package com.bssys.fk.ui.web.controller.login;

import com.bssys.fk.common.ui.util.RedirectAwareMessageInfo;
import com.bssys.fk.dbaccess.dao.EsiaUserCertificatesDao;
import com.bssys.fk.dbaccess.dao.EsiaUserParticipantsDao;
import com.bssys.fk.dbaccess.dao.EsiaUsersDao;
import com.bssys.fk.dbaccess.dao.claim.RolesFkDao;
import com.bssys.fk.dbaccess.model.ConfigProperties;
import com.bssys.fk.dbaccess.model.EsiaUserCertificates;
import com.bssys.fk.dbaccess.model.EsiaUserParticipants;
import com.bssys.fk.dbaccess.model.EsiaUsers;
import com.bssys.fk.dbaccess.model.RolesFk;
import com.bssys.fk.ui.dto.EsiaAddress;
import com.bssys.fk.ui.dto.EsiaContact;
import com.bssys.fk.ui.dto.EsiaDocument;
import com.bssys.fk.ui.security.Roles;
import com.bssys.fk.ui.security.SecurityUser;
import com.bssys.fk.ui.security.UserService;
import com.bssys.fk.ui.service.ConfigPropertiesService;
import com.bssys.fk.ui.service.EsiaUserService;
import com.bssys.fk.ui.service.esia.EsiaService;
import com.bssys.fk.ui.util.EsiaAttributes;
import com.bssys.fk.ui.util.parsers.EsiaAddressParser;
import com.bssys.fk.ui.util.parsers.EsiaContactParser;
import com.bssys.fk.ui.util.parsers.EsiaDocumentParser;
import com.bssys.fk.ui.web.controller.users.model.UiUser;
import com.bssys.fk.x509.certificate.X509CertUiBean;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.xml.ws.BindingProvider;
import oracle.jdbc.driver.DatabaseError;
import oracle.sql.CharacterSet;
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.reflect.Factory;
import org.bouncycastle.util.encoders.Base64;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.EncryptedAssertion;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml2.encryption.Decrypter;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.BeanIds;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.transaction.aspectj.AnnotationTransactionAspect;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
import org.springframework.web.servlet.view.UrlBasedViewResolver;
import ru.roskazna.gisgmp.portalservice.ParticipantData;
import ru.roskazna.gisgmp.portalservice.ParticipantIdentification;
import ru.roskazna.gisgmp.portalservice.PortalService;

@Controller
/* loaded from: input_file:fk-ui-war-3.0.26.war:WEB-INF/classes/com/bssys/fk/ui/web/controller/login/EsiaController.class */
public class EsiaController extends AbstractSamlContoller {
    private static final Logger LOGGER;
    public static final String NAME_ID = "nameId";
    public static final String REQUEST_ID = "reqId_P";
    public static final String E_SESSION_ID = "esessionId";
    public static final String E_SESSION_DATE = "esession_date";

    @Autowired
    private ConfigPropertiesService configPropertiesService;

    @Autowired
    private EsiaService esiaService;

    @Autowired
    private UserService userService;

    @Autowired
    private EsiaUsersDao esiaUsersDao;

    @Autowired
    private EsiaUserParticipantsDao esiaUserParticipantsDao;

    @Autowired
    private RedirectAwareMessageInfo redirectAwareMessageInfo;

    @Resource(name = BeanIds.AUTHENTICATION_MANAGER)
    private ProviderManager authenticationManager;

    @Autowired
    private EsiaUserService esiaUserService;

    @Autowired
    private EsiaUserCertificatesDao esiaUserCertificatesDao;

    @Autowired
    private RolesFkDao rolesFkDao;

    @Autowired
    private PortalService portalServiceClient;

    @Autowired
    private KeyInfoCredentialResolver keyInfoCredentialResolver;

    @Autowired
    private Decrypter samlDecrypter;

    @Autowired
    private EsiaContactParser esiaContactParser;

    @Autowired
    private EsiaAddressParser esiaAddressParser;

    @Autowired
    private EsiaDocumentParser esiaDocumentParser;

    @Value("${gis.gmp.portal.service.client.receive.timeout.milliseconds}")
    private int gisGmpRegistartionReceiveTimeout;

    @Value("${gis.gmp.portal.service.client.connection.timeout.milliseconds}")
    private int gisGmpRegistartionConnectionTimeout;
    private static final /* synthetic */ JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final /* synthetic */ JoinPoint.StaticPart ajc$tjp_1 = null;
    private static final /* synthetic */ JoinPoint.StaticPart ajc$tjp_2 = null;
    private static final /* synthetic */ JoinPoint.StaticPart ajc$tjp_3 = null;
    private static final /* synthetic */ JoinPoint.StaticPart ajc$tjp_4 = null;
    private static final /* synthetic */ JoinPoint.StaticPart ajc$tjp_5 = null;

    static {
        ajc$preClinit();
        LOGGER = LoggerFactory.getLogger(EsiaController.class);
    }

    @Transactional(readOnly = true)
    @PostConstruct
    private void init() {
        try {
            try {
                AnnotationTransactionAspect.aspectOf().ajc$before$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96c(this, ajc$tjp_0);
                ((BindingProvider) this.portalServiceClient).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, this.configPropertiesService.getPropertiesMap().get(ConfigProperties.REG_SERVICE_URL));
                HTTPConduit hTTPConduit = (HTTPConduit) ClientProxy.getClient(this.portalServiceClient).getConduit();
                HTTPClientPolicy hTTPClientPolicy = new HTTPClientPolicy();
                hTTPClientPolicy.setReceiveTimeout(this.gisGmpRegistartionReceiveTimeout);
                hTTPClientPolicy.setConnectionTimeout(this.gisGmpRegistartionConnectionTimeout);
                hTTPConduit.setClient(hTTPClientPolicy);
                AnnotationTransactionAspect.aspectOf().ajc$afterReturning$org_springframework_transaction_aspectj_AbstractTransactionAspect$3$2a73e96c(this);
            } catch (Throwable th) {
                AnnotationTransactionAspect.aspectOf().ajc$afterThrowing$org_springframework_transaction_aspectj_AbstractTransactionAspect$2$2a73e96c(this, th);
                throw th;
            }
        } finally {
            AnnotationTransactionAspect.aspectOf().ajc$after$org_springframework_transaction_aspectj_AbstractTransactionAspect$4$2a73e96c(this);
        }
    }

    @RequestMapping(value = {"POST"}, method = {RequestMethod.POST})
    @Transactional(rollbackFor = {Exception.class})
    public ModelAndView esiaLoginResult(@RequestParam(value = "SAMLResponse", required = false) String str, RedirectAttributes redirectAttributes, HttpServletRequest httpServletRequest) throws Exception {
        ModelAndView modelAndView;
        try {
            try {
                AnnotationTransactionAspect.aspectOf().ajc$before$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96c(this, ajc$tjp_1);
                LOGGER.debug("Receive response from ESIA [{}]", str);
                if (StringUtils.isBlank(str)) {
                    this.redirectAwareMessageInfo.addUiMessage(redirectAttributes, "esia.empty.response.recieved", "error");
                    modelAndView = new ModelAndView("redirect:/login.html");
                } else {
                    EncryptedAssertion encryptedAssertion = ((Response) parse(str, Response.class)).getEncryptedAssertions().get(0);
                    this.samlDecrypter.setRootInNewDocument(true);
                    Assertion decrypt = this.samlDecrypter.decrypt(encryptedAssertion);
                    verify(decrypt);
                    Map<String, String> hashMap = new HashMap<>();
                    for (Attribute attribute : decrypt.getAttributeStatements().get(0).getAttributes()) {
                        hashMap.put(attribute.getFriendlyName(), getAttributeValue(attribute.getAttributeValues()));
                    }
                    String str2 = hashMap.get(EsiaAttributes.PERSON_TRUSTED);
                    String str3 = hashMap.get(EsiaAttributes.ASSURANCE_LEVEL);
                    if (EsiaAttributes.NO.equals(str2) || EsiaAttributes.AssuranceLevel.NOT_VERIFIED.equals(str3)) {
                        this.redirectAwareMessageInfo.addUiMessage(redirectAttributes, "esia.account.not.verified", new Object[]{this.configPropertiesService.getValue(ConfigProperties.ESIA_ADDRESS)}, "error");
                        modelAndView = new ModelAndView("redirect:/" + defineLoginRedirect(httpServletRequest));
                    } else if (EsiaAttributes.AssuranceLevel.NOT_CONFIRMED.equals(str3)) {
                        this.redirectAwareMessageInfo.addUiMessage(redirectAttributes, "esia.account.not.confirmed", new Object[]{this.configPropertiesService.getValue(ConfigProperties.ESIA_ADDRESS)}, "error");
                        modelAndView = new ModelAndView("redirect:/" + defineLoginRedirect(httpServletRequest));
                    } else {
                        String str4 = hashMap.get(EsiaAttributes.GLOBAL_ROLE);
                        HttpSession session = httpServletRequest.getSession();
                        populateSessionInfo(decrypt, session);
                        String str5 = (String) session.getAttribute(LoginController.LOGIN_FROM);
                        if (!EsiaAttributes.Roles.EMPLOYEE.equals(str4) && "profile".equals(str5)) {
                            RequestAbstractType createLogoutRequest = this.esiaService.createLogoutRequest((String) session.getAttribute(E_SESSION_ID), (String) session.getAttribute(NAME_ID));
                            session.setAttribute(REQUEST_ID, createLogoutRequest.getID());
                            modelAndView = new ModelAndView(UrlBasedViewResolver.REDIRECT_URL_PREFIX + buildRedirectSamlUrl(createLogoutRequest));
                        } else if ("profile".equals(str5) || !"P".equals(str4)) {
                            String str6 = hashMap.get(EsiaAttributes.ORG_INN);
                            if (StringUtils.isBlank(str6)) {
                                this.redirectAwareMessageInfo.addUiMessage(redirectAttributes, "esia.account.missed.inn", new Object[]{this.configPropertiesService.getValue(ConfigProperties.ESIA_ADDRESS)}, "error");
                                modelAndView = new ModelAndView("redirect:/login.html");
                            } else {
                                String str7 = hashMap.get(EsiaAttributes.ORG_KPP);
                                String str8 = hashMap.get(EsiaAttributes.ORG_BRANCH_KPP);
                                String str9 = hashMap.get(EsiaAttributes.ORG_TYPE);
                                if (!StringUtils.isBlank(str7) || !StringUtils.isBlank(str8) || !EsiaAttributes.OrganizationType.ALLOWED_TYPES.contains(str9)) {
                                    String str10 = hashMap.get(EsiaAttributes.USER_ID);
                                    clearAuthData(str10);
                                    EsiaUsers saveCurrentEsiaUser = saveCurrentEsiaUser(str10, hashMap);
                                    EsiaUsers byEsiaId = this.esiaUserService.getByEsiaId(str10);
                                    SecurityUser securityUser = (SecurityUser) authenticate(httpServletRequest, this.userService.loadUserForAuthenticate(byEsiaId.getGuid())).getPrincipal();
                                    saveCurrentEsiaUser.setSessionId((String) session.getAttribute(E_SESSION_ID));
                                    saveCurrentEsiaUser.setSessionDate((Date) session.getAttribute(E_SESSION_DATE));
                                    this.esiaUserService.update(saveCurrentEsiaUser);
                                    fillLegalSecurityUser(hashMap, securityUser);
                                    fillEsiaSessionInfoToSecurityUser(session, securityUser);
                                    getParticipantData(byEsiaId, securityUser);
                                    modelAndView = new ModelAndView("redirect:/" + defineSuccessLoginRedirect(httpServletRequest));
                                } else if (LoginController.LOGIN_FROM_LEGAL_SEARCH.equals(str5)) {
                                    UiUser uiUser = new UiUser();
                                    uiUser.setGuid(UserService.PHYSIC_USER_GUID_PREFIX + UUID.randomUUID().toString());
                                    uiUser.setSystemRole(Roles.LEGAL_NO_KPP);
                                    uiUser.setInn(str6);
                                    SecurityUser securityUser2 = (SecurityUser) authenticate(httpServletRequest, new SecurityUser(uiUser)).getPrincipal();
                                    securityUser2.setSystemRole(Roles.LEGAL_NO_KPP);
                                    securityUser2.setInn(str6);
                                    securityUser2.setUrn(UserService.REG_GIS_GMP_UNAVAILABLE);
                                    securityUser2.setPersonFullName(buildPersonFullName(hashMap));
                                    fillLegalSecurityUser(hashMap, securityUser2);
                                    fillEsiaSessionInfoToSecurityUser(session, securityUser2);
                                    modelAndView = new ModelAndView("redirect:/" + defineLoginRedirect(httpServletRequest));
                                } else {
                                    this.redirectAwareMessageInfo.addUiMessage(redirectAttributes, "esia.account.missed.kpp", new Object[]{this.configPropertiesService.getValue(ConfigProperties.ESIA_ADDRESS)}, "error");
                                    modelAndView = new ModelAndView("redirect:/login.html");
                                }
                            }
                        } else {
                            UiUser uiUser2 = new UiUser();
                            uiUser2.setGuid(UserService.PHYSIC_USER_GUID_PREFIX + UUID.randomUUID().toString());
                            uiUser2.setSystemRole(Roles.PHYSIC);
                            uiUser2.setInn(hashMap.get(EsiaAttributes.PERSON_INN));
                            uiUser2.setSnils(hashMap.get(EsiaAttributes.PERSON_SNILS));
                            SecurityUser securityUser3 = (SecurityUser) authenticate(httpServletRequest, new SecurityUser(uiUser2)).getPrincipal();
                            securityUser3.setSystemRole(Roles.PHYSIC);
                            securityUser3.setInn(hashMap.get(EsiaAttributes.PERSON_INN));
                            securityUser3.setSnils(hashMap.get(EsiaAttributes.PERSON_SNILS));
                            securityUser3.setUrn(UserService.REG_GIS_GMP_UNAVAILABLE);
                            securityUser3.setPersonFullName(buildPersonFullName(hashMap));
                            fillPhysicalSecurityUser(hashMap, securityUser3);
                            fillEsiaSessionInfoToSecurityUser(session, securityUser3);
                            modelAndView = new ModelAndView("redirect:/" + defineLoginRedirect(httpServletRequest));
                        }
                    }
                }
                AnnotationTransactionAspect.aspectOf().ajc$afterReturning$org_springframework_transaction_aspectj_AbstractTransactionAspect$3$2a73e96c(this);
                return modelAndView;
            } catch (Throwable th) {
                AnnotationTransactionAspect.aspectOf().ajc$afterThrowing$org_springframework_transaction_aspectj_AbstractTransactionAspect$2$2a73e96c(this, th);
                throw th;
            }
        } finally {
            AnnotationTransactionAspect.aspectOf().ajc$after$org_springframework_transaction_aspectj_AbstractTransactionAspect$4$2a73e96c(this);
        }
    }

    private Authentication authenticate(HttpServletRequest httpServletRequest, UserDetails userDetails) {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userDetails.getUsername(), "", userDetails.getAuthorities());
        usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetails(httpServletRequest));
        Authentication authenticate = this.authenticationManager.authenticate(usernamePasswordAuthenticationToken);
        SecurityContextHolder.getContext().setAuthentication(authenticate);
        httpServletRequest.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
        return authenticate;
    }

    private void fillLegalSecurityUser(Map<String, String> map, SecurityUser securityUser) {
        securityUser.setOrgType(map.get(EsiaAttributes.ORG_TYPE));
        securityUser.setAttr(map);
        for (String str : map.keySet()) {
            if (EsiaAttributes.ORG_ADDRESSES.equals(str)) {
                for (EsiaAddress esiaAddress : this.esiaAddressParser.parse(map.get(str))) {
                    securityUser.getEsiaAddresses().put(esiaAddress.getAddressType(), esiaAddress);
                }
            } else if (EsiaAttributes.ORG_CONTACTS.equals(str)) {
                for (EsiaContact esiaContact : this.esiaContactParser.parse(map.get(str))) {
                    securityUser.getEsiaContacts().put(esiaContact.getContactType(), esiaContact);
                }
            }
        }
    }

    private void fillEsiaSessionInfoToSecurityUser(HttpSession httpSession, SecurityUser securityUser) {
        securityUser.setSessionDate((Date) httpSession.getAttribute(E_SESSION_DATE));
        securityUser.setSessionId((String) httpSession.getAttribute(E_SESSION_ID));
    }

    private void fillPhysicalSecurityUser(Map<String, String> map, SecurityUser securityUser) {
        securityUser.setAttr(map);
        for (String str : map.keySet()) {
            if (EsiaAttributes.PERSON_DOCS.equals(str)) {
                for (EsiaDocument esiaDocument : this.esiaDocumentParser.parse(map.get(str))) {
                    if ("05".equals(esiaDocument.getType())) {
                        securityUser.getDocs().put("22", esiaDocument);
                    } else {
                        securityUser.getDocs().put(esiaDocument.getType(), esiaDocument);
                    }
                }
            }
        }
    }

    private void populateSessionInfo(Assertion assertion, HttpSession httpSession) {
        Subject subject = assertion.getSubject();
        if (subject == null) {
            LOGGER.warn("SAML response does not contain subject");
            return;
        }
        List<SubjectConfirmation> subjectConfirmations = subject.getSubjectConfirmations();
        if (subjectConfirmations == null || subjectConfirmations.isEmpty()) {
            LOGGER.warn("SAML response does not contain subject confirmations");
            return;
        }
        SubjectConfirmationData subjectConfirmationData = subjectConfirmations.get(0).getSubjectConfirmationData();
        if (subjectConfirmationData == null) {
            LOGGER.warn("SAML response does not contain subject confirmation data");
            return;
        }
        String inResponseTo = subjectConfirmationData.getInResponseTo();
        if (StringUtils.isBlank(inResponseTo)) {
            LOGGER.warn("SAML response does not contain inResponseTo");
            return;
        }
        List<AuthnStatement> authnStatements = assertion.getAuthnStatements();
        if (authnStatements == null || authnStatements.isEmpty()) {
            LOGGER.warn("SAML response does not contain auth statements");
            return;
        }
        AuthnStatement authnStatement = authnStatements.get(0);
        String sessionIndex = authnStatement.getSessionIndex();
        if (StringUtils.isBlank(sessionIndex)) {
            LOGGER.warn("SAML response does not contain sessionIndex");
            return;
        }
        httpSession.setAttribute(NAME_ID, inResponseTo);
        httpSession.setAttribute(E_SESSION_ID, sessionIndex);
        httpSession.setAttribute(E_SESSION_DATE, authnStatement.getAuthnInstant().toDate());
    }

    @RequestMapping(value = {"Browser"}, method = {RequestMethod.GET})
    @Transactional(rollbackFor = {Exception.class})
    public ModelAndView esiaBrowserResult(RedirectAttributes redirectAttributes, HttpServletRequest httpServletRequest) {
        try {
            try {
                AnnotationTransactionAspect.aspectOf().ajc$before$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96c(this, ajc$tjp_2);
                LOGGER.info("esiaBrowserResult");
                ModelAndView modelAndView = new ModelAndView("redirect:/login.html");
                AnnotationTransactionAspect.aspectOf().ajc$afterReturning$org_springframework_transaction_aspectj_AbstractTransactionAspect$3$2a73e96c(this);
                return modelAndView;
            } catch (Throwable th) {
                AnnotationTransactionAspect.aspectOf().ajc$afterThrowing$org_springframework_transaction_aspectj_AbstractTransactionAspect$2$2a73e96c(this, th);
                throw th;
            }
        } finally {
            AnnotationTransactionAspect.aspectOf().ajc$after$org_springframework_transaction_aspectj_AbstractTransactionAspect$4$2a73e96c(this);
        }
    }

    @RequestMapping(value = {"Response"}, method = {RequestMethod.GET})
    @Transactional(rollbackFor = {Exception.class})
    public ModelAndView esiaResponseResult(@RequestParam(value = "SAMLResponse", required = false) String str, RedirectAttributes redirectAttributes, HttpServletRequest httpServletRequest) throws Exception {
        ModelAndView modelAndView;
        try {
            try {
                AnnotationTransactionAspect.aspectOf().ajc$before$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96c(this, ajc$tjp_3);
                LOGGER.debug("Receive logout response from ESIA [{}]", str);
                if (StringUtils.isBlank(str)) {
                    this.redirectAwareMessageInfo.addUiMessage(redirectAttributes, "esia.empty.response.recieved", "error");
                    modelAndView = new ModelAndView("redirect:/login.html");
                } else {
                    String inResponseTo = ((LogoutResponse) parseDecoded(str, LogoutResponse.class)).getInResponseTo();
                    String str2 = (String) httpServletRequest.getSession().getAttribute(REQUEST_ID);
                    if (StringUtils.isNotBlank(inResponseTo) && inResponseTo.equals(str2)) {
                        this.redirectAwareMessageInfo.addUiMessage(redirectAttributes, "esia.account.not.employee", "error");
                        modelAndView = new ModelAndView("redirect:/login.html");
                    } else {
                        modelAndView = new ModelAndView("redirect:/login.html?logout=true");
                    }
                }
                AnnotationTransactionAspect.aspectOf().ajc$afterReturning$org_springframework_transaction_aspectj_AbstractTransactionAspect$3$2a73e96c(this);
                return modelAndView;
            } catch (Throwable th) {
                AnnotationTransactionAspect.aspectOf().ajc$afterThrowing$org_springframework_transaction_aspectj_AbstractTransactionAspect$2$2a73e96c(this, th);
                throw th;
            }
        } finally {
            AnnotationTransactionAspect.aspectOf().ajc$after$org_springframework_transaction_aspectj_AbstractTransactionAspect$4$2a73e96c(this);
        }
    }

    @Transactional(propagation = Propagation.REQUIRES_NEW, rollbackFor = {Exception.class})
    private EsiaUsers saveCurrentEsiaUser(String str, Map<String, String> map) {
        try {
            try {
                AnnotationTransactionAspect.aspectOf().ajc$before$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96c(this, ajc$tjp_4);
                EsiaUsers byEsiaId = this.esiaUserService.getByEsiaId(str);
                if (byEsiaId == null) {
                    byEsiaId = new EsiaUsers();
                    byEsiaId.assignGuid();
                    byEsiaId.setEsiaId(str);
                    byEsiaId.setPersonFullName(buildPersonFullName(map));
                    byEsiaId.setPersonPosition(map.get(EsiaAttributes.ORG_POSITION));
                    byEsiaId.setName(map.get(EsiaAttributes.ORG_SHORT_NAME));
                    byEsiaId.setInn(map.get(EsiaAttributes.ORG_INN));
                    byEsiaId.setKpp(getKpp(map));
                    byEsiaId.setOgrn(getOgrn(map));
                    this.esiaUserService.save(byEsiaId);
                } else {
                    byEsiaId.setPersonFullName(buildPersonFullName(map));
                    byEsiaId.setPersonPosition(map.get(EsiaAttributes.ORG_POSITION));
                    byEsiaId.setName(map.get(EsiaAttributes.ORG_SHORT_NAME));
                    byEsiaId.setInn(map.get(EsiaAttributes.ORG_INN));
                    byEsiaId.setKpp(getKpp(map));
                    byEsiaId.setOgrn(getOgrn(map));
                    this.esiaUserService.update(byEsiaId);
                }
                EsiaUsers esiaUsers = byEsiaId;
                AnnotationTransactionAspect.aspectOf().ajc$afterReturning$org_springframework_transaction_aspectj_AbstractTransactionAspect$3$2a73e96c(this);
                return esiaUsers;
            } catch (Throwable th) {
                AnnotationTransactionAspect.aspectOf().ajc$afterThrowing$org_springframework_transaction_aspectj_AbstractTransactionAspect$2$2a73e96c(this, th);
                throw th;
            }
        } finally {
            AnnotationTransactionAspect.aspectOf().ajc$after$org_springframework_transaction_aspectj_AbstractTransactionAspect$4$2a73e96c(this);
        }
    }

    private String getKpp(Map<String, String> map) {
        if (EsiaAttributes.OrganizationType.BUSINESS_MAN.equals(map.get(EsiaAttributes.ORG_TYPE))) {
            return null;
        }
        String str = map.get(EsiaAttributes.ORG_KPP);
        return StringUtils.isBlank(str) ? map.get(EsiaAttributes.ORG_BRANCH_KPP) : str;
    }

    private String getOgrn(Map<String, String> map) {
        String str = map.get(EsiaAttributes.ORGN);
        return StringUtils.isBlank(str) ? map.get(EsiaAttributes.ORGNB) : str;
    }

    private String getAttributeValue(List<XMLObject> list) {
        if (list == null || list.isEmpty()) {
            return null;
        }
        return ((XSString) list.get(0)).getValue();
    }

    private String buildPersonFullName(Map<String, String> map) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(map.get(EsiaAttributes.LAST_NAME));
        arrayList.add(map.get(EsiaAttributes.FIRST_NAME));
        arrayList.add(map.get(EsiaAttributes.MIDDLE_NAME));
        return StringUtils.join(arrayList, " ");
    }

    private Boolean containsString(List<XMLObject> list, String str) {
        Boolean bool = null;
        if (list != null) {
            bool = Boolean.FALSE;
            Iterator<XMLObject> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                XMLObject next = it.next();
                if ((next instanceof XSString) && str.equals(((XSString) next).getValue())) {
                    bool = Boolean.TRUE;
                    break;
                }
            }
        }
        return bool;
    }

    private void getParticipantData(EsiaUsers esiaUsers, SecurityUser securityUser) {
        try {
            ParticipantIdentification participantIdentification = new ParticipantIdentification();
            participantIdentification.setInn(esiaUsers.getInn());
            participantIdentification.setKpp(esiaUsers.getKpp());
            ParticipantData participantDataByInnKpp = this.portalServiceClient.getParticipantDataByInnKpp(participantIdentification);
            if (participantDataByInnKpp == null) {
                LOGGER.error("Получен пустой ответ от сервиса ГИС ГМП. Устанавливается идентификатор senderId = REG_GIS_GMP_UNAVAILABLE.");
                securityUser.setUrn(UserService.REG_GIS_GMP_UNAVAILABLE);
                return;
            }
            if (org.apache.commons.lang.StringUtils.isNotBlank(participantDataByInnKpp.getUrn())) {
                securityUser.setUrn(participantDataByInnKpp.getUrn());
            } else {
                securityUser.setUrn(UserService.REG_GIS_GMP_NOT_REGISTERED);
            }
            if (participantDataByInnKpp.getCertificates() != null && !participantDataByInnKpp.getCertificates().getCertificate().isEmpty()) {
                for (byte[] bArr : participantDataByInnKpp.getCertificates().getCertificate()) {
                    EsiaUserCertificates esiaUserCertificates = new EsiaUserCertificates();
                    esiaUserCertificates.assignGuid();
                    esiaUserCertificates.setSerialNumber(new X509CertUiBean(Base64.decode(bArr)).getSerialNumber());
                    esiaUserCertificates.setCertificate(bArr);
                    esiaUsers.addCertificate(esiaUserCertificates);
                }
            }
            if (participantDataByInnKpp.getIndirectParticipantList() != null && !participantDataByInnKpp.getIndirectParticipantList().getIndirectParticipan().isEmpty()) {
                for (ParticipantData.IndirectParticipantList.IndirectParticipan indirectParticipan : participantDataByInnKpp.getIndirectParticipantList().getIndirectParticipan()) {
                    EsiaUserParticipants esiaUserParticipants = new EsiaUserParticipants();
                    esiaUserParticipants.assignGuid();
                    esiaUserParticipants.setInn(indirectParticipan.getInn());
                    esiaUserParticipants.setKpp(indirectParticipan.getKpp());
                    esiaUserParticipants.setName(indirectParticipan.getName());
                    esiaUserParticipants.setUrn(indirectParticipan.getUrn());
                    esiaUserParticipants.setRolesFk(new RolesFk(indirectParticipan.getRole().toString()));
                    esiaUsers.addParticipant(esiaUserParticipants);
                }
                securityUser.setHasParticipants(true);
            }
            if (participantDataByInnKpp.getRoles() != null && !participantDataByInnKpp.getRoles().getRole().isEmpty()) {
                ArrayList arrayList = new ArrayList();
                Iterator<BigInteger> it = participantDataByInnKpp.getRoles().getRole().iterator();
                while (it.hasNext()) {
                    String bigInteger = it.next().toString();
                    arrayList.add(bigInteger);
                    securityUser.addRole(bigInteger);
                }
                esiaUsers.setRolesFks(new HashSet(this.rolesFkDao.getList(arrayList)));
            }
            securityUser.setName(participantDataByInnKpp.getName());
            this.esiaUsersDao.update(esiaUsers);
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            LOGGER.error("Ответ не получен от сервиса ГИС ГМП. Устанавливается идентификатор senderId = REG_GIS_GMP_UNAVAILABLE.");
            securityUser.setUrn(UserService.REG_GIS_GMP_UNAVAILABLE);
        }
    }

    @Transactional(rollbackFor = {Exception.class}, propagation = Propagation.REQUIRES_NEW)
    public void clearAuthData(String str) {
        try {
            try {
                AnnotationTransactionAspect.aspectOf().ajc$before$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96c(this, ajc$tjp_5);
                this.esiaUsersDao.clearRoles(str);
                this.esiaUserCertificatesDao.deleteUnlinkedCertificates(str);
                this.esiaUserParticipantsDao.deleteUnlinkedParticipants(str);
                AnnotationTransactionAspect.aspectOf().ajc$afterReturning$org_springframework_transaction_aspectj_AbstractTransactionAspect$3$2a73e96c(this);
            } catch (Throwable th) {
                AnnotationTransactionAspect.aspectOf().ajc$afterThrowing$org_springframework_transaction_aspectj_AbstractTransactionAspect$2$2a73e96c(this, th);
                throw th;
            }
        } finally {
            AnnotationTransactionAspect.aspectOf().ajc$after$org_springframework_transaction_aspectj_AbstractTransactionAspect$4$2a73e96c(this);
        }
    }

    private String defineLoginRedirect(HttpServletRequest httpServletRequest) {
        String str = (String) httpServletRequest.getSession().getAttribute(LoginController.LOGIN_FROM);
        return LoginController.LOGIN_FROM_PHYSIC_SEARCH.equals(str) ? "searchPhysicalCharges.html?dropCriteria=true" : LoginController.LOGIN_FROM_LEGAL_SEARCH.equals(str) ? "searchLegalCharges.html?dropCriteria=true" : "login.html";
    }

    private String defineSuccessLoginRedirect(HttpServletRequest httpServletRequest) {
        String str = (String) httpServletRequest.getSession().getAttribute(LoginController.LOGIN_FROM);
        return LoginController.LOGIN_FROM_PHYSIC_SEARCH.equals(str) ? "searchPhysicalCharges.html?dropCriteria=true" : LoginController.LOGIN_FROM_LEGAL_SEARCH.equals(str) ? "searchLegalCharges.html?dropCriteria=true" : "profile.html";
    }

    private static /* synthetic */ void ajc$preClinit() {
        Factory factory = new Factory("EsiaController.java", EsiaController.class);
        ajc$tjp_0 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "init", "com.bssys.fk.ui.web.controller.login.EsiaController", "", "", "", "void"), 137);
        ajc$tjp_1 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "esiaLoginResult", "com.bssys.fk.ui.web.controller.login.EsiaController", "java.lang.String:org.springframework.web.servlet.mvc.support.RedirectAttributes:javax.servlet.http.HttpServletRequest", "response:redirectAttributes:request", "java.lang.Exception", "org.springframework.web.servlet.ModelAndView"), 152);
        ajc$tjp_2 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "esiaBrowserResult", "com.bssys.fk.ui.web.controller.login.EsiaController", "org.springframework.web.servlet.mvc.support.RedirectAttributes:javax.servlet.http.HttpServletRequest", "redirectAttributes:request", "", "org.springframework.web.servlet.ModelAndView"), 386);
        ajc$tjp_3 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "esiaResponseResult", "com.bssys.fk.ui.web.controller.login.EsiaController", "java.lang.String:org.springframework.web.servlet.mvc.support.RedirectAttributes:javax.servlet.http.HttpServletRequest", "response:redirectAttributes:request", "java.lang.Exception", "org.springframework.web.servlet.ModelAndView"), DatabaseError.SVR_TOO_OLD_TO_SUPPORT_REPLAY);
        ajc$tjp_4 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "saveCurrentEsiaUser", "com.bssys.fk.ui.web.controller.login.EsiaController", "java.lang.String:java.util.Map", "esiaId:attributes", "", "com.bssys.fk.dbaccess.model.EsiaUsers"), 416);
        ajc$tjp_5 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "clearAuthData", "com.bssys.fk.ui.web.controller.login.EsiaController", "java.lang.String", "esiaUserGuid", "", "void"), CharacterSet.AR8SAKHR707_CHARSET);
    }
}
