package se.vgregion.security.sign;

import java.security.SignatureException;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.ui.ModelMap;
import org.springframework.util.ClassUtils;
import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.InitBinder;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
import se.vgregion.dao.domain.patterns.repository.Repository;
import se.vgregion.domain.security.pkiclient.ELegType;
import se.vgregion.ticket.Ticket;
import se.vgregion.ticket.TicketException;
import se.vgregion.ticket.TicketManager;
import se.vgregion.web.dto.TicketDto;
import se.vgregion.web.security.services.SignatureData;
import se.vgregion.web.security.services.SignatureService;

@Controller
/* loaded from: input_file:se/vgregion/security/sign/WebSignController.class */
public class WebSignController extends AbstractSignController {
    private static final Logger LOGGER = LoggerFactory.getLogger(WebSignController.class);
    private Set<String> internalNetworks;

    @Autowired
    public WebSignController(SignatureService signatureService, Repository<ELegType, String> repository, TicketManager ticketManager) {
        super(signatureService, repository, ticketManager);
    }

    @Autowired
    @Required
    public void setInternalNetworks(String str) {
        if (str.length() >= 3) {
            this.internalNetworks = new HashSet(Arrays.asList(str.replaceAll(" ", "").split(",")));
        } else {
            this.internalNetworks = new HashSet();
        }
    }

    @InitBinder
    public void initBinder(WebDataBinder webDataBinder) {
        webDataBinder.registerCustomEditor(ELegType.class, new ELegTypeEditor(geteLegTypes()));
    }

    @Override // se.vgregion.security.sign.AbstractSignController
    @ModelAttribute("clientTypes")
    public Collection<ELegType> getClientTypes() {
        return super.getClientTypes();
    }

    @RequestMapping(value = {"/prepare"}, method = {RequestMethod.POST}, params = {"tbs", "submitUri"})
    public String prepareSignNoClientType(@ModelAttribute SignatureData signatureData, Model model, HttpServletRequest httpServletRequest) throws TicketException {
        LOGGER.info("Incoming sign request from {}", httpServletRequest.getRemoteHost());
        String ticket = signatureData.getTicket();
        if (ticket == null || ticket.length() <= 0) {
            validateInternalAccess(httpServletRequest);
        } else {
            TicketDto ticketDto = new TicketDto(ticket);
            LOGGER.debug("Ticket used: " + ticketDto.toString());
            validateTicket(ticketDto.toTicket());
        }
        model.addAttribute("ticket", signatureData.getTicket());
        model.addAttribute("signData", signatureData);
        return "clientTypeSelection";
    }

    private void validateInternalAccess(HttpServletRequest httpServletRequest) throws TicketException {
        String header = httpServletRequest.getHeader("x-forwarded-for");
        LOGGER.debug("No ticket provided. Validate request with x-forwarded-for header [" + header + "].");
        if (header == null) {
            throwTicketException(header);
        }
        boolean z = false;
        Iterator<String> it = this.internalNetworks.iterator();
        while (it.hasNext()) {
            if (header.startsWith(it.next())) {
                z = true;
            }
        }
        if (z) {
            return;
        }
        throwTicketException(header);
    }

    private void throwTicketException(String str) throws TicketException {
        LOGGER.warn("The x-forward-for header was " + str + " which is not allowed for access to the Signing Service without a ticket.");
        throw new TicketException("A ticket is needed in order to proceed.");
    }

    private void validateTicket(Ticket ticket) throws TicketException {
        if (ticket == null) {
            throw new TicketException("No ticket was attached with the request.");
        }
        if (!getTicketManager().verifyTicket(ticket)) {
            throw new TicketException("Ticket is invalid. It is either too old or corrupt.");
        }
    }

    @RequestMapping(value = {"/prepare"}, method = {RequestMethod.POST}, params = {"tbs", "submitUri", "clientType"})
    public String prepareSign(@ModelAttribute SignatureData signatureData, Model model, HttpServletRequest httpServletRequest) throws SignatureException, TicketException {
        String ticket = signatureData.getTicket();
        if (ticket == null || ticket.length() <= 0) {
            validateInternalAccess(httpServletRequest);
        } else {
            TicketDto ticketDto = new TicketDto(ticket);
            LOGGER.debug("Ticket used: " + ticketDto.toString());
            validateTicket(ticketDto.toTicket());
        }
        model.addAttribute("postbackUrl", getPkiPostBackUrl(httpServletRequest));
        model.addAttribute("signData", signatureData);
        return super.prepareSign(signatureData);
    }

    @RequestMapping(value = {"/verify"}, method = {RequestMethod.POST}, params = {"encodedTbs", "submitUri", "clientType", "signature"})
    public String verifyAndSaveSignature(@ModelAttribute SignatureData signatureData) throws SignatureException {
        super.verifySignature(signatureData);
        String save = getSignatureService().save(signatureData);
        if (StringUtils.isBlank(save)) {
            return "verified";
        }
        LOGGER.debug(String.format("WebSignController.verifyAndSaveSignature(%s)\n", "redirect:" + save));
        return "redirect:" + save;
    }

    @RequestMapping(value = {"/cancel"}, method = {RequestMethod.POST})
    public String cancelSignature(@ModelAttribute SignatureData signatureData, HttpServletResponse httpServletResponse) throws SignatureException {
        String abort = getSignatureService().abort(signatureData);
        if (StringUtils.isBlank(abort)) {
            return "errorForm";
        }
        LOGGER.debug(String.format("WebSignController.cancelSignature(%s)\n", abort));
        return "redirect:" + abort;
    }

    private String getPkiPostBackUrl(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder();
        sb.append("http" + (httpServletRequest.isSecure() ? "s" : "") + "://" + httpServletRequest.getServerName() + ":" + httpServletRequest.getServerPort() + httpServletRequest.getContextPath() + "/sign");
        return sb.toString();
    }

    @ExceptionHandler({SignatureException.class, TicketException.class})
    public ModelAndView handleException(Exception exc, HttpServletRequest httpServletRequest) {
        exc.printStackTrace();
        LOGGER.error("Generic Error Handling", exc);
        ModelMap modelMap = new ModelMap();
        modelMap.addAttribute("class", ClassUtils.getShortName(exc.getClass()));
        modelMap.addAttribute("message", exc.getMessage());
        return new ModelAndView("errorHandling", modelMap);
    }
}
