package se.idsec.sigval.xml.svt;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.bouncycastle.util.encoders.Base64;
import se.idsec.sigval.commons.algorithms.DigestAlgorithmRegistry;
import se.idsec.sigval.commons.svt.AbstractSVTSigValClaimsIssuer;
import se.idsec.sigval.svt.claims.SVTProfile;
import se.idsec.sigval.svt.claims.SigReferenceClaims;
import se.idsec.sigval.svt.claims.SignatureClaims;
import se.idsec.sigval.svt.claims.SignedDataClaims;
import se.idsec.sigval.svt.claims.ValidationConclusion;
import se.idsec.sigval.xml.data.ExtendedXmlSigvalResult;
import se.idsec.sigval.xml.verify.XMLSignatureElementValidator;
import se.idsec.sigval.xml.xmlstruct.SignatureData;

/* loaded from: input_file:se/idsec/sigval/xml/svt/XMLSVTSigValClaimsIssuer.class */
public class XMLSVTSigValClaimsIssuer extends AbstractSVTSigValClaimsIssuer<XMLSigValInput> {
    private final XMLSignatureElementValidator signatureVerifier;
    private boolean defaultBasicValidation;

    public XMLSVTSigValClaimsIssuer(JWSAlgorithm jWSAlgorithm, Object obj, List<X509Certificate> list, XMLSignatureElementValidator xMLSignatureElementValidator) throws NoSuchAlgorithmException, JOSEException {
        super(jWSAlgorithm, obj, list);
        this.defaultBasicValidation = false;
        this.signatureVerifier = xMLSignatureElementValidator;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<SignatureClaims> verify(XMLSigValInput xMLSigValInput, String str) throws Exception {
        SignatureData signatureData = xMLSigValInput.getSignatureData();
        Map<String, byte[]> refDataMap = signatureData.getRefDataMap();
        ExtendedXmlSigvalResult validateSignature = this.signatureVerifier.validateSignature(xMLSigValInput.getSignatureElement(), signatureData);
        if (isIssueSVT(validateSignature)) {
            return Arrays.asList(SignatureClaims.builder().sig_ref(getSigRefData(signatureData, str)).sig_val(getSignaturePolicyValidations(validateSignature)).sig_data_ref(getDocRefHashes(refDataMap, str)).time_val((List) validateSignature.getTimeValidationResults().stream().map(timeValidationResult -> {
                return timeValidationResult.getTimeValidationClaims();
            }).filter(timeValidationClaims -> {
                return isVerifiedTime(timeValidationClaims);
            }).collect(Collectors.toList())).signer_cert_ref(getCertRef(validateSignature, str)).build());
        }
        return null;
    }

    private boolean isIssueSVT(ExtendedXmlSigvalResult extendedXmlSigvalResult) {
        boolean z = false;
        List validationPolicyResultList = extendedXmlSigvalResult.getValidationPolicyResultList();
        if (validationPolicyResultList != null) {
            z = validationPolicyResultList.stream().filter(policyValidationClaims -> {
                return policyValidationClaims.getRes().equals(ValidationConclusion.PASSED);
            }).findFirst().isPresent();
        }
        return z;
    }

    private List<SignedDataClaims> getDocRefHashes(Map<String, byte[]> map, String str) throws IOException, NoSuchAlgorithmException {
        ArrayList arrayList = new ArrayList();
        for (String str2 : map.keySet()) {
            byte[] bArr = map.get(str2);
            if (bArr == null) {
                throw new IOException("Missing referenced data in signed document. Unable to collect signed data references for SVT");
            }
            arrayList.add(SignedDataClaims.builder().ref(str2).hash(Base64.toBase64String(DigestAlgorithmRegistry.get(str).getInstance().digest(bArr))).build());
        }
        return arrayList;
    }

    private SigReferenceClaims getSigRefData(SignatureData signatureData, String str) throws IOException, NoSuchAlgorithmException {
        byte[] signatureBytes = signatureData.getSignatureBytes();
        byte[] signedInfoBytes = signatureData.getSignedInfoBytes();
        if (signatureBytes == null || signedInfoBytes == null) {
            throw new IOException("No signature or signed document bytes available");
        }
        MessageDigest digestAlgorithm = DigestAlgorithmRegistry.get(str).getInstance();
        return SigReferenceClaims.builder().id(signatureData.getSignature().getId()).sb_hash(Base64.toBase64String(digestAlgorithm.digest(signedInfoBytes))).sig_hash(Base64.toBase64String(digestAlgorithm.digest(signatureData.getSignatureBytes()))).build();
    }

    protected SVTProfile getSvtProfile() {
        return SVTProfile.XML;
    }

    public void setDefaultBasicValidation(boolean z) {
        this.defaultBasicValidation = z;
    }
}
