package de.gematik.rbellogger.modifier;

import de.gematik.rbellogger.converter.brainpool.BrainpoolCurves;
import de.gematik.rbellogger.data.RbelElement;
import de.gematik.rbellogger.data.elements.RbelJwtSignature;
import de.gematik.rbellogger.data.facet.RbelJwtFacet;
import de.gematik.rbellogger.key.RbelKey;
import de.gematik.rbellogger.key.RbelKeyManager;
import de.gematik.rbellogger.util.JsonUtils;
import java.beans.ConstructorProperties;
import java.security.Key;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import lombok.Generated;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:de/gematik/rbellogger/modifier/RbelJwtWriter.class */
public class RbelJwtWriter implements RbelElementWriter {
    private final RbelKeyManager rbelKeyManager;

    /* loaded from: input_file:de/gematik/rbellogger/modifier/RbelJwtWriter$InvalidJwtSignatureException.class */
    public class InvalidJwtSignatureException extends RuntimeException {
        public InvalidJwtSignatureException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:de/gematik/rbellogger/modifier/RbelJwtWriter$JwtUpdateException.class */
    public class JwtUpdateException extends RuntimeException {
        public JwtUpdateException(String str, JoseException joseException) {
            super(str, joseException);
        }
    }

    @Override // de.gematik.rbellogger.modifier.RbelElementWriter
    public boolean canWrite(RbelElement rbelElement) {
        return rbelElement.hasFacet(RbelJwtFacet.class);
    }

    @Override // de.gematik.rbellogger.modifier.RbelElementWriter
    public String write(RbelElement rbelElement, RbelElement rbelElement2, String str) {
        return createUpdatedJws(rbelElement2, str, (RbelJwtFacet) rbelElement.getFacetOrFail(RbelJwtFacet.class));
    }

    private String createUpdatedJws(RbelElement rbelElement, String str, RbelJwtFacet rbelJwtFacet) {
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        writeHeaderInJws(rbelElement, str, rbelJwtFacet, jsonWebSignature);
        jsonWebSignature.setPayload(extractJwsBodyClaims(rbelElement, str, rbelJwtFacet));
        jsonWebSignature.setKey(extractJwsKey(rbelJwtFacet, jsonWebSignature));
        if (!((RbelJwtSignature) rbelJwtFacet.getSignature().getFacetOrFail(RbelJwtSignature.class)).isValid()) {
            throw new InvalidJwtSignatureException("The signature is invalid\n" + rbelJwtFacet.getSignature().printTreeStructure());
        }
        try {
            return jsonWebSignature.getCompactSerialization();
        } catch (JoseException e) {
            throw new JwtUpdateException("Error writing into Jwt", e);
        }
    }

    private Key extractJwsKey(RbelJwtFacet rbelJwtFacet, JsonWebSignature jsonWebSignature) {
        Optional flatMap = rbelJwtFacet.getSignature().getFacet(RbelJwtSignature.class).map((v0) -> {
            return v0.getVerifiedUsing();
        }).filter(rbelElement -> {
            return Objects.nonNull(rbelElement);
        }).flatMap(rbelElement2 -> {
            return rbelElement2.seekValue(String.class);
        });
        RbelKeyManager rbelKeyManager = this.rbelKeyManager;
        Objects.requireNonNull(rbelKeyManager);
        return (Key) flatMap.flatMap(rbelKeyManager::findKeyByName).flatMap(this::getKeyBasedOnEncryptionType).orElseThrow(() -> {
            return new InvalidJwtSignatureException("Could not find the key matching signature \n" + rbelJwtFacet.getSignature().printTreeStructure());
        });
    }

    private void writeHeaderInJws(RbelElement rbelElement, String str, RbelJwtFacet rbelJwtFacet, JsonWebSignature jsonWebSignature) {
        extractJwtHeaderClaims(rbelElement, str, rbelJwtFacet).forEach(entry -> {
            jsonWebSignature.setHeader((String) entry.getKey(), (String) entry.getValue());
        });
    }

    private List<Map.Entry<String, String>> extractJwtHeaderClaims(RbelElement rbelElement, String str, RbelJwtFacet rbelJwtFacet) {
        return rbelJwtFacet.getHeader() == rbelElement ? JsonUtils.convertJsonObjectStringToMap(str) : JsonUtils.convertJsonObjectStringToMap(rbelJwtFacet.getHeader().getRawStringContent());
    }

    private String extractJwsBodyClaims(RbelElement rbelElement, String str, RbelJwtFacet rbelJwtFacet) {
        return rbelJwtFacet.getBody() == rbelElement ? str : rbelJwtFacet.getBody().getRawStringContent();
    }

    private Optional<Key> getKeyBasedOnEncryptionType(RbelKey rbelKey) {
        return (rbelKey.getKey().getAlgorithm().equals(AlgorithmIdentifiers.HMAC_SHA256) || rbelKey.getKey().getAlgorithm().equals(AlgorithmIdentifiers.HMAC_SHA512) || rbelKey.getKey().getAlgorithm().equals(AlgorithmIdentifiers.HMAC_SHA384)) ? Optional.ofNullable(rbelKey.getKey()) : this.rbelKeyManager.findCorrespondingPrivateKey(rbelKey.getKeyName()).map((v0) -> {
            return v0.getKey();
        });
    }

    @Generated
    @ConstructorProperties({"rbelKeyManager"})
    public RbelJwtWriter(RbelKeyManager rbelKeyManager) {
        this.rbelKeyManager = rbelKeyManager;
    }

    static {
        BrainpoolCurves.init();
    }
}
