package de.gematik.pki.tsl;

import de.gematik.pki.error.ErrorCode;
import de.gematik.pki.exception.GemPkiException;
import de.gematik.pki.ocsp.OcspRespCache;
import de.gematik.pki.ocsp.OcspTransceiver;
import de.gematik.pki.utils.CertReader;
import eu.europa.esig.trustedlist.jaxb.tsl.TrustStatusListType;
import eu.europa.esig.xmldsig.jaxb.X509DataType;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import javax.xml.bind.JAXBElement;
import lombok.Generated;
import lombok.NonNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/gematik/pki/tsl/TucPki001Verifier.class */
public class TucPki001Verifier {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(TucPki001Verifier.class);

    @NonNull
    protected final String productType;

    @NonNull
    protected final List<TspService> currentTrustedServices;

    @NonNull
    protected final TrustStatusListType tslToCheck;
    protected final boolean withOcspCheck;
    protected final OcspRespCache ocspRespCache;

    @Generated
    /* loaded from: input_file:de/gematik/pki/tsl/TucPki001Verifier$TucPki001VerifierBuilder.class */
    public static class TucPki001VerifierBuilder {

        @Generated
        private String productType;

        @Generated
        private List<TspService> currentTrustedServices;

        @Generated
        private TrustStatusListType tslToCheck;

        @Generated
        private boolean withOcspCheck$set;

        @Generated
        private boolean withOcspCheck$value;

        @Generated
        private OcspRespCache ocspRespCache;

        @Generated
        TucPki001VerifierBuilder() {
        }

        @Generated
        public TucPki001VerifierBuilder productType(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("productType is marked non-null but is null");
            }
            this.productType = str;
            return this;
        }

        @Generated
        public TucPki001VerifierBuilder currentTrustedServices(@NonNull List<TspService> list) {
            if (list == null) {
                throw new NullPointerException("currentTrustedServices is marked non-null but is null");
            }
            this.currentTrustedServices = list;
            return this;
        }

        @Generated
        public TucPki001VerifierBuilder tslToCheck(@NonNull TrustStatusListType trustStatusListType) {
            if (trustStatusListType == null) {
                throw new NullPointerException("tslToCheck is marked non-null but is null");
            }
            this.tslToCheck = trustStatusListType;
            return this;
        }

        @Generated
        public TucPki001VerifierBuilder withOcspCheck(boolean z) {
            this.withOcspCheck$value = z;
            this.withOcspCheck$set = true;
            return this;
        }

        @Generated
        public TucPki001VerifierBuilder ocspRespCache(OcspRespCache ocspRespCache) {
            this.ocspRespCache = ocspRespCache;
            return this;
        }

        @Generated
        public TucPki001Verifier build() {
            boolean z = this.withOcspCheck$value;
            if (!this.withOcspCheck$set) {
                z = TucPki001Verifier.$default$withOcspCheck();
            }
            return new TucPki001Verifier(this.productType, this.currentTrustedServices, this.tslToCheck, z, this.ocspRespCache);
        }

        @Generated
        public String toString() {
            return "TucPki001Verifier.TucPki001VerifierBuilder(productType=" + this.productType + ", currentTrustedServices=" + this.currentTrustedServices + ", tslToCheck=" + this.tslToCheck + ", withOcspCheck$value=" + this.withOcspCheck$value + ", ocspRespCache=" + this.ocspRespCache + ")";
        }
    }

    public void performTucPki001Checks() throws GemPkiException {
        log.debug("TucPki001Checks...");
        Stream stream = this.tslToCheck.getSignature().getKeyInfo().getContent().stream();
        Class<JAXBElement> cls = JAXBElement.class;
        Objects.requireNonNull(JAXBElement.class);
        Stream filter = stream.filter(cls::isInstance);
        Class<JAXBElement> cls2 = JAXBElement.class;
        Objects.requireNonNull(JAXBElement.class);
        Stream map = filter.map(cls2::cast).map((v0) -> {
            return v0.getValue();
        });
        Class<X509DataType> cls3 = X509DataType.class;
        Objects.requireNonNull(X509DataType.class);
        Stream filter2 = map.filter(cls3::isInstance);
        Class<X509DataType> cls4 = X509DataType.class;
        Objects.requireNonNull(X509DataType.class);
        Stream flatMap = filter2.map(cls4::cast).map((v0) -> {
            return v0.getX509IssuerSerialOrX509SKIOrX509SubjectName();
        }).flatMap((v0) -> {
            return v0.stream();
        });
        Class<JAXBElement> cls5 = JAXBElement.class;
        Objects.requireNonNull(JAXBElement.class);
        Stream filter3 = flatMap.filter(cls5::isInstance);
        Class<JAXBElement> cls6 = JAXBElement.class;
        Objects.requireNonNull(JAXBElement.class);
        X509Certificate readX509 = CertReader.readX509((byte[]) filter3.map(cls6::cast).map((v0) -> {
            return v0.getValue();
        }).findFirst().orElseThrow());
        doOcspIfConfigured(readX509, new TspInformationProvider(this.currentTrustedServices, this.productType).getTspServiceSubset(readX509));
    }

    protected void doOcspIfConfigured(X509Certificate x509Certificate, TspServiceSubset tspServiceSubset) throws GemPkiException {
        if (this.withOcspCheck) {
            OcspTransceiver.builder().productType(this.productType).x509EeCert(x509Certificate).x509IssuerCert(tspServiceSubset.getX509IssuerCert()).ssp(tspServiceSubset.getServiceSupplyPoint()).build().verifyOcspResponse(this.ocspRespCache);
        } else {
            log.warn(ErrorCode.SW_1039.getErrorMessage(this.productType));
        }
    }

    @Generated
    private static boolean $default$withOcspCheck() {
        return true;
    }

    @Generated
    public static TucPki001VerifierBuilder builder() {
        return new TucPki001VerifierBuilder();
    }

    @Generated
    protected TucPki001Verifier(@NonNull String str, @NonNull List<TspService> list, @NonNull TrustStatusListType trustStatusListType, boolean z, OcspRespCache ocspRespCache) {
        if (str == null) {
            throw new NullPointerException("productType is marked non-null but is null");
        }
        if (list == null) {
            throw new NullPointerException("currentTrustedServices is marked non-null but is null");
        }
        if (trustStatusListType == null) {
            throw new NullPointerException("tslToCheck is marked non-null but is null");
        }
        this.productType = str;
        this.currentTrustedServices = list;
        this.tslToCheck = trustStatusListType;
        this.withOcspCheck = z;
        this.ocspRespCache = ocspRespCache;
    }
}
