package at.gv.egiz.eaaf.modules.auth.sl20.tasks;

import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
import at.gv.egiz.eaaf.modules.auth.sl20.Constants;
import at.gv.egiz.eaaf.modules.auth.sl20.EventCodes;
import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.io.Serializable;
import java.net.SocketException;
import java.net.SocketTimeoutException;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.StopWatch;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.jose4j.base64url.Base64Url;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.i18n.LocaleContextHolder;

/* loaded from: input_file:at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.class */
public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServletTask {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(AbstractCreateQualEidRequestTask.class);
    private static final String FRIENDLYNAME_HTTP_CLIENT = "A-Trust Client";

    @Autowired(required = true)
    private IHttpClientFactory httpClientFactory;

    @Autowired(required = true)
    protected IConfigurationWithSP authConfigWithSp;

    public void execute(ExecutionContext executionContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws TaskExecutionException {
        log.debug("Starting SL2.0 authentication process .... ");
        this.revisionsLogger.logEvent(this.pendingReq, EventCodes.AUTHPROCESS_SL20_SELECTED, "sl20auth");
        try {
            try {
                try {
                    try {
                        ISpConfiguration serviceProviderConfiguration = this.pendingReq.getServiceProviderConfiguration();
                        if (serviceProviderConfiguration == null) {
                            log.warn("No SP configuration in pendingReq!");
                            throw new RuntimeException("Suspect state. NO SP CONFIGURATION IN PendingRequest!");
                        }
                        String extractVdaUrlForSpecificOa = extractVdaUrlForSpecificOa(serviceProviderConfiguration, executionContext);
                        if (StringUtils.isEmpty(extractVdaUrlForSpecificOa)) {
                            log.error("NO VDA URL for qualified eID (modules.sl20.vda.urls.qualeID.default)");
                            throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"});
                        }
                        log.debug("Use {} as VDA end-point", extractVdaUrlForSpecificOa);
                        this.pendingReq.setRawDataToTransaction("SL20_AUTH_EID-CCS-URL", extractVdaUrlForSpecificOa);
                        this.revisionsLogger.logEvent(this.pendingReq, EventCodes.AUTHPROCESS_SL20_ENDPOINT_URL, extractVdaUrlForSpecificOa);
                        String buildSignedQualifiedEidCommand = buildSignedQualifiedEidCommand();
                        String nextProcessReferenceValue = Random.nextProcessReferenceValue();
                        ObjectNode createGenericRequest = SL20JsonBuilderUtils.createGenericRequest(nextProcessReferenceValue, this.pendingReq.getUniqueTransactionIdentifier(), null, buildSignedQualifiedEidCommand);
                        HttpPost httpPost = new HttpPost(new URIBuilder(extractVdaUrlForSpecificOa).build());
                        ArrayList arrayList = new ArrayList();
                        arrayList.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(createGenericRequest.toString().getBytes(StandardCharsets.UTF_8))));
                        injectAdditionalSL20RequestParams(arrayList, executionContext, httpServletRequest);
                        httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
                        httpPost.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE);
                        log.trace("Request VDA via SL20 with: {}", Base64Url.encode(createGenericRequest.toString().getBytes(StandardCharsets.UTF_8)));
                        StopWatch createStarted = StopWatch.createStarted();
                        log.info("Requesting {} for authentication ... ", FRIENDLYNAME_HTTP_CLIENT);
                        SL20HttpBindingUtils.Sl20ResponseHolder sl20ResponseHolder = (SL20HttpBindingUtils.Sl20ResponseHolder) this.httpClientFactory.getHttpClient(false).execute(httpPost, SL20HttpBindingUtils.sl20ResponseHandler());
                        createStarted.stop();
                        log.info("Respone from {} received after: {}[ms] with statusCode: {}", new Object[]{FRIENDLYNAME_HTTP_CLIENT, Long.valueOf(createStarted.getTime(TimeUnit.MILLISECONDS)), Integer.valueOf(sl20ResponseHolder.getResponseStatus().getStatusCode())});
                        if (sl20ResponseHolder.getError() != null) {
                            log.info("Basic SL2.0 response processing has an error. HTTP-StatusCode: {}  ErrorMsg: {}", Integer.valueOf(sl20ResponseHolder.getResponseStatus().getStatusCode()), sl20ResponseHolder.getError().getMessage());
                            throw sl20ResponseHolder.getError();
                        }
                        log.info("Receive response from VDA ... ");
                        VerificationResult extractSL20PayLoad = SL20JsonExtractorUtils.extractSL20PayLoad(sl20ResponseHolder.getResponseBody(), null, false);
                        if (extractSL20PayLoad.isValidSigned() == null) {
                            log.debug("Receive unsigned payLoad from VDA");
                        }
                        JsonNode payload = extractSL20PayLoad.getPayload();
                        if (!payload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).asText().equals(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT)) {
                            if (!payload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).asText().equals(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR)) {
                                log.warn("Received an unrecognized command: " + payload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).asText());
                                throw new SlCommandoParserException("Received an unrecognized command: " + payload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).toString());
                            }
                            JsonNode jsonObjectValue = SL20JsonExtractorUtils.getJsonObjectValue(payload, SL20Constants.SL20_COMMAND_CONTAINER_RESULT, false);
                            if (jsonObjectValue == null) {
                                jsonObjectValue = SL20JsonExtractorUtils.getJsonObjectValue(payload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, false);
                            }
                            String stringValue = SL20JsonExtractorUtils.getStringValue(jsonObjectValue, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true);
                            String stringValue2 = SL20JsonExtractorUtils.getStringValue(jsonObjectValue, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true);
                            log.info("Receive SL2.0 error. Code:" + stringValue + " Msg:" + stringValue2);
                            throw new SL20Exception("sl20.08", new Object[]{stringValue, stringValue2});
                        }
                        log.debug("Find 'redirect' command in VDA response ... ");
                        JsonNode jsonObjectValue2 = SL20JsonExtractorUtils.getJsonObjectValue(payload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, true);
                        String stringValue3 = SL20JsonExtractorUtils.getStringValue(jsonObjectValue2, "url", true);
                        JsonNode jsonObjectValue3 = SL20JsonExtractorUtils.getJsonObjectValue(jsonObjectValue2, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, false);
                        String stringValue4 = SL20JsonExtractorUtils.getStringValue(jsonObjectValue2, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false);
                        ObjectNode deepCopy = sl20ResponseHolder.getResponseBody().deepCopy();
                        SL20JsonBuilderUtils.addOnlyOnceOfTwo(deepCopy, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, jsonObjectValue3.deepCopy(), stringValue4);
                        this.pendingReq.setRawDataToTransaction("SL20_AUTH_reqID", nextProcessReferenceValue);
                        this.requestStoreage.storePendingRequest(this.pendingReq);
                        SL20HttpBindingUtils.writeIntoResponse(httpServletRequest, httpServletResponse, deepCopy, stringValue3, Integer.parseInt(this.authConfig.getBasicConfiguration(Constants.CONFIG_PROP_HTTP_REDIRECT_CODE, Constants.CONFIG_PROP_HTTP_REDIRECT_CODE_DEFAULT_VALUE)));
                        TransactionIdUtils.removeTransactionId();
                        TransactionIdUtils.removeSessionId();
                    } catch (Exception e) {
                        log.warn("SL2.0 Authentication FAILED with a generic error.", e);
                        throw new TaskExecutionException(this.pendingReq, e.getMessage(), e);
                    }
                } catch (EaafAuthenticationException e2) {
                    throw new TaskExecutionException(this.pendingReq, "SL2.0 Authentication FAILED. Msg: " + e2.getMessage(), e2);
                }
            } catch (SocketException | SocketTimeoutException e3) {
                log.error("SL2.0 Authentication has a VDA connector error. Endpoint: {}", (Object) null, e3);
                throw new TaskExecutionException(this.pendingReq, e3.getMessage(), new SL20Exception("sl20.02", new Object[]{e3.getMessage()}, e3));
            }
        } catch (Throwable th) {
            TransactionIdUtils.removeTransactionId();
            TransactionIdUtils.removeSessionId();
            throw th;
        }
    }

    protected void injectAdditionalSL20RequestParams(List<NameValuePair> list, ExecutionContext executionContext, HttpServletRequest httpServletRequest) {
        SL20Constants.VdaAuthMethod vdaAuthMethodFromContext = getVdaAuthMethodFromContext(executionContext);
        if (vdaAuthMethodFromContext != null) {
            log.debug("Request VDA with authType: {}", vdaAuthMethodFromContext);
            list.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_AUTH_METHOD_PARAM, vdaAuthMethodFromContext.getAuthMethod()));
        }
        String vdaSessionIdFromContext = getVdaSessionIdFromContext(executionContext);
        if (vdaSessionIdFromContext != null) {
            log.trace("Request VDA with sessionId: {}", vdaSessionIdFromContext);
            list.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_AUTH_VDA_SESSIONID, vdaSessionIdFromContext));
        }
        Locale locale = LocaleContextHolder.getLocale();
        String language = locale.getLanguage();
        if (!StringUtils.isNotEmpty(language)) {
            log.info("Find i18n context, but Language is UNKNOWN. It will be ignored");
        } else {
            log.trace("Find i18n context). Inject locale: {} into VDA request", locale.getLanguage());
            list.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_AUTH_VDA_LOCALE, language.toUpperCase(locale)));
        }
    }

    protected abstract String getAuthMethodContextParamKey();

    protected abstract String buildSignedQualifiedEidCommand() throws CertificateEncodingException, SL20Exception;

    private SL20Constants.VdaAuthMethod getVdaAuthMethodFromContext(ExecutionContext executionContext) {
        Serializable serializable = executionContext.get(getAuthMethodContextParamKey());
        if (!(serializable instanceof String)) {
            return null;
        }
        log.trace("Find authMethod parameter: {} on context", serializable);
        return SL20Constants.VdaAuthMethod.fromString((String) serializable);
    }

    private String getVdaSessionIdFromContext(ExecutionContext executionContext) {
        Serializable serializable = executionContext.get(SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERROR_VDASESSIONID);
        if (!(serializable instanceof String) || !StringUtils.isNotEmpty((CharSequence) serializable)) {
            return null;
        }
        executionContext.remove(SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERROR_VDASESSIONID);
        log.trace("Find vdaSessionId parameter: {} on context", serializable);
        return (String) serializable;
    }

    private String extractVdaUrlForSpecificOa(ISpConfiguration iSpConfiguration, ExecutionContext executionContext) {
        String configurationValue = iSpConfiguration.getConfigurationValue(Constants.CONFIG_PROP_SP_SL20_ENDPOINT_LIST);
        Map basicConfigurationWithPrefix = this.authConfigWithSp.getBasicConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
        basicConfigurationWithPrefix.put(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT, this.authConfig.getBasicConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT));
        if (StringUtils.isNotEmpty(configurationValue)) {
            basicConfigurationWithPrefix.putAll(KeyValueUtils.convertListToMap(KeyValueUtils.getListOfCsvValues(KeyValueUtils.normalizeCsvValueString(configurationValue))));
            log.debug("Find OA specific SL2.0 endpoints. Updating endPoint list ... ");
        }
        log.trace("Find #" + basicConfigurationWithPrefix.size() + " SL2.0 endpoints ... ");
        String str = (String) executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
        if (StringUtils.isNotEmpty(str)) {
            String str2 = (String) basicConfigurationWithPrefix.get(str);
            if (StringUtils.isNotEmpty(str2)) {
                return str2.trim();
            }
            log.info("Can NOT find VDA with Id: " + str + ". Use default VDA");
        }
        log.info("NO specific VDA endpoint requested or found. Use default VDA");
        return (String) basicConfigurationWithPrefix.get(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT);
    }
}
