package de.bos_bremen.gov.autent.common;

import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;
import javax.xml.bind.DatatypeConverter;

/* loaded from: input_file:de/bos_bremen/gov/autent/common/NPAClientParameters.class */
public class NPAClientParameters {
    public static final String SAML_REQUEST_URL = "SAMLRequestUrl";
    private final String sessionId;
    private final String refreshUrl;
    private final String paosReceiverUrl;
    private final boolean samlAttached;
    private PrivateKey sigKey;
    private String communityIdPattern;
    private String startBuergerClientUrl;
    private byte[] psk;
    private byte[] requestHash;
    private byte[] pskToSign;
    private int minAge = 18;
    private final Map<String, Boolean> requestedAttributes = new HashMap();
    Map<String, String> orderedClientParameters = new TreeMap();

    public NPAClientParameters(String str, String str2, String str3, boolean z) {
        this.sessionId = str;
        this.refreshUrl = str3;
        this.paosReceiverUrl = str2;
        this.samlAttached = z;
    }

    public void setSignatureKey(PrivateKey privateKey, byte[] bArr) {
        if ((bArr == null && !this.samlAttached) || (this.psk != null && !Arrays.equals(bArr, this.psk))) {
            throw new IllegalArgumentException("psk is null or does not match already set value");
        }
        this.sigKey = privateKey;
        this.pskToSign = bArr;
    }

    public void addClientParameter(String str, String str2) {
        this.orderedClientParameters.put(str, str2);
    }

    public void addClientParameters(Map<String, String> map) {
        this.orderedClientParameters.putAll(map);
    }

    public void setStartBuergerClientUrl(String str) {
        this.startBuergerClientUrl = str;
    }

    public Map<String, String> getValues() {
        HashMap hashMap = new HashMap();
        hashMap.put(Constants.NAME_REFID, this.sessionId);
        hashMap.put(Constants.NAME_CREDENTIALRECEIVER_URL, this.paosReceiverUrl);
        hashMap.put(Constants.NAME_IDPROVIDER_URL, this.refreshUrl);
        if (this.psk != null) {
            hashMap.put("psk", DatatypeConverter.printBase64Binary(this.psk));
        }
        if (this.requestHash != null) {
            hashMap.put(Constants.NAME_REQUESTHASH, DatatypeConverter.printBase64Binary(this.requestHash));
        }
        if (this.startBuergerClientUrl != null) {
            hashMap.put("startBuergerClientUrl", this.startBuergerClientUrl);
        }
        for (Map.Entry<String, Boolean> entry : this.requestedAttributes.entrySet()) {
            hashMap.put(entry.getKey(), entry.getValue().toString());
            if (entry.getKey().equals(AttributeNameNPA.AgeVerification.toString())) {
                hashMap.put(Constants.PARAMETER_MIN_AGE, Integer.toString(this.minAge));
            } else if (entry.getKey().equals(AttributeNameNPA.CommunityIdVerification.toString()) || entry.getKey().equals(AttributeNameNPA.PlaceVerification.toString())) {
                hashMap.put(Constants.PARAMETER_COMMUNITYID_PATTERN, this.communityIdPattern);
            }
        }
        hashMap.putAll(this.orderedClientParameters);
        if (this.sigKey != null) {
            try {
                ParameterSignature parameterSignature = null;
                if (this.sigKey.getAlgorithm().startsWith("EC")) {
                    int fieldSize = ((ECPrivateKey) this.sigKey).getParams().getCurve().getField().getFieldSize();
                    if (fieldSize == 160) {
                        parameterSignature = new ParameterSignature(this.sigKey, "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1");
                        hashMap.put(HttpRedirectUtils.SIGALG_PARAMNAME, "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1");
                    } else if (fieldSize == 256) {
                        parameterSignature = new ParameterSignature(this.sigKey, "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256");
                        hashMap.put(HttpRedirectUtils.SIGALG_PARAMNAME, "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256");
                    } else if (fieldSize == 384) {
                        parameterSignature = new ParameterSignature(this.sigKey, "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384");
                        hashMap.put(HttpRedirectUtils.SIGALG_PARAMNAME, "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384");
                    } else if (fieldSize == 512) {
                        parameterSignature = new ParameterSignature(this.sigKey, "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512");
                        hashMap.put(HttpRedirectUtils.SIGALG_PARAMNAME, "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512");
                    }
                } else {
                    parameterSignature = new ParameterSignature(this.sigKey, "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
                    hashMap.put(HttpRedirectUtils.SIGALG_PARAMNAME, "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
                }
                if (parameterSignature == null) {
                    hashMap.put("errorMessage", "unable to find matching signature instance for given key");
                } else if (this.samlAttached) {
                    hashMap.put(HttpRedirectUtils.SIGVALUE_PARAMNAME, DatatypeConverter.printBase64Binary(parameterSignature.sign()));
                } else {
                    parameterSignature.setData(this.psk == null ? this.pskToSign : this.psk, this.sessionId, this.paosReceiverUrl, this.refreshUrl, (String[]) this.orderedClientParameters.values().toArray(new String[this.orderedClientParameters.size()]));
                    hashMap.put(HttpRedirectUtils.SIGVALUE_PARAMNAME, DatatypeConverter.printBase64Binary(parameterSignature.sign()));
                }
            } catch (GeneralSecurityException e) {
                hashMap.put("errorMessage", e.getMessage());
            }
        }
        return hashMap;
    }

    public void setECardSessionAttributes(byte[] bArr, byte[] bArr2) {
        if (this.pskToSign != null && bArr != null && !Arrays.equals(this.pskToSign, bArr)) {
            throw new IllegalArgumentException("psk value does not match the signed one");
        }
        this.psk = bArr;
        this.requestHash = bArr2;
    }

    public void addRequestedAttribute(String str, boolean z) {
        this.requestedAttributes.put(str, Boolean.valueOf(z));
    }

    public void setCommunityIdPattern(String str) {
        this.communityIdPattern = str;
    }

    public void setMinAge(int i) {
        this.minAge = i;
    }
}
