package org.keycloak.sdjwt;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.JsonNodeType;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import java.util.stream.Stream;
import org.keycloak.crypto.SignatureSignerContext;
import org.keycloak.sdjwt.ArrayDisclosure;
import org.keycloak.sdjwt.DisclosureSpec;
import org.keycloak.sdjwt.vp.KeyBindingJWT;

/* loaded from: input_file:WEB-INF/lib/keycloak-core-24.0.4.jar:org/keycloak/sdjwt/SdJwt.class */
public class SdJwt {
    public static final String DELIMITER = "~";
    private final IssuerSignedJWT issuerSignedJWT;
    private final List<SdJwtClaim> claims;
    private final List<String> disclosures;
    private Optional<String> sdJwtString;

    /* loaded from: input_file:WEB-INF/lib/keycloak-core-24.0.4.jar:org/keycloak/sdjwt/SdJwt$Builder.class */
    public static class Builder {
        private DisclosureSpec disclosureSpec;
        private JsonNode claimSet;
        private SignatureSignerContext signer;
        private Optional<KeyBindingJWT> keyBindingJWT = Optional.empty();
        private final List<SdJwt> nestedSdJwts = new ArrayList();

        public Builder withDisclosureSpec(DisclosureSpec disclosureSpec) {
            this.disclosureSpec = disclosureSpec;
            return this;
        }

        public Builder withClaimSet(JsonNode jsonNode) {
            this.claimSet = jsonNode;
            return this;
        }

        public Builder withKeyBindingJWT(KeyBindingJWT keyBindingJWT) {
            this.keyBindingJWT = Optional.of(keyBindingJWT);
            return this;
        }

        public Builder withSigner(SignatureSignerContext signatureSignerContext) {
            this.signer = signatureSignerContext;
            return this;
        }

        public Builder withNestedSdJwt(SdJwt sdJwt) {
            this.nestedSdJwts.add(sdJwt);
            return this;
        }

        public SdJwt build() {
            return new SdJwt(this.disclosureSpec, this.claimSet, this.nestedSdJwts, this.keyBindingJWT, this.signer);
        }
    }

    private SdJwt(DisclosureSpec disclosureSpec, JsonNode jsonNode, List<SdJwt> list, Optional<KeyBindingJWT> optional, SignatureSignerContext signatureSignerContext) {
        this.disclosures = new ArrayList();
        this.sdJwtString = Optional.empty();
        this.claims = new ArrayList();
        jsonNode.fields().forEachRemaining(entry -> {
            this.claims.add(createClaim((String) entry.getKey(), (JsonNode) entry.getValue(), disclosureSpec));
        });
        this.issuerSignedJWT = IssuerSignedJWT.builder().withClaims(this.claims).withDecoyClaims(createdDecoyClaims(disclosureSpec)).withNestedDisclosures(!list.isEmpty()).withSigner(signatureSignerContext).build();
        list.stream().forEach(sdJwt -> {
            this.disclosures.addAll(sdJwt.getDisclosures());
        });
        this.disclosures.addAll(getDisclosureStrings(this.claims));
    }

    private List<DecoyClaim> createdDecoyClaims(DisclosureSpec disclosureSpec) {
        return (List) disclosureSpec.getDecoyClaims().stream().map(disclosureData -> {
            return DecoyClaim.builder().withSalt(disclosureData.getSalt()).build();
        }).collect(Collectors.toList());
    }

    public JsonNode asNestedPayload() {
        JsonNode payload = this.issuerSignedJWT.getPayload();
        ((ObjectNode) payload).remove(IssuerSignedJWT.CLAIM_NAME_SD_HASH_ALGORITHM);
        return payload;
    }

    public String toSdJwtString() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.issuerSignedJWT.toJws());
        arrayList.addAll(this.disclosures);
        arrayList.add("");
        return String.join("~", arrayList);
    }

    private static List<String> getDisclosureStrings(List<SdJwtClaim> list) {
        ArrayList arrayList = new ArrayList();
        Stream<R> map = list.stream().map((v0) -> {
            return v0.getDisclosureStrings();
        });
        Objects.requireNonNull(arrayList);
        map.forEach((v1) -> {
            r1.addAll(v1);
        });
        return Collections.unmodifiableList(arrayList);
    }

    public String toString() {
        return this.sdJwtString.orElseGet(() -> {
            String sdJwtString = toSdJwtString();
            this.sdJwtString = Optional.of(sdJwtString);
            return sdJwtString;
        });
    }

    private SdJwtClaim createClaim(String str, JsonNode jsonNode, DisclosureSpec disclosureSpec) {
        DisclosureSpec.DisclosureData undisclosedClaim = disclosureSpec.getUndisclosedClaim(SdJwtClaimName.of(str));
        return undisclosedClaim != null ? createUndisclosedClaim(str, jsonNode, undisclosedClaim.getSalt()) : createArrayOrVisibleClaim(str, jsonNode, disclosureSpec);
    }

    private SdJwtClaim createUndisclosedClaim(String str, JsonNode jsonNode, SdJwtSalt sdJwtSalt) {
        return UndisclosedClaim.builder().withClaimName(str).withClaimValue(jsonNode).withSalt(sdJwtSalt).build();
    }

    private SdJwtClaim createArrayOrVisibleClaim(String str, JsonNode jsonNode, DisclosureSpec disclosureSpec) {
        SdJwtClaimName of = SdJwtClaimName.of(str);
        Map<Integer, DisclosureSpec.DisclosureData> undisclosedArrayElts = disclosureSpec.getUndisclosedArrayElts(of);
        Map<Integer, DisclosureSpec.DisclosureData> decoyArrayElts = disclosureSpec.getDecoyArrayElts(of);
        return (undisclosedArrayElts == null && decoyArrayElts == null) ? VisibleSdJwtClaim.builder().withClaimName(str).withClaimValue(jsonNode).build() : createArrayDisclosure(str, jsonNode, undisclosedArrayElts, decoyArrayElts);
    }

    private SdJwtClaim createArrayDisclosure(String str, JsonNode jsonNode, Map<Integer, DisclosureSpec.DisclosureData> map, Map<Integer, DisclosureSpec.DisclosureData> map2) {
        ArrayNode validateArrayNode = validateArrayNode(str, jsonNode);
        ArrayDisclosure.Builder withClaimName = ArrayDisclosure.builder().withClaimName(str);
        if (map != null) {
            IntStream.range(0, validateArrayNode.size()).forEach(i -> {
                processArrayElement(withClaimName, validateArrayNode.get(i), (DisclosureSpec.DisclosureData) map.get(Integer.valueOf(i)));
            });
        }
        if (map2 != null) {
            map2.entrySet().stream().forEach(entry -> {
                withClaimName.withDecoyElt((Integer) entry.getKey(), ((DisclosureSpec.DisclosureData) entry.getValue()).getSalt());
            });
        }
        return withClaimName.build();
    }

    private ArrayNode validateArrayNode(String str, JsonNode jsonNode) {
        return (ArrayNode) Optional.of(jsonNode).filter(jsonNode2 -> {
            return jsonNode2.getNodeType() == JsonNodeType.ARRAY;
        }).map(jsonNode3 -> {
            return (ArrayNode) jsonNode3;
        }).orElseThrow(() -> {
            return new IllegalArgumentException("Expected array for claim with name: " + str);
        });
    }

    private void processArrayElement(ArrayDisclosure.Builder builder, JsonNode jsonNode, DisclosureSpec.DisclosureData disclosureData) {
        if (disclosureData != null) {
            builder.withUndisclosedElement(disclosureData.getSalt(), jsonNode);
        } else {
            builder.withVisibleElement(jsonNode);
        }
    }

    public IssuerSignedJWT getIssuerSignedJWT() {
        return this.issuerSignedJWT;
    }

    public List<String> getDisclosures() {
        return this.disclosures;
    }

    public static Builder builder() {
        return new Builder();
    }
}
