package de.gematik.idp.token;

import de.gematik.idp.IdpConstants;
import de.gematik.idp.authentication.IdpJwtProcessor;
import de.gematik.idp.authentication.JwtBuilder;
import de.gematik.idp.crypto.Nonce;
import de.gematik.idp.exceptions.IdpJoseException;
import de.gematik.idp.field.ClaimName;
import java.time.ZonedDateTime;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.jose4j.jwt.NumericDate;

/* loaded from: input_file:de/gematik/idp/token/IdTokenBuilder.class */
public class IdTokenBuilder {
    private static final List<ClaimName> CLAIMS_TO_TAKE_FROM_AUTHENTICATION_TOKEN = List.of(ClaimName.GIVEN_NAME, ClaimName.FAMILY_NAME, ClaimName.ORGANIZATION_NAME, ClaimName.PROFESSION_OID, ClaimName.ID_NUMBER, ClaimName.AUTH_TIME, ClaimName.NONCE);
    private final IdpJwtProcessor jwtProcessor;
    private final String issuerUrl;
    private final String serverSubjectSalt;

    public JsonWebToken buildIdToken(String str, JsonWebToken jsonWebToken, JsonWebToken jsonWebToken2) {
        HashMap hashMap = new HashMap();
        ZonedDateTime now = ZonedDateTime.now();
        String encodeToString = Base64.getUrlEncoder().withoutPadding().encodeToString(ArrayUtils.subarray(DigestUtils.sha256(jsonWebToken2.getRawString()), 0, 16));
        hashMap.put(ClaimName.ISSUER.getJoseName(), this.issuerUrl);
        hashMap.put(ClaimName.AUDIENCE.getJoseName(), str);
        hashMap.put(ClaimName.ISSUED_AT.getJoseName(), Long.valueOf(now.toEpochSecond()));
        CLAIMS_TO_TAKE_FROM_AUTHENTICATION_TOKEN.stream().map(claimName -> {
            return Pair.of(claimName, jsonWebToken.getBodyClaim(claimName));
        }).filter(pair -> {
            return ((Optional) pair.getValue()).isPresent();
        }).forEach(pair2 -> {
            hashMap.put(((ClaimName) pair2.getKey()).getJoseName(), ((Optional) pair2.getValue()).get());
        });
        hashMap.put(ClaimName.AUTHORIZED_PARTY.getJoseName(), jsonWebToken.getBodyClaim(ClaimName.CLIENT_ID).orElseThrow(() -> {
            return new IdpJoseException("Missing '" + ClaimName.AUTHORIZED_PARTY.getJoseName() + "' claim!");
        }));
        hashMap.put(ClaimName.AUTHENTICATION_METHODS_REFERENCE.getJoseName(), jsonWebToken.getBodyClaim(ClaimName.AUTHENTICATION_METHODS_REFERENCE).or(() -> {
            return jsonWebToken2.getBodyClaim(ClaimName.AUTHENTICATION_METHODS_REFERENCE);
        }).orElseThrow());
        hashMap.put(ClaimName.AUTHENTICATION_CLASS_REFERENCE.getJoseName(), IdpConstants.EIDAS_LOA_HIGH);
        hashMap.put(ClaimName.ACCESS_TOKEN_HASH.getJoseName(), encodeToString);
        hashMap.put(ClaimName.SUBJECT.getJoseName(), TokenBuilderUtil.buildSubjectClaim(str, jsonWebToken.getStringBodyClaim(ClaimName.ID_NUMBER).orElseThrow(() -> {
            return new IdpJoseException("Missing '" + ClaimName.ID_NUMBER.getJoseName() + "' claim!");
        }), this.serverSubjectSalt));
        hashMap.put(ClaimName.JWT_ID.getJoseName(), Nonce.getNonceAsHex(16));
        hashMap.put(ClaimName.EXPIRES_AT.getJoseName(), Long.valueOf(NumericDate.fromSeconds(now.plusMinutes(5L).toEpochSecond()).getValue()));
        HashMap hashMap2 = new HashMap();
        hashMap2.put(ClaimName.TYPE.getJoseName(), "JWT");
        return this.jwtProcessor.buildJwt(new JwtBuilder().addAllBodyClaims(hashMap).addAllHeaderClaims(hashMap2));
    }

    @Generated
    public IdTokenBuilder(IdpJwtProcessor idpJwtProcessor, String str, String str2) {
        this.jwtProcessor = idpJwtProcessor;
        this.issuerUrl = str;
        this.serverSubjectSalt = str2;
    }

    @Generated
    public IdpJwtProcessor getJwtProcessor() {
        return this.jwtProcessor;
    }

    @Generated
    public String getIssuerUrl() {
        return this.issuerUrl;
    }

    @Generated
    public String getServerSubjectSalt() {
        return this.serverSubjectSalt;
    }

    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof IdTokenBuilder)) {
            return false;
        }
        IdTokenBuilder idTokenBuilder = (IdTokenBuilder) obj;
        if (!idTokenBuilder.canEqual(this)) {
            return false;
        }
        IdpJwtProcessor jwtProcessor = getJwtProcessor();
        IdpJwtProcessor jwtProcessor2 = idTokenBuilder.getJwtProcessor();
        if (jwtProcessor == null) {
            if (jwtProcessor2 != null) {
                return false;
            }
        } else if (!jwtProcessor.equals(jwtProcessor2)) {
            return false;
        }
        String issuerUrl = getIssuerUrl();
        String issuerUrl2 = idTokenBuilder.getIssuerUrl();
        if (issuerUrl == null) {
            if (issuerUrl2 != null) {
                return false;
            }
        } else if (!issuerUrl.equals(issuerUrl2)) {
            return false;
        }
        String serverSubjectSalt = getServerSubjectSalt();
        String serverSubjectSalt2 = idTokenBuilder.getServerSubjectSalt();
        return serverSubjectSalt == null ? serverSubjectSalt2 == null : serverSubjectSalt.equals(serverSubjectSalt2);
    }

    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof IdTokenBuilder;
    }

    @Generated
    public int hashCode() {
        IdpJwtProcessor jwtProcessor = getJwtProcessor();
        int hashCode = (1 * 59) + (jwtProcessor == null ? 43 : jwtProcessor.hashCode());
        String issuerUrl = getIssuerUrl();
        int hashCode2 = (hashCode * 59) + (issuerUrl == null ? 43 : issuerUrl.hashCode());
        String serverSubjectSalt = getServerSubjectSalt();
        return (hashCode2 * 59) + (serverSubjectSalt == null ? 43 : serverSubjectSalt.hashCode());
    }

    @Generated
    public String toString() {
        return "IdTokenBuilder(jwtProcessor=" + getJwtProcessor() + ", issuerUrl=" + getIssuerUrl() + ", serverSubjectSalt=" + getServerSubjectSalt() + ")";
    }
}
