package de.governikus.keycloak.eid.provider.endpoints;

import de.bund.bsi.eid240.AttributeRequestType;
import de.governikus.keycloak.eid.panstarsdk.SamlConfigurationImpl;
import de.governikus.keycloak.eid.provider.identity.EidIdentityProviderFactory;
import de.governikus.keycloak.eid.provider.identity.EidIdentityProviderModel;
import de.governikus.panstar.sdk.saml.exception.SamlRequestException;
import de.governikus.panstar.sdk.saml.request.SamlRequestGenerator;
import de.governikus.panstar.sdk.utils.RequestData;
import de.governikus.panstar.sdk.utils.exception.InvalidInputException;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriInfo;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.UUID;
import java.util.function.Function;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.services.resource.RealmResourceProvider;
import org.opensaml.core.config.InitializationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/governikus/keycloak/eid/provider/endpoints/TcTokenEndpoint.class */
public class TcTokenEndpoint implements RealmResourceProvider {
    private static final Logger log = LoggerFactory.getLogger(TcTokenEndpoint.class);
    private final KeycloakSession keycloakSession;

    public TcTokenEndpoint(KeycloakSession keycloakSession) {
        this.keycloakSession = keycloakSession;
    }

    public Object getResource() {
        return this;
    }

    public void close() {
    }

    @Produces({"application/json"})
    @GET
    @Path("tc-token")
    public Response eIdClientEntrance(@Context UriInfo uriInfo) {
        try {
            String str = (String) uriInfo.getQueryParameters().getFirst("RelayState");
            log.info("Received a request on tc-token endpoint. Try to generate a SAML request and redirect to ID PANSTAR.");
            IdentityProviderModel identityProviderByAlias = this.keycloakSession.getContext().getRealm().getIdentityProviderByAlias(EidIdentityProviderFactory.PROVIDER_ID);
            Function function = str2 -> {
                return Boolean.parseBoolean((String) identityProviderByAlias.getConfig().getOrDefault(str2, "true")) ? AttributeRequestType.ALLOWED : AttributeRequestType.PROHIBITED;
            };
            URI uri = new URI(new SamlRequestGenerator(new SamlConfigurationImpl(identityProviderByAlias.getConfig(), this.keycloakSession.getContext().getRealm().getName())).createSamlRequestUrl(new RequestData().restrictedID(true).givenNames((AttributeRequestType) function.apply(EidIdentityProviderModel.EID_GIVEN_NAMES_ALLOWED)).familyNames((AttributeRequestType) function.apply(EidIdentityProviderModel.EID_FAMILY_NAMES_ALLOWED)).dateOfBirth((AttributeRequestType) function.apply(EidIdentityProviderModel.EID_DATE_OF_BIRTH_ALLOWED)).placeOfBirth((AttributeRequestType) function.apply(EidIdentityProviderModel.EID_PLACE_OF_BIRTH_ALLOWED)).placeOfResidence((AttributeRequestType) function.apply(EidIdentityProviderModel.EID_PLACE_OF_RESIDENCE_ALLOWED)).academicTitle((AttributeRequestType) function.apply(EidIdentityProviderModel.EID_ACADEMIC_TITLE_ALLOWED)).issuingState((AttributeRequestType) function.apply(EidIdentityProviderModel.EID_ISSUING_STATE_ALLOWED)).artisticName((AttributeRequestType) function.apply(EidIdentityProviderModel.EID_ARTISTIC_NAME_ALLOWED)).nationality((AttributeRequestType) function.apply(EidIdentityProviderModel.EID_NATIONALITY_ALLOWED)).residencePermitI((AttributeRequestType) function.apply(EidIdentityProviderModel.EID_RESIDENCE_PERMIT_I_ALLOWED)).dateOfExpiry((AttributeRequestType) function.apply(EidIdentityProviderModel.EID_DATE_OF_EXPIRY_ALLOWED)).documentType((AttributeRequestType) function.apply(EidIdentityProviderModel.EID_DOCUMENT_TYPE_ALLOWED)).cardCertified(true).seCertified(false).seEndorsed(false).hwKeyStore(false), str, "_" + String.valueOf(UUID.randomUUID())));
            log.info("Successfully generated SAML request. eID client will be redirected to ID PANSTAR with URI {}", uri);
            return Response.seeOther(uri).build();
        } catch (SamlRequestException | InvalidInputException | InitializationException e) {
            log.error("Creation of SAML request failed. Plugin is not correctly configured.", e);
            return Response.serverError().build();
        } catch (URISyntaxException e2) {
            throw new RuntimeException(e2);
        }
    }
}
