package de.governikus.autent.eudiwallet.relyingparty.controller;

import com.authlete.sd.SDJWT;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.jwk.Curve;
import de.governikus.autent.eudiwallet.mdl.verifier.MdocResponseParser;
import de.governikus.autent.eudiwallet.mdl.verifier.ParsedMdocResponse;
import de.governikus.autent.eudiwallet.relyingparty.cache.WorkflowSessionCache;
import de.governikus.autent.eudiwallet.relyingparty.constants.CredentialFormat;
import de.governikus.autent.eudiwallet.relyingparty.constants.LevelOfAssurance;
import de.governikus.autent.eudiwallet.relyingparty.constants.WorkflowState;
import de.governikus.autent.eudiwallet.relyingparty.helper.JwtDecryption;
import de.governikus.autent.eudiwallet.relyingparty.helper.RelyingPartyHelper;
import de.governikus.autent.eudiwallet.relyingparty.helper.SdJwtHandler;
import de.governikus.autent.eudiwallet.relyingparty.model.WorkflowSessionModel;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import org.apache.coyote.BadRequestException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.util.MultiValueMap;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.util.UriComponentsBuilder;

@RequestMapping({"/"})
@Controller
/* loaded from: input_file:BOOT-INF/classes/de/governikus/autent/eudiwallet/relyingparty/controller/TestClientController.class */
public class TestClientController {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) TestClientController.class);
    public static final String METADATA = "/wallet/.well-known/metadata";
    public static final String JWKS = "/jwks";
    public static final String AUTH_REQUEST = "/rp-auth-request";
    public static final String AUTH_REQUEST_BY_QR_CODE = "/rp-auth-request-cross-browser";
    public static final String AUTH_RESPONSE = "/rp-auth-response";
    public static final String SUCCESS_SCREEN = "/success";
    public static final String ERROR_RESPONSE_SCREEN = "/error-response";
    public static final String WORKFLOW_STATE = "/workflow-state";
    public static final String VP_TOKEN_NAME = "vp_token";
    public static final String STATE_NAME = "state";
    public static final String REQUEST_PARAMETER_LOA = "loa";
    public static final String REQUEST_PARAMETER_FORMAT = "format";
    public static final String RESPONSE_CODE_PARAMETER = "response_code";
    private static final String MAIN_PAGE = "/";
    private static final String START_PAGE = "/start";
    private static final String MEMBERSHIP_PAGE = "/membership";
    private static final String REGISTER_AS_INTERESTED_PAGE = "/register-as-interested";
    private final WorkflowSessionCache workflowSessionCache;
    private final RelyingPartyHelper rpHelper;

    @Value("${rp.open.wallet.url}")
    private String OPEN_WALLET_URL;

    @GetMapping({"/"})
    public ModelAndView loadPage(HttpSession httpSession, UriComponentsBuilder uriComponentsBuilder) {
        WorkflowSessionModel storeNewWorkflowSession = storeNewWorkflowSession(httpSession.getId());
        ModelAndView modelAndView = new ModelAndView("main-page");
        modelAndView.addObject(STATE_NAME, storeNewWorkflowSession.getState());
        modelAndView.addObject("getRarLink", authReqUri(uriComponentsBuilder, storeNewWorkflowSession.getState(), null, null));
        modelAndView.addObject("activationLinkLoaSubstantial", openWalletUri(authReqUri(uriComponentsBuilder, storeNewWorkflowSession.getState(), LevelOfAssurance.SUBSTANTIAL, null)));
        modelAndView.addObject("activationLinkLoaHigh", openWalletUri(authReqUri(uriComponentsBuilder, storeNewWorkflowSession.getState(), LevelOfAssurance.HIGH, null)));
        modelAndView.addObject("activationLinkLoaSubstantialMdoc", openWalletUri(authReqUri(uriComponentsBuilder, storeNewWorkflowSession.getState(), LevelOfAssurance.SUBSTANTIAL, CredentialFormat.MDOC)));
        modelAndView.addObject("activationLinkLoaHighMdoc", openWalletUri(authReqUri(uriComponentsBuilder, storeNewWorkflowSession.getState(), LevelOfAssurance.HIGH, CredentialFormat.MDOC)));
        modelAndView.addObject("startWorkflow", START_PAGE);
        modelAndView.addObject("linkToWorkflowState", uriComponentsBuilder.cloneBuilder().path(WORKFLOW_STATE).pathSegment(storeNewWorkflowSession.getState()).build().toString());
        return modelAndView;
    }

    @GetMapping({START_PAGE})
    public ModelAndView loadStartPage() {
        ModelAndView modelAndView = new ModelAndView("start-page");
        modelAndView.addObject("startMembership", MEMBERSHIP_PAGE);
        modelAndView.addObject("startRegisterAsInterested", REGISTER_AS_INTERESTED_PAGE);
        return modelAndView;
    }

    @GetMapping({REGISTER_AS_INTERESTED_PAGE})
    public ModelAndView loadRegisterAsInterestedPage(HttpSession httpSession, UriComponentsBuilder uriComponentsBuilder) {
        WorkflowSessionModel storeNewWorkflowSession = storeNewWorkflowSession(httpSession.getId());
        storeNewWorkflowSession.setMembership(false);
        ModelAndView modelAndView = new ModelAndView("interested-page");
        String openWalletUri = openWalletUri(authReqUri(uriComponentsBuilder, storeNewWorkflowSession.getState(), LevelOfAssurance.SUBSTANTIAL, CredentialFormat.SD_JWT_VC));
        String openWalletUri2 = openWalletUri(authReqUri(uriComponentsBuilder, storeNewWorkflowSession.getState(), LevelOfAssurance.SUBSTANTIAL, CredentialFormat.MDOC));
        String openWalletUri3 = openWalletUri(uriComponentsBuilder.cloneBuilder().path(AUTH_REQUEST_BY_QR_CODE).pathSegment(storeNewWorkflowSession.getState()).queryParam(REQUEST_PARAMETER_LOA, LevelOfAssurance.SUBSTANTIAL).queryParam(REQUEST_PARAMETER_FORMAT, CredentialFormat.SD_JWT_VC).build().toString());
        String openWalletUri4 = openWalletUri(uriComponentsBuilder.cloneBuilder().path(AUTH_REQUEST_BY_QR_CODE).pathSegment(storeNewWorkflowSession.getState()).queryParam(REQUEST_PARAMETER_LOA, LevelOfAssurance.SUBSTANTIAL).queryParam(REQUEST_PARAMETER_FORMAT, CredentialFormat.MDOC).build().toString());
        String uriComponents = uriComponentsBuilder.cloneBuilder().path(WORKFLOW_STATE).pathSegment(storeNewWorkflowSession.getState()).build().toString();
        modelAndView.addObject("linkToWalletLoaSubstantialSdJwt", openWalletUri);
        modelAndView.addObject("linkToWalletLoaSubstantialMdoc", openWalletUri2);
        modelAndView.addObject("linkToWalletByQrCodeSdJwt", openWalletUri3);
        modelAndView.addObject("linkToWalletByQrCodeMDoc", openWalletUri4);
        modelAndView.addObject("linkToWorkflowState", uriComponents);
        return modelAndView;
    }

    @GetMapping({MEMBERSHIP_PAGE})
    public ModelAndView loadMembershipPage(HttpSession httpSession, UriComponentsBuilder uriComponentsBuilder) {
        WorkflowSessionModel storeNewWorkflowSession = storeNewWorkflowSession(httpSession.getId());
        storeNewWorkflowSession.setMembership(true);
        ModelAndView modelAndView = new ModelAndView("membership-page");
        modelAndView.addObject("linkToWalletLoaHighSdJwt", openWalletUri(authReqUri(uriComponentsBuilder, storeNewWorkflowSession.getState(), LevelOfAssurance.HIGH, CredentialFormat.SD_JWT_VC)));
        modelAndView.addObject("linkToWalletLoaHighMdoc", openWalletUri(authReqUri(uriComponentsBuilder, storeNewWorkflowSession.getState(), LevelOfAssurance.HIGH, CredentialFormat.MDOC)));
        return modelAndView;
    }

    @GetMapping({"/rp-auth-request/{state}"})
    public ResponseEntity<String> createRarJwtRequest(@PathVariable("state") String str, @RequestParam(name = "loa") Optional<LevelOfAssurance> optional, @RequestParam(name = "format") Optional<CredentialFormat> optional2, UriComponentsBuilder uriComponentsBuilder) {
        WorkflowSessionModel workflowSession = this.workflowSessionCache.getWorkflowSession(str);
        if (workflowSession == null) {
            return ResponseEntity.badRequest().body("Illegal state-parameter value: " + str);
        }
        Objects.requireNonNull(workflowSession);
        optional2.ifPresent(workflowSession::setRequestedCredentialFormat);
        JWSObject createRarJws = this.rpHelper.createRarJws(uriComponentsBuilder, optional.orElse(LevelOfAssurance.HIGH), workflowSession);
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.TEXT_PLAIN);
        return new ResponseEntity<>(createRarJws.serialize(), httpHeaders, HttpStatus.OK);
    }

    @GetMapping({"/rp-auth-request-cross-browser/{state}"})
    public ResponseEntity<String> createRarJwtRequestCrossBrowser(@PathVariable("state") String str, @RequestParam(name = "loa") Optional<LevelOfAssurance> optional, @RequestParam(name = "format") Optional<CredentialFormat> optional2, UriComponentsBuilder uriComponentsBuilder) {
        WorkflowSessionModel workflowSession = this.workflowSessionCache.getWorkflowSession(str);
        if (workflowSession == null) {
            return ResponseEntity.badRequest().body("Illegal state-parameter value: " + str);
        }
        Objects.requireNonNull(workflowSession);
        optional2.ifPresent(workflowSession::setRequestedCredentialFormat);
        workflowSession.setCrossBrowserWorkflow(true);
        JWSObject createRarJws = this.rpHelper.createRarJws(uriComponentsBuilder, optional.orElse(LevelOfAssurance.SUBSTANTIAL), workflowSession);
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.TEXT_PLAIN);
        return new ResponseEntity<>(createRarJws.serialize(), httpHeaders, HttpStatus.OK);
    }

    @PostMapping({AUTH_RESPONSE})
    public void receivePostAuthResponse(HttpServletResponse httpServletResponse, UriComponentsBuilder uriComponentsBuilder, @RequestParam("vp_token") String str, @RequestParam("state") String str2) {
        WorkflowSessionModel workflowSession = this.workflowSessionCache.getWorkflowSession(str2);
        if (workflowSession == null) {
            httpServletResponse.setStatus(400);
            httpServletResponse.getWriter().write(String.format("No workflow session found for the give state: %s", str2));
            return;
        }
        try {
            JWEObject parse = JWEObject.parse(str);
            JwtDecryption.decryptPayload(workflowSession.getRpEphPriv(), parse);
            workflowSession.setDecryptedAuthResponse(parse);
            String uuid = UUID.randomUUID().toString();
            workflowSession.setResponseCode(uuid);
            this.workflowSessionCache.updateWorkflowSession(workflowSession);
            ObjectNode createObjectNode = RelyingPartyHelper.OBJECT_MAPPER.createObjectNode();
            createObjectNode.put("redirect_uri", workflowSession.isErrorResponse() ? uriComponentsBuilder.cloneBuilder().path(ERROR_RESPONSE_SCREEN).queryParam(RESPONSE_CODE_PARAMETER, uuid).build().toString() : uriComponentsBuilder.cloneBuilder().path(SUCCESS_SCREEN).queryParam(RESPONSE_CODE_PARAMETER, uuid).build().toString());
            httpServletResponse.setStatus(200);
            httpServletResponse.setContentType("application/json");
            httpServletResponse.getWriter().write(createObjectNode.toString());
        } catch (Exception e) {
            log.info(e.getMessage());
            httpServletResponse.setStatus(400);
            httpServletResponse.getWriter().write(String.format("Could not parse or decrypt the auth response", new Object[0]));
        }
    }

    @GetMapping({SUCCESS_SCREEN})
    public ModelAndView success(HttpSession httpSession, @RequestParam(name = "response_code") String str, UriComponentsBuilder uriComponentsBuilder) {
        WorkflowSessionModel workflowSessionByResponseCode = this.workflowSessionCache.getWorkflowSessionByResponseCode(str);
        if (!httpSession.getId().equals(workflowSessionByResponseCode.getSessionId())) {
            if (workflowSessionByResponseCode.isCrossBrowserWorkflow()) {
                return new ModelAndView("continue-in-origin-browser");
            }
            throw new BadRequestException("There is no session for the given response_code");
        }
        ModelAndView modelAndView = new ModelAndView(workflowSessionByResponseCode.isMembership() ? "membership-final-screen" : "interested-final-screen");
        JWEObject decryptedAuthResponse = workflowSessionByResponseCode.getDecryptedAuthResponse();
        String payload = decryptedAuthResponse.getPayload().toString();
        log.debug("JWE header: {}", decryptedAuthResponse.getHeader().toString());
        log.debug("decrypted payload: {}", payload);
        String first = UriComponentsBuilder.newInstance().query(payload).build().getQueryParams().getFirst(VP_TOKEN_NAME);
        if (CredentialFormat.SD_JWT_VC.equals(workflowSessionByResponseCode.getRequestedCredentialFormat())) {
            SDJWT sdJwtByVpToken = SdJwtHandler.getSdJwtByVpToken(first);
            if (!SdJwtHandler.isValid(sdJwtByVpToken, workflowSessionByResponseCode.getRpEphPriv(), workflowSessionByResponseCode.getNonce(), RelyingPartyHelper.CLIENT_ID_VAL)) {
                modelAndView.addObject("validationFailed", true);
            }
            modelAndView.addObject("disclosures", SdJwtHandler.getDisclosureKeyValueMap(sdJwtByVpToken));
        } else {
            ParsedMdocResponse parseMdoc = MdocResponseParser.parseMdoc(first);
            String base64URL = decryptedAuthResponse.getHeader().getAgreementPartyUInfo().toString();
            log.debug("retrieved mdocGeneratedNonce from JWE header: {}", base64URL);
            if (!MdocResponseParser.isMdocValid(parseMdoc, workflowSessionByResponseCode.getRpEphPriv(), RelyingPartyHelper.CLIENT_ID_VAL, this.rpHelper.buildUriPath(uriComponentsBuilder, AUTH_RESPONSE), workflowSessionByResponseCode.getNonce(), base64URL)) {
                modelAndView.addObject("validationFailed", true);
            }
            modelAndView.addObject("disclosures", parseMdoc.getData());
        }
        return modelAndView;
    }

    @GetMapping({ERROR_RESPONSE_SCREEN})
    public ModelAndView oauthError(@RequestParam(name = "response_code") String str) {
        MultiValueMap<String, String> payloadParameterMap = this.workflowSessionCache.getWorkflowSessionByResponseCode(str).getPayloadParameterMap();
        String first = payloadParameterMap.getFirst("error");
        String first2 = payloadParameterMap.getFirst("error_description");
        String first3 = payloadParameterMap.getFirst("error_uri");
        ModelAndView modelAndView = new ModelAndView("error-response-page");
        modelAndView.addObject("error", first);
        modelAndView.addObject("errorDescription", first2);
        modelAndView.addObject("errorUri", first3);
        return modelAndView;
    }

    @GetMapping({"/workflow-state/{state}"})
    public ResponseEntity<String> workflowState(UriComponentsBuilder uriComponentsBuilder, @PathVariable("state") String str) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_JSON);
        WorkflowSessionModel workflowSession = this.workflowSessionCache.getWorkflowSession(str);
        if (workflowSession == null) {
            return ResponseEntity.badRequest().body("Illegal state-parameter value: " + str);
        }
        String responseCode = workflowSession.getResponseCode();
        WorkflowState workflowState = responseCode == null ? WorkflowState.AUTHENTICATION_NOT_COMPLETED : WorkflowState.AUTHENTICATION_COMPLETED;
        ObjectNode createObjectNode = RelyingPartyHelper.OBJECT_MAPPER.createObjectNode();
        createObjectNode.put(STATE_NAME, workflowState.toString());
        if (WorkflowState.AUTHENTICATION_COMPLETED.equals(workflowState)) {
            createObjectNode.put("redirectUrl", workflowSession.isErrorResponse() ? uriComponentsBuilder.cloneBuilder().path(ERROR_RESPONSE_SCREEN).queryParam(RESPONSE_CODE_PARAMETER, responseCode).build().toString() : uriComponentsBuilder.cloneBuilder().path(SUCCESS_SCREEN).queryParam(RESPONSE_CODE_PARAMETER, responseCode).build().toString());
        }
        return new ResponseEntity<>(createObjectNode.toString(), httpHeaders, HttpStatus.OK);
    }

    @GetMapping({METADATA})
    public void metadata(HttpServletResponse httpServletResponse, UriComponentsBuilder uriComponentsBuilder) {
        String metadata = this.rpHelper.getMetadata(uriComponentsBuilder);
        httpServletResponse.setStatus(200);
        httpServletResponse.setContentType("application/json");
        httpServletResponse.getWriter().write(metadata);
    }

    @GetMapping({JWKS})
    public void jwks(HttpServletResponse httpServletResponse) {
        String jwks = this.rpHelper.getJwks();
        httpServletResponse.setStatus(200);
        httpServletResponse.setContentType("application/json");
        httpServletResponse.getWriter().write(jwks);
    }

    private WorkflowSessionModel storeNewWorkflowSession(String str) {
        String uuid = UUID.randomUUID().toString();
        WorkflowSessionModel workflowSessionModel = new WorkflowSessionModel(str, uuid, "654321");
        KeyPair generateRpEphEcKeyPair = generateRpEphEcKeyPair();
        workflowSessionModel.setRpEphPriv((ECPrivateKey) generateRpEphEcKeyPair.getPrivate());
        workflowSessionModel.setRpEphPub((ECPublicKey) generateRpEphEcKeyPair.getPublic());
        this.workflowSessionCache.setWorkflowSession(uuid, workflowSessionModel);
        return workflowSessionModel;
    }

    private KeyPair generateRpEphEcKeyPair() {
        ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(Curve.P_256.getStdName());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(eCGenParameterSpec);
        return keyPairGenerator.generateKeyPair();
    }

    private String authReqUri(UriComponentsBuilder uriComponentsBuilder, String str, LevelOfAssurance levelOfAssurance, CredentialFormat credentialFormat) {
        UriComponentsBuilder pathSegment = uriComponentsBuilder.cloneBuilder().path(AUTH_REQUEST).pathSegment(str);
        if (levelOfAssurance != null) {
            pathSegment = pathSegment.queryParam(REQUEST_PARAMETER_LOA, levelOfAssurance);
        }
        if (credentialFormat != null) {
            pathSegment = pathSegment.queryParam(REQUEST_PARAMETER_FORMAT, credentialFormat);
        }
        return pathSegment.build().toString();
    }

    private String openWalletUri(String str) {
        return UriComponentsBuilder.fromUriString(this.OPEN_WALLET_URL).cloneBuilder().queryParam("client_id", RelyingPartyHelper.CLIENT_ID_VAL).queryParam("request_uri", str).toUriString();
    }

    public TestClientController(WorkflowSessionCache workflowSessionCache, RelyingPartyHelper relyingPartyHelper) {
        this.workflowSessionCache = workflowSessionCache;
        this.rpHelper = relyingPartyHelper;
    }
}
