package io.spiffe.workloadapi;

import com.google.protobuf.ByteString;
import io.spiffe.bundle.jwtbundle.JwtBundle;
import io.spiffe.bundle.jwtbundle.JwtBundleSet;
import io.spiffe.bundle.x509bundle.X509Bundle;
import io.spiffe.bundle.x509bundle.X509BundleSet;
import io.spiffe.exception.JwtBundleException;
import io.spiffe.exception.X509BundleException;
import io.spiffe.exception.X509ContextException;
import io.spiffe.exception.X509SvidException;
import io.spiffe.spiffeid.SpiffeId;
import io.spiffe.spiffeid.TrustDomain;
import io.spiffe.svid.x509svid.X509Svid;
import io.spiffe.workloadapi.grpc.Workload;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:io/spiffe/workloadapi/GrpcConversionUtils.class */
final class GrpcConversionUtils {
    private GrpcConversionUtils() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Context toX509Context(Iterator<Workload.X509SVIDResponse> it) throws X509ContextException {
        if (it.hasNext()) {
            return toX509Context(it.next());
        }
        throw new X509ContextException("X.509 Context response from the Workload API is empty");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Context toX509Context(Workload.X509SVIDResponse x509SVIDResponse) throws X509ContextException {
        if (x509SVIDResponse.getSvidsList() == null || x509SVIDResponse.getSvidsList().size() == 0) {
            throw new X509ContextException("X.509 Context response from the Workload API is empty");
        }
        return X509Context.of(getListOfX509Svid(x509SVIDResponse), X509BundleSet.of(getListOfX509Bundles(x509SVIDResponse)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JwtBundleSet toBundleSet(Iterator<Workload.JWTBundlesResponse> it) throws JwtBundleException {
        if (it.hasNext()) {
            return toBundleSet(it.next());
        }
        throw new JwtBundleException("JWT Bundle response from the Workload API is empty");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JwtBundleSet toBundleSet(Workload.JWTBundlesResponse jWTBundlesResponse) throws JwtBundleException {
        if (jWTBundlesResponse.getBundlesMap().size() == 0) {
            throw new JwtBundleException("JWT Bundle response from the Workload API is empty");
        }
        ArrayList arrayList = new ArrayList();
        Iterator<Map.Entry<String, ByteString>> it = jWTBundlesResponse.getBundlesMap().entrySet().iterator();
        while (it.hasNext()) {
            arrayList.add(createJwtBundle(it.next()));
        }
        return JwtBundleSet.of(arrayList);
    }

    static X509Bundle parseX509Bundle(TrustDomain trustDomain, byte[] bArr) throws X509ContextException {
        try {
            return X509Bundle.parse(trustDomain, bArr);
        } catch (X509BundleException e) {
            throw new X509ContextException("X.509 Bundles could not be processed", e);
        }
    }

    private static List<X509Bundle> getListOfX509Bundles(Workload.X509SVIDResponse x509SVIDResponse) throws X509ContextException {
        ArrayList arrayList = new ArrayList();
        Iterator<Workload.X509SVID> it = x509SVIDResponse.getSvidsList().iterator();
        while (it.hasNext()) {
            arrayList.add(createX509Bundle(it.next()));
        }
        for (Map.Entry<String, ByteString> entry : x509SVIDResponse.getFederatedBundlesMap().entrySet()) {
            arrayList.add(parseX509Bundle(TrustDomain.of(entry.getKey()), entry.getValue().toByteArray()));
        }
        return arrayList;
    }

    private static X509Bundle createX509Bundle(Workload.X509SVID x509svid) throws X509ContextException {
        return parseX509Bundle(SpiffeId.parse(x509svid.getSpiffeId()).getTrustDomain(), x509svid.getBundle().toByteArray());
    }

    private static List<X509Svid> getListOfX509Svid(Workload.X509SVIDResponse x509SVIDResponse) throws X509ContextException {
        ArrayList arrayList = new ArrayList();
        Iterator<Workload.X509SVID> it = x509SVIDResponse.getSvidsList().iterator();
        while (it.hasNext()) {
            arrayList.add(createAndValidateX509Svid(it.next()));
        }
        return arrayList;
    }

    private static X509Svid createAndValidateX509Svid(Workload.X509SVID x509svid) throws X509ContextException {
        try {
            X509Svid parseRaw = X509Svid.parseRaw(x509svid.getX509Svid().toByteArray(), x509svid.getX509SvidKey().toByteArray());
            validateSpiffeId(parseRaw.getSpiffeId().toString(), x509svid.getSpiffeId());
            return parseRaw;
        } catch (X509SvidException e) {
            throw new X509ContextException("X.509 SVID response could not be processed", e);
        }
    }

    private static void validateSpiffeId(String str, String str2) throws X509ContextException {
        if (!str.equals(str2.trim())) {
            throw new X509ContextException(String.format("SPIFFE ID in X509SVIDResponse (%s) does not match SPIFFE ID in X.509 certificate (%s)", str2, str));
        }
    }

    private static JwtBundle createJwtBundle(Map.Entry<String, ByteString> entry) throws JwtBundleException {
        return JwtBundle.parse(TrustDomain.of(entry.getKey()), entry.getValue().toByteArray());
    }
}
