package de.gematik.idp.authentication;

import de.gematik.idp.brainPoolExtension.BrainpoolAlgorithmSuiteIdentifiers;
import de.gematik.idp.crypto.KeyAnalysis;
import de.gematik.idp.crypto.model.PkiIdentity;
import de.gematik.idp.exceptions.IdpRuntimeException;
import de.gematik.idp.field.ClaimName;
import de.gematik.idp.token.JsonWebToken;
import java.security.cert.X509Certificate;
import lombok.Generated;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:de/gematik/idp/authentication/AuthenticationResponseBuilder.class */
public class AuthenticationResponseBuilder {

    @Generated
    /* loaded from: input_file:de/gematik/idp/authentication/AuthenticationResponseBuilder$AuthenticationResponseBuilderBuilder.class */
    public static class AuthenticationResponseBuilderBuilder {
        @Generated
        AuthenticationResponseBuilderBuilder() {
        }

        @Generated
        public AuthenticationResponseBuilder build() {
            return new AuthenticationResponseBuilder();
        }

        @Generated
        public String toString() {
            return "AuthenticationResponseBuilder.AuthenticationResponseBuilderBuilder()";
        }
    }

    public AuthenticationResponse buildResponseForChallenge(AuthenticationChallenge authenticationChallenge, PkiIdentity pkiIdentity) {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setClaim(ClaimName.NESTED_JWT.getJoseName(), authenticationChallenge.getChallenge().getRawString());
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(jwtClaims.toJson());
        if (KeyAnalysis.isEcKey(pkiIdentity.getCertificate().getPublicKey())) {
            jsonWebSignature.setAlgorithmHeaderValue(BrainpoolAlgorithmSuiteIdentifiers.BRAINPOOL256_USING_SHA256);
        } else {
            jsonWebSignature.setAlgorithmHeaderValue("PS256");
        }
        jsonWebSignature.setKey(pkiIdentity.getPrivateKey());
        jsonWebSignature.setHeader("typ", "JWT");
        jsonWebSignature.setHeader("cty", "NJWT");
        jsonWebSignature.setCertificateChainHeaderValue(new X509Certificate[]{pkiIdentity.getCertificate()});
        try {
            return AuthenticationResponse.builder().signedChallenge(new JsonWebToken(jsonWebSignature.getCompactSerialization())).build();
        } catch (JoseException e) {
            throw new IdpRuntimeException((Exception) e);
        }
    }

    @Generated
    public static AuthenticationResponseBuilderBuilder builder() {
        return new AuthenticationResponseBuilderBuilder();
    }

    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        return (obj instanceof AuthenticationResponseBuilder) && ((AuthenticationResponseBuilder) obj).canEqual(this);
    }

    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof AuthenticationResponseBuilder;
    }

    @Generated
    public int hashCode() {
        return 1;
    }

    @Generated
    public String toString() {
        return "AuthenticationResponseBuilder()";
    }

    @Generated
    public AuthenticationResponseBuilder() {
    }
}
