package de.gematik.idp.token;

import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
import de.gematik.idp.exceptions.IdpJoseException;
import de.gematik.idp.field.ClaimName;
import de.gematik.idp.token.IdpJoseObject;
import java.io.IOException;
import java.security.Key;
import java.security.PublicKey;
import java.time.ZonedDateTime;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Consumer;
import lombok.Generated;
import org.jose4j.json.JsonUtil;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.lang.JoseException;

@JsonSerialize(using = IdpJoseObject.Serializer.class)
@JsonDeserialize(using = Deserializer.class)
/* loaded from: input_file:de/gematik/idp/token/IdpJwe.class */
public class IdpJwe extends IdpJoseObject {
    private Key decryptionKey;

    /* loaded from: input_file:de/gematik/idp/token/IdpJwe$Deserializer.class */
    public static class Deserializer extends JsonDeserializer<IdpJoseObject> {
        /* renamed from: deserialize, reason: merged with bridge method [inline-methods] */
        public IdpJoseObject m9deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException {
            return new IdpJwe((String) deserializationContext.readValue(jsonParser, String.class));
        }
    }

    public IdpJwe(String str) {
        super(str);
    }

    public static IdpJwe createWithPayloadAndEncryptWithKey(String str, Key key, String str2) {
        return createWithPayloadAndExpiryAndEncryptWithKey(str, Optional.empty(), key, str2);
    }

    @Deprecated(since = "24.1.0", forRemoval = true)
    public static IdpJwe createWithPayloadAndExpiryAndEncryptWithKey(String str, Optional<ZonedDateTime> optional, Key key, String str2) {
        JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
        jsonWebEncryption.setPlaintext(str);
        configureKeyForJwe(key, jsonWebEncryption);
        optional.map(TokenClaimExtraction::zonedDateTimeToClaim).ifPresent(l -> {
            jsonWebEncryption.setHeader(ClaimName.EXPIRES_AT.getJoseName(), l);
        });
        jsonWebEncryption.setHeader(ClaimName.CONTENT_TYPE.getJoseName(), str2);
        try {
            return new IdpJwe(jsonWebEncryption.getCompactSerialization());
        } catch (JoseException e) {
            throw new IdpJoseException("Error during token encryption", e);
        }
    }

    public static IdpJwe createJweWithPayloadAndHeaders(String str, Key key, Consumer<JsonWebEncryption> consumer) {
        JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
        jsonWebEncryption.setPlaintext(str);
        configureKeyForJwe(key, jsonWebEncryption);
        consumer.accept(jsonWebEncryption);
        try {
            return new IdpJwe(jsonWebEncryption.getCompactSerialization());
        } catch (JoseException e) {
            throw new IdpJoseException("Error during token encryption", e);
        }
    }

    private static void configureKeyForJwe(Key key, JsonWebEncryption jsonWebEncryption) {
        if (key instanceof PublicKey) {
            jsonWebEncryption.setAlgorithmHeaderValue("ECDH-ES");
        } else {
            jsonWebEncryption.setAlgorithmHeaderValue("dir");
        }
        jsonWebEncryption.setEncryptionMethodHeaderParameter("A256GCM");
        jsonWebEncryption.setKey(key);
    }

    public JsonWebToken decryptNestedJwt(Key key) {
        setDecryptionKey(key);
        return new JsonWebToken(getStringBodyClaim(ClaimName.NESTED_JWT).orElseThrow(() -> {
            return new IdpJoseException("Could not find njwt");
        }));
    }

    public JsonWebToken decryptJwt(Key key) {
        setDecryptionKey(key);
        return new JsonWebToken(decryptJweAndReturnPayloadString(key));
    }

    @Override // de.gematik.idp.token.IdpJoseObject
    public ZonedDateTime getExpiresAt() {
        return getDateTimeClaim(ClaimName.EXPIRES_AT, this::getHeaderClaims).orElseThrow();
    }

    public String decryptJweAndReturnPayloadString(Key key) {
        JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
        jsonWebEncryption.setAlgorithmConstraints(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.PERMIT, new String[]{"dir", "ECDH-ES"}));
        jsonWebEncryption.setContentEncryptionAlgorithmConstraints(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.PERMIT, new String[]{"A256GCM"}));
        try {
            jsonWebEncryption.setCompactSerialization(getRawString());
            jsonWebEncryption.setKey(key);
            return jsonWebEncryption.getPlaintextString();
        } catch (JoseException e) {
            throw new IdpJoseException("Error during decryption", e);
        }
    }

    @Override // de.gematik.idp.token.IdpJoseObject
    public Map<String, Object> extractHeaderClaims() {
        JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
        try {
            jsonWebEncryption.setCompactSerialization(getRawString());
            return JsonUtil.parseJson(jsonWebEncryption.getHeaders().getFullHeaderAsJsonString());
        } catch (JoseException e) {
            throw new IdpJoseException((Exception) e);
        }
    }

    public IdpJwe setDecryptionKey(Key key) {
        this.decryptionKey = key;
        return this;
    }

    @Override // de.gematik.idp.token.IdpJoseObject
    public Map<String, Object> extractBodyClaims() {
        Objects.requireNonNull(this.decryptionKey, "Body-claim extraction requires non-null decryption key");
        try {
            return JsonUtil.parseJson(decryptJweAndReturnPayloadString(this.decryptionKey));
        } catch (JoseException e) {
            throw new IdpJoseException("Exception occurred during body-claim extraction", e);
        }
    }

    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof IdpJwe)) {
            return false;
        }
        IdpJwe idpJwe = (IdpJwe) obj;
        if (!idpJwe.canEqual(this)) {
            return false;
        }
        Key decryptionKey = getDecryptionKey();
        Key decryptionKey2 = idpJwe.getDecryptionKey();
        return decryptionKey == null ? decryptionKey2 == null : decryptionKey.equals(decryptionKey2);
    }

    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof IdpJwe;
    }

    @Generated
    public int hashCode() {
        Key decryptionKey = getDecryptionKey();
        return (1 * 59) + (decryptionKey == null ? 43 : decryptionKey.hashCode());
    }

    @Generated
    public Key getDecryptionKey() {
        return this.decryptionKey;
    }
}
