package de.governikus.autent.eudiwallet.relyingparty.helper;

import com.authlete.sd.SDJWT;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.nimbusds.jose.HeaderParameterNames;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.shaded.gson.internal.LinkedTreeMap;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jwt.JWTClaimNames;
import de.governikus.autent.eudiwallet.ecdh.KeyService;
import java.net.URLDecoder;
import java.security.interfaces.ECPrivateKey;
import java.util.Map;
import java.util.stream.Collectors;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/classes/de/governikus/autent/eudiwallet/relyingparty/helper/SdJwtHandler.class */
public final class SdJwtHandler {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SdJwtHandler.class);

    public static boolean isValid(SDJWT sdjwt, ECPrivateKey eCPrivateKey, String str, String str2) {
        JWSObject parse = JWSObject.parse(sdjwt.getCredentialJwt());
        boolean verify = parse.verify(new DefaultJWSVerifierFactory().createJWSVerifier(parse.getHeader(), new SecretKeySpec(KeyService.deriveKeyFrom(eCPrivateKey, KeyService.readX509Certificate(((Base64) parse.getHeader().getX509CertChain().getFirst()).decode()).getPublicKey()), "HmacSHA512")));
        JWSObject parse2 = JWSObject.parse(sdjwt.getBindingJwt());
        boolean verify2 = parse2.verify(new DefaultJWSVerifierFactory().createJWSVerifier(parse2.getHeader(), ((ECKey) getJwk(parse)).toKeyPair().getPublic()));
        Map<String, Object> jSONObject = parse2.getPayload().toJSONObject();
        return verify && verify2 && str.equals((String) jSONObject.get("nonce")) && str2.equals((String) jSONObject.get(JWTClaimNames.AUDIENCE));
    }

    public static Map<String, String> getDisclosureKeyValueMap(SDJWT sdjwt) {
        return (Map) sdjwt.getDisclosures().stream().collect(Collectors.toMap((v0) -> {
            return v0.getClaimName();
        }, disclosure -> {
            return String.valueOf(disclosure.getClaimValue());
        }));
    }

    public static SDJWT getSdJwtByVpToken(String str) {
        return SDJWT.parse(((ArrayNode) new ObjectMapper().readTree(URLDecoder.decode(str)).get("verifiableCredential")).get(0).asText());
    }

    private static JWK getJwk(JWSObject jWSObject) {
        return JWK.parse(((LinkedTreeMap) jWSObject.getPayload().toJSONObject().get("cnf")).get(HeaderParameterNames.JWK).toString());
    }

    private SdJwtHandler() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }
}
