package de.impfdoc.impfzert.v1.model;

import de.gematik.ws.conn.cardservicecommon.v2.CardTypeType;
import de.impfdoc.impfzert.api.ImpfZertException;
import de.impfdoc.impfzert.api.Signer;
import de.impfdoc.impfzert.common.KnownRoots;
import de.impfdoc.impfzert.common.model.SignatureDesc;
import de.impfdoc.impfzert.common.utils.SignatureLogger;
import de.impfsoft.ticonnector.Signature;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.util.CollectionStore;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.Store;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/impfdoc/impfzert/v1/model/SignedVaccinationV1.class */
public class SignedVaccinationV1 {

    @NotNull
    private final BaseVaccinationContentV1 baseVaccinationContent;

    @NotNull
    private final Signer signer;

    @NotNull
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @NotNull
    private final Set<SignatureDesc> signatures = new HashSet();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: de.impfdoc.impfzert.v1.model.SignedVaccinationV1$2, reason: invalid class name */
    /* loaded from: input_file:de/impfdoc/impfzert/v1/model/SignedVaccinationV1$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$de$gematik$ws$conn$cardservicecommon$v2$CardTypeType = new int[CardTypeType.values().length];

        static {
            try {
                $SwitchMap$de$gematik$ws$conn$cardservicecommon$v2$CardTypeType[CardTypeType.HBA.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$de$gematik$ws$conn$cardservicecommon$v2$CardTypeType[CardTypeType.HBA_Q_SIG.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$de$gematik$ws$conn$cardservicecommon$v2$CardTypeType[CardTypeType.SMC_B.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$de$gematik$ws$conn$cardservicecommon$v2$CardTypeType[CardTypeType.SMC_KT.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$de$gematik$ws$conn$cardservicecommon$v2$CardTypeType[CardTypeType.SM_B.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    public SignedVaccinationV1(@NotNull BaseVaccinationContentV1 baseVaccinationContentV1, @NotNull Signer signer) {
        this.baseVaccinationContent = baseVaccinationContentV1;
        this.signer = signer;
    }

    @NotNull
    public BaseVaccinationContentV1 getBaseVaccinationContent() {
        return this.baseVaccinationContent;
    }

    @NotNull
    public String getHash() {
        return this.baseVaccinationContent.generateHash();
    }

    @NotNull
    public String getFhir() {
        return BaseVaccinationToMioConverterV1.generateMioForSingleVaccination(this.baseVaccinationContent);
    }

    @NotNull
    public SignatureDesc getSignature(@NotNull SignatureDesc.ContentType contentType) {
        SignatureDesc orElse = this.signatures.stream().filter(signatureDesc -> {
            return signatureDesc.getContentType() == contentType;
        }).findAny().orElse((SignatureDesc) contentType.handle(new SignatureDesc.ContentTypeHandler<SignatureDesc>() { // from class: de.impfdoc.impfzert.v1.model.SignedVaccinationV1.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // de.impfdoc.impfzert.common.model.SignatureDesc.ContentTypeHandler
            @NotNull
            public SignatureDesc handleHash_Signature() {
                SignedVaccinationV1.this.logger.info("Sign HASH");
                return SignedVaccinationV1.this.makeDesc(SignedVaccinationV1.this.signer.sign(SignedVaccinationV1.this.getHash()), SignatureDesc.ContentType.Hash_Signature);
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // de.impfdoc.impfzert.common.model.SignatureDesc.ContentTypeHandler
            @NotNull
            public SignatureDesc handleFhir_Signature() {
                SignedVaccinationV1.this.logger.info("Sign FHIR");
                return SignedVaccinationV1.this.makeDesc(SignedVaccinationV1.this.signer.sign(SignedVaccinationV1.this.getFhir()), SignatureDesc.ContentType.FHIR_Signature);
            }
        }));
        this.signatures.add(orElse);
        return orElse;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @NotNull
    public SignatureDesc makeDesc(@NotNull Signature signature, @NotNull SignatureDesc.ContentType contentType) {
        SignatureDesc.SignatureType signatureType;
        switch (AnonymousClass2.$SwitchMap$de$gematik$ws$conn$cardservicecommon$v2$CardTypeType[signature.getCardType().ordinal()]) {
            case 1:
            case 2:
                signatureType = SignatureDesc.SignatureType.EHBA;
                break;
            case 3:
            case 4:
            case 5:
                signatureType = SignatureDesc.SignatureType.SMBC;
                break;
            default:
                throw new ImpfZertException(ImpfZertException.Type.NoCard, "unsupported card type" + signature.getCardType(), null);
        }
        try {
            return new SignatureDesc(contentType, signatureType, Base64.getEncoder().encodeToString(IOUtils.toByteArray(signature.getSignature())));
        } catch (IOException e) {
            throw new ImpfZertException(ImpfZertException.Type.Unknown, "some i/o error occured" + e.toString(), e);
        }
    }

    @NotNull
    public byte[] getFhirSignatureCertificate() {
        byte[] decode = Base64.getDecoder().decode(getSignature(SignatureDesc.ContentType.FHIR_Signature).getSignature());
        SignatureLogger.logTiCert(decode);
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(decode);
            Store certificates = cMSSignedData.getCertificates();
            Collection signers = cMSSignedData.getSignerInfos().getSigners();
            HashSet hashSet = new HashSet();
            Iterator it = signers.iterator();
            while (it.hasNext()) {
                X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) certificates.getMatches(((SignerInformation) it.next()).getSID()).stream().findAny().orElse(null);
                if (x509CertificateHolder != null) {
                    hashSet.add(x509CertificateHolder.getSerialNumber());
                }
            }
            Collection matches = cMSSignedData.getCertificates().getMatches((Selector) null);
            matches.removeIf(x509CertificateHolder2 -> {
                return !hashSet.contains(x509CertificateHolder2.getSerialNumber());
            });
            CMSSignedData replaceCertificatesAndCRLs = CMSSignedData.replaceCertificatesAndCRLs(cMSSignedData, new CollectionStore(matches), cMSSignedData.getAttributeCertificates(), cMSSignedData.getCRLs());
            SignatureLogger.logTiCertPart(replaceCertificatesAndCRLs.getEncoded());
            return replaceCertificatesAndCRLs.getEncoded();
        } catch (Throwable th) {
            throw new ImpfZertException(ImpfZertException.Type.Unknown, "Bei der Verarbeitung der Signatur ist ein Fehler aufgetreten", th);
        }
    }

    public byte[] getBinaryCertificate() {
        try {
            return getFhirSignatureCertificate();
        } catch (Throwable th) {
            throw new ImpfZertException(ImpfZertException.Type.Unknown, "Bei der Verarbeitung der Signatur ist ein Fehler aufgetreten", th);
        }
    }

    @NotNull
    public List<Map.Entry<String, String>> getFields() {
        return this.baseVaccinationContent.getFields();
    }

    public void validateSignature(@NotNull KnownRoots knownRoots) {
        try {
            String fhir = getFhir();
            CMSSignedData cMSSignedData = new CMSSignedData(new CMSProcessableByteArray(fhir.getBytes(StandardCharsets.UTF_8)), getFhirSignatureCertificate());
            Store certificates = cMSSignedData.getCertificates();
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                X509Certificate certificate = new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) certificates.getMatches(signerInformation.getSID()).iterator().next());
                try {
                    if (!signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificate.getPublicKey()))) {
                        throw new IllegalStateException("Cannot verify message!");
                    }
                    certificate.verify(knownRoots.findRoot(certificate).orElseThrow(() -> {
                        return new SignatureException("unknown root");
                    }).getPublicKey());
                } catch (CMSException e) {
                    throw new IllegalStateException("Cannot verify message!", e);
                }
            }
        } catch (Throwable th) {
            throw new ImpfZertException(ImpfZertException.Type.Unknown, "Bei der Verarbeitung der Signatur ist ein Fehler aufgetreten", th);
        }
    }
}
