package at.gv.egiz.eaaf.core.impl.idp.auth.services;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.IRequestStorage;
import at.gv.egiz.eaaf.core.api.IStatusMessenger;
import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration;
import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfigurationFactory;
import at.gv.egiz.eaaf.core.api.gui.IGuiFormBuilder;
import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration;
import at.gv.egiz.eaaf.core.api.idp.IAction;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
import at.gv.egiz.eaaf.core.api.idp.auth.ISsoManager;
import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService;
import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy;
import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.EaafSsoException;
import at.gv.egiz.eaaf.core.exceptions.GuiBuildException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration;
import at.gv.egiz.eaaf.core.impl.http.HttpUtils;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.core.impl.utils.ServletUtils;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.HashSet;
import javax.annotation.PostConstruct;
import javax.naming.ConfigurationException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.text.StringEscapeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.lang.NonNull;
import org.springframework.lang.Nullable;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.class */
public class ProtocolAuthenticationService implements IProtocolAuthenticationService {
    private static final Logger log = LoggerFactory.getLogger(ProtocolAuthenticationService.class);
    private static final String CONFIG_PROP_LOGGER_ON_INFO_LEVEL = "core.logging.level.info.errorcodes";
    private static final String TECH_LOG_MSG = "errorCode={} Message={}";

    @Autowired(required = true)
    private ApplicationContext applicationContext;

    @Autowired(required = true)
    private IAuthenticationManager authmanager;

    @Autowired(required = true)
    private IAuthenticationDataBuilder authDataBuilder;

    @Autowired(required = true)
    private IGuiBuilderConfigurationFactory guiConfigFactory;

    @Autowired(required = true)
    private IStatusMessenger statusMessager;

    @Autowired(required = true)
    private IRequestStorage requestStorage;

    @Autowired(required = true)
    IPendingRequestIdGenerationStrategy pendingReqIdGenerationStrategy;

    @Autowired
    private IConfiguration basicConfig;

    @Autowired(required = false)
    private ISsoManager ssoManager;

    @Autowired
    private IStatisticLogger statisticLogger;

    @Autowired
    private IRevisionLogger revisionsLogger;
    private IGuiFormBuilder guiBuilder;
    private final HashSet<String> logOnInfoLevel = new HashSet<>();

    public void performAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IRequest iRequest) throws IOException, EaafException {
        try {
            if (iRequest.isNeedAuthentication()) {
                ((RequestImpl) iRequest).setPendingRequestId(this.pendingReqIdGenerationStrategy.generateExternalPendingRequestId());
                if (iRequest.getServiceProviderConfiguration() == null) {
                    throw new EaafAuthenticationException("auth.00", new Object[]{iRequest.getSpEntityId()});
                }
                if (this.authmanager.doAuthentication(httpServletRequest, httpServletResponse, iRequest)) {
                    finalizeAuthentication(httpServletRequest, httpServletResponse, iRequest);
                    this.revisionsLogger.logEvent(1101, iRequest.getUniqueTransactionIdentifier());
                }
            } else {
                executeProtocolSpecificAction(httpServletRequest, httpServletResponse, iRequest, null);
            }
        } catch (Exception e) {
            buildProtocolSpecificErrorResponse(e, httpServletRequest, httpServletResponse, iRequest);
            this.authmanager.performOnlyIdpLogOut(httpServletRequest, httpServletResponse, iRequest);
        }
    }

    public void finalizeAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IRequest iRequest) throws EaafException, IOException {
        log.debug("Finalize PendingRequest with ID={} ", iRequest.getPendingRequestId());
        try {
            try {
                if (iRequest.isAbortedByUser()) {
                    buildProtocolSpecificErrorResponse(new EaafAuthenticationException("auth.21", new Object[0]), httpServletRequest, httpServletResponse, iRequest);
                } else if (!iRequest.isAuthenticated() || iRequest.isNeedUserConsent()) {
                    log.warn("PendingRequest flag for 'authenticated':{} and 'needConsent':{}", Boolean.valueOf(iRequest.isAuthenticated()), Boolean.valueOf(iRequest.isNeedUserConsent()));
                    if (iRequest.isNeedUserConsent()) {
                        log.error("PendingRequest NEEDS user-consent. Can NOT fininalize authentication --> Abort authentication process!");
                    } else {
                        log.error("PendingRequest is NOT authenticated --> Abort authentication process!");
                    }
                    handleErrorNoRedirect(new EaafException("auth.20", (Object[]) null), httpServletRequest, httpServletResponse, true);
                } else {
                    internalFinalizeAuthenticationProcess(httpServletRequest, httpServletResponse, iRequest);
                }
                this.requestStorage.removePendingRequest(iRequest.getPendingRequestId());
                this.revisionsLogger.logEvent(1101, iRequest.getUniqueTransactionIdentifier());
            } catch (Exception e) {
                log.info("Finalize authentication protocol FAILED. Reason: {}", e.getMessage());
                buildProtocolSpecificErrorResponse(e, httpServletRequest, httpServletResponse, iRequest);
                this.requestStorage.removePendingRequest(iRequest.getPendingRequestId());
                this.revisionsLogger.logEvent(1101, iRequest.getUniqueTransactionIdentifier());
            }
        } catch (Throwable th) {
            this.requestStorage.removePendingRequest(iRequest.getPendingRequestId());
            this.revisionsLogger.logEvent(1101, iRequest.getUniqueTransactionIdentifier());
            throw th;
        }
    }

    public void buildProtocolSpecificErrorResponse(Throwable th, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IRequest iRequest) throws EaafException, IOException {
        try {
            Class<?> cls = Class.forName(iRequest.requestedModule());
            if (cls == null || !IModulInfo.class.isAssignableFrom(cls)) {
                log.error("Requested protocol module Class is NULL or does not implement the IModulInfo interface.");
                throw new ClassCastException("Requested protocol module Class is NULL or does not implement the IModulInfo interface.");
            }
            if (((IModulInfo) this.applicationContext.getBean(cls)).generateErrorMessage(th, httpServletRequest, httpServletResponse, iRequest)) {
                logExceptionToTechnicalLog(th);
                this.statisticLogger.logErrorOperation(th, iRequest);
                this.revisionsLogger.logEvent(iRequest, 1103, iRequest.getUniqueTransactionIdentifier());
            } else {
                handleErrorNoRedirect(th, httpServletRequest, httpServletResponse, true);
            }
        } catch (Throwable th2) {
            handleErrorNoRedirect(th, httpServletRequest, httpServletResponse, true);
        }
    }

    public void handleErrorNoRedirect(Throwable th, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, EaafException {
        if (z) {
            this.statisticLogger.logErrorOperation(th);
        }
        logExceptionToTechnicalLog(th);
        if ((th instanceof EaafException) || (th instanceof ProcessExecutionException)) {
            internalMoaidExceptionHandler(httpServletRequest, httpServletResponse, (Exception) th, false);
        } else {
            writeHtmlErrorResponse(httpServletRequest, httpServletResponse, this.statusMessager.getMessage("internal.00", (Object[]) null), "9199", null, (Exception) th);
        }
    }

    public void forwardToErrorHandler(Pair<IRequest, Throwable> pair, String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws GuiBuildException {
        IGuiBuilderConfiguration evaluateRequiredErrorHandlingMethod = evaluateRequiredErrorHandlingMethod((IRequest) pair.getFirst(), str);
        if (evaluateRequiredErrorHandlingMethod != null) {
            log.trace("iFrame to parent hop requested. Building GUI step for error handling ... ");
            this.guiBuilder.build(httpServletRequest, httpServletResponse, evaluateRequiredErrorHandlingMethod, "iFrame-to-parent");
            return;
        }
        String generateErrorRedirectUrl = generateErrorRedirectUrl(httpServletRequest, str);
        httpServletResponse.setContentType("text/html");
        httpServletResponse.setStatus(302);
        httpServletResponse.addHeader("Location", generateErrorRedirectUrl);
        log.debug("REDIRECT TO: {}", generateErrorRedirectUrl);
    }

    public void setGuiBuilder(IGuiFormBuilder iGuiFormBuilder) {
        this.guiBuilder = iGuiFormBuilder;
    }

    protected void internalFinalizeAuthenticationProcess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IRequest iRequest) throws Exception {
        String str = null;
        if (iRequest.needSingleSignOnFunctionality()) {
            if (this.ssoManager != null) {
                str = this.ssoManager.createNewSsoSessionCookie(httpServletRequest, httpServletResponse, iRequest);
                if (StringUtils.isEmpty(iRequest.getInternalSsoSessionIdentifier())) {
                    this.ssoManager.createNewSsoSession(iRequest, str);
                }
            } else {
                log.warn("SSO is requested but there is not SSO Session-Manager available");
            }
        }
        IAuthData buildAuthenticationData = this.authDataBuilder.buildAuthenticationData(iRequest);
        SloInformationInterface executeProtocolSpecificAction = executeProtocolSpecificAction(httpServletRequest, httpServletResponse, iRequest, buildAuthenticationData);
        if (StringUtils.isNotEmpty(str)) {
            try {
                this.ssoManager.updateSsoSession(iRequest, str, executeProtocolSpecificAction);
            } catch (EaafSsoException e) {
                log.warn("SSO Session information can not be stored  -> SSO is not enabled!");
                this.authmanager.performOnlyIdpLogOut(httpServletRequest, httpServletResponse, iRequest);
            }
        } else {
            this.authmanager.performOnlyIdpLogOut(httpServletRequest, httpServletResponse, iRequest);
        }
        this.statisticLogger.logSuccessOperation(iRequest, buildAuthenticationData, StringUtils.isNotEmpty(str));
    }

    protected void logExceptionToTechnicalLog(Throwable th) {
        Throwable originalException = (!(th instanceof TaskExecutionException) || ((TaskExecutionException) th).getOriginalException() == null) ? th : ((TaskExecutionException) th).getOriginalException();
        if (!(originalException instanceof EaafException)) {
            log.error(TECH_LOG_MSG, new Object[]{"internal.00", originalException.getMessage(), originalException});
        } else if (this.logOnInfoLevel.contains(((EaafException) originalException).getErrorId())) {
            log.info(TECH_LOG_MSG, new Object[]{((EaafException) originalException).getErrorId(), originalException.getMessage(), originalException});
        } else {
            log.warn(TECH_LOG_MSG, new Object[]{((EaafException) originalException).getErrorId(), originalException.getMessage(), originalException});
        }
    }

    @PostConstruct
    private void initializer() {
        log.trace("Initializing {} ...", ProtocolAuthenticationService.class.getName());
        this.logOnInfoLevel.addAll(KeyValueUtils.getListOfCsvValues(this.basicConfig.getBasicConfiguration(CONFIG_PROP_LOGGER_ON_INFO_LEVEL)));
        log.info("Set errorCodes={} to LogLevel:INFO", String.join(",", this.logOnInfoLevel));
    }

    private SloInformationInterface executeProtocolSpecificAction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IRequest iRequest, IAuthData iAuthData) throws Exception {
        try {
            Class<?> cls = Class.forName(iRequest.requestedAction());
            if (cls != null && IAction.class.isAssignableFrom(cls)) {
                return ((IAction) this.applicationContext.getBean(cls)).processRequest(iRequest, httpServletRequest, httpServletResponse, iAuthData);
            }
            log.error("Requested protocol-action processing Class is NULL or does not implement the IAction interface.");
            throw new ClassCastException("Requested protocol-action processing Class is NULL or does not implement the IAction interface.");
        } catch (ClassNotFoundException e) {
            log.error("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.");
            throw new ClassNotFoundException("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.", e);
        }
    }

    private void writeHtmlErrorResponse(@NonNull HttpServletRequest httpServletRequest, @NonNull HttpServletResponse httpServletResponse, @NonNull String str, @NonNull String str2, @Nullable Object[] objArr, @NonNull Exception exc) throws EaafException {
        String[] strArr;
        try {
            ModifyableGuiBuilderConfiguration defaultErrorGui = this.guiConfigFactory.getDefaultErrorGui(HttpUtils.extractAuthUrlFromRequest(httpServletRequest));
            if (objArr == null) {
                strArr = new String[0];
            } else {
                strArr = new String[objArr.length];
                for (int i = 0; i < objArr.length; i++) {
                    if (objArr[i] != null) {
                        strArr[i] = objArr[i].toString();
                    } else {
                        strArr[i] = "null";
                    }
                }
            }
            if (defaultErrorGui instanceof ModifyableGuiBuilderConfiguration) {
                defaultErrorGui.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, "errorMsg", str);
                defaultErrorGui.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, "errorCode", str2);
                defaultErrorGui.putCustomParameterWithOutEscaption(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, "errorParams", ArrayUtils.toString(strArr));
                if (log.isTraceEnabled()) {
                    defaultErrorGui.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, "stacktrace", getStacktraceFromException(exc));
                }
            } else {
                log.info("Can not ADD error message, because 'GUIBuilderConfiguration' is not modifieable ");
            }
            this.guiBuilder.build(httpServletRequest, httpServletResponse, defaultErrorGui, "Error-Message");
        } catch (GuiBuildException e) {
            log.warn("Can not build error-message GUI.", e);
            throw new EaafException("9199", (Object[]) null, e);
        }
    }

    private String getStacktraceFromException(Exception exc) {
        StringWriter stringWriter = new StringWriter();
        exc.printStackTrace(new PrintWriter(stringWriter));
        return stringWriter.toString();
    }

    private void internalMoaidExceptionHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Exception exc, boolean z) throws IOException, EaafException {
        if (exc instanceof ProtocolNotActiveException) {
            httpServletResponse.getWriter().write(exc.getMessage());
            httpServletResponse.setContentType("text/html; charset=UTF-8");
            httpServletResponse.sendError(403, StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(exc.getMessage())));
            return;
        }
        if (exc instanceof AuthnRequestValidatorException) {
            AuthnRequestValidatorException authnRequestValidatorException = (AuthnRequestValidatorException) exc;
            if (z) {
                this.statisticLogger.logErrorOperation(authnRequestValidatorException, authnRequestValidatorException.getErrorRequest());
            }
            writeHtmlErrorResponse(httpServletRequest, httpServletResponse, exc.getMessage(), this.statusMessager.getResponseErrorCode(exc), null, exc);
            return;
        }
        if (exc instanceof InvalidProtocolRequestException) {
            writeHtmlErrorResponse(httpServletRequest, httpServletResponse, exc.getMessage(), this.statusMessager.getResponseErrorCode(exc), null, exc);
            return;
        }
        if (exc instanceof ConfigurationException) {
            writeHtmlErrorResponse(httpServletRequest, httpServletResponse, exc.getMessage(), this.statusMessager.getResponseErrorCode(exc), null, exc);
        } else if (exc instanceof EaafException) {
            writeHtmlErrorResponse(httpServletRequest, httpServletResponse, exc.getMessage(), this.statusMessager.getResponseErrorCode(exc), ((EaafException) exc).getParams(), exc);
        } else if (exc instanceof ProcessExecutionException) {
            writeHtmlErrorResponse(httpServletRequest, httpServletResponse, exc.getMessage(), this.statusMessager.getResponseErrorCode(exc), null, exc);
        }
    }

    private IGuiBuilderConfiguration evaluateRequiredErrorHandlingMethod(IRequest iRequest, String str) {
        if (iRequest == null || !iRequest.isProcessInIframe()) {
            return null;
        }
        return this.guiConfigFactory.getDefaultIFrameParentHopGui(iRequest, "/errorHandling", str);
    }

    private String generateErrorRedirectUrl(HttpServletRequest httpServletRequest, String str) {
        return ServletUtils.getBaseUrl(httpServletRequest) + "/errorHandling?errorid=" + str;
    }
}
