package org.keycloak.sdjwt.vp;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.keycloak.common.VerificationException;
import org.keycloak.common.util.Base64Url;
import org.keycloak.crypto.SignatureSignerContext;
import org.keycloak.sdjwt.IssuerSignedJWT;
import org.keycloak.sdjwt.IssuerSignedJwtVerificationOpts;
import org.keycloak.sdjwt.SdJwt;
import org.keycloak.sdjwt.SdJwtUtils;
import org.keycloak.sdjwt.SdJwtVerificationContext;

/* loaded from: input_file:org/keycloak/sdjwt/vp/SdJwtVP.class */
public class SdJwtVP {
    private final String sdJwtVpString;
    private final IssuerSignedJWT issuerSignedJWT;
    private final Map<String, ArrayNode> claims;
    private final Map<String, String> disclosures;
    private final Map<String, String> recursiveDigests;
    private final List<String> ghostDigests;
    private final String hashAlgorithm;
    private final Optional<KeyBindingJWT> keyBindingJWT;

    public Map<String, ArrayNode> getClaims() {
        return this.claims;
    }

    public IssuerSignedJWT getIssuerSignedJWT() {
        return this.issuerSignedJWT;
    }

    public Map<String, String> getDisclosures() {
        return this.disclosures;
    }

    public Collection<String> getDisclosuresString() {
        return this.disclosures.values();
    }

    public Map<String, String> getRecursiveDigests() {
        return this.recursiveDigests;
    }

    public Collection<String> getGhostDigests() {
        return this.ghostDigests;
    }

    public String getHashAlgorithm() {
        return this.hashAlgorithm;
    }

    public Optional<KeyBindingJWT> getKeyBindingJWT() {
        return this.keyBindingJWT;
    }

    private SdJwtVP(String str, String str2, IssuerSignedJWT issuerSignedJWT, Map<String, ArrayNode> map, Map<String, String> map2, Map<String, String> map3, List<String> list, Optional<KeyBindingJWT> optional) {
        this.sdJwtVpString = str;
        this.hashAlgorithm = str2;
        this.issuerSignedJWT = issuerSignedJWT;
        this.claims = Collections.unmodifiableMap(map);
        this.disclosures = Collections.unmodifiableMap(map2);
        this.recursiveDigests = Collections.unmodifiableMap(map3);
        this.ghostDigests = Collections.unmodifiableList(list);
        this.keyBindingJWT = optional;
    }

    public static SdJwtVP of(String str) {
        int indexOf = str.indexOf(SdJwt.DELIMITER);
        int lastIndexOf = str.lastIndexOf(SdJwt.DELIMITER);
        String substring = str.substring(0, indexOf);
        String substring2 = str.substring(indexOf + 1, lastIndexOf);
        IssuerSignedJWT fromJws = IssuerSignedJWT.fromJws(substring);
        ObjectNode payload = fromJws.getPayload();
        String asText = payload.get(IssuerSignedJWT.CLAIM_NAME_SD_HASH_ALGORITHM).asText();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        for (String str2 : substring2.split(SdJwt.DELIMITER)) {
            String hashAndBase64EncodeNoPad = SdJwtUtils.hashAndBase64EncodeNoPad(str2.getBytes(), asText);
            if (hashMap2.containsKey(hashAndBase64EncodeNoPad)) {
                throw new IllegalArgumentException("Duplicate disclosure digest");
            }
            hashMap2.put(hashAndBase64EncodeNoPad, str2);
            try {
                hashMap.put(hashAndBase64EncodeNoPad, SdJwtUtils.mapper.readTree(Base64Url.decode(str2)));
            } catch (IOException e) {
                throw new IllegalArgumentException("Invalid disclosure data");
            }
        }
        Set keySet = hashMap.keySet();
        HashMap hashMap3 = new HashMap();
        ArrayList arrayList = new ArrayList();
        keySet.stream().forEach(str3 -> {
            processDisclosureDigest(findNode(payload, str3), str3, hashMap, hashMap3, arrayList);
        });
        Optional empty = Optional.empty();
        if (str.length() > lastIndexOf + 1) {
            empty = Optional.of(KeyBindingJWT.of(str.substring(lastIndexOf + 1)));
        }
        return new SdJwtVP(str.substring(0, lastIndexOf + 1), asText, fromJws, hashMap, hashMap2, hashMap3, arrayList, empty);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static JsonNode processDisclosureDigest(JsonNode jsonNode, String str, Map<String, ArrayNode> map, Map<String, String> map2, List<String> list) {
        if (jsonNode == null) {
            Iterator<Map.Entry<String, ArrayNode>> it = map.entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Map.Entry<String, ArrayNode> next = it.next();
                if (!next.getKey().equals(str)) {
                    jsonNode = findNode(next.getValue(), str);
                    if (jsonNode != null) {
                        map2.put(str, next.getKey());
                        break;
                    }
                }
            }
        }
        if (jsonNode == null) {
            list.add(str);
        }
        return jsonNode;
    }

    public JsonNode getCnfClaim() {
        return this.issuerSignedJWT.getCnfClaim().orElse(null);
    }

    public String present(List<String> list, JsonNode jsonNode, SignatureSignerContext signatureSignerContext, String str) {
        StringBuilder sb = new StringBuilder();
        if (list == null || list.isEmpty()) {
            sb.append(this.sdJwtVpString);
        } else {
            sb.append(this.issuerSignedJWT.toJws());
            sb.append(SdJwt.DELIMITER);
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                sb.append(this.disclosures.get(it.next()));
                sb.append(SdJwt.DELIMITER);
            }
        }
        String sb2 = sb.toString();
        if (jsonNode == null || signatureSignerContext == null) {
            return sb2;
        }
        sb.append(KeyBindingJWT.from(((ObjectNode) jsonNode).put("sd_hash", SdJwtUtils.hashAndBase64EncodeNoPad(sb2.getBytes(), getHashAlgorithm())), signatureSignerContext, str).toJws());
        return sb.toString();
    }

    public void verify(IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts, KeyBindingJwtVerificationOpts keyBindingJwtVerificationOpts) throws VerificationException {
        new SdJwtVerificationContext(this.sdJwtVpString, this.issuerSignedJWT, this.disclosures, this.keyBindingJWT.orElse(null)).verifyPresentation(issuerSignedJwtVerificationOpts, keyBindingJwtVerificationOpts);
    }

    private static JsonNode findNode(JsonNode jsonNode, String str) {
        if (jsonNode == null) {
            return null;
        }
        if (jsonNode.isValueNode()) {
            if (jsonNode.asText().equals(str)) {
                return jsonNode;
            }
            return null;
        }
        if (!jsonNode.isArray() && !jsonNode.isObject()) {
            return null;
        }
        Iterator it = jsonNode.iterator();
        while (it.hasNext()) {
            JsonNode findNode = findNode((JsonNode) it.next(), str);
            if (findNode != null) {
                return findNode;
            }
        }
        return null;
    }

    public String toString() {
        return this.sdJwtVpString;
    }

    public String verbose() {
        StringBuilder sb = new StringBuilder();
        sb.append("Issuer Signed JWT: ");
        sb.append(this.issuerSignedJWT.getPayload());
        sb.append("\n");
        this.disclosures.forEach((str, str2) -> {
            sb.append("\n");
            sb.append("Digest: ");
            sb.append(str);
            sb.append("\n");
            sb.append("Disclosure: ");
            sb.append(str2);
            sb.append("\n");
            sb.append("Content: ");
            sb.append(this.claims.get(str));
            sb.append("\n");
        });
        sb.append("\n");
        sb.append("Recursive Digests: ");
        sb.append(this.recursiveDigests);
        sb.append("\n");
        sb.append("\n");
        sb.append("Ghost Digests: ");
        sb.append(this.ghostDigests);
        sb.append("\n");
        sb.append("\n");
        if (this.keyBindingJWT.isPresent()) {
            sb.append("Key Binding JWT: ");
            sb.append("\n");
            sb.append(this.keyBindingJWT.get().getPayload().toString());
            sb.append("\n");
        }
        return sb.toString();
    }
}
