package de.gematik.rbellogger.converter;

import de.gematik.rbellogger.converter.brainpool.BrainpoolCurves;
import de.gematik.rbellogger.data.RbelElement;
import de.gematik.rbellogger.data.elements.RbelJwtSignature;
import de.gematik.rbellogger.data.facet.RbelFacet;
import de.gematik.rbellogger.data.facet.RbelJwtFacet;
import de.gematik.rbellogger.data.facet.RbelRootFacet;
import de.gematik.rbellogger.data.facet.RbelValueFacet;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Optional;
import lombok.Generated;
import org.jose4j.jca.ProviderContext;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.lang.JoseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/rbellogger-0.27.5.jar:de/gematik/rbellogger/converter/RbelJwtConverter.class */
public class RbelJwtConverter implements RbelConverterPlugin {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) RbelJwtConverter.class);

    @Override // de.gematik.rbellogger.converter.RbelConverterPlugin
    public void consumeElement(RbelElement rbelElement, RbelConverter rbelConverter) {
        try {
            JsonWebSignature initializeJws = initializeJws(rbelElement);
            RbelElement convertElement = rbelConverter.convertElement(initializeJws.getHeaders().getFullHeaderAsJsonString().getBytes(StandardCharsets.UTF_8), rbelElement);
            RbelElement convertElement2 = rbelConverter.convertElement(initializeJws.getUnverifiedPayloadBytes(), rbelElement);
            RbelElement rbelElement2 = new RbelElement(Base64.getUrlDecoder().decode(initializeJws.getEncodedSignature()), rbelElement);
            rbelElement2.addFacet((RbelFacet) rbelConverter.getRbelKeyManager().getAllKeys().map(rbelKey -> {
                return verifySig(initializeJws, rbelKey.getKey(), rbelKey.getKeyName(), rbelElement2);
            }).filter((v0) -> {
                return v0.isPresent();
            }).map((v0) -> {
                return v0.get();
            }).findAny().or(() -> {
                return tryToGetKeyFromX5cHeaderClaim(initializeJws).map(publicKey -> {
                    return verifySig(initializeJws, publicKey, "x5c-header certificate", rbelElement2);
                }).filter((v0) -> {
                    return v0.isPresent();
                }).map((v0) -> {
                    return v0.get();
                });
            }).orElseGet(() -> {
                return RbelJwtSignature.builder().isValid(new RbelElement(null, rbelElement2).addFacet(new RbelValueFacet(false))).verifiedUsing(null).build();
            }));
            RbelJwtFacet rbelJwtFacet = new RbelJwtFacet(convertElement, convertElement2, rbelElement2);
            rbelElement.addFacet(rbelJwtFacet);
            rbelElement.addFacet(new RbelRootFacet(rbelJwtFacet));
        } catch (JoseException e) {
        }
    }

    private Optional<PublicKey> tryToGetKeyFromX5cHeaderClaim(JsonWebSignature jsonWebSignature) {
        return Optional.ofNullable(jsonWebSignature.getCertificateChainHeaderValue()).map(list -> {
            return (X509Certificate) list.get(0);
        }).map((v0) -> {
            return v0.getPublicKey();
        });
    }

    private JsonWebSignature initializeJws(RbelElement rbelElement) throws JoseException {
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        ProviderContext providerContext = new ProviderContext();
        providerContext.getSuppliedKeyProviderContext().setGeneralProvider("BC");
        jsonWebSignature.setProviderContext(providerContext);
        jsonWebSignature.setCompactSerialization(rbelElement.getRawStringContent());
        return jsonWebSignature;
    }

    private Optional<RbelJwtSignature> verifySig(JsonWebSignature jsonWebSignature, Key key, String str, RbelElement rbelElement) {
        try {
            jsonWebSignature.setKey(key);
            tryToGetKeyFromX5cHeaderClaim(jsonWebSignature);
            return jsonWebSignature.verifySignature() ? Optional.of(RbelJwtSignature.builder().isValid(new RbelElement(null, rbelElement).addFacet(new RbelValueFacet(true))).verifiedUsing(new RbelElement(null, rbelElement).addFacet(new RbelValueFacet(str))).build()) : Optional.empty();
        } catch (JoseException e) {
            return Optional.empty();
        }
    }

    static {
        BrainpoolCurves.init();
    }
}
