package de.gematik.rbellogger.writer;

import de.gematik.rbellogger.writer.RbelWriter;
import de.gematik.rbellogger.writer.tree.RbelContentTreeNode;
import java.security.Key;
import java.util.Base64;
import java.util.Objects;
import java.util.Optional;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jose4j.jca.ProviderContext;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.keys.AesKey;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:BOOT-INF/lib/tiger-rbel-3.0.2.jar:de/gematik/rbellogger/writer/RbelJweSerializer.class */
public class RbelJweSerializer implements RbelSerializer {
    @Override // de.gematik.rbellogger.writer.RbelSerializer
    public byte[] render(RbelContentTreeNode rbelContentTreeNode, RbelWriter.RbelWriterInstance rbelWriterInstance) {
        return renderToString(rbelContentTreeNode, rbelWriterInstance).getBytes();
    }

    @Override // de.gematik.rbellogger.writer.RbelSerializer
    public byte[] renderNode(RbelContentTreeNode rbelContentTreeNode, RbelWriter.RbelWriterInstance rbelWriterInstance) {
        return render(rbelContentTreeNode, rbelWriterInstance);
    }

    public String renderToString(RbelContentTreeNode rbelContentTreeNode, RbelWriter.RbelWriterInstance rbelWriterInstance) {
        JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
        ProviderContext providerContext = new ProviderContext();
        providerContext.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME);
        jsonWebEncryption.setProviderContext(providerContext);
        writeHeaderInJwe(rbelContentTreeNode.childNode("header"), jsonWebEncryption, rbelWriterInstance);
        jsonWebEncryption.setPlaintext(rbelWriterInstance.renderTree(rbelContentTreeNode.childNode("body").orElseThrow(() -> {
            return new RbelSerializationException("Could not find body-node needed for JWT serialization in node '" + rbelContentTreeNode.getKey() + "'!");
        })).getContent());
        jsonWebEncryption.setKey(findSignerKey(rbelContentTreeNode.childNode("encryptionInfo"), rbelWriterInstance));
        try {
            return jsonWebEncryption.getCompactSerialization();
        } catch (JoseException e) {
            throw new RbelSerializationException("Error writing into Jwt", e);
        }
    }

    private Key findSignerKey(Optional<RbelContentTreeNode> optional, RbelWriter.RbelWriterInstance rbelWriterInstance) {
        if (optional.isEmpty()) {
            throw new RbelSerializationException("Could not find signature-node needed for JWT serialization!");
        }
        return (Key) optional.get().childNode("decryptedUsingKeyWithId").map((v0) -> {
            return v0.getRawStringContent();
        }).map(str -> {
            return rbelWriterInstance.getRbelKeyManager().findKeyByName(str).or(() -> {
                return rbelWriterInstance.getRbelKeyManager().findKeyByName("puk_" + str);
            }).orElseThrow(() -> {
                return new RbelSerializationException("Could not find key named '" + str + "'!");
            });
        }).map((v0) -> {
            return v0.getKey();
        }).or(() -> {
            Optional<U> map = ((RbelContentTreeNode) optional.get()).childNode("decryptedUsingKey").map((v0) -> {
                return v0.getRawStringContent();
            });
            Base64.Decoder urlDecoder = Base64.getUrlDecoder();
            Objects.requireNonNull(urlDecoder);
            return map.map(urlDecoder::decode).map(bArr -> {
                return new SecretKeySpec(bArr, AesKey.ALGORITHM);
            });
        }).orElseThrow(() -> {
            return new RbelSerializationException("Unable to find key!");
        });
    }

    private void writeHeaderInJwe(Optional<RbelContentTreeNode> optional, JsonWebEncryption jsonWebEncryption, RbelWriter.RbelWriterInstance rbelWriterInstance) {
        optional.map((v0) -> {
            return v0.getChildNodes();
        }).stream().flatMap((v0) -> {
            return v0.stream();
        }).forEach(rbelContentTreeNode -> {
            if (RbelJsonSerializer.isJsonArray(rbelContentTreeNode)) {
                jsonWebEncryption.setHeader(rbelContentTreeNode.getKey().orElseThrow(), rbelContentTreeNode.getChildNodes().stream().map(rbelContentTreeNode -> {
                    return new String(rbelWriterInstance.renderTree(rbelContentTreeNode).getContent(), rbelContentTreeNode.getElementCharset());
                }).toList());
            } else {
                jsonWebEncryption.setHeader(rbelContentTreeNode.getKey().orElseThrow(), new String(rbelWriterInstance.renderTree(rbelContentTreeNode).getContent(), rbelContentTreeNode.getElementCharset()));
            }
        });
    }
}
