package at.gv.egiz.eaaf.core.impl.idp.auth;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.IRequestStorage;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
import at.gv.egiz.eaaf.core.api.idp.auth.ISsoManager;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.EaafSsoException;
import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
import at.gv.egiz.eaaf.core.impl.utils.ArrayUtils;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.text.StringEscapeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;

/* loaded from: input_file:at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.class */
public abstract class AbstractAuthenticationManager implements IAuthenticationManager {
    private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationManager.class);
    private static List<String> reqParameterWhiteListeForModules = new ArrayList();
    private static List<String> reqHeaderWhiteListeForModules = new ArrayList();
    public static final String MOA_SESSION = "MoaAuthenticationSession";
    public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
    public static final int SLOTIMEOUT = 30000;

    @Autowired
    private ApplicationContext ctx;

    @Autowired(required = true)
    protected IConfiguration authConfig;

    @Autowired(required = true)
    private ProcessEngine processEngine;

    @Autowired(required = true)
    private IRequestStorage requestStoreage;

    @Autowired(required = true)
    protected IRevisionLogger revisionsLogger;

    @Autowired(required = false)
    protected ISsoManager ssoManager;
    ModuleRegistration moduleRegistration;

    @PostConstruct
    private void initializer() {
        this.moduleRegistration = (ModuleRegistration) this.ctx.getBean(ModuleRegistration.class);
    }

    public static final void addParameterNameToWhiteList(String str) {
        if (StringUtils.isNotEmpty(str)) {
            reqParameterWhiteListeForModules.add(str);
        }
    }

    public static final void addHeaderNameToWhiteList(String str) {
        if (StringUtils.isNotEmpty(str)) {
            reqHeaderWhiteListeForModules.add(str.toLowerCase());
        }
    }

    public final boolean doAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IRequest iRequest) throws EaafException {
        if (!(iRequest instanceof RequestImpl)) {
            log.error("Requests that need authentication MUST be of type 'RequestImpl'");
            throw new RuntimeException("Requests that need authentication HAS TO BE of type 'RequestImpl'");
        }
        TransactionIdUtils.setServiceProviderId(iRequest.getServiceProviderConfiguration().getUniqueIdentifier());
        this.revisionsLogger.logEvent(iRequest, 4003, iRequest.getSpEntityId());
        if (iRequest.isPassiv() && iRequest.forceAuth()) {
            throw new NoPassivAuthenticationException();
        }
        boolean z = false;
        if (this.ssoManager != null) {
            log.trace("SSOManager is loaded. Starting SSO session validation ... ");
            this.ssoManager.isSsoAllowedForSp(iRequest, httpServletRequest);
            z = this.ssoManager.checkAndValidateSsoSession(iRequest, httpServletRequest, httpServletResponse) && iRequest.needSingleSignOnFunctionality();
        }
        if (iRequest.forceAuth()) {
            startAuthenticationProcess(httpServletRequest, (RequestImpl) iRequest);
            return false;
        }
        if (z && iRequest.isNeedUserConsent()) {
            sendSingleSignOnConsentsEvaluation((RequestImpl) iRequest);
            return false;
        }
        if (iRequest.isPassiv()) {
            if (!z || !StringUtils.isNotEmpty(iRequest.getInternalSsoSessionIdentifier())) {
                throw new NoPassivAuthenticationException();
            }
            this.ssoManager.populatePendingRequestWithSsoInformation(iRequest);
            this.revisionsLogger.logEvent(iRequest, 4001);
            return true;
        }
        if (!z || !StringUtils.isNotEmpty(iRequest.getInternalSsoSessionIdentifier())) {
            startAuthenticationProcess(httpServletRequest, (RequestImpl) iRequest);
            return false;
        }
        this.ssoManager.populatePendingRequestWithSsoInformation(iRequest);
        this.revisionsLogger.logEvent(iRequest, 4001);
        return true;
    }

    public final void performOnlyIdpLogOut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IRequest iRequest) {
        log.debug("Close session. Remove pending request ... ");
        this.requestStoreage.removePendingRequest(iRequest.getPendingRequestId());
        if (this.ssoManager != null) {
            try {
                log.trace("'SSOManager' active. Search for active SSO sessions ...  ");
                if (this.ssoManager.destroySsoSessionOnIdpOnly(httpServletRequest, httpServletResponse, iRequest)) {
                    log.info("SSO session successfully closed");
                } else {
                    log.info("Closing SSO session NOT successfully");
                }
            } catch (EaafSsoException e) {
                log.warn("Destroying of SSO session FAILED. Reason: " + e.getMessage(), e);
            }
        }
    }

    /* JADX WARN: Type inference failed for: r2v14, types: [java.security.cert.X509Certificate[], java.io.Serializable] */
    private void startAuthenticationProcess(HttpServletRequest httpServletRequest, RequestImpl requestImpl) throws EaafException {
        log.info("Starting authentication ...");
        this.revisionsLogger.logEvent(requestImpl, 4000);
        ExecutionContextImpl executionContextImpl = new ExecutionContextImpl();
        executionContextImpl.put("PARAMS_uniqueSPId", requestImpl.getServiceProviderConfiguration().getUniqueIdentifier());
        if (httpServletRequest.getAttribute("javax.servlet.request.X509Certificate") != null) {
            log.debug("Find SSL-client-certificate on request --> Add it to context");
            executionContextImpl.put("PARAMS_holderofkey_cert", (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate"));
            requestImpl.setRawDataToTransaction("PARAMS_holderofkey_cert", httpServletRequest.getAttribute("javax.servlet.request.X509Certificate"));
        }
        if (!reqParameterWhiteListeForModules.isEmpty()) {
            Enumeration parameterNames = httpServletRequest.getParameterNames();
            while (parameterNames.hasMoreElements()) {
                String str = (String) parameterNames.nextElement();
                if (StringUtils.isNotEmpty(str) && reqParameterWhiteListeForModules.contains(str)) {
                    executionContextImpl.put(str, StringEscapeUtils.escapeHtml4(httpServletRequest.getParameter(str)));
                }
            }
        }
        if (!reqHeaderWhiteListeForModules.isEmpty()) {
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String str2 = (String) headerNames.nextElement();
                if (StringUtils.isNotEmpty(str2) && ArrayUtils.containsCaseInsensitive(str2, reqHeaderWhiteListeForModules)) {
                    executionContextImpl.put(str2.toLowerCase(), StringEscapeUtils.escapeHtml4(httpServletRequest.getHeader(str2)));
                }
            }
        }
        populateExecutionContext(executionContextImpl, requestImpl, httpServletRequest);
        startProcessEngine(requestImpl, executionContextImpl);
    }

    protected abstract void populateExecutionContext(ExecutionContext executionContext, RequestImpl requestImpl, HttpServletRequest httpServletRequest) throws EaafException;

    private void sendSingleSignOnConsentsEvaluation(RequestImpl requestImpl) throws EaafException {
        log.debug("Starting SSO user-consents evaluation ...");
        requestImpl.setAuthenticated(false);
        ExecutionContextImpl executionContextImpl = new ExecutionContextImpl();
        executionContextImpl.put("ssoconsentsevaluation", true);
        startProcessEngine(requestImpl, executionContextImpl);
    }

    private void startProcessEngine(RequestImpl requestImpl, ExecutionContext executionContext) throws EaafException {
        EaafException cause;
        try {
            executionContext.put("PARAMS_pendingid", requestImpl.getPendingRequestId());
            String selectProcess = this.moduleRegistration.selectProcess(executionContext, requestImpl);
            if (selectProcess == null) {
                log.warn("No suitable process found for PendingReqId " + requestImpl.getPendingRequestId());
                throw new EaafException("process.02", (Object[]) null);
            }
            requestImpl.setProcessInstanceId(this.processEngine.createProcessInstance(selectProcess, executionContext));
            this.requestStoreage.storePendingRequest(requestImpl);
            this.processEngine.start(requestImpl);
        } catch (ProcessExecutionException e) {
            Throwable cause2 = e.getCause();
            if (cause2 == null || !(cause2 instanceof TaskExecutionException) || (cause = cause2.getCause()) == null || !(cause instanceof EaafException)) {
                throw new EaafException("process.01", new Object[]{requestImpl.getProcessInstanceId(), requestImpl.getPendingRequestId()}, e);
            }
            EaafException eaafException = cause;
            log.warn(cause.getMessage(), cause);
            throw eaafException;
        }
    }
}
