package de.gematik.idp.client;

import de.gematik.idp.authentication.AuthenticationChallenge;
import de.gematik.idp.authentication.JwtBuilder;
import de.gematik.idp.authentication.UriUtils;
import de.gematik.idp.brainPoolExtension.BrainpoolAlgorithmSuiteIdentifiers;
import de.gematik.idp.brainPoolExtension.BrainpoolCurves;
import de.gematik.idp.client.data.AuthenticationRequest;
import de.gematik.idp.client.data.AuthenticationResponse;
import de.gematik.idp.client.data.AuthorizationRequest;
import de.gematik.idp.client.data.AuthorizationResponse;
import de.gematik.idp.client.data.DiscoveryDocumentResponse;
import de.gematik.idp.client.data.RegistrationData;
import de.gematik.idp.client.data.TokenRequest;
import de.gematik.idp.crypto.EcSignerUtility;
import de.gematik.idp.crypto.KeyAnalysis;
import de.gematik.idp.crypto.Nonce;
import de.gematik.idp.crypto.RsaSignerUtility;
import de.gematik.idp.crypto.model.PkiIdentity;
import de.gematik.idp.field.ClaimName;
import de.gematik.idp.field.ClientUtilities;
import de.gematik.idp.field.CodeChallengeMethod;
import de.gematik.idp.token.IdpJwe;
import de.gematik.idp.token.JsonWebToken;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Consumer;
import java.util.function.UnaryOperator;
import kong.unirest.GetRequest;
import kong.unirest.HttpResponse;
import kong.unirest.JsonNode;
import kong.unirest.MultipartBody;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jose4j.jws.EcdsaUsingShaAlgorithm;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/gematik/idp/client/IdpClient.class */
public class IdpClient implements IIdpClient {
    private static final Logger LOGGER = LoggerFactory.getLogger(IdpClient.class);
    private static final Consumer NOOP_CONSUMER = obj -> {
    };
    private final String clientId;
    private final String redirectUrl;
    private final String discoveryDocumentUrl;
    private final boolean shouldVerifyState;
    private Set<String> scopes;
    private UnaryOperator<GetRequest> beforeAuthorizationMapper;
    private Consumer<HttpResponse<AuthenticationChallenge>> afterAuthorizationCallback;
    private UnaryOperator<MultipartBody> beforeAuthenticationMapper;
    private Consumer<HttpResponse<String>> afterAuthenticationCallback;
    private UnaryOperator<MultipartBody> beforeTokenMapper;
    private Consumer<HttpResponse<JsonNode>> afterTokenCallback;
    private AuthenticatorClient authenticatorClient;
    private CodeChallengeMethod codeChallengeMethod;
    private UnaryOperator<AuthorizationResponse> authorizationResponseMapper;
    private UnaryOperator<AuthenticationResponse> authenticationResponseMapper;
    private String fixedIdpHost;
    private DiscoveryDocumentResponse discoveryDocumentResponse;

    @Generated
    /* loaded from: input_file:de/gematik/idp/client/IdpClient$IdpClientBuilder.class */
    public static class IdpClientBuilder {

        @Generated
        private String clientId;

        @Generated
        private String redirectUrl;

        @Generated
        private String discoveryDocumentUrl;

        @Generated
        private boolean shouldVerifyState;

        @Generated
        private boolean scopes$set;

        @Generated
        private Set<String> scopes$value;

        @Generated
        private boolean beforeAuthorizationMapper$set;

        @Generated
        private UnaryOperator<GetRequest> beforeAuthorizationMapper$value;

        @Generated
        private boolean afterAuthorizationCallback$set;

        @Generated
        private Consumer<HttpResponse<AuthenticationChallenge>> afterAuthorizationCallback$value;

        @Generated
        private boolean beforeAuthenticationMapper$set;

        @Generated
        private UnaryOperator<MultipartBody> beforeAuthenticationMapper$value;

        @Generated
        private boolean afterAuthenticationCallback$set;

        @Generated
        private Consumer<HttpResponse<String>> afterAuthenticationCallback$value;

        @Generated
        private boolean beforeTokenMapper$set;

        @Generated
        private UnaryOperator<MultipartBody> beforeTokenMapper$value;

        @Generated
        private boolean afterTokenCallback$set;

        @Generated
        private Consumer<HttpResponse<JsonNode>> afterTokenCallback$value;

        @Generated
        private boolean authenticatorClient$set;

        @Generated
        private AuthenticatorClient authenticatorClient$value;

        @Generated
        private boolean codeChallengeMethod$set;

        @Generated
        private CodeChallengeMethod codeChallengeMethod$value;

        @Generated
        private boolean authorizationResponseMapper$set;

        @Generated
        private UnaryOperator<AuthorizationResponse> authorizationResponseMapper$value;

        @Generated
        private boolean authenticationResponseMapper$set;

        @Generated
        private UnaryOperator<AuthenticationResponse> authenticationResponseMapper$value;

        @Generated
        private String fixedIdpHost;

        @Generated
        private DiscoveryDocumentResponse discoveryDocumentResponse;

        @Generated
        IdpClientBuilder() {
        }

        @Generated
        public IdpClientBuilder clientId(String str) {
            this.clientId = str;
            return this;
        }

        @Generated
        public IdpClientBuilder redirectUrl(String str) {
            this.redirectUrl = str;
            return this;
        }

        @Generated
        public IdpClientBuilder discoveryDocumentUrl(String str) {
            this.discoveryDocumentUrl = str;
            return this;
        }

        @Generated
        public IdpClientBuilder shouldVerifyState(boolean z) {
            this.shouldVerifyState = z;
            return this;
        }

        @Generated
        public IdpClientBuilder scopes(Set<String> set) {
            this.scopes$value = set;
            this.scopes$set = true;
            return this;
        }

        @Generated
        public IdpClientBuilder beforeAuthorizationMapper(UnaryOperator<GetRequest> unaryOperator) {
            this.beforeAuthorizationMapper$value = unaryOperator;
            this.beforeAuthorizationMapper$set = true;
            return this;
        }

        @Generated
        public IdpClientBuilder afterAuthorizationCallback(Consumer<HttpResponse<AuthenticationChallenge>> consumer) {
            this.afterAuthorizationCallback$value = consumer;
            this.afterAuthorizationCallback$set = true;
            return this;
        }

        @Generated
        public IdpClientBuilder beforeAuthenticationMapper(UnaryOperator<MultipartBody> unaryOperator) {
            this.beforeAuthenticationMapper$value = unaryOperator;
            this.beforeAuthenticationMapper$set = true;
            return this;
        }

        @Generated
        public IdpClientBuilder afterAuthenticationCallback(Consumer<HttpResponse<String>> consumer) {
            this.afterAuthenticationCallback$value = consumer;
            this.afterAuthenticationCallback$set = true;
            return this;
        }

        @Generated
        public IdpClientBuilder beforeTokenMapper(UnaryOperator<MultipartBody> unaryOperator) {
            this.beforeTokenMapper$value = unaryOperator;
            this.beforeTokenMapper$set = true;
            return this;
        }

        @Generated
        public IdpClientBuilder afterTokenCallback(Consumer<HttpResponse<JsonNode>> consumer) {
            this.afterTokenCallback$value = consumer;
            this.afterTokenCallback$set = true;
            return this;
        }

        @Generated
        public IdpClientBuilder authenticatorClient(AuthenticatorClient authenticatorClient) {
            this.authenticatorClient$value = authenticatorClient;
            this.authenticatorClient$set = true;
            return this;
        }

        @Generated
        public IdpClientBuilder codeChallengeMethod(CodeChallengeMethod codeChallengeMethod) {
            this.codeChallengeMethod$value = codeChallengeMethod;
            this.codeChallengeMethod$set = true;
            return this;
        }

        @Generated
        public IdpClientBuilder authorizationResponseMapper(UnaryOperator<AuthorizationResponse> unaryOperator) {
            this.authorizationResponseMapper$value = unaryOperator;
            this.authorizationResponseMapper$set = true;
            return this;
        }

        @Generated
        public IdpClientBuilder authenticationResponseMapper(UnaryOperator<AuthenticationResponse> unaryOperator) {
            this.authenticationResponseMapper$value = unaryOperator;
            this.authenticationResponseMapper$set = true;
            return this;
        }

        @Generated
        public IdpClientBuilder fixedIdpHost(String str) {
            this.fixedIdpHost = str;
            return this;
        }

        @Generated
        public IdpClientBuilder discoveryDocumentResponse(DiscoveryDocumentResponse discoveryDocumentResponse) {
            this.discoveryDocumentResponse = discoveryDocumentResponse;
            return this;
        }

        @Generated
        public IdpClient build() {
            Set<String> set = this.scopes$value;
            if (!this.scopes$set) {
                set = IdpClient.$default$scopes();
            }
            UnaryOperator<GetRequest> unaryOperator = this.beforeAuthorizationMapper$value;
            if (!this.beforeAuthorizationMapper$set) {
                unaryOperator = IdpClient.$default$beforeAuthorizationMapper();
            }
            Consumer<HttpResponse<AuthenticationChallenge>> consumer = this.afterAuthorizationCallback$value;
            if (!this.afterAuthorizationCallback$set) {
                consumer = IdpClient.NOOP_CONSUMER;
            }
            UnaryOperator<MultipartBody> unaryOperator2 = this.beforeAuthenticationMapper$value;
            if (!this.beforeAuthenticationMapper$set) {
                unaryOperator2 = IdpClient.$default$beforeAuthenticationMapper();
            }
            Consumer<HttpResponse<String>> consumer2 = this.afterAuthenticationCallback$value;
            if (!this.afterAuthenticationCallback$set) {
                consumer2 = IdpClient.NOOP_CONSUMER;
            }
            UnaryOperator<MultipartBody> unaryOperator3 = this.beforeTokenMapper$value;
            if (!this.beforeTokenMapper$set) {
                unaryOperator3 = IdpClient.$default$beforeTokenMapper();
            }
            Consumer<HttpResponse<JsonNode>> consumer3 = this.afterTokenCallback$value;
            if (!this.afterTokenCallback$set) {
                consumer3 = IdpClient.NOOP_CONSUMER;
            }
            AuthenticatorClient authenticatorClient = this.authenticatorClient$value;
            if (!this.authenticatorClient$set) {
                authenticatorClient = IdpClient.$default$authenticatorClient();
            }
            CodeChallengeMethod codeChallengeMethod = this.codeChallengeMethod$value;
            if (!this.codeChallengeMethod$set) {
                codeChallengeMethod = CodeChallengeMethod.S256;
            }
            UnaryOperator<AuthorizationResponse> unaryOperator4 = this.authorizationResponseMapper$value;
            if (!this.authorizationResponseMapper$set) {
                unaryOperator4 = IdpClient.$default$authorizationResponseMapper();
            }
            UnaryOperator<AuthenticationResponse> unaryOperator5 = this.authenticationResponseMapper$value;
            if (!this.authenticationResponseMapper$set) {
                unaryOperator5 = IdpClient.$default$authenticationResponseMapper();
            }
            return new IdpClient(this.clientId, this.redirectUrl, this.discoveryDocumentUrl, this.shouldVerifyState, set, unaryOperator, consumer, unaryOperator2, consumer2, unaryOperator3, consumer3, authenticatorClient, codeChallengeMethod, unaryOperator4, unaryOperator5, this.fixedIdpHost, this.discoveryDocumentResponse);
        }

        @Generated
        public String toString() {
            return "IdpClient.IdpClientBuilder(clientId=" + this.clientId + ", redirectUrl=" + this.redirectUrl + ", discoveryDocumentUrl=" + this.discoveryDocumentUrl + ", shouldVerifyState=" + this.shouldVerifyState + ", scopes$value=" + this.scopes$value + ", beforeAuthorizationMapper$value=" + this.beforeAuthorizationMapper$value + ", afterAuthorizationCallback$value=" + this.afterAuthorizationCallback$value + ", beforeAuthenticationMapper$value=" + this.beforeAuthenticationMapper$value + ", afterAuthenticationCallback$value=" + this.afterAuthenticationCallback$value + ", beforeTokenMapper$value=" + this.beforeTokenMapper$value + ", afterTokenCallback$value=" + this.afterTokenCallback$value + ", authenticatorClient$value=" + this.authenticatorClient$value + ", codeChallengeMethod$value=" + this.codeChallengeMethod$value + ", authorizationResponseMapper$value=" + this.authorizationResponseMapper$value + ", authenticationResponseMapper$value=" + this.authenticationResponseMapper$value + ", fixedIdpHost=" + this.fixedIdpHost + ", discoveryDocumentResponse=" + this.discoveryDocumentResponse + ")";
        }
    }

    private String signServerChallenge(String str, X509Certificate x509Certificate, UnaryOperator<byte[]> unaryOperator) {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setClaim(ClaimName.NESTED_JWT.getJoseName(), str);
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(jwtClaims.toJson());
        jsonWebSignature.setHeader("typ", "JWT");
        jsonWebSignature.setHeader("cty", "NJWT");
        jsonWebSignature.setCertificateChainHeaderValue(new X509Certificate[]{x509Certificate});
        if (KeyAnalysis.isEcKey(x509Certificate.getPublicKey())) {
            jsonWebSignature.setAlgorithmHeaderValue(BrainpoolAlgorithmSuiteIdentifiers.BRAINPOOL256_USING_SHA256);
        } else {
            jsonWebSignature.setAlgorithmHeaderValue("PS256");
        }
        return new JsonWebToken(jsonWebSignature.getHeaders().getEncodedHeader() + "." + jsonWebSignature.getEncodedPayload() + "." + Base64.getUrlEncoder().withoutPadding().encodeToString(getSignatureBytes(unaryOperator, jsonWebSignature, bArr -> {
            if (x509Certificate.getPublicKey() instanceof RSAPublicKey) {
                return bArr;
            }
            try {
                return EcdsaUsingShaAlgorithm.convertDerToConcatenated(bArr, 64);
            } catch (IOException e) {
                throw new IdpClientRuntimeException(e);
            }
        }))).encryptAsNjwt(this.discoveryDocumentResponse.getIdpEnc()).getRawString();
    }

    private byte[] getSignatureBytes(UnaryOperator<byte[]> unaryOperator, JsonWebSignature jsonWebSignature, UnaryOperator<byte[]> unaryOperator2) {
        return (byte[]) unaryOperator2.apply((byte[]) unaryOperator.apply((jsonWebSignature.getHeaders().getEncodedHeader() + "." + jsonWebSignature.getEncodedPayload()).getBytes(StandardCharsets.UTF_8)));
    }

    @Override // de.gematik.idp.client.IIdpClient
    public IdpTokenResult login(PkiIdentity pkiIdentity) {
        assertThatIdpIdentityIsValid(pkiIdentity);
        return login(pkiIdentity.getCertificate(), bArr -> {
            return pkiIdentity.getPrivateKey() instanceof RSAPrivateKey ? RsaSignerUtility.createRsaSignature(bArr, pkiIdentity.getPrivateKey()) : EcSignerUtility.createEcSignature(bArr, pkiIdentity.getPrivateKey());
        });
    }

    public IdpTokenResult login(X509Certificate x509Certificate, UnaryOperator<byte[]> unaryOperator) {
        assertThatClientIsInitialized();
        String generateCodeVerifier = ClientUtilities.generateCodeVerifier();
        String nonceAsBase64UrlEncodedString = Nonce.getNonceAsBase64UrlEncodedString(24);
        String nonceAsBase64UrlEncodedString2 = Nonce.getNonceAsBase64UrlEncodedString(24);
        LOGGER.debug("Performing Authorization with remote-URL '{}'", this.discoveryDocumentResponse.getAuthorizationEndpoint());
        AuthorizationResponse authorizationResponse = (AuthorizationResponse) this.authorizationResponseMapper.apply(this.authenticatorClient.doAuthorizationRequest(AuthorizationRequest.builder().clientId(this.clientId).link(this.discoveryDocumentResponse.getAuthorizationEndpoint()).codeChallenge(ClientUtilities.generateCodeChallenge(generateCodeVerifier)).codeChallengeMethod(this.codeChallengeMethod).redirectUri(this.redirectUrl).state(nonceAsBase64UrlEncodedString2).scopes(this.scopes).nonce(nonceAsBase64UrlEncodedString).build(), this.beforeAuthorizationMapper, this.afterAuthorizationCallback));
        LOGGER.debug("Performing Authentication with remote-URL '{}'", this.discoveryDocumentResponse.getAuthorizationEndpoint());
        AuthenticationResponse authenticationResponse = (AuthenticationResponse) this.authenticationResponseMapper.apply(this.authenticatorClient.performAuthentication(AuthenticationRequest.builder().authenticationEndpointUrl(this.discoveryDocumentResponse.getAuthorizationEndpoint()).signedChallenge(new IdpJwe(signServerChallenge(authorizationResponse.getAuthenticationChallenge().getChallenge().getRawString(), x509Certificate, unaryOperator))).build(), this.beforeAuthenticationMapper, this.afterAuthenticationCallback));
        if (this.shouldVerifyState && !nonceAsBase64UrlEncodedString2.equals(UriUtils.extractParameterValue(authenticationResponse.getLocation(), "state"))) {
            throw new IdpClientRuntimeException("state-parameter unexpected changed");
        }
        LOGGER.debug("Performing getToken with remote-URL '{}'", this.discoveryDocumentResponse.getTokenEndpoint());
        return this.authenticatorClient.retrieveAccessToken(TokenRequest.builder().tokenUrl(this.discoveryDocumentResponse.getTokenEndpoint()).clientId(this.clientId).code(authenticationResponse.getCode()).ssoToken(authenticationResponse.getSsoToken()).redirectUrl(this.redirectUrl).codeVerifier(generateCodeVerifier).idpEnc(this.discoveryDocumentResponse.getIdpEnc()).build(), this.beforeTokenMapper, this.afterTokenCallback);
    }

    public IdpTokenResult loginWithSsoToken(IdpJwe idpJwe) {
        assertThatClientIsInitialized();
        String generateCodeVerifier = ClientUtilities.generateCodeVerifier();
        String nonceAsBase64UrlEncodedString = Nonce.getNonceAsBase64UrlEncodedString(24);
        String nonceAsBase64UrlEncodedString2 = Nonce.getNonceAsBase64UrlEncodedString(24);
        LOGGER.debug("Performing Authorization with remote-URL '{}'", this.discoveryDocumentResponse.getAuthorizationEndpoint());
        AuthorizationResponse authorizationResponse = (AuthorizationResponse) this.authorizationResponseMapper.apply(this.authenticatorClient.doAuthorizationRequest(AuthorizationRequest.builder().clientId(this.clientId).link(this.discoveryDocumentResponse.getAuthorizationEndpoint()).codeChallenge(ClientUtilities.generateCodeChallenge(generateCodeVerifier)).codeChallengeMethod(this.codeChallengeMethod).redirectUri(this.redirectUrl).state(nonceAsBase64UrlEncodedString2).scopes(this.scopes).nonce(nonceAsBase64UrlEncodedString).build(), this.beforeAuthorizationMapper, this.afterAuthorizationCallback));
        String ssoEndpoint = this.discoveryDocumentResponse.getSsoEndpoint();
        LOGGER.debug("Performing Sso-Authentication with remote-URL '{}'", ssoEndpoint);
        AuthenticationResponse authenticationResponse = (AuthenticationResponse) this.authenticationResponseMapper.apply(this.authenticatorClient.performAuthenticationWithSsoToken(AuthenticationRequest.builder().authenticationEndpointUrl(ssoEndpoint).ssoToken(idpJwe.getRawString()).challengeToken(authorizationResponse.getAuthenticationChallenge().getChallenge()).build(), this.beforeAuthenticationMapper, this.afterAuthenticationCallback));
        if (this.shouldVerifyState && !nonceAsBase64UrlEncodedString2.equals(UriUtils.extractParameterValue(authenticationResponse.getLocation(), "state"))) {
            throw new IdpClientRuntimeException("state-parameter unexpected changed");
        }
        LOGGER.debug("Performing getToken with remote-URL '{}'", this.discoveryDocumentResponse.getTokenEndpoint());
        return this.authenticatorClient.retrieveAccessToken(TokenRequest.builder().tokenUrl(this.discoveryDocumentResponse.getTokenEndpoint()).clientId(this.clientId).code(authenticationResponse.getCode()).ssoToken(idpJwe.getRawString()).redirectUrl(this.redirectUrl).codeVerifier(generateCodeVerifier).idpEnc(this.discoveryDocumentResponse.getIdpEnc()).build(), this.beforeTokenMapper, this.afterTokenCallback);
    }

    public IdpTokenResult loginWithAltAuth(RegistrationData registrationData, PrivateKey privateKey) {
        assertThatClientIsInitialized();
        String generateCodeVerifier = ClientUtilities.generateCodeVerifier();
        String nonceAsBase64UrlEncodedString = Nonce.getNonceAsBase64UrlEncodedString(24);
        String nonceAsBase64UrlEncodedString2 = Nonce.getNonceAsBase64UrlEncodedString(24);
        LOGGER.debug("Performing Authorization with remote-URL '{}'", this.discoveryDocumentResponse.getAuthorizationEndpoint());
        AuthorizationResponse authorizationResponse = (AuthorizationResponse) this.authorizationResponseMapper.apply(this.authenticatorClient.doAuthorizationRequest(AuthorizationRequest.builder().clientId(this.clientId).link(this.discoveryDocumentResponse.getAuthorizationEndpoint()).codeChallenge(ClientUtilities.generateCodeChallenge(generateCodeVerifier)).codeChallengeMethod(this.codeChallengeMethod).redirectUri(this.redirectUrl).state(nonceAsBase64UrlEncodedString2).scopes(this.scopes).nonce(nonceAsBase64UrlEncodedString).build(), this.beforeAuthorizationMapper, this.afterAuthorizationCallback));
        JsonWebToken buildJwt = new JwtBuilder().addBodyClaim(ClaimName.EXPIRES_AT, authorizationResponse.getAuthenticationChallenge().getChallenge().getBodyClaim(ClaimName.EXPIRES_AT).orElseThrow()).addBodyClaim(ClaimName.CHALLENGE_TOKEN, authorizationResponse.getAuthenticationChallenge().getChallenge().getRawString()).addBodyClaim(ClaimName.AUTHENTICATION_CERTIFICATE, registrationData.getAuthCert()).addBodyClaim(ClaimName.AUTHENTICATION_DATA_VERSION, "1.0").addBodyClaim(ClaimName.KEY_IDENTIFIER, new JsonWebToken(registrationData.getSignedPairingData()).getBodyClaim(ClaimName.KEY_IDENTIFIER).orElseThrow()).addBodyClaim(ClaimName.DEVICE_INFORMATION, Map.of("name", registrationData.getDeviceInformation().getName(), "device_information_data_version", registrationData.getDeviceInformation().getDeviceInformationDataVersion(), "device_type", Map.of("device_type_data_version", registrationData.getDeviceInformation().getDeviceType().getDeviceTypeDataVersion(), "product", registrationData.getDeviceInformation().getDeviceType().getProduct(), "model", registrationData.getDeviceInformation().getDeviceType().getModel(), "os", registrationData.getDeviceInformation().getDeviceType().getOs(), "os_version", registrationData.getDeviceInformation().getDeviceType().getOsVersion(), "manufacturer", registrationData.getDeviceInformation().getDeviceType().getManufacturer()))).addBodyClaim(ClaimName.AUTHENTICATION_METHODS_REFERENCE, List.of("mfa", "hwk", "face")).setSignerKey(privateKey).buildJwt();
        LOGGER.debug("Performing Authentication with remote-URL '{}'", this.discoveryDocumentResponse.getAuthorizationEndpoint());
        AuthenticationResponse authenticationResponse = (AuthenticationResponse) this.authenticationResponseMapper.apply(this.authenticatorClient.performAuthenticationWithAltAuth(AuthenticationRequest.builder().authenticationEndpointUrl(this.discoveryDocumentResponse.getAuthPairEndpoint()).encryptedSignedAuthenticationData(buildJwt.encryptAsNjwt(this.discoveryDocumentResponse.getIdpEnc())).build(), this.beforeAuthenticationMapper, this.afterAuthenticationCallback));
        if (this.shouldVerifyState && !nonceAsBase64UrlEncodedString2.equals(UriUtils.extractParameterValue(authenticationResponse.getLocation(), "state"))) {
            throw new IdpClientRuntimeException("state-parameter unexpected changed");
        }
        LOGGER.debug("Performing getToken with remote-URL '{}'", this.discoveryDocumentResponse.getTokenEndpoint());
        return this.authenticatorClient.retrieveAccessToken(TokenRequest.builder().tokenUrl(this.discoveryDocumentResponse.getTokenEndpoint()).clientId(this.clientId).code(authenticationResponse.getCode()).ssoToken(authenticationResponse.getSsoToken()).redirectUrl(this.redirectUrl).codeVerifier(generateCodeVerifier).idpEnc(this.discoveryDocumentResponse.getIdpEnc()).build(), this.beforeTokenMapper, this.afterTokenCallback);
    }

    private void assertThatIdpIdentityIsValid(PkiIdentity pkiIdentity) {
        Objects.requireNonNull(pkiIdentity);
        Objects.requireNonNull(pkiIdentity.getCertificate());
        Objects.requireNonNull(pkiIdentity.getPrivateKey());
    }

    private void assertThatClientIsInitialized() {
        LOGGER.debug("Verifying IDP-Client initialization...");
        if (this.discoveryDocumentResponse == null || StringUtils.isEmpty(this.discoveryDocumentResponse.getAuthorizationEndpoint()) || StringUtils.isEmpty(this.discoveryDocumentResponse.getTokenEndpoint())) {
            throw new IdpClientRuntimeException("IDP-Client not initialized correctly! Call .initialize() before performing an actual operation.");
        }
    }

    @Override // de.gematik.idp.client.IIdpClient
    public IdpClient initialize() {
        LOGGER.info("Initializing using url '{}'", this.discoveryDocumentUrl);
        this.discoveryDocumentResponse = this.authenticatorClient.retrieveDiscoveryDocument(this.discoveryDocumentUrl, Optional.ofNullable(this.fixedIdpHost));
        return this;
    }

    public void verifyAuthTokenToken(IdpTokenResult idpTokenResult) {
        idpTokenResult.getAccessToken().verify(this.discoveryDocumentResponse.getIdpSig().getPublicKey());
    }

    public void setBeforeAuthorizationCallback(Consumer<GetRequest> consumer) {
        this.beforeAuthorizationMapper = toNoopIdentity(consumer);
    }

    public void setBeforeAuthenticationCallback(Consumer<MultipartBody> consumer) {
        this.beforeAuthenticationMapper = toNoopIdentity(consumer);
    }

    public void setBeforeTokenCallback(Consumer<MultipartBody> consumer) {
        this.beforeTokenMapper = toNoopIdentity(consumer);
    }

    public <T> UnaryOperator<T> toNoopIdentity(Consumer<T> consumer) {
        return obj -> {
            consumer.accept(obj);
            return obj;
        };
    }

    @Generated
    private static Set<String> $default$scopes() {
        return Set.of("openid", "e-rezept");
    }

    @Generated
    private static UnaryOperator<GetRequest> $default$beforeAuthorizationMapper() {
        return UnaryOperator.identity();
    }

    @Generated
    private static UnaryOperator<MultipartBody> $default$beforeAuthenticationMapper() {
        return UnaryOperator.identity();
    }

    @Generated
    private static UnaryOperator<MultipartBody> $default$beforeTokenMapper() {
        return UnaryOperator.identity();
    }

    @Generated
    private static AuthenticatorClient $default$authenticatorClient() {
        return new AuthenticatorClient();
    }

    @Generated
    private static UnaryOperator<AuthorizationResponse> $default$authorizationResponseMapper() {
        return UnaryOperator.identity();
    }

    @Generated
    private static UnaryOperator<AuthenticationResponse> $default$authenticationResponseMapper() {
        return UnaryOperator.identity();
    }

    @Generated
    public static IdpClientBuilder builder() {
        return new IdpClientBuilder();
    }

    @Generated
    public IdpClientBuilder toBuilder() {
        return new IdpClientBuilder().clientId(this.clientId).redirectUrl(this.redirectUrl).discoveryDocumentUrl(this.discoveryDocumentUrl).shouldVerifyState(this.shouldVerifyState).scopes(this.scopes).beforeAuthorizationMapper(this.beforeAuthorizationMapper).afterAuthorizationCallback(this.afterAuthorizationCallback).beforeAuthenticationMapper(this.beforeAuthenticationMapper).afterAuthenticationCallback(this.afterAuthenticationCallback).beforeTokenMapper(this.beforeTokenMapper).afterTokenCallback(this.afterTokenCallback).authenticatorClient(this.authenticatorClient).codeChallengeMethod(this.codeChallengeMethod).authorizationResponseMapper(this.authorizationResponseMapper).authenticationResponseMapper(this.authenticationResponseMapper).fixedIdpHost(this.fixedIdpHost).discoveryDocumentResponse(this.discoveryDocumentResponse);
    }

    @Generated
    public String getClientId() {
        return this.clientId;
    }

    @Generated
    public String getRedirectUrl() {
        return this.redirectUrl;
    }

    @Generated
    public String getDiscoveryDocumentUrl() {
        return this.discoveryDocumentUrl;
    }

    @Generated
    public boolean isShouldVerifyState() {
        return this.shouldVerifyState;
    }

    @Generated
    public Set<String> getScopes() {
        return this.scopes;
    }

    @Generated
    public UnaryOperator<GetRequest> getBeforeAuthorizationMapper() {
        return this.beforeAuthorizationMapper;
    }

    @Generated
    public Consumer<HttpResponse<AuthenticationChallenge>> getAfterAuthorizationCallback() {
        return this.afterAuthorizationCallback;
    }

    @Generated
    public UnaryOperator<MultipartBody> getBeforeAuthenticationMapper() {
        return this.beforeAuthenticationMapper;
    }

    @Generated
    public Consumer<HttpResponse<String>> getAfterAuthenticationCallback() {
        return this.afterAuthenticationCallback;
    }

    @Generated
    public UnaryOperator<MultipartBody> getBeforeTokenMapper() {
        return this.beforeTokenMapper;
    }

    @Generated
    public Consumer<HttpResponse<JsonNode>> getAfterTokenCallback() {
        return this.afterTokenCallback;
    }

    @Generated
    public AuthenticatorClient getAuthenticatorClient() {
        return this.authenticatorClient;
    }

    @Generated
    public CodeChallengeMethod getCodeChallengeMethod() {
        return this.codeChallengeMethod;
    }

    @Generated
    public UnaryOperator<AuthorizationResponse> getAuthorizationResponseMapper() {
        return this.authorizationResponseMapper;
    }

    @Generated
    public UnaryOperator<AuthenticationResponse> getAuthenticationResponseMapper() {
        return this.authenticationResponseMapper;
    }

    @Generated
    public String getFixedIdpHost() {
        return this.fixedIdpHost;
    }

    @Generated
    public DiscoveryDocumentResponse getDiscoveryDocumentResponse() {
        return this.discoveryDocumentResponse;
    }

    @Generated
    public void setScopes(Set<String> set) {
        this.scopes = set;
    }

    @Generated
    public void setBeforeAuthorizationMapper(UnaryOperator<GetRequest> unaryOperator) {
        this.beforeAuthorizationMapper = unaryOperator;
    }

    @Generated
    public void setAfterAuthorizationCallback(Consumer<HttpResponse<AuthenticationChallenge>> consumer) {
        this.afterAuthorizationCallback = consumer;
    }

    @Generated
    public void setBeforeAuthenticationMapper(UnaryOperator<MultipartBody> unaryOperator) {
        this.beforeAuthenticationMapper = unaryOperator;
    }

    @Generated
    public void setAfterAuthenticationCallback(Consumer<HttpResponse<String>> consumer) {
        this.afterAuthenticationCallback = consumer;
    }

    @Generated
    public void setBeforeTokenMapper(UnaryOperator<MultipartBody> unaryOperator) {
        this.beforeTokenMapper = unaryOperator;
    }

    @Generated
    public void setAfterTokenCallback(Consumer<HttpResponse<JsonNode>> consumer) {
        this.afterTokenCallback = consumer;
    }

    @Generated
    public void setAuthenticatorClient(AuthenticatorClient authenticatorClient) {
        this.authenticatorClient = authenticatorClient;
    }

    @Generated
    public void setCodeChallengeMethod(CodeChallengeMethod codeChallengeMethod) {
        this.codeChallengeMethod = codeChallengeMethod;
    }

    @Generated
    public void setAuthorizationResponseMapper(UnaryOperator<AuthorizationResponse> unaryOperator) {
        this.authorizationResponseMapper = unaryOperator;
    }

    @Generated
    public void setAuthenticationResponseMapper(UnaryOperator<AuthenticationResponse> unaryOperator) {
        this.authenticationResponseMapper = unaryOperator;
    }

    @Generated
    public void setFixedIdpHost(String str) {
        this.fixedIdpHost = str;
    }

    @Generated
    public void setDiscoveryDocumentResponse(DiscoveryDocumentResponse discoveryDocumentResponse) {
        this.discoveryDocumentResponse = discoveryDocumentResponse;
    }

    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof IdpClient)) {
            return false;
        }
        IdpClient idpClient = (IdpClient) obj;
        if (!idpClient.canEqual(this) || isShouldVerifyState() != idpClient.isShouldVerifyState()) {
            return false;
        }
        String clientId = getClientId();
        String clientId2 = idpClient.getClientId();
        if (clientId == null) {
            if (clientId2 != null) {
                return false;
            }
        } else if (!clientId.equals(clientId2)) {
            return false;
        }
        String redirectUrl = getRedirectUrl();
        String redirectUrl2 = idpClient.getRedirectUrl();
        if (redirectUrl == null) {
            if (redirectUrl2 != null) {
                return false;
            }
        } else if (!redirectUrl.equals(redirectUrl2)) {
            return false;
        }
        String discoveryDocumentUrl = getDiscoveryDocumentUrl();
        String discoveryDocumentUrl2 = idpClient.getDiscoveryDocumentUrl();
        if (discoveryDocumentUrl == null) {
            if (discoveryDocumentUrl2 != null) {
                return false;
            }
        } else if (!discoveryDocumentUrl.equals(discoveryDocumentUrl2)) {
            return false;
        }
        Set<String> scopes = getScopes();
        Set<String> scopes2 = idpClient.getScopes();
        if (scopes == null) {
            if (scopes2 != null) {
                return false;
            }
        } else if (!scopes.equals(scopes2)) {
            return false;
        }
        UnaryOperator<GetRequest> beforeAuthorizationMapper = getBeforeAuthorizationMapper();
        UnaryOperator<GetRequest> beforeAuthorizationMapper2 = idpClient.getBeforeAuthorizationMapper();
        if (beforeAuthorizationMapper == null) {
            if (beforeAuthorizationMapper2 != null) {
                return false;
            }
        } else if (!beforeAuthorizationMapper.equals(beforeAuthorizationMapper2)) {
            return false;
        }
        Consumer<HttpResponse<AuthenticationChallenge>> afterAuthorizationCallback = getAfterAuthorizationCallback();
        Consumer<HttpResponse<AuthenticationChallenge>> afterAuthorizationCallback2 = idpClient.getAfterAuthorizationCallback();
        if (afterAuthorizationCallback == null) {
            if (afterAuthorizationCallback2 != null) {
                return false;
            }
        } else if (!afterAuthorizationCallback.equals(afterAuthorizationCallback2)) {
            return false;
        }
        UnaryOperator<MultipartBody> beforeAuthenticationMapper = getBeforeAuthenticationMapper();
        UnaryOperator<MultipartBody> beforeAuthenticationMapper2 = idpClient.getBeforeAuthenticationMapper();
        if (beforeAuthenticationMapper == null) {
            if (beforeAuthenticationMapper2 != null) {
                return false;
            }
        } else if (!beforeAuthenticationMapper.equals(beforeAuthenticationMapper2)) {
            return false;
        }
        Consumer<HttpResponse<String>> afterAuthenticationCallback = getAfterAuthenticationCallback();
        Consumer<HttpResponse<String>> afterAuthenticationCallback2 = idpClient.getAfterAuthenticationCallback();
        if (afterAuthenticationCallback == null) {
            if (afterAuthenticationCallback2 != null) {
                return false;
            }
        } else if (!afterAuthenticationCallback.equals(afterAuthenticationCallback2)) {
            return false;
        }
        UnaryOperator<MultipartBody> beforeTokenMapper = getBeforeTokenMapper();
        UnaryOperator<MultipartBody> beforeTokenMapper2 = idpClient.getBeforeTokenMapper();
        if (beforeTokenMapper == null) {
            if (beforeTokenMapper2 != null) {
                return false;
            }
        } else if (!beforeTokenMapper.equals(beforeTokenMapper2)) {
            return false;
        }
        Consumer<HttpResponse<JsonNode>> afterTokenCallback = getAfterTokenCallback();
        Consumer<HttpResponse<JsonNode>> afterTokenCallback2 = idpClient.getAfterTokenCallback();
        if (afterTokenCallback == null) {
            if (afterTokenCallback2 != null) {
                return false;
            }
        } else if (!afterTokenCallback.equals(afterTokenCallback2)) {
            return false;
        }
        AuthenticatorClient authenticatorClient = getAuthenticatorClient();
        AuthenticatorClient authenticatorClient2 = idpClient.getAuthenticatorClient();
        if (authenticatorClient == null) {
            if (authenticatorClient2 != null) {
                return false;
            }
        } else if (!authenticatorClient.equals(authenticatorClient2)) {
            return false;
        }
        CodeChallengeMethod codeChallengeMethod = getCodeChallengeMethod();
        CodeChallengeMethod codeChallengeMethod2 = idpClient.getCodeChallengeMethod();
        if (codeChallengeMethod == null) {
            if (codeChallengeMethod2 != null) {
                return false;
            }
        } else if (!codeChallengeMethod.equals(codeChallengeMethod2)) {
            return false;
        }
        UnaryOperator<AuthorizationResponse> authorizationResponseMapper = getAuthorizationResponseMapper();
        UnaryOperator<AuthorizationResponse> authorizationResponseMapper2 = idpClient.getAuthorizationResponseMapper();
        if (authorizationResponseMapper == null) {
            if (authorizationResponseMapper2 != null) {
                return false;
            }
        } else if (!authorizationResponseMapper.equals(authorizationResponseMapper2)) {
            return false;
        }
        UnaryOperator<AuthenticationResponse> authenticationResponseMapper = getAuthenticationResponseMapper();
        UnaryOperator<AuthenticationResponse> authenticationResponseMapper2 = idpClient.getAuthenticationResponseMapper();
        if (authenticationResponseMapper == null) {
            if (authenticationResponseMapper2 != null) {
                return false;
            }
        } else if (!authenticationResponseMapper.equals(authenticationResponseMapper2)) {
            return false;
        }
        String fixedIdpHost = getFixedIdpHost();
        String fixedIdpHost2 = idpClient.getFixedIdpHost();
        if (fixedIdpHost == null) {
            if (fixedIdpHost2 != null) {
                return false;
            }
        } else if (!fixedIdpHost.equals(fixedIdpHost2)) {
            return false;
        }
        DiscoveryDocumentResponse discoveryDocumentResponse = getDiscoveryDocumentResponse();
        DiscoveryDocumentResponse discoveryDocumentResponse2 = idpClient.getDiscoveryDocumentResponse();
        return discoveryDocumentResponse == null ? discoveryDocumentResponse2 == null : discoveryDocumentResponse.equals(discoveryDocumentResponse2);
    }

    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof IdpClient;
    }

    @Generated
    public int hashCode() {
        int i = (1 * 59) + (isShouldVerifyState() ? 79 : 97);
        String clientId = getClientId();
        int hashCode = (i * 59) + (clientId == null ? 43 : clientId.hashCode());
        String redirectUrl = getRedirectUrl();
        int hashCode2 = (hashCode * 59) + (redirectUrl == null ? 43 : redirectUrl.hashCode());
        String discoveryDocumentUrl = getDiscoveryDocumentUrl();
        int hashCode3 = (hashCode2 * 59) + (discoveryDocumentUrl == null ? 43 : discoveryDocumentUrl.hashCode());
        Set<String> scopes = getScopes();
        int hashCode4 = (hashCode3 * 59) + (scopes == null ? 43 : scopes.hashCode());
        UnaryOperator<GetRequest> beforeAuthorizationMapper = getBeforeAuthorizationMapper();
        int hashCode5 = (hashCode4 * 59) + (beforeAuthorizationMapper == null ? 43 : beforeAuthorizationMapper.hashCode());
        Consumer<HttpResponse<AuthenticationChallenge>> afterAuthorizationCallback = getAfterAuthorizationCallback();
        int hashCode6 = (hashCode5 * 59) + (afterAuthorizationCallback == null ? 43 : afterAuthorizationCallback.hashCode());
        UnaryOperator<MultipartBody> beforeAuthenticationMapper = getBeforeAuthenticationMapper();
        int hashCode7 = (hashCode6 * 59) + (beforeAuthenticationMapper == null ? 43 : beforeAuthenticationMapper.hashCode());
        Consumer<HttpResponse<String>> afterAuthenticationCallback = getAfterAuthenticationCallback();
        int hashCode8 = (hashCode7 * 59) + (afterAuthenticationCallback == null ? 43 : afterAuthenticationCallback.hashCode());
        UnaryOperator<MultipartBody> beforeTokenMapper = getBeforeTokenMapper();
        int hashCode9 = (hashCode8 * 59) + (beforeTokenMapper == null ? 43 : beforeTokenMapper.hashCode());
        Consumer<HttpResponse<JsonNode>> afterTokenCallback = getAfterTokenCallback();
        int hashCode10 = (hashCode9 * 59) + (afterTokenCallback == null ? 43 : afterTokenCallback.hashCode());
        AuthenticatorClient authenticatorClient = getAuthenticatorClient();
        int hashCode11 = (hashCode10 * 59) + (authenticatorClient == null ? 43 : authenticatorClient.hashCode());
        CodeChallengeMethod codeChallengeMethod = getCodeChallengeMethod();
        int hashCode12 = (hashCode11 * 59) + (codeChallengeMethod == null ? 43 : codeChallengeMethod.hashCode());
        UnaryOperator<AuthorizationResponse> authorizationResponseMapper = getAuthorizationResponseMapper();
        int hashCode13 = (hashCode12 * 59) + (authorizationResponseMapper == null ? 43 : authorizationResponseMapper.hashCode());
        UnaryOperator<AuthenticationResponse> authenticationResponseMapper = getAuthenticationResponseMapper();
        int hashCode14 = (hashCode13 * 59) + (authenticationResponseMapper == null ? 43 : authenticationResponseMapper.hashCode());
        String fixedIdpHost = getFixedIdpHost();
        int hashCode15 = (hashCode14 * 59) + (fixedIdpHost == null ? 43 : fixedIdpHost.hashCode());
        DiscoveryDocumentResponse discoveryDocumentResponse = getDiscoveryDocumentResponse();
        return (hashCode15 * 59) + (discoveryDocumentResponse == null ? 43 : discoveryDocumentResponse.hashCode());
    }

    @Generated
    public String toString() {
        return "IdpClient(clientId=" + getClientId() + ", redirectUrl=" + getRedirectUrl() + ", discoveryDocumentUrl=" + getDiscoveryDocumentUrl() + ", shouldVerifyState=" + isShouldVerifyState() + ", scopes=" + getScopes() + ", beforeAuthorizationMapper=" + getBeforeAuthorizationMapper() + ", afterAuthorizationCallback=" + getAfterAuthorizationCallback() + ", beforeAuthenticationMapper=" + getBeforeAuthenticationMapper() + ", afterAuthenticationCallback=" + getAfterAuthenticationCallback() + ", beforeTokenMapper=" + getBeforeTokenMapper() + ", afterTokenCallback=" + getAfterTokenCallback() + ", authenticatorClient=" + getAuthenticatorClient() + ", codeChallengeMethod=" + getCodeChallengeMethod() + ", authorizationResponseMapper=" + getAuthorizationResponseMapper() + ", authenticationResponseMapper=" + getAuthenticationResponseMapper() + ", fixedIdpHost=" + getFixedIdpHost() + ", discoveryDocumentResponse=" + getDiscoveryDocumentResponse() + ")";
    }

    @Generated
    public IdpClient(String str, String str2, String str3, boolean z, Set<String> set, UnaryOperator<GetRequest> unaryOperator, Consumer<HttpResponse<AuthenticationChallenge>> consumer, UnaryOperator<MultipartBody> unaryOperator2, Consumer<HttpResponse<String>> consumer2, UnaryOperator<MultipartBody> unaryOperator3, Consumer<HttpResponse<JsonNode>> consumer3, AuthenticatorClient authenticatorClient, CodeChallengeMethod codeChallengeMethod, UnaryOperator<AuthorizationResponse> unaryOperator4, UnaryOperator<AuthenticationResponse> unaryOperator5, String str4, DiscoveryDocumentResponse discoveryDocumentResponse) {
        this.clientId = str;
        this.redirectUrl = str2;
        this.discoveryDocumentUrl = str3;
        this.shouldVerifyState = z;
        this.scopes = set;
        this.beforeAuthorizationMapper = unaryOperator;
        this.afterAuthorizationCallback = consumer;
        this.beforeAuthenticationMapper = unaryOperator2;
        this.afterAuthenticationCallback = consumer2;
        this.beforeTokenMapper = unaryOperator3;
        this.afterTokenCallback = consumer3;
        this.authenticatorClient = authenticatorClient;
        this.codeChallengeMethod = codeChallengeMethod;
        this.authorizationResponseMapper = unaryOperator4;
        this.authenticationResponseMapper = unaryOperator5;
        this.fixedIdpHost = str4;
        this.discoveryDocumentResponse = discoveryDocumentResponse;
    }

    static {
        Security.removeProvider("BC");
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
        BrainpoolCurves.init();
    }
}
