package de.adorsys.xs2a.adapter.service.impl;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEEncrypter;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.util.Base64;
import de.adorsys.xs2a.adapter.service.PsuPasswordEncryptionService;
import de.adorsys.xs2a.adapter.service.exception.PsuPasswordEncodingException;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactorySpi;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;

/* loaded from: input_file:BOOT-INF/lib/deutsche-bank-adapter-0.0.9.jar:de/adorsys/xs2a/adapter/service/impl/DeutscheBankPsuPasswordEncryptionService.class */
public class DeutscheBankPsuPasswordEncryptionService implements PsuPasswordEncryptionService {
    private static final String URL_TO_CERTIFICATE = "https://xs2a.db.com/pb/aspsp-certificates/tpp-pb-password_cert.pem";
    private static DeutscheBankPsuPasswordEncryptionService encryptionService;
    private JWEHeader jweHeader;
    private JWEEncrypter jweEncrypter;

    public static DeutscheBankPsuPasswordEncryptionService getInstance() {
        if (encryptionService == null) {
            encryptionService = new DeutscheBankPsuPasswordEncryptionService();
        }
        return encryptionService;
    }

    private DeutscheBankPsuPasswordEncryptionService() {
        init();
    }

    @Override // de.adorsys.xs2a.adapter.service.PsuPasswordEncryptionService
    public String encrypt(String str) {
        JWEObject jWEObject = new JWEObject(this.jweHeader, new Payload(str));
        try {
            jWEObject.encrypt(this.jweEncrypter);
            return jWEObject.serialize();
        } catch (JOSEException e) {
            throw new PsuPasswordEncodingException("Exception during Deutsche bank adapter PSU password encryption", e);
        }
    }

    private void init() {
        CertificateFactorySpi certificateFactory = new CertificateFactory();
        try {
            URI uri = new URI(URL_TO_CERTIFICATE);
            Collection engineGenerateCertificates = certificateFactory.engineGenerateCertificates(uri.toURL().openStream());
            if (engineGenerateCertificates.isEmpty()) {
                throw new PsuPasswordEncodingException("No certificates have been provided by bank for PSU password encryption");
            }
            List<X509Certificate> x509Certificates = toX509Certificates(engineGenerateCertificates);
            this.jweHeader = new JWEHeader.Builder(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A256GCM).x509CertURL(uri).x509CertChain((List) x509Certificates.stream().map(this::toBase64).collect(Collectors.toList())).build();
            this.jweEncrypter = new RSAEncrypter(RSAKey.parse(getBankCertificate(x509Certificates)));
        } catch (JOSEException | IOException | URISyntaxException | CertificateException e) {
            throw new PsuPasswordEncodingException("Exception during Deutsche bank adapter PSU password encryption", e);
        }
    }

    private List<X509Certificate> toX509Certificates(Collection<Certificate> collection) {
        return (List) collection.stream().map(certificate -> {
            if (certificate instanceof X509Certificate) {
                return (X509Certificate) certificate;
            }
            throw new PsuPasswordEncodingException("Certificate provided by bank is not a X509 type");
        }).collect(Collectors.toList());
    }

    private Base64 toBase64(X509Certificate x509Certificate) {
        try {
            return Base64.encode(x509Certificate.getEncoded());
        } catch (CertificateEncodingException e) {
            throw new PsuPasswordEncodingException("Exception during Deutsche bank adapter PSU password encryption", e);
        }
    }

    private X509Certificate getBankCertificate(List<X509Certificate> list) {
        return list.get(0);
    }
}
