package de.gematik.rbellogger.modifier;

import de.gematik.rbellogger.converter.brainpool.BrainpoolCurves;
import de.gematik.rbellogger.data.RbelElement;
import de.gematik.rbellogger.data.elements.RbelJwtSignature;
import de.gematik.rbellogger.data.facet.RbelJwtFacet;
import de.gematik.rbellogger.key.RbelKey;
import de.gematik.rbellogger.key.RbelKeyManager;
import de.gematik.rbellogger.util.JsonUtils;
import de.gematik.test.tiger.exceptions.GenericTigerException;
import java.beans.ConstructorProperties;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.PrivateKey;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import lombok.Generated;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jose4j.jca.ProviderContext;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:BOOT-INF/lib/tiger-rbel-3.7.1.jar:de/gematik/rbellogger/modifier/RbelJwtWriter.class */
public class RbelJwtWriter implements RbelElementWriter {
    private final RbelKeyManager rbelKeyManager;

    /* loaded from: input_file:BOOT-INF/lib/tiger-rbel-3.7.1.jar:de/gematik/rbellogger/modifier/RbelJwtWriter$InvalidJwtSignatureException.class */
    public static class InvalidJwtSignatureException extends GenericTigerException {
        public InvalidJwtSignatureException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/tiger-rbel-3.7.1.jar:de/gematik/rbellogger/modifier/RbelJwtWriter$JwtUpdateException.class */
    public static class JwtUpdateException extends GenericTigerException {
        public JwtUpdateException(String str, JoseException joseException) {
            super(str, joseException);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/tiger-rbel-3.7.1.jar:de/gematik/rbellogger/modifier/RbelJwtWriter$RbelJwtSignatureModificationException.class */
    public static class RbelJwtSignatureModificationException extends GenericTigerException {
        public RbelJwtSignatureModificationException(String str) {
            super(str);
        }
    }

    @Override // de.gematik.rbellogger.modifier.RbelElementWriter
    public boolean canWrite(RbelElement rbelElement) {
        return rbelElement.hasFacet(RbelJwtFacet.class);
    }

    @Override // de.gematik.rbellogger.modifier.RbelElementWriter
    public byte[] write(RbelElement rbelElement, RbelElement rbelElement2, byte[] bArr) {
        return createUpdatedJws(rbelElement2, new String(bArr, StandardCharsets.UTF_8), (RbelJwtFacet) rbelElement.getFacetOrFail(RbelJwtFacet.class)).getBytes(StandardCharsets.UTF_8);
    }

    private String createUpdatedJws(RbelElement rbelElement, String str, RbelJwtFacet rbelJwtFacet) {
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        ProviderContext providerContext = new ProviderContext();
        providerContext.getSuppliedKeyProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME);
        jsonWebSignature.setProviderContext(providerContext);
        writeHeaderInJws(rbelElement, str, rbelJwtFacet, jsonWebSignature);
        jsonWebSignature.setPayload(extractJwsBodyClaims(rbelElement, str, rbelJwtFacet));
        if (rbelJwtFacet.getSignature() == rbelElement && str.startsWith(new String(RbelJwtSignatureWriter.VERIFIED_USING_MARKER, StandardCharsets.UTF_8))) {
            jsonWebSignature.setKey(findNewSignerKey(str));
        } else {
            jsonWebSignature.setKey(extractJwsKey(rbelJwtFacet));
        }
        if (!((RbelJwtSignature) rbelJwtFacet.getSignature().getFacetOrFail(RbelJwtSignature.class)).isValid()) {
            throw new InvalidJwtSignatureException("The signature is invalid\n" + rbelJwtFacet.getSignature().printTreeStructure());
        }
        try {
            String compactSerialization = jsonWebSignature.getCompactSerialization();
            return (rbelJwtFacet.getSignature() != rbelElement || str.startsWith(new String(RbelJwtSignatureWriter.VERIFIED_USING_MARKER, StandardCharsets.UTF_8))) ? compactSerialization : compactSerialization.substring(0, compactSerialization.lastIndexOf(46)) + "." + str;
        } catch (JoseException e) {
            throw new JwtUpdateException("Error writing into Jwt", e);
        }
    }

    private Key findNewSignerKey(String str) {
        String substring = str.substring(RbelJwtSignatureWriter.VERIFIED_USING_MARKER.length);
        return (Key) this.rbelKeyManager.findKeyByName(substring).map(rbelKey -> {
            return rbelKey.getKey() instanceof PrivateKey ? rbelKey : this.rbelKeyManager.findCorrespondingPrivateKey(substring).orElseThrow(() -> {
                return new RbelJwtSignatureModificationException("Could not find private key matching '" + substring + "'");
            });
        }).map((v0) -> {
            return v0.getKey();
        }).orElseThrow(() -> {
            return new RbelJwtSignatureModificationException("Could not find key '" + substring + "'");
        });
    }

    private Key extractJwsKey(RbelJwtFacet rbelJwtFacet) {
        Optional flatMap = rbelJwtFacet.getSignature().getFacet(RbelJwtSignature.class).map((v0) -> {
            return v0.getVerifiedUsing();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).flatMap(rbelElement -> {
            return rbelElement.seekValue(String.class);
        });
        RbelKeyManager rbelKeyManager = this.rbelKeyManager;
        Objects.requireNonNull(rbelKeyManager);
        return (Key) flatMap.flatMap(rbelKeyManager::findKeyByName).flatMap(this::getKeyBasedOnEncryptionType).orElseThrow(() -> {
            return new InvalidJwtSignatureException("Could not find the key matching signature \n" + rbelJwtFacet.getSignature().printTreeStructureWithoutColors() + "\n(If the private key is unknown then a new signature can not be written)");
        });
    }

    private void writeHeaderInJws(RbelElement rbelElement, String str, RbelJwtFacet rbelJwtFacet, JsonWebSignature jsonWebSignature) {
        extractJwtHeaderClaims(rbelElement, str, rbelJwtFacet).forEach(entry -> {
            jsonWebSignature.setHeader((String) entry.getKey(), (String) entry.getValue());
        });
    }

    private List<Map.Entry<String, String>> extractJwtHeaderClaims(RbelElement rbelElement, String str, RbelJwtFacet rbelJwtFacet) {
        return rbelJwtFacet.getHeader() == rbelElement ? JsonUtils.convertJsonObjectStringToMap(str) : JsonUtils.convertJsonObjectStringToMap(rbelJwtFacet.getHeader().getRawStringContent());
    }

    private String extractJwsBodyClaims(RbelElement rbelElement, String str, RbelJwtFacet rbelJwtFacet) {
        return rbelJwtFacet.getBody() == rbelElement ? str : rbelJwtFacet.getBody().getRawStringContent();
    }

    private Optional<Key> getKeyBasedOnEncryptionType(RbelKey rbelKey) {
        return (rbelKey.getKey().getAlgorithm().equals(AlgorithmIdentifiers.HMAC_SHA256) || rbelKey.getKey().getAlgorithm().equals(AlgorithmIdentifiers.HMAC_SHA512) || rbelKey.getKey().getAlgorithm().equals(AlgorithmIdentifiers.HMAC_SHA384)) ? Optional.ofNullable(rbelKey.getKey()) : this.rbelKeyManager.findCorrespondingPrivateKey(rbelKey.getKeyName()).map((v0) -> {
            return v0.getKey();
        });
    }

    @Generated
    @ConstructorProperties({"rbelKeyManager"})
    public RbelJwtWriter(RbelKeyManager rbelKeyManager) {
        this.rbelKeyManager = rbelKeyManager;
    }

    static {
        BrainpoolCurves.init();
    }
}
