package de.gematik.rbellogger.converter;

import de.gematik.rbellogger.data.RbelElement;
import de.gematik.rbellogger.data.RbelMultiMap;
import de.gematik.rbellogger.data.facet.RbelBinaryFacet;
import de.gematik.rbellogger.data.facet.RbelListFacet;
import de.gematik.rbellogger.data.facet.RbelMapFacet;
import de.gematik.rbellogger.data.facet.RbelRootFacet;
import de.gematik.rbellogger.data.facet.RbelX509CertificateFacet;
import de.gematik.rbellogger.data.util.OidDictionary;
import de.gematik.rbellogger.exceptions.RbelConversionException;
import de.gematik.rbellogger.util.CryptoLoader;
import java.io.IOException;
import java.io.InputStream;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECParameterSpec;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.util.Base64;
import java.util.function.Supplier;
import java.util.stream.Stream;
import lombok.Generated;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.jce.spec.ECNamedCurveSpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ConverterInfo(onlyActivateFor = {"X509"})
/* loaded from: input_file:BOOT-INF/lib/tiger-rbel-3.7.0.jar:de/gematik/rbellogger/converter/RbelX509Converter.class */
public class RbelX509Converter extends AbstractX509Converter {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) RbelX509Converter.class);
    private static final ZoneId utcZone = ZoneId.of("UTC");

    @Override // de.gematik.rbellogger.converter.RbelConverterPlugin
    public void consumeElement(RbelElement rbelElement, RbelConverter rbelConverter) {
        if (tryConversion(rbelElement, rbelConverter, () -> {
            return rbelElement.getContent().toInputStream();
        }) || tryConversion(rbelElement, rbelConverter, () -> {
            return Base64.getDecoder().wrap(rbelElement.getContent().toInputStream());
        })) {
            return;
        }
        tryConversion(rbelElement, rbelConverter, () -> {
            return Base64.getUrlDecoder().wrap(rbelElement.getContent().toInputStream());
        });
    }

    private boolean tryConversion(RbelElement rbelElement, RbelConverter rbelConverter, Supplier<InputStream> supplier) {
        try {
            X509Certificate certificateFromPem = CryptoLoader.getCertificateFromPem(supplier.get());
            RbelX509CertificateFacet build = RbelX509CertificateFacet.builder().version(certificateFromPem.getVersion()).serialnumber(certificateFromPem.getSerialNumber()).issuer(rbelConverter.convertElement(certificateFromPem.getIssuerX500Principal().getEncoded(), rbelElement)).validFrom(ZonedDateTime.ofInstant(certificateFromPem.getNotBefore().toInstant(), utcZone)).validUntil(ZonedDateTime.ofInstant(certificateFromPem.getNotAfter().toInstant(), utcZone)).subject(rbelConverter.convertElement(certificateFromPem.getSubjectX500Principal().getEncoded(), rbelElement)).subjectPublicKeyInfo(RbelMapFacet.wrap(rbelElement, rbelElement2 -> {
                RbelMultiMap<RbelElement> with = new RbelMultiMap().with("algorithm", RbelElement.wrap(rbelElement2, certificateFromPem.getPublicKey().getAlgorithm())).with("format", RbelElement.wrap(rbelElement2, certificateFromPem.getPublicKey().getFormat())).with("encoded", new RbelElement(certificateFromPem.getPublicKey().getEncoded(), rbelElement2).addFacet(new RbelBinaryFacet()));
                addKeyParameters(certificateFromPem.getPublicKey(), with, rbelElement2);
                return with;
            }, null)).extensions(parseCertificateExtensions(rbelElement, rbelConverter, certificateFromPem)).signature(buildSignatureInfo(rbelElement, certificateFromPem)).parent(rbelElement).certificate(certificateFromPem).build();
            rbelElement.addFacet(build);
            rbelElement.addFacet(new RbelRootFacet(build));
            return true;
        } catch (RuntimeException e) {
            return false;
        }
    }

    private void addKeyParameters(PublicKey publicKey, RbelMultiMap<RbelElement> rbelMultiMap, RbelElement rbelElement) {
        if (publicKey instanceof ECPublicKey) {
            ECParameterSpec params = ((ECPublicKey) publicKey).getParams();
            if (params instanceof ECNamedCurveSpec) {
                rbelMultiMap.with("curve", RbelElement.wrap(rbelElement, ((ECNamedCurveSpec) params).getName()));
            } else {
                rbelMultiMap.with("curve", RbelElement.wrap(rbelElement, "<unknown>"));
            }
        }
        if (publicKey instanceof RSAPublicKey) {
            rbelMultiMap.with("modulusLength", RbelElement.wrap(rbelElement, Integer.valueOf(((RSAPublicKey) publicKey).getModulus().bitLength())));
        }
    }

    private RbelElement buildSignatureInfo(RbelElement rbelElement, X509Certificate x509Certificate) {
        return RbelMapFacet.wrap(rbelElement, rbelElement2 -> {
            RbelElement wrap = RbelElement.wrap(rbelElement2, x509Certificate.getSigAlgOID());
            OidDictionary.buildAndAddAsn1OidFacet(wrap, x509Certificate.getSigAlgOID());
            return new RbelMultiMap().with("algorithm", wrap).with("encoded", new RbelElement(x509Certificate.getSignature(), rbelElement2).addFacet(new RbelBinaryFacet()));
        }, x509Certificate.getSignature());
    }

    public RbelElement parseCertificateExtensions(RbelElement rbelElement, RbelConverter rbelConverter, X509Certificate x509Certificate) {
        return RbelListFacet.wrap(rbelElement, rbelElement2 -> {
            return streamOfAllExtensions(x509Certificate).map(extension -> {
                return parseExtension(extension, rbelElement2, rbelConverter);
            }).toList();
        }, null);
    }

    private Stream<Extension> streamOfAllExtensions(X509Certificate x509Certificate) {
        return Stream.concat(x509Certificate.getCriticalExtensionOIDs().stream().map(str -> {
            return buildExtension(x509Certificate, str, true);
        }), x509Certificate.getNonCriticalExtensionOIDs().stream().map(str2 -> {
            return buildExtension(x509Certificate, str2, false);
        }));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Extension buildExtension(X509Certificate x509Certificate, String str, boolean z) {
        try {
            return Extension.create(new ASN1ObjectIdentifier(str), z, ASN1Primitive.fromByteArray(x509Certificate.getExtensionValue(str)));
        } catch (IOException e) {
            throw new RbelConversionException(e);
        }
    }
}
