package at.gv.egiz.eaaf.modules.auth.sl20.tasks;

import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.utils.DataUrlBuilder;
import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
import at.gv.egiz.eaaf.modules.auth.sl20.Constants;
import at.gv.egiz.eaaf.modules.auth.sl20.EventCodes;
import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20VdaResponseException;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.IJoseTools;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.JsonMapper;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20ResponseUtils;
import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.JsonNode;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.jose4j.base64url.Base64Url;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.class */
public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(AbstractReceiveQualEidTask.class);

    @Autowired(required = true)
    private IJoseTools joseTools;

    /* JADX WARN: Type inference failed for: r0v102, types: [java.lang.Throwable, at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20VdaResponseException] */
    public void execute(ExecutionContext executionContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws TaskExecutionException {
        String str;
        try {
            log.debug("Receiving SL2.0 response process .... ");
            try {
                try {
                    try {
                        str = (String) getParameters(httpServletRequest).get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM);
                        if (StringUtils.isEmpty(str)) {
                            String readStream = StreamUtils.readStream(httpServletRequest.getInputStream(), "UTF-8");
                            if (!StringUtils.isNotEmpty(readStream)) {
                                log.info("NO SL2.0 commando or result FOUND.");
                                throw new SL20Exception("sl20.04", null);
                            }
                            log.info("Use SIC Handy-Signature work-around!");
                            str = readStream.substring("slcommand=".length());
                        }
                        log.trace("Received SL2.0 result: " + str);
                        this.revisionsLogger.logEvent(this.pendingReq, EventCodes.AUTHPROCESS_SL20_DATAURL_IP, httpServletRequest.getRemoteAddr());
                    } catch (Throwable th) {
                        this.requestStoreage.storePendingRequest(this.pendingReq);
                        if (0 != 0) {
                            SL20ResponseUtils.buildResponse(httpServletRequest, httpServletResponse, this.pendingReq, new DataUrlBuilder().buildDataUrl(this.pendingReq.getAuthUrl(), getResumeEndPoint(), this.pendingReq.getPendingRequestId()), SL20JsonExtractorUtils.getStringValue(null, SL20Constants.SL20_TRANSACTIONID, false), this.authConfig);
                        } else {
                            SL20ResponseUtils.buildErrorResponse(httpServletResponse, "2000", "General transport Binding error");
                        }
                        throw th;
                    }
                } catch (EaafAuthenticationException e) {
                    if (0 != 0) {
                        log.debug("Received SL2.0 result: " + ((String) null));
                    }
                    this.pendingReq.setRawDataToTransaction("SL20_AUTH_error", new TaskExecutionException(this.pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e));
                    this.requestStoreage.storePendingRequest(this.pendingReq);
                    if (0 != 0) {
                        SL20ResponseUtils.buildResponse(httpServletRequest, httpServletResponse, this.pendingReq, new DataUrlBuilder().buildDataUrl(this.pendingReq.getAuthUrl(), getResumeEndPoint(), this.pendingReq.getPendingRequestId()), SL20JsonExtractorUtils.getStringValue(null, SL20Constants.SL20_TRANSACTIONID, false), this.authConfig);
                    } else {
                        SL20ResponseUtils.buildErrorResponse(httpServletResponse, "2000", "General transport Binding error");
                    }
                }
            } catch (Exception e2) {
                if (0 != 0) {
                    log.debug("Received SL2.0 result: " + ((String) null));
                }
                this.pendingReq.setRawDataToTransaction("SL20_AUTH_error", new TaskExecutionException(this.pendingReq, e2.getMessage(), e2));
                this.requestStoreage.storePendingRequest(this.pendingReq);
                if (0 != 0) {
                    SL20ResponseUtils.buildResponse(httpServletRequest, httpServletResponse, this.pendingReq, new DataUrlBuilder().buildDataUrl(this.pendingReq.getAuthUrl(), getResumeEndPoint(), this.pendingReq.getPendingRequestId()), SL20JsonExtractorUtils.getStringValue(null, SL20Constants.SL20_TRANSACTIONID, false), this.authConfig);
                } else {
                    SL20ResponseUtils.buildErrorResponse(httpServletResponse, "2000", "General transport Binding error");
                }
            }
            try {
                JsonNode readTree = new JsonMapper().getMapper().readTree(Base64Url.decodeToUtf8String(str));
                log.info("Receive response from A-Trust. Starting response-message validation ... ");
                VerificationResult extractSL20PayLoad = SL20JsonExtractorUtils.extractSL20PayLoad(readTree, this.joseTools, false);
                if (SL20JsonExtractorUtils.getStringValue(extractSL20PayLoad.getPayload(), SL20Constants.SL20_COMMAND_CONTAINER_NAME, true).equals(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR)) {
                    log.debug("Find error result .... ");
                    JsonNode extractSL20Result = SL20JsonExtractorUtils.extractSL20Result(extractSL20PayLoad.getPayload(), this.joseTools, false);
                    String stringValue = SL20JsonExtractorUtils.getStringValue(extractSL20Result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true);
                    String stringValue2 = SL20JsonExtractorUtils.getStringValue(extractSL20Result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, false);
                    ?? sL20VdaResponseException = new SL20VdaResponseException("sl20.08", new Object[]{stringValue, stringValue2});
                    log.info("Receiving errorcode: {} with msg: {} from VDA! Stopping auth-process ... ", stringValue, stringValue2);
                    String stringValue3 = SL20JsonExtractorUtils.getStringValue(extractSL20Result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERROR_VDASESSIONID, false);
                    if (StringUtils.isNotEmpty(stringValue3)) {
                        log.debug("VDA provides an optional sessionId. Inject it to internal error-holder ");
                        sL20VdaResponseException.setVdaSessionId(stringValue3);
                    }
                    throw sL20VdaResponseException;
                }
                String str2 = (String) this.pendingReq.getRawData("SL20_AUTH_reqID", String.class);
                String stringValue4 = SL20JsonExtractorUtils.getStringValue(readTree, SL20Constants.SL20_INRESPTO, true);
                if (str2 == null || !str2.equals(stringValue4)) {
                    log.info("SL20 'reqId': " + str2 + " does NOT match to 'inResponseTo':" + stringValue4);
                    throw new SL20SecurityException("SL20 'reqId': " + str2 + " does NOT match to 'inResponseTo':" + stringValue4);
                }
                VerificationResult extractSL20PayLoad2 = SL20JsonExtractorUtils.extractSL20PayLoad(readTree, this.joseTools, this.authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
                if (extractSL20PayLoad2.isValidSigned() == null || !extractSL20PayLoad2.isValidSigned().booleanValue()) {
                    if (this.authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
                        log.info("SL20 result from VDA was not valid signed");
                        throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."});
                    }
                    log.warn("SL20 result from VDA is NOT valid signed, but signatures-verification is DISABLED by configuration!");
                }
                handleResponsePayLoad(extractSL20PayLoad2.getPayload());
                this.requestStoreage.storePendingRequest(this.pendingReq);
                if (readTree != null) {
                    SL20ResponseUtils.buildResponse(httpServletRequest, httpServletResponse, this.pendingReq, new DataUrlBuilder().buildDataUrl(this.pendingReq.getAuthUrl(), getResumeEndPoint(), this.pendingReq.getPendingRequestId()), SL20JsonExtractorUtils.getStringValue(readTree, SL20Constants.SL20_TRANSACTIONID, false), this.authConfig);
                } else {
                    SL20ResponseUtils.buildErrorResponse(httpServletResponse, "2000", "General transport Binding error");
                }
            } catch (JsonParseException e3) {
                log.error("SL2.0 command or result is NOT valid JSON. Received msg: {}", str, e3);
                throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e3);
            }
        } catch (Exception e4) {
            log.warn("Can NOT build SL2.0 response. Reason: " + e4.getMessage(), e4);
            if (0 != 0) {
                log.debug("Received SL2.0 result: " + ((String) null));
            }
            try {
                httpServletResponse.sendError(500, "Internal Server Error.");
            } catch (IOException e5) {
                log.error("Can NOT send error message. SOMETHING IS REALY WRONG!", e4);
            }
        }
    }

    protected abstract void handleResponsePayLoad(JsonNode jsonNode) throws SlCommandoParserException, SL20Exception, EaafStorageException;

    protected abstract String getResumeEndPoint();
}
