package dev.fitko.fitconnect.core.cases;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import dev.fitko.fitconnect.api.config.ApplicationConfig;
import dev.fitko.fitconnect.api.domain.model.event.Event;
import dev.fitko.fitconnect.api.domain.model.event.EventClaimFields;
import dev.fitko.fitconnect.api.domain.model.event.EventHeaderFields;
import dev.fitko.fitconnect.api.domain.model.event.EventPayload;
import dev.fitko.fitconnect.api.domain.model.event.authtags.AuthenticationTags;
import dev.fitko.fitconnect.api.domain.validation.ValidationResult;
import dev.fitko.fitconnect.api.exceptions.internal.EventCreationException;
import dev.fitko.fitconnect.api.exceptions.internal.ValidationException;
import dev.fitko.fitconnect.api.services.events.SecurityEventService;
import dev.fitko.fitconnect.api.services.validation.ValidationService;
import java.text.ParseException;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;

/* loaded from: input_file:dev/fitko/fitconnect/core/cases/SecurityEventTokenService.class */
public class SecurityEventTokenService implements SecurityEventService {
    private final RSAKey signingKey;
    private final ValidationService validationService;
    private final ApplicationConfig config;

    public SecurityEventTokenService(ApplicationConfig applicationConfig, ValidationService validationService, RSAKey rSAKey) {
        this.config = applicationConfig;
        this.signingKey = rSAKey;
        this.validationService = validationService;
    }

    @Override // dev.fitko.fitconnect.api.services.events.SecurityEventService
    public SignedJWT createAcceptSubmissionEvent(EventPayload eventPayload) {
        return signJWT(Event.ACCEPT_SUBMISSION, eventPayload);
    }

    @Override // dev.fitko.fitconnect.api.services.events.SecurityEventService
    public SignedJWT createRejectSubmissionEvent(EventPayload eventPayload) {
        return signJWT(Event.REJECT_SUBMISSION, eventPayload);
    }

    private SignedJWT signJWT(Event event, EventPayload eventPayload) {
        String str = "case:" + eventPayload.getCaseId();
        String str2 = "submission:" + eventPayload.getSubmissionId();
        JWSSigner jwsSigner = getJwsSigner(this.signingKey);
        SignedJWT signedJWT = new SignedJWT(buildJwsHeader(this.signingKey.getKeyID()), buildJwtClaimsSet(event, eventPayload, str, str2));
        try {
            signedJWT.sign(jwsSigner);
            validateEventSchema(signedJWT.getPayload().toString());
            return signedJWT;
        } catch (JOSEException | ValidationException e) {
            throw new EventCreationException("Creating " + event + " event JWT failed", e.getCause());
        }
    }

    private JWSSigner getJwsSigner(RSAKey rSAKey) {
        try {
            return new RSASSASigner(rSAKey);
        } catch (JOSEException e) {
            throw new EventCreationException("Error creating the RSASigner", e);
        }
    }

    private JWSHeader buildJwsHeader(String str) {
        try {
            return JWSHeader.parse(Map.of(EventHeaderFields.TYPE, EventClaimFields.HEADER_TYPE, EventHeaderFields.KEY_ID, str, EventHeaderFields.ALGORITHM, "PS512"));
        } catch (ParseException e) {
            throw new EventCreationException("Parsing JWS header failed", e);
        }
    }

    private JWTClaimsSet buildJwtClaimsSet(Event event, EventPayload eventPayload, String str, String str2) {
        return new JWTClaimsSet.Builder().claim(EventClaimFields.CLAIM_SCHEMA, this.config.getSetSchemaWriteVersion()).issuer(eventPayload.getDestinationId().toString()).issueTime(new Date()).jwtID(UUID.randomUUID().toString()).subject(str2).claim(EventClaimFields.CLAIM_TXN, str).claim(EventClaimFields.CLAIM_EVENTS, buildEventsClaim(event, eventPayload)).build();
    }

    private Map<String, Object> buildEventsClaim(Event event, EventPayload eventPayload) {
        HashMap hashMap = new HashMap();
        if (eventPayload.getProblems() != null && !eventPayload.getProblems().isEmpty()) {
            hashMap.put(EventClaimFields.PROBLEMS, eventPayload.getProblems());
        }
        if (event.equals(Event.ACCEPT_SUBMISSION)) {
            hashMap.put(EventClaimFields.AUTHENTICATION_TAGS, new AuthenticationTags(eventPayload.getDataAuthTag(), eventPayload.getMetadataAuthTag(), eventPayload.getAttachmentAuthTags()));
        }
        return Map.of(event.getSchemaUri(), hashMap);
    }

    private void validateEventSchema(String str) {
        ValidationResult validateSetEventSchema = this.validationService.validateSetEventSchema(str);
        if (validateSetEventSchema.hasError()) {
            throw new ValidationException("Set event is invalid", validateSetEventSchema.getError());
        }
    }
}
