package de.governikus.autent.eudiwallet.keycloak.provider.credentialbuilder;

import com.authlete.cose.constants.COSEEllipticCurves;
import de.governikus.autent.eudiwallet.keycloak.exceptions.UnparseableCredentialException;
import de.governikus.autent.eudiwallet.keycloak.provider.mapper.CredentialAttributeMapper;
import de.governikus.autent.eudiwallet.keycloak.provider.mapper.EidCountryCodeAttributeMapper;
import de.governikus.autent.eudiwallet.keycloak.provider.mapper.WalletCredentialProtocolMapper;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.apache.commons.lang3.tuple.Pair;
import org.keycloak.crypto.ECDSASignatureVerifierContext;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.crypto.SignatureVerifierContext;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.ProtocolMapper;
import org.keycloak.provider.Provider;

/* loaded from: input_file:de/governikus/autent/eudiwallet/keycloak/provider/credentialbuilder/OpenId4VciCredentialBuilderProvider.class */
public interface OpenId4VciCredentialBuilderProvider<T> extends Provider {
    T buildCredential(ClientScopeModel clientScopeModel, UserModel userModel);

    UserModel parseCredential(String str) throws UnparseableCredentialException;

    default Map<String, Object> getSubjectClaimsForIssuance(KeycloakSession keycloakSession, ClientScopeModel clientScopeModel, UserModel userModel) {
        return getSubjectClaims(keycloakSession, clientScopeModel, userModel, List.of(CredentialAttributeMapper.class, EidCountryCodeAttributeMapper.class));
    }

    default Map<String, Object> getSubjectClaimsForPresentation(KeycloakSession keycloakSession, ClientScopeModel clientScopeModel, UserModel userModel) {
        return getSubjectClaims(keycloakSession, clientScopeModel, userModel, List.of(WalletCredentialProtocolMapper.class));
    }

    private default Map<String, Object> getSubjectClaims(KeycloakSession keycloakSession, ClientScopeModel clientScopeModel, UserModel userModel, List<Class<? extends WalletCredentialProtocolMapper>> list) {
        Map attributes = userModel.getAttributes();
        HashMap hashMap = new HashMap();
        KeycloakSessionFactory keycloakSessionFactory = keycloakSession.getKeycloakSessionFactory();
        clientScopeModel.getProtocolMappersStream().map(protocolMapperModel -> {
            ProtocolMapper providerFactory = keycloakSessionFactory.getProviderFactory(ProtocolMapper.class, protocolMapperModel.getProtocolMapper());
            if (list.stream().noneMatch(cls -> {
                return cls.isInstance(providerFactory);
            })) {
                return null;
            }
            return Pair.of(protocolMapperModel, providerFactory);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).forEach(pair -> {
            ((WalletCredentialProtocolMapper) pair.getRight()).transformUserToDocument(hashMap, userModel, attributes, (ProtocolMapperModel) pair.getLeft());
        });
        hashMap.put("id", userModel.getUsername());
        return hashMap;
    }

    default SignatureVerifierContext getVerifierContext(KeyWrapper keyWrapper) {
        String algorithm = keyWrapper.getAlgorithm();
        boolean z = -1;
        switch (algorithm.hashCode()) {
            case -276032869:
                if (algorithm.equals(COSEEllipticCurves.Ed25519_NAME)) {
                    z = 4;
                    break;
                }
                break;
            case 66245349:
                if (algorithm.equals("ES256")) {
                    z = false;
                    break;
                }
                break;
            case 66246401:
                if (algorithm.equals("ES384")) {
                    z = true;
                    break;
                }
                break;
            case 66248104:
                if (algorithm.equals("ES512")) {
                    z = 2;
                    break;
                }
                break;
            case 66753689:
                if (algorithm.equals(COSEEllipticCurves.Ed448_NAME)) {
                    z = 3;
                    break;
                }
                break;
            case 66770035:
                if (algorithm.equals("EdDSA")) {
                    z = 5;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
            case true:
            case true:
            case true:
                return new ECDSASignatureVerifierContext(keyWrapper);
            default:
                return null;
        }
    }

    default void close() {
    }
}
