package de.gematik.rbellogger.converter;

import de.gematik.rbellogger.converter.brainpool.BrainpoolCurves;
import de.gematik.rbellogger.data.RbelElement;
import de.gematik.rbellogger.data.RbelJweElement;
import de.gematik.rbellogger.data.RbelJweEncryptionInfo;
import de.gematik.rbellogger.data.RbelJwtSignature;
import de.gematik.rbellogger.data.RbelStringElement;
import java.security.Key;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.Optional;
import org.apache.commons.lang3.tuple.Pair;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:de/gematik/rbellogger/converter/RbelJweConverter.class */
public class RbelJweConverter implements RbelConverterPlugin {
    @Override // de.gematik.rbellogger.converter.RbelConverterPlugin
    public boolean canConvertElement(RbelElement rbelElement, RbelConverter rbelConverter) {
        return initializeJwe(rbelElement).isPresent();
    }

    @Override // de.gematik.rbellogger.converter.RbelConverterPlugin
    public RbelElement convertElement(RbelElement rbelElement, RbelConverter rbelConverter) {
        JsonWebEncryption jsonWebEncryption = initializeJwe(rbelElement).get();
        Optional<Pair<String, String>> findCorrectKeyAndReturnPayload = findCorrectKeyAndReturnPayload(rbelConverter, jsonWebEncryption);
        return findCorrectKeyAndReturnPayload.isEmpty() ? new RbelJweElement(rbelConverter.convertMessage(jsonWebEncryption.getHeaders().getFullHeaderAsJsonString()), new RbelStringElement("<Encrypted Payload>"), new RbelJweEncryptionInfo(false, null)) : new RbelJweElement(rbelConverter.convertMessage(jsonWebEncryption.getHeaders().getFullHeaderAsJsonString()), rbelConverter.convertMessage((String) findCorrectKeyAndReturnPayload.get().getValue()), new RbelJweEncryptionInfo(true, (String) findCorrectKeyAndReturnPayload.get().getKey()));
    }

    private Optional<Pair<String, String>> findCorrectKeyAndReturnPayload(RbelConverter rbelConverter, JsonWebEncryption jsonWebEncryption) {
        for (Map.Entry<String, Key> entry : rbelConverter.getKeyIdToKeyDatabase().entrySet()) {
            try {
                jsonWebEncryption.setKey(entry.getValue());
                return Optional.of(Pair.of(entry.getKey(), jsonWebEncryption.getPayload()));
            } catch (Exception e) {
            }
        }
        return Optional.empty();
    }

    private Optional<PublicKey> tryToGetKeyFromX5cHeaderClaim(JsonWebSignature jsonWebSignature) {
        return Optional.ofNullable(jsonWebSignature.getCertificateChainHeaderValue()).map(list -> {
            return (X509Certificate) list.get(0);
        }).map((v0) -> {
            return v0.getPublicKey();
        });
    }

    private Optional<JsonWebEncryption> initializeJwe(RbelElement rbelElement) {
        JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
        jsonWebEncryption.setDoKeyValidation(false);
        jsonWebEncryption.setAlgorithmConstraints(AlgorithmConstraints.NO_CONSTRAINTS);
        try {
            jsonWebEncryption.setCompactSerialization(rbelElement.getContent());
            jsonWebEncryption.getHeaders();
            return Optional.ofNullable(jsonWebEncryption);
        } catch (Exception e) {
            return Optional.empty();
        }
    }

    private Optional<RbelJwtSignature> verifySig(JsonWebSignature jsonWebSignature, Key key, String str) {
        try {
            jsonWebSignature.setKey(key);
            tryToGetKeyFromX5cHeaderClaim(jsonWebSignature);
            return Optional.of(new RbelJwtSignature(jsonWebSignature.verifySignature(), str));
        } catch (JoseException e) {
            return Optional.empty();
        }
    }

    static {
        BrainpoolCurves.init();
    }
}
