package de.adorsys.psd2.validator.signature.impl;

import com.nimbusds.jose.util.X509CertUtils;
import de.adorsys.psd2.validator.certificate.util.CertificateUtils;
import de.adorsys.psd2.validator.signature.SignatureVerifier;
import de.adorsys.psd2.validator.signature.service.CertificateConstants;
import de.adorsys.psd2.validator.signature.service.RequestHeaders;
import java.security.cert.X509Certificate;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.tomitribe.auth.signatures.Signature;
import org.tomitribe.auth.signatures.Verifier;

/* loaded from: input_file:BOOT-INF/lib/psd2-certificate-validator-7.5.jar:de/adorsys/psd2/validator/signature/impl/SignatureVerifierImpl.class */
public class SignatureVerifierImpl implements SignatureVerifier {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SignatureVerifierImpl.class);

    @Override // de.adorsys.psd2.validator.signature.SignatureVerifier
    public boolean verify(String str, String str2, Map<String, String> map, String str3, String str4) {
        X509Certificate parse = X509CertUtils.parse(CertificateUtils.normalizeCertificate(str2));
        if (parse == null) {
            log.warn("TPP Certificate couldn't be parsed!");
            return false;
        }
        Signature fromString = Signature.fromString(str);
        if (!isKeyIdValid(parse, fromString.getKeyId())) {
            log.warn("Key ID is invalid!");
            return false;
        }
        try {
            return new Verifier(parse.getPublicKey(), fromString).verify(str3, str4, RequestHeaders.fromMap(map).toMap());
        } catch (Exception e) {
            log.warn("Signature verification has an error: {}", e.getMessage());
            return false;
        }
    }

    private boolean isKeyIdValid(X509Certificate x509Certificate, String str) {
        return StringUtils.equals(str, getKeyIdFromCertificate(x509Certificate));
    }

    private String getKeyIdFromCertificate(X509Certificate x509Certificate) {
        return "SN=" + x509Certificate.getSerialNumber().toString(16) + ",CA=" + x509Certificate.getIssuerX500Principal().getName().replace(" ", CertificateConstants.HEXADECIMAL_SPACE_SEPARATOR);
    }
}
