package de.governikus.autent.eudiwallet.keycloak.endpoints.credentialendpoints;

import de.governikus.autent.eudiwallet.keycloak.constants.Constants;
import de.governikus.autent.eudiwallet.keycloak.constants.StaticContext;
import de.governikus.autent.eudiwallet.keycloak.database.ClientScopeRepository;
import de.governikus.autent.eudiwallet.keycloak.models.CredentialRequest;
import de.governikus.autent.eudiwallet.keycloak.models.Proof;
import de.governikus.autent.eudiwallet.keycloak.models.ProofOfPossessionDetails;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.keycloak.common.VerificationException;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.oid4vc.model.CredentialResponse;
import org.keycloak.services.managers.AuthenticationManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/governikus/autent/eudiwallet/keycloak/endpoints/credentialendpoints/CredentialPresentationBFlowEndpoint.class */
public class CredentialPresentationBFlowEndpoint extends AbstractCredentialEndpoint {
    private static final Logger log = LoggerFactory.getLogger(CredentialPresentationBFlowEndpoint.class);

    public CredentialPresentationBFlowEndpoint(KeycloakSession keycloakSession, AuthenticationManager.AuthResult authResult) {
        super(keycloakSession, authResult);
    }

    @Override // de.governikus.autent.eudiwallet.keycloak.endpoints.credentialendpoints.CredentialEndpoint
    public void validateCredentialRequest(CredentialRequest credentialRequest) {
        if (credentialRequest.getRelyingPartyEphemeralPublicKey() == null) {
            throw getInvalidRequestException(String.format("Missing required parameter '%s'.", Constants.ProtocolAttributes.VERIFIER_PUB));
        }
        if ("vc+sd-jwt".equals(credentialRequest.getFormat())) {
            validateSdJwtFormatRequest(credentialRequest);
        } else {
            validateMdocFormatRequest(credentialRequest);
        }
    }

    private void validateSdJwtFormatRequest(CredentialRequest credentialRequest) {
        String format = credentialRequest.getFormat();
        String verifiableCredentialType = credentialRequest.getVerifiableCredentialType();
        if (StringUtils.isBlank(format)) {
            throw getInvalidRequestException("Missing required parameter 'format'.");
        }
        if (StringUtils.isBlank(verifiableCredentialType)) {
            throw getInvalidRequestException("Missing required parameter 'vct'.");
        }
        if (!StaticContext.getSupportedVcFormats().contains(format) && !StringUtils.equals("seed_credential", format)) {
            throw getInvalidRequestException(String.format("Unsupported format '%s'.", format));
        }
        verifyIfScopeExists(verifiableCredentialType, String.format("vct value '%s' is not supported", verifiableCredentialType));
        Proof proof = credentialRequest.getProof();
        if (proof == null) {
            throw getInvalidRequestException("Missing required parameter 'proof'");
        }
        String proofType = proof.getProofType();
        if (!StringUtils.equals("jwt", proofType)) {
            throw getInvalidRequestException(String.format("Unsupported proof type '%s'", proofType));
        }
        String str = (String) credentialRequest.getProof().getProofObject();
        if (StringUtils.isBlank(str)) {
            throw getInvalidRequestException(String.format("Missing required parameter 'proof.%s'", proofType));
        }
        try {
            this.keycloakSession.setAttribute(Constants.ProtocolAttributes.KB_EPH_PUB, ProofOfPossessionDetails.parseAndVerify(this.keycloakSession, str, null).getHeaderKey());
        } catch (VerificationException e) {
            throw getInvalidRequestException(e.getMessage());
        }
    }

    private void verifyIfScopeExists(String str, String str2) {
        try {
            ClientScopeRepository.getClientScopeByName(this.keycloakSession, str);
        } catch (IllegalArgumentException e) {
            throw getInvalidRequestException(str2);
        }
    }

    private void validateMdocFormatRequest(CredentialRequest credentialRequest) {
        if (StringUtils.isBlank(credentialRequest.getSessionTranscript())) {
            throw getInvalidRequestException(String.format("Missing required parameter '%s'", Constants.ProtocolAttributes.SESSION_TRANSCRIPT));
        }
        String mdocDocumentType = credentialRequest.getMdocDocumentType();
        String verifiableCredentialType = credentialRequest.getVerifiableCredentialType();
        if (StringUtils.isBlank(mdocDocumentType) && StringUtils.isBlank(verifiableCredentialType)) {
            throw getInvalidRequestException(String.format("Missing required parameter '%1$s'. For mdoc use either the parameter '%2$s' or '%1$s'", Constants.ProtocolAttributes.VCT, Constants.ProtocolAttributes.DOCUMENT_TYPE));
        }
        if (credentialRequest.getProof() != null) {
            throw getInvalidRequestException("Parameter 'proof' must not be present");
        }
    }

    @Override // de.governikus.autent.eudiwallet.keycloak.endpoints.credentialendpoints.CredentialEndpoint
    public CredentialResponse handleCredentialRequest(CredentialRequest credentialRequest) {
        String parseFormat = parseFormat(credentialRequest.getFormat());
        String verifiableCredentialType = credentialRequest.getVerifiableCredentialType();
        return buildCredential(getClientScope((String) Optional.ofNullable(verifiableCredentialType).orElse(credentialRequest.getMdocDocumentType()), parseFormat), parseFormat).credentialResponse();
    }
}
