = true)
    private ApplicationContext applicationContext;

    @Autowired(required = true)
    private IAuthenticationManager authmanager;

    @Autowired(required = true)
    private IAuthenticationDataBuilder authDataBuilder;

    @Autowired(required = true)
    private IGUIBuilderConfigurationFactory guiConfigFactory;

    @Autowired(required = true)
    private IStatusMessenger statusMessager;

    @Autowired(required = true)
    private IRequestStorage requestStorage;

    @Autowired(required = true)
    IPendingRequestIdGenerationStrategy pendingReqIdGenerationStrategy;

    @Autowired(required = false)
    private ISSOManager ssoManager;

    @Autowired
    private IStatisticLogger statisticLogger;

    @Autowired
    private IRevisionLogger revisionsLogger;
    private IGUIFormBuilder guiBuilder;

    public void performAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IRequest iRequest) throws IOException, EAAFException {
        try {
            if (iRequest.isNeedAuthentication()) {
                ((RequestImpl) iRequest).setPendingRequestId(this.pendingReqIdGenerationStrategy.generateExternalPendingRequestId());
                if (iRequest.getServiceProviderConfiguration() == null) {
                    throw new EAAFAuthenticationException("auth.00", new Object[]{iRequest.getSPEntityId()});
                }
                if (this.authmanager.doAuthentication(httpServletRequest, httpServletResponse, iRequest)) {
                    finalizeAuthentication(httpServletRequest, httpServletResponse, iRequest);
                    this.revisionsLogger.logEvent(1101, iRequest.getUniqueTransactionIdentifier());
                }
            } else {
                executeProtocolSpecificAction(httpServletRequest, httpServletResponse, iRequest, null);
            }
        } catch (Exception e) {
            buildProtocolSpecificErrorResponse(e, httpServletRequest, httpServletResponse, iRequest);
            this.authmanager.performOnlyIDPLogOut(httpServletRequest, httpServletResponse, iRequest);
        }
    }

    public void finalizeAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IRequest iRequest) throws EAAFException, IOException {
        log.debug("Finalize PendingRequest with ID " + iRequest.getPendingRequestId());
        try {
            if (iRequest.isAbortedByUser()) {
                buildProtocolSpecificErrorResponse(new EAAFAuthenticationException("auth.21", new Object[0]), httpServletRequest, httpServletResponse, iRequest);
                if (!iRequest.needSingleSignOnFunctionality()) {
                    this.requestStorage.removePendingRequest(iRequest.getPendingRequestId());
                }
            } else if (!iRequest.isAuthenticated() || iRequest.isNeedUserConsent()) {
                log.warn("PendingRequest flag for 'authenticated':{} and 'needConsent':{}", Boolean.valueOf(iRequest.isAuthenticated()), Boolean.valueOf(iRequest.isNeedUserConsent()));
                if (iRequest.isNeedUserConsent()) {
                    log.error("PendingRequest NEEDS user-consent. Can NOT fininalize authentication --> Abort authentication process!");
                } else {
                    log.error("PendingRequest is NOT authenticated --> Abort authentication process!");
                }
                handleErrorNoRedirect(new EAAFException("auth.20", (Object[]) null), httpServletRequest, httpServletResponse, true);
            } else {
                internalFinalizeAuthenticationProcess(httpServletRequest, httpServletResponse, iRequest);
            }
        } catch (Exception e) {
            log.error("Finalize authentication protocol FAILED.", e);
            buildProtocolSpecificErrorResponse(e, httpServletRequest, httpServletResponse, iRequest);
        }
        if (iRequest != null) {
            this.requestStorage.removePendingRequest(iRequest.getPendingRequestId());
            this.revisionsLogger.logEvent(1101, iRequest.getUniqueTransactionIdentifier());
        }
    }

    public void buildProtocolSpecificErrorResponse(Throwable th, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IRequest iRequest) throws EAAFException, IOException {
        try {
            Class<?> cls = Class.forName(iRequest.requestedModule());
            if (cls == null || !IModulInfo.class.isAssignableFrom(cls)) {
                log.error("Requested protocol module Class is NULL or does not implement the IModulInfo interface.");
                throw new Exception("Requested protocol module Class is NULL or does not implement the IModulInfo interface.");
            }
            if (!((IModulInfo) this.applicationContext.getBean(cls)).generateErrorMessage(th, httpServletRequest, httpServletResponse, iRequest)) {
                handleErrorNoRedirect(th, httpServletRequest, httpServletResponse, true);
                return;
            }
            logExceptionToTechnicalLog(th);
            this.statisticLogger.logErrorOperation(th, iRequest);
            this.revisionsLogger.logEvent(iRequest, 1103, iRequest.getUniqueTransactionIdentifier());
        } catch (Throwable th2) {
            handleErrorNoRedirect(th, httpServletRequest, httpServletResponse, true);
        }
    }

    public void handleErrorNoRedirect(Throwable th, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, EAAFException {
        if (z) {
            this.statisticLogger.logErrorOperation(th);
        }
        logExceptionToTechnicalLog(th);
        if ((th instanceof EAAFException) || (th instanceof ProcessExecutionException)) {
            internalMOAIDExceptionHandler(httpServletRequest, httpServletResponse, (Exception) th, false);
        } else {
            writeHTMLErrorResponse(httpServletRequest, httpServletResponse, this.statusMessager.getMessage("internal.00", (Object[]) null), "9199", null, (Exception) th);
        }
    }

    public void setGuiBuilder(IGUIFormBuilder iGUIFormBuilder) {
        this.guiBuilder = iGUIFormBuilder;
    }

    protected void internalFinalizeAuthenticationProcess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IRequest iRequest) throws Exception {
        String str = null;
        if (iRequest.needSingleSignOnFunctionality()) {
            if (this.ssoManager != null) {
                str = this.ssoManager.createNewSSOSessionCookie(httpServletRequest, httpServletResponse, iRequest);
                if (StringUtils.isEmpty(iRequest.getInternalSSOSessionIdentifier())) {
                    this.ssoManager.createNewSSOSession(iRequest, str);
                }
            } else {
                log.warn("SSO is requested but there is not SSO Session-Manager available");
            }
        }
        IAuthData buildAuthenticationData = this.authDataBuilder.buildAuthenticationData(iRequest);
        SLOInformationInterface executeProtocolSpecificAction = executeProtocolSpecificAction(httpServletRequest, httpServletResponse, iRequest, buildAuthenticationData);
        if (StringUtils.isNotEmpty(str)) {
            try {
                this.ssoManager.updateSSOSession(iRequest, str, executeProtocolSpecificAction);
            } catch (EAAFSSOException e) {
                log.warn("SSO Session information can not be stored  -> SSO is not enabled!");
                this.authmanager.performOnlyIDPLogOut(httpServletRequest, httpServletResponse, iRequest);
            }
        } else {
            this.authmanager.performOnlyIDPLogOut(httpServletRequest, httpServletResponse, iRequest);
        }
        this.statisticLogger.logSuccessOperation(iRequest, buildAuthenticationData, StringUtils.isNotEmpty(str));
    }

    private SLOInformationInterface executeProtocolSpecificAction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IRequest iRequest, IAuthData iAuthData) throws Exception {
        try {
            Class<?> cls = Class.forName(iRequest.requestedAction());
            if (cls != null && IAction.class.isAssignableFrom(cls)) {
                return ((IAction) this.applicationContext.getBean(cls)).processRequest(iRequest, httpServletRequest, httpServletResponse, iAuthData);
            }
            log.error("Requested protocol-action processing Class is NULL or does not implement the IAction interface.");
            throw new Exception("Requested protocol-action processing Class is NULL or does not implement the IAction interface.");
        } catch (ClassNotFoundException e) {
            log.error("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.");
            throw new Exception("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.");
        }
    }

    protected void logExceptionToTechnicalLog(Throwable th) {
        if (!(th instanceof EAAFException) && !(th instanceof ProcessExecutionException)) {
            log.error("Receive an internal error: Message=" + th.getMessage(), th);
            return;
        }
        if ((th instanceof EAAFAuthenticationException) && ERROR_LOGGER_ON_INFO_LEVEL.contains(((EAAFAuthenticationException) th).getErrorId())) {
            if (log.isDebugEnabled() || log.isTraceEnabled()) {
                log.info(th.getMessage(), th);
                return;
            } else {
                log.info(th.getMessage());
                return;
            }
        }
        if (log.isDebugEnabled() || log.isTraceEnabled()) {
            log.warn(th.getMessage(), th);
        } else {
            log.warn(th.getMessage());
        }
    }

    private void writeHTMLErrorResponse(@NonNull HttpServletRequest httpServletRequest, @NonNull HttpServletResponse httpServletResponse, @NonNull String str, @NonNull String str2, @Nullable Object[] objArr, @NonNull Exception exc) throws IOException, EAAFException {
        String[] strArr;
        try {
            ModifyableGuiBuilderConfiguration defaultErrorGUI = this.guiConfigFactory.getDefaultErrorGUI(HTTPUtils.extractAuthURLFromRequest(httpServletRequest));
            if (objArr == null) {
                strArr = new String[0];
            } else {
                strArr = new String[objArr.length];
                for (int i = 0; i < objArr.length; i++) {
                    if (objArr[i] != null) {
                        strArr[i] = objArr[i].toString();
                    } else {
                        strArr[i] = "null";
                    }
                }
            }
            if (defaultErrorGUI instanceof ModifyableGuiBuilderConfiguration) {
                defaultErrorGUI.putCustomParameter(AbstractGUIFormBuilderConfiguration.PARAM_GROUP_MSG, "errorMsg", str);
                defaultErrorGUI.putCustomParameter(AbstractGUIFormBuilderConfiguration.PARAM_GROUP_MSG, "errorCode", str2);
                defaultErrorGUI.putCustomParameterWithOutEscaption(AbstractGUIFormBuilderConfiguration.PARAM_GROUP_MSG, "errorParams", ArrayUtils.toString(strArr));
                if (log.isTraceEnabled()) {
                    defaultErrorGUI.putCustomParameter(AbstractGUIFormBuilderConfiguration.PARAM_GROUP_MSG, "stacktrace", getStacktraceFromException(exc));
                }
            } else {
                log.info("Can not ADD error message, because 'GUIBuilderConfiguration' is not modifieable ");
            }
            this.guiBuilder.build(httpServletRequest, httpServletResponse, defaultErrorGUI, "Error-Message");
        } catch (GUIBuildException e) {
            log.warn("Can not build error-message GUI.", e);
            throw new EAAFException("9199", (Object[]) null, e);
        }
    }

    private String getStacktraceFromException(Exception exc) {
        StringWriter stringWriter = new StringWriter();
        exc.printStackTrace(new PrintWriter(stringWriter));
        return stringWriter.toString();
    }

    private void internalMOAIDExceptionHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Exception exc, boolean z) throws IOException, EAAFException {
        if (exc instanceof ProtocolNotActiveException) {
            httpServletResponse.getWriter().write(exc.getMessage());
            httpServletResponse.setContentType("text/html; charset=UTF-8");
            httpServletResponse.sendError(403, StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(exc.getMessage())));
            return;
        }
        if (exc instanceof AuthnRequestValidatorException) {
            AuthnRequestValidatorException authnRequestValidatorException = (AuthnRequestValidatorException) exc;
            if (z) {
                this.statisticLogger.logErrorOperation(authnRequestValidatorException, authnRequestValidatorException.getErrorRequest());
            }
            writeHTMLErrorResponse(httpServletRequest, httpServletResponse, exc.getMessage(), this.statusMessager.getResponseErrorCode(exc), null, exc);
            return;
        }
        if (exc instanceof InvalidProtocolRequestException) {
            writeHTMLErrorResponse(httpServletRequest, httpServletResponse, exc.getMessage(), this.statusMessager.getResponseErrorCode(exc), null, exc);
            return;
        }
        if (exc instanceof ConfigurationException) {
            writeHTMLErrorResponse(httpServletRequest, httpServletResponse, exc.getMessage(), this.statusMessager.getResponseErrorCode(exc), null, exc);
        } else if (exc instanceof EAAFException) {
            writeHTMLErrorResponse(httpServletRequest, httpServletResponse, exc.getMessage(), this.statusMessager.getResponseErrorCode(exc), ((EAAFException) exc).getParams(), exc);
        } else if (exc instanceof ProcessExecutionException) {
            writeHTMLErrorResponse(httpServletRequest, httpServletResponse, exc.getMessage(), this.statusMessager.getResponseErrorCode(exc), null, exc);
        }
    }
}
