package at.gv.egiz.eaaf.core.impl.idp.validation;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.exceptions.EaafSecurityException;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import jakarta.annotation.Nonnull;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.UUID;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.util.WebUtils;

/* loaded from: input_file:at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.class */
public class CookieBasedRequestValidator implements IHttpRequestValidator {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CookieBasedRequestValidator.class);
    public static final String HTTP_COOKIE_SEC = "eaafSession";
    public static final String COOKIE_SAME_SITE_ATTR = "SameSite";

    @Override // at.gv.egiz.eaaf.core.impl.idp.validation.IHttpRequestValidator
    public void setValidationInfos(@Nonnull HttpServletResponse httpServletResponse, @Nonnull IRequest iRequest) throws EaafSecurityException {
        try {
            log.debug("Injecting authentication-process HTTP cookie ... ");
            String str = (String) iRequest.getRawData(HTTP_COOKIE_SEC, String.class);
            String uuid = StringUtils.isNotEmpty(str) ? str : UUID.randomUUID().toString();
            httpServletResponse.addCookie(generatePendingRequestIdCookie(uuid, iRequest));
            iRequest.setRawDataToTransaction(HTTP_COOKIE_SEC, uuid);
        } catch (MalformedURLException | EaafStorageException e) {
            throw new EaafSecurityException("process.81", e);
        }
    }

    @Override // at.gv.egiz.eaaf.core.impl.idp.validation.IHttpRequestValidator
    public void validate(@Nonnull HttpServletRequest httpServletRequest, @Nonnull IRequest iRequest) throws EaafSecurityException {
        String str = (String) iRequest.getRawData(HTTP_COOKIE_SEC, String.class);
        if (!StringUtils.isNotEmpty(str)) {
            log.debug("No stored authentication-process HTTP cookie. Skipping validation ... ");
            return;
        }
        Cookie cookie = WebUtils.getCookie(httpServletRequest, HTTP_COOKIE_SEC);
        if (cookie == null || !str.equals(cookie.getValue())) {
            log.info("Stored authentication-process-Id:{} does not match to Id from HTTP cookie:{}", str, cookie != null ? cookie.getValue() : " ---no cookie---");
            throw new EaafSecurityException("process.80");
        }
        log.trace("Stored authentication-process HTTP cookie matches. Resume process ... ");
    }

    private Cookie generatePendingRequestIdCookie(String str, IRequest iRequest) throws MalformedURLException {
        Cookie cookie = new Cookie(HTTP_COOKIE_SEC, str);
        cookie.setHttpOnly(true);
        cookie.setSecure(true);
        cookie.setPath(new URL(iRequest.getAuthUrlWithOutSlash()).getPath());
        cookie.setAttribute(COOKIE_SAME_SITE_ATTR, "None");
        return cookie;
    }
}
