package dev.dsf.fhir.authentication;

import dev.dsf.common.auth.DsfOpenIdCredentials;
import dev.dsf.fhir.webservice.jaxrs.RootServiceJaxrs;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.hl7.fhir.r4.model.HumanName;
import org.hl7.fhir.r4.model.Identifier;
import org.hl7.fhir.r4.model.Practitioner;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dev/dsf/fhir/authentication/PractitionerProviderImpl.class */
public class PractitionerProviderImpl extends AbstractProvider implements PractitionerProvider {
    private static final Logger logger = LoggerFactory.getLogger(PractitionerProviderImpl.class);
    private final List<String> configuredUserThumbprints = new ArrayList();

    public PractitionerProviderImpl(List<String> list) {
        if (list != null) {
            this.configuredUserThumbprints.addAll(list);
        }
    }

    @Override // dev.dsf.fhir.authentication.PractitionerProvider
    public Optional<Practitioner> getPractitioner(DsfOpenIdCredentials dsfOpenIdCredentials) {
        return dsfOpenIdCredentials == null ? Optional.empty() : Optional.of(toPractitioner(dsfOpenIdCredentials));
    }

    @Override // dev.dsf.fhir.authentication.PractitionerProvider
    public Optional<Practitioner> getPractitioner(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return Optional.empty();
        }
        return !this.configuredUserThumbprints.contains(getThumbprint(x509Certificate)) ? Optional.empty() : toJcaX509CertificateHolder(x509Certificate).map(this::toPractitioner);
    }

    private Optional<JcaX509CertificateHolder> toJcaX509CertificateHolder(X509Certificate x509Certificate) {
        try {
            return Optional.of(new JcaX509CertificateHolder(x509Certificate));
        } catch (CertificateEncodingException e) {
            logger.warn("Unable to get X500Name from certificate: {} - {}", e.getClass().getName(), e.getMessage());
            return Optional.empty();
        }
    }

    private Practitioner toPractitioner(JcaX509CertificateHolder jcaX509CertificateHolder) {
        X500Name subject = jcaX509CertificateHolder.getSubject();
        List<String> values = getValues(subject, BCStyle.GIVENNAME);
        List<String> values2 = getValues(subject, BCStyle.SURNAME);
        List<String> values3 = getValues(subject, BCStyle.CN);
        List<String> values4 = getValues(subject, BCStyle.E);
        List<String> values5 = getValues(subject, BCStyle.EmailAddress);
        Extension extension = jcaX509CertificateHolder.getExtension(Extension.subjectAlternativeName);
        return toPractitioner(!values2.isEmpty() ? values2.stream() : values3.stream(), values.stream(), Stream.concat(Stream.concat(values4.stream(), values5.stream()), (extension == null ? Collections.emptyList() : Stream.of((Object[]) GeneralNames.getInstance(extension.getParsedValue()).getNames()).filter(generalName -> {
            return generalName.getTagNo() == 1;
        }).map((v0) -> {
            return v0.getName();
        }).map(IETFUtils::valueToString).toList()).stream()).filter(str -> {
            return str != null;
        }).filter(str2 -> {
            return str2.contains("@");
        }));
    }

    private Practitioner toPractitioner(DsfOpenIdCredentials dsfOpenIdCredentials) {
        return toPractitioner(Stream.of(dsfOpenIdCredentials.getStringClaimOrDefault("family_name", RootServiceJaxrs.PATH)), Stream.of(dsfOpenIdCredentials.getStringClaimOrDefault("given_name", RootServiceJaxrs.PATH)), Stream.of(dsfOpenIdCredentials.getStringClaimOrDefault("email", RootServiceJaxrs.PATH)));
    }

    private Practitioner toPractitioner(Stream<String> stream, Stream<String> stream2, Stream<String> stream3) {
        Practitioner practitioner = new Practitioner();
        Stream<R> map = stream3.map(str -> {
            return new Identifier().setSystem(PractitionerProvider.PRACTITIONER_IDENTIFIER_SYSTEM).setValue(str);
        });
        Objects.requireNonNull(practitioner);
        map.forEach(practitioner::addIdentifier);
        HumanName humanName = new HumanName();
        humanName.setFamily((String) stream.collect(Collectors.joining(" ")));
        Objects.requireNonNull(humanName);
        stream2.forEach(humanName::addGiven);
        practitioner.addName(humanName);
        return practitioner;
    }

    private List<String> getValues(X500Name x500Name, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return Stream.of((Object[]) x500Name.getRDNs(aSN1ObjectIdentifier)).flatMap(rdn -> {
            return Stream.of((Object[]) rdn.getTypesAndValues());
        }).map((v0) -> {
            return v0.getValue();
        }).map(IETFUtils::valueToString).toList();
    }
}
