package com.pingidentity.did.sdk.client;

import com.pingidentity.did.sdk.client.data.InputDescriptorMatch;
import com.pingidentity.did.sdk.client.data.VerifiablePresentationMatcherResult;
import com.pingidentity.did.sdk.exception.DidException;
import com.pingidentity.did.sdk.exception.InvalidOpenIDVCUrlException;
import com.pingidentity.did.sdk.exception.InvalidUrlException;
import com.pingidentity.did.sdk.json.JsonUtil;
import com.pingidentity.did.sdk.types.Credential;
import com.pingidentity.did.sdk.types.VerifiableCredential;
import com.pingidentity.did.sdk.util.UrlUtil;
import com.pingidentity.did.sdk.w3c.did.DID;
import com.pingidentity.did.sdk.w3c.did.DidJwsConsumer;
import com.pingidentity.did.sdk.w3c.did.DidSupport;
import com.pingidentity.did.sdk.w3c.verifiableCredential.InputDescriptor;
import com.pingidentity.did.sdk.w3c.verifiableCredential.OpenIDTokenFactory;
import com.pingidentity.did.sdk.w3c.verifiableCredential.PresentationAction;
import com.pingidentity.did.sdk.w3c.verifiableCredential.PresentationDefinition;
import com.pingidentity.did.sdk.w3c.verifiableCredential.PresentationStatus;
import com.pingidentity.did.sdk.w3c.verifiableCredential.SchemaFilter;
import com.pingidentity.did.sdk.w3c.verifiableCredential.VerifiablePresentationRequest;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import okhttp3.f0;
import okhttp3.h0;
import okhttp3.u;
import org.accells.utils.a;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.lang.JoseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes4.dex */
public class OpenIDVerifiableCredentialsClient {
    public static final String OPENID_VC_SCHEME = "openid-vc:";
    public static final String RESPONSE_MODE_FRAGMENT = "fragment";
    public static final String RESPONSE_MODE_POST = "post";
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) OpenIDVerifiableCredentialsClient.class);
    private final DidJwsConsumer didJwsConsumer;
    private final LinkHandler linkHandler;
    private final OpenIDTokenFactory openIDTokenFactory;

    /* loaded from: classes4.dex */
    public static class VerifiablePresentationResult {
        private final String idToken;
        private final PresentationStatus presentationStatus;
        private final String responseBody;
        private final boolean shareSuccessful;
        private final String shareUri;
        private final String vpToken;

        public VerifiablePresentationResult(String str, String str2, String str3, String str4, PresentationStatus presentationStatus) {
            this.shareUri = str;
            this.vpToken = str2;
            this.idToken = str3;
            this.shareSuccessful = PresentationStatus.Status.FAILURE != presentationStatus.getStatus();
            this.responseBody = str4;
            this.presentationStatus = presentationStatus;
        }

        public String getIdToken() {
            return this.idToken;
        }

        public PresentationStatus getPresentationStatus() {
            return this.presentationStatus;
        }

        public String getResponseBody() {
            return this.responseBody;
        }

        public String getShareUri() {
            return this.shareUri;
        }

        public String getVpToken() {
            return this.vpToken;
        }

        public boolean isShareSuccessful() {
            return this.shareSuccessful;
        }

        public String toString() {
            return "VerifiablePresentationResult{shareUri='" + this.shareUri + "', vpToken='" + this.vpToken + "', idToken='" + this.idToken + "', shareSuccessful=" + this.shareSuccessful + ", responseBody='" + this.responseBody + "'}";
        }
    }

    public OpenIDVerifiableCredentialsClient(DidSupport didSupport) {
        this(didSupport, null);
    }

    public OpenIDVerifiableCredentialsClient(DidSupport didSupport, LinkHandler linkHandler) {
        this.linkHandler = linkHandler;
        this.didJwsConsumer = new DidJwsConsumer(didSupport);
        this.openIDTokenFactory = new OpenIDTokenFactory();
    }

    private static okhttp3.g createCallFromUrl(String str) {
        return new f0.a().f().a(new h0.a().D(str).b());
    }

    private List<VerifiableCredential> findMatchingCredentials(final InputDescriptor inputDescriptor, Collection<VerifiableCredential> collection) {
        return (List) collection.stream().filter(new Predicate() { // from class: com.pingidentity.did.sdk.client.n0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean lambda$findMatchingCredentials$1;
                lambda$findMatchingCredentials$1 = OpenIDVerifiableCredentialsClient.this.lambda$findMatchingCredentials$1(inputDescriptor, (VerifiableCredential) obj);
                return lambda$findMatchingCredentials$1;
            }
        }).collect(Collectors.toList());
    }

    private static String getRequestUriFromUrl(String str) throws InvalidUrlException {
        if (isValidScheme(str)) {
            return UrlUtil.getSingleQueryParameterValue(str, "request_uri");
        }
        return null;
    }

    public static boolean isValidOpenIdVcUrl(String str) throws InvalidUrlException {
        return getRequestUriFromUrl(str) != null;
    }

    private static boolean isValidScheme(String str) {
        return str.startsWith(OPENID_VC_SCHEME);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$processUrl$0(VerifiablePresentationRequest verifiablePresentationRequest) {
        this.linkHandler.handleOpenID4VerifiablePresentationRequest(verifiablePresentationRequest, this);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: matchesInputDescriptor, reason: merged with bridge method [inline-methods] */
    public boolean lambda$findMatchingCredentials$1(InputDescriptor inputDescriptor, VerifiableCredential verifiableCredential) {
        List<SchemaFilter> schema = inputDescriptor.getSchema();
        if (schema == null) {
            return false;
        }
        final Set set = (Set) schema.stream().map(new k0()).filter(new l0()).collect(Collectors.toSet());
        Credential credential = verifiableCredential.getCredential();
        Stream<String> stream = credential.getType().stream();
        Objects.requireNonNull(set);
        Set set2 = (Set) stream.filter(new Predicate() { // from class: com.pingidentity.did.sdk.client.m0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                return set.contains((String) obj);
            }
        }).collect(Collectors.toSet());
        if (!set2.isEmpty()) {
            logger.info("VC types matches {} out of {} URIs: {}", Integer.valueOf(set2.size()), Integer.valueOf(set.size()), set2);
            return true;
        }
        Set set3 = (Set) credential.getContext().stream().filter(new Predicate() { // from class: com.pingidentity.did.sdk.client.m0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                return set.contains((String) obj);
            }
        }).collect(Collectors.toSet());
        if (set3.isEmpty()) {
            return false;
        }
        logger.info("VC contexts matches {} out of {} URIs: {}", Integer.valueOf(set3.size()), Integer.valueOf(set.size()), set3);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public VerifiablePresentationRequest parseOpenIdRequestJwt(String str) throws InvalidOpenIDVCUrlException {
        try {
            VerifiablePresentationRequest parseVerifiablePresentationRequest = parseVerifiablePresentationRequest(this.didJwsConsumer.readJwsString(str));
            parseVerifiablePresentationRequest.setRequestJwt(str);
            return parseVerifiablePresentationRequest;
        } catch (IOException e8) {
            throw new InvalidOpenIDVCUrlException("Error reading Verifiable Presentation Request", e8);
        }
    }

    private VerifiablePresentationRequest parseVerifiablePresentationRequest(JwtClaims jwtClaims) throws IOException {
        return (VerifiablePresentationRequest) new JsonUtil.Builder().build().adapter(VerifiablePresentationRequest.class).fromJson(jwtClaims.toJson());
    }

    private VerifiablePresentationResult postTokensToRequester(String str, String str2, String str3, String str4) {
        boolean z7 = false;
        try {
            okhttp3.j0 execute = new f0.a().f().a(new h0.a().D(str).n("Content-Type", "application/x-www-form-urlencoded").r(new u.a().a("vp_token", str2).a("id_token", str3).a(a.b.f48665x, str4).c()).b()).execute();
            if (execute.E() >= 200 && execute.E() < 300) {
                z7 = true;
            }
            okhttp3.k0 u7 = execute.u();
            r1 = u7 != null ? u7.y() : null;
            if (!z7) {
                logger.warn("VP Share response code: {}. Response body: {}", execute, r1);
            }
        } catch (IOException e8) {
            logger.error("Error sharing VP with verifier", (Throwable) e8);
        }
        return new VerifiablePresentationResult(str, str2, str3, r1, new PresentationStatus(z7 ? PresentationStatus.Status.SUCCESS : PresentationStatus.Status.FAILURE));
    }

    private static String readStringFromUrl(String str) throws InvalidOpenIDVCUrlException {
        try {
            okhttp3.j0 execute = createCallFromUrl(str).execute();
            try {
                okhttp3.k0 u7 = execute.u();
                if (execute.E() == 200 && u7 != null) {
                    String y7 = u7.y();
                    execute.close();
                    return y7;
                }
                throw new InvalidOpenIDVCUrlException("Invalid response from OpenID-VC request URL: " + str);
            } finally {
            }
        } catch (IOException e8) {
            throw new InvalidOpenIDVCUrlException("Error reading OpenID-VC request URL: " + str, e8);
        }
    }

    public VerifiablePresentationMatcherResult filterVerifiableCredentialsMatchingRequest(List<VerifiableCredential> list, VerifiablePresentationRequest verifiablePresentationRequest) {
        List<InputDescriptor> list2 = (List) this.openIDTokenFactory.getPresentationDefinition(verifiablePresentationRequest).map(new Function() { // from class: com.pingidentity.did.sdk.client.j0
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                return ((PresentationDefinition) obj).getInputDescriptors();
            }
        }).orElse(Collections.emptyList());
        ArrayList arrayList = new ArrayList(list2.size());
        boolean z7 = true;
        boolean z8 = false;
        for (InputDescriptor inputDescriptor : list2) {
            List<VerifiableCredential> findMatchingCredentials = findMatchingCredentials(inputDescriptor, list);
            arrayList.add(new InputDescriptorMatch(inputDescriptor, findMatchingCredentials));
            z7 &= !findMatchingCredentials.isEmpty();
            z8 |= findMatchingCredentials.size() > 1;
        }
        return new VerifiablePresentationMatcherResult(arrayList, z7, z8);
    }

    public VerifiablePresentationResult prepareFragmentResponse(String str, String str2, String str3, String str4) {
        return new VerifiablePresentationResult(str, str2, str3, null, new PresentationStatus(PresentationStatus.Status.REQUIRES_ACTION, PresentationAction.newOpenUriAction(str + "#vp_token=" + str2 + "&id_token=" + str3 + "&state=" + str4)));
    }

    public void processUrl(String str) throws InvalidUrlException {
        if (str == null || str.isEmpty() || !isValidOpenIdVcUrl(str)) {
            throw new InvalidUrlException("URL must not be valid OpenID VC URL");
        }
        if (this.linkHandler == null) {
            throw new IllegalStateException("LinkHandler not configured");
        }
        Consumer<VerifiablePresentationRequest> consumer = new Consumer() { // from class: com.pingidentity.did.sdk.client.o0
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                OpenIDVerifiableCredentialsClient.this.lambda$processUrl$0((VerifiablePresentationRequest) obj);
            }
        };
        final LinkHandler linkHandler = this.linkHandler;
        Objects.requireNonNull(linkHandler);
        readOpenIdVcUrl(str, consumer, new Consumer() { // from class: com.pingidentity.did.sdk.client.p0
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                LinkHandler.this.handleError((Exception) obj);
            }
        });
    }

    public VerifiablePresentationRequest readOpenIdVcUrl(String str) throws InvalidUrlException {
        return parseOpenIdRequestJwt(readStringFromUrl(getRequestUriFromUrl(str)));
    }

    public void readOpenIdVcUrl(final String str, final Consumer<VerifiablePresentationRequest> consumer, final Consumer<Exception> consumer2) throws InvalidUrlException {
        createCallFromUrl(getRequestUriFromUrl(str)).x1(new okhttp3.h() { // from class: com.pingidentity.did.sdk.client.OpenIDVerifiableCredentialsClient.1
            private void processResponse(okhttp3.j0 j0Var) throws InvalidOpenIDVCUrlException, IOException {
                okhttp3.k0 u7 = j0Var.u();
                if (j0Var.E() == 200 && u7 != null) {
                    consumer.accept(OpenIDVerifiableCredentialsClient.this.parseOpenIdRequestJwt(u7.y()));
                } else {
                    throw new InvalidOpenIDVCUrlException("Invalid response from OpenID-VC request URL: " + str);
                }
            }

            @Override // okhttp3.h
            public void onFailure(okhttp3.g gVar, IOException iOException) {
                OpenIDVerifiableCredentialsClient.logger.error("Failed to read OpenID4VC URL: {}", str, iOException);
                Consumer consumer3 = consumer2;
                if (consumer3 != null) {
                    consumer3.accept(iOException);
                }
            }

            @Override // okhttp3.h
            public void onResponse(okhttp3.g gVar, okhttp3.j0 j0Var) {
                try {
                    processResponse(j0Var);
                } catch (Exception e8) {
                    OpenIDVerifiableCredentialsClient.logger.error("Error processing OpenID-VC request URL: " + str, (Throwable) e8);
                    if (consumer2 != null) {
                        consumer2.accept(e8);
                    }
                }
            }
        });
    }

    public VerifiablePresentationResult sendVerifiablePresentation(DID did, VerifiablePresentationRequest verifiablePresentationRequest, Map<InputDescriptor, VerifiableCredential> map) {
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        for (Map.Entry<InputDescriptor, VerifiableCredential> entry : map.entrySet()) {
            VerifiableCredential value = entry.getValue();
            int indexOf = arrayList.indexOf(value);
            if (indexOf < 0) {
                indexOf = arrayList.size();
                arrayList.add(value);
            }
            hashMap.put(entry.getKey(), Integer.valueOf(indexOf));
        }
        JsonWebSignature createVpTokenJwt = this.openIDTokenFactory.createVpTokenJwt(did, this.openIDTokenFactory.createVerifiablePresentation(arrayList), verifiablePresentationRequest);
        JsonWebSignature createIdTokenJwt = this.openIDTokenFactory.createIdTokenJwt(did, this.openIDTokenFactory.createIdToken(verifiablePresentationRequest, hashMap), verifiablePresentationRequest);
        try {
            String compactSerialization = createVpTokenJwt.getCompactSerialization();
            String compactSerialization2 = createIdTokenJwt.getCompactSerialization();
            String redirectUri = verifiablePresentationRequest.getRedirectUri();
            String state = verifiablePresentationRequest.getState();
            String responseMode = verifiablePresentationRequest.getResponseMode();
            int hashCode = responseMode.hashCode();
            if (hashCode != -1650269616) {
                if (hashCode == 3446944) {
                    responseMode.equals(RESPONSE_MODE_POST);
                }
            } else if (responseMode.equals(RESPONSE_MODE_FRAGMENT)) {
                return prepareFragmentResponse(redirectUri, compactSerialization, compactSerialization2, state);
            }
            return postTokensToRequester(redirectUri, compactSerialization, compactSerialization2, state);
        } catch (JoseException e8) {
            throw new DidException("Error creating JWT", e8);
        }
    }
}
