package de.governikus.autent.sdk.saml.demo.web;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import de.bos_bremen.gov.autent.common.AttributeNameNPA;
import de.bos_bremen.gov.autent.common.Utils;
import de.bund.bsi.eid212.LevelOfAssuranceType;
import de.governikus.autent.saml.client.utils.ReturnedAttributesNPA;
import de.governikus.autent.sdk.saml.SamlConfiguration;
import de.governikus.autent.sdk.saml.demo.constants.ContextPaths;
import de.governikus.autent.sdk.saml.demo.constants.Views;
import de.governikus.autent.sdk.saml.utils.SamlSdkHelper;
import java.util.Arrays;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.codec.binary.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver;
import org.springframework.web.util.UriComponentsBuilder;

@RequestMapping({"/"})
@Controller
/* loaded from: input_file:BOOT-INF/classes/de/governikus/autent/sdk/saml/demo/web/SamlSampleController.class */
public class SamlSampleController {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SamlSampleController.class);
    private static final Cache<String, ReturnedAttributesNPA> cache = CacheBuilder.newBuilder().maximumSize(10).expireAfterWrite(10, TimeUnit.MINUTES).build();

    @Autowired
    private SamlConfiguration config;

    private static ModelAndView createUserDataView(UriComponentsBuilder uriComponentsBuilder, ReturnedAttributesNPA returnedAttributesNPA) {
        String uuid = UUID.randomUUID().toString();
        cache.put(uuid, returnedAttributesNPA);
        return new ModelAndView("redirect:" + uriComponentsBuilder.path("//user-data").queryParam("userDataId", uuid).build().toString());
    }

    @ModelAttribute("ausweisapp2url")
    public String getAusweisApp2Url(UriComponentsBuilder uriComponentsBuilder) {
        return SamlSdkHelper.getAusweisApp2Url(uriComponentsBuilder.path("//ausweisapp2-entrance").build().toString());
    }

    @ModelAttribute("eidasurl")
    public String getEidasLink(UriComponentsBuilder uriComponentsBuilder) {
        return uriComponentsBuilder.path("//eidas-entrance").build().toString();
    }

    @ModelAttribute("optimosurl")
    public String getOptimosUrl(UriComponentsBuilder uriComponentsBuilder) {
        return SamlSdkHelper.getAusweisApp2UrlForOptimos(uriComponentsBuilder.path("//ausweisapp2-optimos-entrance").build().toString());
    }

    @GetMapping
    public ModelAndView loadWelcomePage() {
        return new ModelAndView(Views.IDENTITY_CARD_PAGE);
    }

    @GetMapping({ContextPaths.AUSWEISAPP2_ENTRANCE})
    public ModelAndView ausweisApp2EntrancePoint(UriComponentsBuilder uriComponentsBuilder, HttpServletResponse httpServletResponse) {
        String createSamlRedirectBindingUrl = SamlSdkHelper.createSamlRedirectBindingUrl(this.config, null, (String[]) Arrays.asList(AttributeNameNPA.FamilyNames, AttributeNameNPA.GivenNames, AttributeNameNPA.DateOfBirth, AttributeNameNPA.PlaceOfResidence, AttributeNameNPA.RestrictedID, AttributeNameNPA.DocumentType, AttributeNameNPA.ResidencePermitI).stream().map((v0) -> {
            return v0.name();
        }).toArray(i -> {
            return new String[i];
        }), (String[]) Arrays.asList(AttributeNameNPA.BirthName, AttributeNameNPA.Nationality, AttributeNameNPA.AcademicTitle, AttributeNameNPA.ArtisticName, AttributeNameNPA.IssuingState, AttributeNameNPA.PlaceOfBirth, AttributeNameNPA.AgeVerification, AttributeNameNPA.PlaceVerification).stream().map((v0) -> {
            return v0.name();
        }).toArray(i2 -> {
            return new String[i2];
        }), getAssertionConsumerUrl(uriComponentsBuilder), 18, "02760503150000", false, "http://www.w3.org/2009/xmlenc11#aes256-gcm", "http://www.w3.org/2001/04/xmlenc#rsa-1_5");
        httpServletResponse.setHeader("Cache-Control", "no-cache, no-store");
        httpServletResponse.setHeader("Pragma", "no-cache");
        return new ModelAndView("redirect:" + createSamlRedirectBindingUrl);
    }

    @GetMapping({ContextPaths.AUSWEISAPP2_OPTIMOS_ENTRANCE})
    public ModelAndView ausweisApp2OptimosEntrancePoint(UriComponentsBuilder uriComponentsBuilder, HttpServletResponse httpServletResponse) {
        String createSamlRedirectBindingUrlForOptimos = SamlSdkHelper.createSamlRedirectBindingUrlForOptimos(this.config, null, (String[]) Stream.of((Object[]) new AttributeNameNPA[]{AttributeNameNPA.FamilyNames, AttributeNameNPA.GivenNames, AttributeNameNPA.DateOfBirth, AttributeNameNPA.PlaceOfResidence, AttributeNameNPA.RestrictedID, AttributeNameNPA.DocumentType, AttributeNameNPA.ResidencePermitI}).map((v0) -> {
            return v0.name();
        }).toArray(i -> {
            return new String[i];
        }), (String[]) Stream.of(AttributeNameNPA.PlaceOfBirth).map((v0) -> {
            return v0.name();
        }).toArray(i2 -> {
            return new String[i2];
        }), getAssertionConsumerUrl(uriComponentsBuilder), null, null, false, "http://www.w3.org/2009/xmlenc11#aes256-gcm", "http://www.w3.org/2001/04/xmlenc#rsa-1_5", LevelOfAssuranceType.HTTP_EIDAS_EUROPA_EU_LO_A_SUBSTANTIAL);
        httpServletResponse.setHeader("Cache-Control", "no-cache, no-store");
        httpServletResponse.setHeader("Pragma", "no-cache");
        return new ModelAndView("redirect:" + createSamlRedirectBindingUrlForOptimos);
    }

    @GetMapping({ContextPaths.EIDAS_ENTRANCE})
    public ModelAndView eidasEntrancePoint(UriComponentsBuilder uriComponentsBuilder) {
        byte[] createSamlRequest = SamlSdkHelper.createSamlRequest(this.config, (String[]) Arrays.asList(AttributeNameNPA.FamilyNames, AttributeNameNPA.GivenNames, AttributeNameNPA.DateOfBirth, AttributeNameNPA.PlaceOfResidence, AttributeNameNPA.RestrictedID, AttributeNameNPA.UseEidas).stream().map((v0) -> {
            return v0.name();
        }).toArray(i -> {
            return new String[i];
        }), null, getAssertionConsumerUrl(uriComponentsBuilder), null, null, "http://www.w3.org/2001/04/xmlenc#aes128-cbc", "http://www.w3.org/2001/04/xmlenc#rsa-1_5", null, null, null, null, true, false);
        ModelAndView modelAndView = new ModelAndView(Views.EIDAS_POST_PAGE);
        modelAndView.addObject("Action", this.config.getAutentSamlServiceUrl());
        modelAndView.addObject("SAMLRequest", Utils.breakAfter76Chars(DatatypeConverter.printBase64Binary(createSamlRequest)));
        modelAndView.addObject("RelayState", "Hallo");
        return modelAndView;
    }

    @PostMapping({ContextPaths.AUTENT_RESPONSE_RECEIVER})
    public ModelAndView autentResponseReceiverPost(@RequestParam("SAMLResponse") String str, @RequestParam(value = "RelayState", required = false) String str2, UriComponentsBuilder uriComponentsBuilder, HttpServletRequest httpServletRequest) {
        log.info("samlResponse: {}", str);
        log.info("relayState: {}", str2);
        return createUserDataView(uriComponentsBuilder, SamlSdkHelper.resolveSamlResponse(DatatypeConverter.parseBase64Binary(str), getAssertionConsumerUrl(uriComponentsBuilder), this.config, true));
    }

    @GetMapping({ContextPaths.AUTENT_RESPONSE_RECEIVER})
    public ModelAndView autentResponseReceiverGet(@RequestParam("SAMLResponse") String str, @RequestParam(value = "RelayState", required = false) String str2, UriComponentsBuilder uriComponentsBuilder, HttpServletRequest httpServletRequest) {
        log.info("samlResponse: {}", str);
        log.info("relayState: {}", str2);
        SamlSdkHelper.validateSamlResponseSignatureRedirectBinding(httpServletRequest.getQueryString(), this.config.getAutentSamlSignatureCertificate());
        return createUserDataView(uriComponentsBuilder, SamlSdkHelper.resolveSamlResponseRedirectBinding(str, getAssertionConsumerUrl(uriComponentsBuilder), this.config));
    }

    @GetMapping({ContextPaths.USER_DATA_PAGE})
    public ModelAndView showUserDataPage(@RequestParam(value = "userDataId", required = false) String str) {
        ModelAndView modelAndView = new ModelAndView(Views.IDENTITY_CARD_PAGE);
        modelAndView.addObject("pdata", cache.getIfPresent(str));
        ReturnedAttributesNPA ifPresent = cache.getIfPresent(str);
        if (ifPresent != null) {
            modelAndView.addObject("restrictedID", Hex.encodeHexString(ifPresent.getRestrictedID()));
        }
        return modelAndView;
    }

    private String getAssertionConsumerUrl(UriComponentsBuilder uriComponentsBuilder) {
        return uriComponentsBuilder.cloneBuilder().path("//autent-response-receiver").build().toString();
    }

    @ExceptionHandler({Exception.class})
    public ModelAndView handleException(Exception exc) {
        log.error(exc.getMessage(), (Throwable) exc);
        ModelAndView modelAndView = new ModelAndView(Views.IDENTITY_CARD_PAGE);
        modelAndView.addObject(SimpleMappingExceptionResolver.DEFAULT_EXCEPTION_ATTRIBUTE, exc);
        return modelAndView;
    }
}
