package de.governikus.autent.eudiwallet.mdl;

import com.authlete.cbor.CBORByteArray;
import com.authlete.cose.COSEException;
import com.authlete.cose.COSEKey;
import com.authlete.cose.COSEProtectedHeader;
import com.authlete.cose.COSEProtectedHeaderBuilder;
import com.authlete.cose.COSESign1Builder;
import com.authlete.cose.COSESigner;
import com.authlete.cose.COSEUnprotectedHeader;
import com.authlete.cose.COSEUnprotectedHeaderBuilder;
import com.authlete.cose.SigStructureBuilder;
import com.authlete.cose.constants.COSEAlgorithms;
import com.authlete.mdoc.DeviceKeyInfo;
import com.authlete.mdoc.IssuerNameSpaces;
import com.authlete.mdoc.IssuerSigned;
import com.authlete.mdoc.KeyAuthorizations;
import com.authlete.mdoc.KeyInfo;
import com.authlete.mdoc.MobileSecurityObject;
import com.authlete.mdoc.ValidityInfo;
import com.authlete.mdoc.ValueDigests;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:de/governikus/autent/eudiwallet/mdl/MdocIssuerSigned.class */
public class MdocIssuerSigned {
    private static final String MSO_VERSION = "1.0";
    private final String algorithmName;
    private final Map<String, Object> deviceKeyAsJwk;
    private final List<X509Certificate> issuerCertChain;
    private final ECPrivateKey issuerKey;
    private ZonedDateTime now;
    private long validityInMonths;

    public MdocIssuerSigned(String str, Map<String, Object> map, List<X509Certificate> list, ECPrivateKey eCPrivateKey) {
        this.now = ZonedDateTime.now();
        this.validityInMonths = 12L;
        this.algorithmName = str;
        this.deviceKeyAsJwk = map;
        this.issuerCertChain = list;
        this.issuerKey = eCPrivateKey;
    }

    public MdocIssuerSigned(String str, Map<String, Object> map, List<X509Certificate> list, ECPrivateKey eCPrivateKey, ZonedDateTime zonedDateTime, long j) {
        this.now = ZonedDateTime.now();
        this.validityInMonths = 12L;
        this.algorithmName = str;
        this.deviceKeyAsJwk = map;
        this.issuerCertChain = list;
        this.issuerKey = eCPrivateKey;
        this.now = zonedDateTime;
        this.validityInMonths = j;
    }

    public IssuerSigned getIssuerSigned() {
        if (this.deviceKeyAsJwk == null || this.issuerKey == null || this.issuerCertChain == null) {
            throw new MdocException("Try to generate IssuerSigned from incomplete input. Key or certificate chain is missing.");
        }
        int valueByName = COSEAlgorithms.getValueByName(this.algorithmName);
        COSEProtectedHeader cOSEProtectedHeader = (COSEProtectedHeader) new COSEProtectedHeaderBuilder().alg(valueByName).build();
        try {
            COSEUnprotectedHeader cOSEUnprotectedHeader = (COSEUnprotectedHeader) new COSEUnprotectedHeaderBuilder().x5chain(this.issuerCertChain).build();
            CBORByteArray payload = getPayload(this.deviceKeyAsJwk);
            return new IssuerSigned(new IssuerNameSpaces(new ArrayList()), new COSESign1Builder().protectedHeader(cOSEProtectedHeader).unprotectedHeader(cOSEUnprotectedHeader).payload(payload).signature(signPayload(valueByName, this.issuerKey, payload)).build());
        } catch (CertificateEncodingException e) {
            throw new MdocException("The issuer's certificate chain is invalid.", e);
        }
    }

    private byte[] signPayload(int i, ECPrivateKey eCPrivateKey, CBORByteArray cBORByteArray) {
        try {
            return new COSESigner(eCPrivateKey).sign(new SigStructureBuilder().signature1().bodyAttributes((COSEProtectedHeader) new COSEProtectedHeaderBuilder().alg(i).build()).payload(cBORByteArray).build(), i);
        } catch (COSEException e) {
            throw new MdocException("Signing with the issuer key failed.", e);
        }
    }

    private CBORByteArray getPayload(Map<String, Object> map) {
        try {
            MobileSecurityObject mobileSecurityObject = new MobileSecurityObject(MSO_VERSION, (String) null, (ValueDigests) null, new DeviceKeyInfo(COSEKey.fromJwk(map), (KeyAuthorizations) null, (KeyInfo) null), MdocConstants.EUDI_DOC_TYPE, createValidityInfo());
            return new CBORByteArray(mobileSecurityObject.encode(), mobileSecurityObject);
        } catch (COSEException e) {
            throw new MdocException("Invalid device key as JWK.", e);
        }
    }

    protected ValidityInfo createValidityInfo() {
        return new ValidityInfo(this.now, this.now, this.now.plusMonths(this.validityInMonths));
    }
}
