package de.gematik.idp.client;

import de.gematik.idp.authentication.AuthenticationChallengeBuilder;
import de.gematik.idp.authentication.AuthenticationResponseBuilder;
import de.gematik.idp.authentication.AuthenticationTokenBuilder;
import de.gematik.idp.authentication.IdpJwtProcessor;
import de.gematik.idp.authentication.JwtBuilder;
import de.gematik.idp.brainPoolExtension.BrainpoolCurves;
import de.gematik.idp.crypto.model.PkiIdentity;
import de.gematik.idp.data.ScopeConfiguration;
import de.gematik.idp.data.UserConsentConfiguration;
import de.gematik.idp.data.UserConsentDescriptionTexts;
import de.gematik.idp.field.ClaimName;
import de.gematik.idp.token.AccessTokenBuilder;
import de.gematik.idp.token.JsonWebToken;
import java.security.Security;
import java.time.LocalDateTime;
import java.time.ZonedDateTime;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.crypto.spec.SecretKeySpec;
import lombok.Generated;
import org.apache.commons.codec.digest.DigestUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:de/gematik/idp/client/MockIdpClient.class */
public class MockIdpClient implements IIdpClient {
    private static final String SERVER_SUB_SALT = "someArbitrarySubSaltValue";
    private final PkiIdentity serverIdentity;
    private final String clientId;
    private final boolean produceTokensWithInvalidSignature;
    private final boolean produceOnlyExpiredTokens;
    private final String uriIdpServer;
    private final HashMap<String, String> scopeToAudienceUrls = new HashMap<>();
    private AccessTokenBuilder accessTokenBuilder;
    private AuthenticationResponseBuilder authenticationResponseBuilder;
    private AuthenticationTokenBuilder authenticationTokenBuilder;
    private AuthenticationChallengeBuilder authenticationChallengeBuilder;
    private IdpJwtProcessor jwtProcessor;
    private SecretKeySpec encryptionKey;

    @Generated
    /* loaded from: input_file:de/gematik/idp/client/MockIdpClient$MockIdpClientBuilder.class */
    public static class MockIdpClientBuilder {

        @Generated
        private PkiIdentity serverIdentity;

        @Generated
        private String clientId;

        @Generated
        private boolean produceTokensWithInvalidSignature;

        @Generated
        private boolean produceOnlyExpiredTokens;

        @Generated
        private boolean uriIdpServer$set;

        @Generated
        private String uriIdpServer$value;

        @Generated
        private AccessTokenBuilder accessTokenBuilder;

        @Generated
        private AuthenticationResponseBuilder authenticationResponseBuilder;

        @Generated
        private AuthenticationTokenBuilder authenticationTokenBuilder;

        @Generated
        private AuthenticationChallengeBuilder authenticationChallengeBuilder;

        @Generated
        private IdpJwtProcessor jwtProcessor;

        @Generated
        private SecretKeySpec encryptionKey;

        @Generated
        MockIdpClientBuilder() {
        }

        @Generated
        public MockIdpClientBuilder serverIdentity(PkiIdentity pkiIdentity) {
            this.serverIdentity = pkiIdentity;
            return this;
        }

        @Generated
        public MockIdpClientBuilder clientId(String str) {
            this.clientId = str;
            return this;
        }

        @Generated
        public MockIdpClientBuilder produceTokensWithInvalidSignature(boolean z) {
            this.produceTokensWithInvalidSignature = z;
            return this;
        }

        @Generated
        public MockIdpClientBuilder produceOnlyExpiredTokens(boolean z) {
            this.produceOnlyExpiredTokens = z;
            return this;
        }

        @Generated
        public MockIdpClientBuilder uriIdpServer(String str) {
            this.uriIdpServer$value = str;
            this.uriIdpServer$set = true;
            return this;
        }

        @Generated
        public MockIdpClientBuilder accessTokenBuilder(AccessTokenBuilder accessTokenBuilder) {
            this.accessTokenBuilder = accessTokenBuilder;
            return this;
        }

        @Generated
        public MockIdpClientBuilder authenticationResponseBuilder(AuthenticationResponseBuilder authenticationResponseBuilder) {
            this.authenticationResponseBuilder = authenticationResponseBuilder;
            return this;
        }

        @Generated
        public MockIdpClientBuilder authenticationTokenBuilder(AuthenticationTokenBuilder authenticationTokenBuilder) {
            this.authenticationTokenBuilder = authenticationTokenBuilder;
            return this;
        }

        @Generated
        public MockIdpClientBuilder authenticationChallengeBuilder(AuthenticationChallengeBuilder authenticationChallengeBuilder) {
            this.authenticationChallengeBuilder = authenticationChallengeBuilder;
            return this;
        }

        @Generated
        public MockIdpClientBuilder jwtProcessor(IdpJwtProcessor idpJwtProcessor) {
            this.jwtProcessor = idpJwtProcessor;
            return this;
        }

        @Generated
        public MockIdpClientBuilder encryptionKey(SecretKeySpec secretKeySpec) {
            this.encryptionKey = secretKeySpec;
            return this;
        }

        @Generated
        public MockIdpClient build() {
            String str = this.uriIdpServer$value;
            if (!this.uriIdpServer$set) {
                str = MockIdpClient.$default$uriIdpServer();
            }
            return new MockIdpClient(this.serverIdentity, this.clientId, this.produceTokensWithInvalidSignature, this.produceOnlyExpiredTokens, str, this.accessTokenBuilder, this.authenticationResponseBuilder, this.authenticationTokenBuilder, this.authenticationChallengeBuilder, this.jwtProcessor, this.encryptionKey);
        }

        @Generated
        public String toString() {
            return "MockIdpClient.MockIdpClientBuilder(serverIdentity=" + this.serverIdentity + ", clientId=" + this.clientId + ", produceTokensWithInvalidSignature=" + this.produceTokensWithInvalidSignature + ", produceOnlyExpiredTokens=" + this.produceOnlyExpiredTokens + ", uriIdpServer$value=" + this.uriIdpServer$value + ", accessTokenBuilder=" + this.accessTokenBuilder + ", authenticationResponseBuilder=" + this.authenticationResponseBuilder + ", authenticationTokenBuilder=" + this.authenticationTokenBuilder + ", authenticationChallengeBuilder=" + this.authenticationChallengeBuilder + ", jwtProcessor=" + this.jwtProcessor + ", encryptionKey=" + this.encryptionKey + ")";
        }
    }

    @Override // de.gematik.idp.client.IIdpClient
    public IdpTokenResult login(PkiIdentity pkiIdentity) {
        assertThatMockIdClientIsInitialized();
        return IdpTokenResult.builder().accessToken(buildAccessToken(pkiIdentity)).validUntil(LocalDateTime.now().plusMinutes(5L)).build();
    }

    private JsonWebToken buildAccessToken(PkiIdentity pkiIdentity) {
        JsonWebToken buildAccessToken = this.accessTokenBuilder.buildAccessToken(this.authenticationTokenBuilder.buildAuthenticationToken(pkiIdentity.getCertificate(), (Map) this.authenticationResponseBuilder.buildResponseForChallenge(this.authenticationChallengeBuilder.buildAuthenticationChallenge(this.clientId, "placeholderValue", "foo", "foo", "openid e-rezept", "nonceValue"), pkiIdentity).getSignedChallenge().getBodyClaim(ClaimName.NESTED_JWT).map(Objects::toString).map(JsonWebToken::new).map((v0) -> {
            return v0.getBodyClaims();
        }).orElseThrow(), ZonedDateTime.now()).decryptNestedJwt(this.encryptionKey));
        if (this.produceOnlyExpiredTokens) {
            buildAccessToken = resignToken(buildAccessToken.getHeaderClaims(), buildAccessToken.getBodyClaims(), ZonedDateTime.now().minusMinutes(10L));
        }
        if (this.produceTokensWithInvalidSignature) {
            List asList = Arrays.asList(buildAccessToken.getRawString().split("\\."));
            asList.set(2, ((String) asList.get(2)) + "mvK");
            buildAccessToken = new JsonWebToken((String) asList.stream().collect(Collectors.joining(".")));
        }
        return buildAccessToken;
    }

    public JsonWebToken resignToken(Map<String, Object> map, Map<String, Object> map2, ZonedDateTime zonedDateTime) {
        Objects.requireNonNull(this.jwtProcessor, "jwtProcessor is null. Did you call initialize()?");
        return this.jwtProcessor.buildJwt(new JwtBuilder().addAllBodyClaims(map2).addAllHeaderClaims(map).expiresAt(zonedDateTime));
    }

    @Override // de.gematik.idp.client.IIdpClient
    public MockIdpClient initialize() {
        this.scopeToAudienceUrls.put("e-rezept", "https://erp-test.zentral.erp.splitdns.ti-dienste.de/");
        this.scopeToAudienceUrls.put("pairing", "https://idp-pairing-test.zentral.idp.splitdns.ti-dienste.de");
        ScopeConfiguration build = ScopeConfiguration.builder().description("Zugriff auf den ID-Token.").build();
        ScopeConfiguration build2 = ScopeConfiguration.builder().audienceUrl("https://idp-pairing-test.zentral.idp.splitdns.ti-dienste.de").description("Zugriff auf die Daten für die biometrischer Authentisierung.").claimsToBeIncluded(List.of(ClaimName.ID_NUMBER)).build();
        ScopeConfiguration build3 = ScopeConfiguration.builder().audienceUrl("https://erp-test.zentral.erp.splitdns.ti-dienste.de/").description("Zugriff auf die E-Rezept-Funktionalität.").claimsToBeIncluded(List.of(ClaimName.GIVEN_NAME, ClaimName.FAMILY_NAME, ClaimName.ORGANIZATION_NAME, ClaimName.PROFESSION_OID, ClaimName.ID_NUMBER)).build();
        Optional of = Optional.of("puk_idp_sig");
        this.jwtProcessor = new IdpJwtProcessor(this.serverIdentity, of);
        this.accessTokenBuilder = new AccessTokenBuilder(this.jwtProcessor, this.uriIdpServer, SERVER_SUB_SALT, this.scopeToAudienceUrls);
        this.authenticationChallengeBuilder = AuthenticationChallengeBuilder.builder().serverSigner(new IdpJwtProcessor(this.serverIdentity, of)).uriIdpServer(this.uriIdpServer).userConsentConfiguration(UserConsentConfiguration.builder().descriptionTexts(UserConsentDescriptionTexts.builder().claims(Collections.emptyMap()).build()).build()).scopesConfiguration(Map.of("openid", build, "erezept", build3, "pairing", build2)).build();
        this.authenticationResponseBuilder = new AuthenticationResponseBuilder();
        this.encryptionKey = new SecretKeySpec(DigestUtils.sha256("fdsa"), "AES");
        this.authenticationTokenBuilder = AuthenticationTokenBuilder.builder().jwtProcessor(this.jwtProcessor).encryptionKey(this.encryptionKey).build();
        return this;
    }

    private void assertThatMockIdClientIsInitialized() {
        Objects.requireNonNull(this.accessTokenBuilder, "accessTokenBuilder is null. Did you call initialize()?");
        Objects.requireNonNull(this.authenticationTokenBuilder, "authenticationTokenBuilder is null. Did you call initialize()?");
        Objects.requireNonNull(this.clientId, "clientId is null. You have to set it!");
    }

    @Generated
    private static String $default$uriIdpServer() {
        return "https://idp.dev.gematik.solutions";
    }

    @Generated
    public static MockIdpClientBuilder builder() {
        return new MockIdpClientBuilder();
    }

    @Generated
    public MockIdpClientBuilder toBuilder() {
        return new MockIdpClientBuilder().serverIdentity(this.serverIdentity).clientId(this.clientId).produceTokensWithInvalidSignature(this.produceTokensWithInvalidSignature).produceOnlyExpiredTokens(this.produceOnlyExpiredTokens).uriIdpServer(this.uriIdpServer).accessTokenBuilder(this.accessTokenBuilder).authenticationResponseBuilder(this.authenticationResponseBuilder).authenticationTokenBuilder(this.authenticationTokenBuilder).authenticationChallengeBuilder(this.authenticationChallengeBuilder).jwtProcessor(this.jwtProcessor).encryptionKey(this.encryptionKey);
    }

    @Generated
    public PkiIdentity getServerIdentity() {
        return this.serverIdentity;
    }

    @Generated
    public String getClientId() {
        return this.clientId;
    }

    @Generated
    public boolean isProduceTokensWithInvalidSignature() {
        return this.produceTokensWithInvalidSignature;
    }

    @Generated
    public boolean isProduceOnlyExpiredTokens() {
        return this.produceOnlyExpiredTokens;
    }

    @Generated
    public String getUriIdpServer() {
        return this.uriIdpServer;
    }

    @Generated
    public HashMap<String, String> getScopeToAudienceUrls() {
        return this.scopeToAudienceUrls;
    }

    @Generated
    public AccessTokenBuilder getAccessTokenBuilder() {
        return this.accessTokenBuilder;
    }

    @Generated
    public AuthenticationResponseBuilder getAuthenticationResponseBuilder() {
        return this.authenticationResponseBuilder;
    }

    @Generated
    public AuthenticationTokenBuilder getAuthenticationTokenBuilder() {
        return this.authenticationTokenBuilder;
    }

    @Generated
    public AuthenticationChallengeBuilder getAuthenticationChallengeBuilder() {
        return this.authenticationChallengeBuilder;
    }

    @Generated
    public IdpJwtProcessor getJwtProcessor() {
        return this.jwtProcessor;
    }

    @Generated
    public SecretKeySpec getEncryptionKey() {
        return this.encryptionKey;
    }

    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof MockIdpClient)) {
            return false;
        }
        MockIdpClient mockIdpClient = (MockIdpClient) obj;
        if (!mockIdpClient.canEqual(this) || isProduceTokensWithInvalidSignature() != mockIdpClient.isProduceTokensWithInvalidSignature() || isProduceOnlyExpiredTokens() != mockIdpClient.isProduceOnlyExpiredTokens()) {
            return false;
        }
        PkiIdentity serverIdentity = getServerIdentity();
        PkiIdentity serverIdentity2 = mockIdpClient.getServerIdentity();
        if (serverIdentity == null) {
            if (serverIdentity2 != null) {
                return false;
            }
        } else if (!serverIdentity.equals(serverIdentity2)) {
            return false;
        }
        String clientId = getClientId();
        String clientId2 = mockIdpClient.getClientId();
        if (clientId == null) {
            if (clientId2 != null) {
                return false;
            }
        } else if (!clientId.equals(clientId2)) {
            return false;
        }
        String uriIdpServer = getUriIdpServer();
        String uriIdpServer2 = mockIdpClient.getUriIdpServer();
        if (uriIdpServer == null) {
            if (uriIdpServer2 != null) {
                return false;
            }
        } else if (!uriIdpServer.equals(uriIdpServer2)) {
            return false;
        }
        HashMap<String, String> scopeToAudienceUrls = getScopeToAudienceUrls();
        HashMap<String, String> scopeToAudienceUrls2 = mockIdpClient.getScopeToAudienceUrls();
        if (scopeToAudienceUrls == null) {
            if (scopeToAudienceUrls2 != null) {
                return false;
            }
        } else if (!scopeToAudienceUrls.equals(scopeToAudienceUrls2)) {
            return false;
        }
        AccessTokenBuilder accessTokenBuilder = getAccessTokenBuilder();
        AccessTokenBuilder accessTokenBuilder2 = mockIdpClient.getAccessTokenBuilder();
        if (accessTokenBuilder == null) {
            if (accessTokenBuilder2 != null) {
                return false;
            }
        } else if (!accessTokenBuilder.equals(accessTokenBuilder2)) {
            return false;
        }
        AuthenticationResponseBuilder authenticationResponseBuilder = getAuthenticationResponseBuilder();
        AuthenticationResponseBuilder authenticationResponseBuilder2 = mockIdpClient.getAuthenticationResponseBuilder();
        if (authenticationResponseBuilder == null) {
            if (authenticationResponseBuilder2 != null) {
                return false;
            }
        } else if (!authenticationResponseBuilder.equals(authenticationResponseBuilder2)) {
            return false;
        }
        AuthenticationTokenBuilder authenticationTokenBuilder = getAuthenticationTokenBuilder();
        AuthenticationTokenBuilder authenticationTokenBuilder2 = mockIdpClient.getAuthenticationTokenBuilder();
        if (authenticationTokenBuilder == null) {
            if (authenticationTokenBuilder2 != null) {
                return false;
            }
        } else if (!authenticationTokenBuilder.equals(authenticationTokenBuilder2)) {
            return false;
        }
        AuthenticationChallengeBuilder authenticationChallengeBuilder = getAuthenticationChallengeBuilder();
        AuthenticationChallengeBuilder authenticationChallengeBuilder2 = mockIdpClient.getAuthenticationChallengeBuilder();
        if (authenticationChallengeBuilder == null) {
            if (authenticationChallengeBuilder2 != null) {
                return false;
            }
        } else if (!authenticationChallengeBuilder.equals(authenticationChallengeBuilder2)) {
            return false;
        }
        IdpJwtProcessor jwtProcessor = getJwtProcessor();
        IdpJwtProcessor jwtProcessor2 = mockIdpClient.getJwtProcessor();
        if (jwtProcessor == null) {
            if (jwtProcessor2 != null) {
                return false;
            }
        } else if (!jwtProcessor.equals(jwtProcessor2)) {
            return false;
        }
        SecretKeySpec encryptionKey = getEncryptionKey();
        SecretKeySpec encryptionKey2 = mockIdpClient.getEncryptionKey();
        return encryptionKey == null ? encryptionKey2 == null : encryptionKey.equals(encryptionKey2);
    }

    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof MockIdpClient;
    }

    @Generated
    public int hashCode() {
        int i = (((1 * 59) + (isProduceTokensWithInvalidSignature() ? 79 : 97)) * 59) + (isProduceOnlyExpiredTokens() ? 79 : 97);
        PkiIdentity serverIdentity = getServerIdentity();
        int hashCode = (i * 59) + (serverIdentity == null ? 43 : serverIdentity.hashCode());
        String clientId = getClientId();
        int hashCode2 = (hashCode * 59) + (clientId == null ? 43 : clientId.hashCode());
        String uriIdpServer = getUriIdpServer();
        int hashCode3 = (hashCode2 * 59) + (uriIdpServer == null ? 43 : uriIdpServer.hashCode());
        HashMap<String, String> scopeToAudienceUrls = getScopeToAudienceUrls();
        int hashCode4 = (hashCode3 * 59) + (scopeToAudienceUrls == null ? 43 : scopeToAudienceUrls.hashCode());
        AccessTokenBuilder accessTokenBuilder = getAccessTokenBuilder();
        int hashCode5 = (hashCode4 * 59) + (accessTokenBuilder == null ? 43 : accessTokenBuilder.hashCode());
        AuthenticationResponseBuilder authenticationResponseBuilder = getAuthenticationResponseBuilder();
        int hashCode6 = (hashCode5 * 59) + (authenticationResponseBuilder == null ? 43 : authenticationResponseBuilder.hashCode());
        AuthenticationTokenBuilder authenticationTokenBuilder = getAuthenticationTokenBuilder();
        int hashCode7 = (hashCode6 * 59) + (authenticationTokenBuilder == null ? 43 : authenticationTokenBuilder.hashCode());
        AuthenticationChallengeBuilder authenticationChallengeBuilder = getAuthenticationChallengeBuilder();
        int hashCode8 = (hashCode7 * 59) + (authenticationChallengeBuilder == null ? 43 : authenticationChallengeBuilder.hashCode());
        IdpJwtProcessor jwtProcessor = getJwtProcessor();
        int hashCode9 = (hashCode8 * 59) + (jwtProcessor == null ? 43 : jwtProcessor.hashCode());
        SecretKeySpec encryptionKey = getEncryptionKey();
        return (hashCode9 * 59) + (encryptionKey == null ? 43 : encryptionKey.hashCode());
    }

    @Generated
    public String toString() {
        return "MockIdpClient(serverIdentity=" + getServerIdentity() + ", clientId=" + getClientId() + ", produceTokensWithInvalidSignature=" + isProduceTokensWithInvalidSignature() + ", produceOnlyExpiredTokens=" + isProduceOnlyExpiredTokens() + ", uriIdpServer=" + getUriIdpServer() + ", scopeToAudienceUrls=" + getScopeToAudienceUrls() + ", accessTokenBuilder=" + getAccessTokenBuilder() + ", authenticationResponseBuilder=" + getAuthenticationResponseBuilder() + ", authenticationTokenBuilder=" + getAuthenticationTokenBuilder() + ", authenticationChallengeBuilder=" + getAuthenticationChallengeBuilder() + ", jwtProcessor=" + getJwtProcessor() + ", encryptionKey=" + getEncryptionKey() + ")";
    }

    @Generated
    public MockIdpClient(PkiIdentity pkiIdentity, String str, boolean z, boolean z2, String str2, AccessTokenBuilder accessTokenBuilder, AuthenticationResponseBuilder authenticationResponseBuilder, AuthenticationTokenBuilder authenticationTokenBuilder, AuthenticationChallengeBuilder authenticationChallengeBuilder, IdpJwtProcessor idpJwtProcessor, SecretKeySpec secretKeySpec) {
        this.serverIdentity = pkiIdentity;
        this.clientId = str;
        this.produceTokensWithInvalidSignature = z;
        this.produceOnlyExpiredTokens = z2;
        this.uriIdpServer = str2;
        this.accessTokenBuilder = accessTokenBuilder;
        this.authenticationResponseBuilder = authenticationResponseBuilder;
        this.authenticationTokenBuilder = authenticationTokenBuilder;
        this.authenticationChallengeBuilder = authenticationChallengeBuilder;
        this.jwtProcessor = idpJwtProcessor;
        this.encryptionKey = secretKeySpec;
    }

    static {
        Security.removeProvider("BC");
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
        BrainpoolCurves.init();
    }
}
