package de.gematik.idp.token;

import de.gematik.idp.IdpConstants;
import de.gematik.idp.authentication.IdpJwtProcessor;
import de.gematik.idp.authentication.JwtBuilder;
import de.gematik.idp.brainPoolExtension.BrainpoolAlgorithmSuiteIdentifiers;
import de.gematik.idp.crypto.X509ClaimExtraction;
import de.gematik.idp.data.IdpKeyDescriptor;
import de.gematik.idp.field.ClaimName;
import java.security.Key;
import java.security.cert.X509Certificate;
import java.time.ZonedDateTime;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import lombok.Generated;

/* loaded from: input_file:de/gematik/idp/token/SsoTokenBuilder.class */
public class SsoTokenBuilder {
    private final IdpJwtProcessor jwtProcessor;
    private final String issuerUrl;
    private final Key tokenEncryptionKey;

    public IdpJwe buildSsoToken(X509Certificate x509Certificate, ZonedDateTime zonedDateTime, List<String> list) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap2.put(ClaimName.ALGORITHM.getJoseName(), BrainpoolAlgorithmSuiteIdentifiers.BRAINPOOL256_USING_SHA256);
        hashMap.put(ClaimName.CONFIRMATION.getJoseName(), IdpKeyDescriptor.constructFromX509Certificate(x509Certificate));
        hashMap2.put(ClaimName.TYPE.getJoseName(), "JWT");
        hashMap.put(ClaimName.ISSUER.getJoseName(), this.issuerUrl);
        hashMap.put(ClaimName.ISSUED_AT.getJoseName(), Long.valueOf(zonedDateTime.toEpochSecond()));
        hashMap.put(ClaimName.AUTH_TIME.getJoseName(), Long.valueOf(zonedDateTime.toEpochSecond()));
        hashMap.put(ClaimName.AUTHENTICATION_METHODS_REFERENCE.getJoseName(), list);
        hashMap.putAll(X509ClaimExtraction.extractClaimsFromCertificate(x509Certificate));
        return this.jwtProcessor.buildJwt(new JwtBuilder().addAllHeaderClaims(hashMap2).addAllBodyClaims(hashMap).expiresAt(zonedDateTime.plusHours(12L))).encrypt(this.tokenEncryptionKey);
    }

    public IdpJwe buildSsoTokenFromSektoralIdToken(JsonWebToken jsonWebToken, ZonedDateTime zonedDateTime) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        Map<String, Object> extractClaimsFromJwtBody = TokenClaimExtraction.extractClaimsFromJwtBody(jsonWebToken.getRawString());
        hashMap2.put(ClaimName.ALGORITHM.getJoseName(), BrainpoolAlgorithmSuiteIdentifiers.BRAINPOOL256_USING_SHA256);
        hashMap2.put(ClaimName.TYPE.getJoseName(), "JWT");
        hashMap.put(ClaimName.ISSUER.getJoseName(), this.issuerUrl);
        hashMap.put(ClaimName.ISSUED_AT.getJoseName(), Long.valueOf(zonedDateTime.toEpochSecond()));
        hashMap.put(ClaimName.AUTH_TIME.getJoseName(), Long.valueOf(zonedDateTime.toEpochSecond()));
        hashMap.put(ClaimName.AUTHENTICATION_METHODS_REFERENCE.getJoseName(), List.of(IdpConstants.AMR_FAST_TRACK));
        hashMap.put(ClaimName.GIVEN_NAME.getJoseName(), extractClaimsFromJwtBody.get(ClaimName.GIVEN_NAME.getJoseName()));
        hashMap.put(ClaimName.FAMILY_NAME.getJoseName(), extractClaimsFromJwtBody.get(ClaimName.FAMILY_NAME.getJoseName()));
        hashMap.put(ClaimName.ID_NUMBER.getJoseName(), extractClaimsFromJwtBody.get(ClaimName.ID_NUMBER.getJoseName()));
        hashMap.put(ClaimName.PROFESSION_OID.getJoseName(), extractClaimsFromJwtBody.get(ClaimName.PROFESSION_OID.getJoseName()));
        hashMap.put(ClaimName.ORGANIZATION_NAME.getJoseName(), extractClaimsFromJwtBody.get(ClaimName.ORGANIZATION_NAME.getJoseName()));
        return this.jwtProcessor.buildJwt(new JwtBuilder().addAllHeaderClaims(hashMap2).addAllBodyClaims(hashMap).expiresAt(zonedDateTime.plusHours(12L))).encrypt(this.tokenEncryptionKey);
    }

    @Generated
    public SsoTokenBuilder(IdpJwtProcessor idpJwtProcessor, String str, Key key) {
        this.jwtProcessor = idpJwtProcessor;
        this.issuerUrl = str;
        this.tokenEncryptionKey = key;
    }

    @Generated
    public IdpJwtProcessor getJwtProcessor() {
        return this.jwtProcessor;
    }

    @Generated
    public String getIssuerUrl() {
        return this.issuerUrl;
    }

    @Generated
    public Key getTokenEncryptionKey() {
        return this.tokenEncryptionKey;
    }

    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof SsoTokenBuilder)) {
            return false;
        }
        SsoTokenBuilder ssoTokenBuilder = (SsoTokenBuilder) obj;
        if (!ssoTokenBuilder.canEqual(this)) {
            return false;
        }
        IdpJwtProcessor jwtProcessor = getJwtProcessor();
        IdpJwtProcessor jwtProcessor2 = ssoTokenBuilder.getJwtProcessor();
        if (jwtProcessor == null) {
            if (jwtProcessor2 != null) {
                return false;
            }
        } else if (!jwtProcessor.equals(jwtProcessor2)) {
            return false;
        }
        String issuerUrl = getIssuerUrl();
        String issuerUrl2 = ssoTokenBuilder.getIssuerUrl();
        if (issuerUrl == null) {
            if (issuerUrl2 != null) {
                return false;
            }
        } else if (!issuerUrl.equals(issuerUrl2)) {
            return false;
        }
        Key tokenEncryptionKey = getTokenEncryptionKey();
        Key tokenEncryptionKey2 = ssoTokenBuilder.getTokenEncryptionKey();
        return tokenEncryptionKey == null ? tokenEncryptionKey2 == null : tokenEncryptionKey.equals(tokenEncryptionKey2);
    }

    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof SsoTokenBuilder;
    }

    @Generated
    public int hashCode() {
        IdpJwtProcessor jwtProcessor = getJwtProcessor();
        int hashCode = (1 * 59) + (jwtProcessor == null ? 43 : jwtProcessor.hashCode());
        String issuerUrl = getIssuerUrl();
        int hashCode2 = (hashCode * 59) + (issuerUrl == null ? 43 : issuerUrl.hashCode());
        Key tokenEncryptionKey = getTokenEncryptionKey();
        return (hashCode2 * 59) + (tokenEncryptionKey == null ? 43 : tokenEncryptionKey.hashCode());
    }

    @Generated
    public String toString() {
        return "SsoTokenBuilder(jwtProcessor=" + getJwtProcessor() + ", issuerUrl=" + getIssuerUrl() + ", tokenEncryptionKey=" + getTokenEncryptionKey() + ")";
    }
}
