package org.eclipse.edc.verifiablecredentials.linkeddata;

import com.apicatalog.jsonld.json.JsonUtils;
import com.apicatalog.jsonld.loader.DocumentLoader;
import com.apicatalog.jsonld.loader.SchemeRouter;
import com.apicatalog.ld.DocumentError;
import com.apicatalog.ld.Term;
import com.apicatalog.ld.node.LdNode;
import com.apicatalog.ld.node.LdType;
import com.apicatalog.ld.signature.VerificationError;
import com.apicatalog.ld.signature.VerificationMethod;
import com.apicatalog.ld.signature.key.VerificationKey;
import com.apicatalog.vc.Presentation;
import com.apicatalog.vc.VcVocab;
import com.apicatalog.vc.method.resolver.HttpMethodResolver;
import com.apicatalog.vc.method.resolver.MethodResolver;
import com.apicatalog.vc.proof.EmbeddedProof;
import com.apicatalog.vc.proof.Proof;
import com.apicatalog.vc.suite.SignatureSuite;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import jakarta.json.JsonArray;
import jakarta.json.JsonObject;
import jakarta.json.JsonStructure;
import jakarta.json.JsonValue;
import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import org.eclipse.edc.iam.identitytrust.spi.verification.CredentialVerifier;
import org.eclipse.edc.iam.identitytrust.spi.verification.SignatureSuiteRegistry;
import org.eclipse.edc.iam.identitytrust.spi.verification.VerifierContext;
import org.eclipse.edc.jsonld.spi.JsonLd;
import org.eclipse.edc.spi.result.Result;
import org.eclipse.edc.util.uri.UriUtils;

/* loaded from: input_file:org/eclipse/edc/verifiablecredentials/linkeddata/LdpVerifier.class */
public class LdpVerifier implements CredentialVerifier {
    private JsonLd jsonLd;
    private ObjectMapper jsonLdMapper;
    private SignatureSuiteRegistry suiteRegistry;
    private Map<String, Object> params;
    private Collection<MethodResolver> methodResolvers = new ArrayList(List.of(new HttpMethodResolver()));
    private DocumentLoader loader;
    private URI base;

    /* loaded from: input_file:org/eclipse/edc/verifiablecredentials/linkeddata/LdpVerifier$Builder.class */
    public static class Builder {
        private final LdpVerifier verifier = new LdpVerifier();

        private Builder() {
        }

        public static Builder newInstance() {
            return new Builder();
        }

        public Builder signatureSuites(SignatureSuiteRegistry signatureSuiteRegistry) {
            this.verifier.suiteRegistry = signatureSuiteRegistry;
            return this;
        }

        public Builder params(Map<String, Object> map) {
            this.verifier.params = map;
            return this;
        }

        public Builder param(String str, Object obj) {
            this.verifier.params.put(str, obj);
            return this;
        }

        public Builder methodResolvers(Collection<MethodResolver> collection) {
            this.verifier.methodResolvers = collection;
            return this;
        }

        public Builder methodResolver(MethodResolver methodResolver) {
            this.verifier.methodResolvers.add(methodResolver);
            return this;
        }

        public Builder objectMapper(ObjectMapper objectMapper) {
            this.verifier.jsonLdMapper = objectMapper;
            return this;
        }

        public Builder jsonLd(JsonLd jsonLd) {
            this.verifier.jsonLd = jsonLd;
            return this;
        }

        public Builder base(URI uri) {
            this.verifier.base = uri;
            return this;
        }

        public Builder loader(DocumentLoader documentLoader) {
            this.verifier.loader = documentLoader;
            return this;
        }

        public LdpVerifier build() {
            Objects.requireNonNull(this.verifier.jsonLd, "Must have a JsonLD service!");
            Objects.requireNonNull(this.verifier.jsonLdMapper, "Must have an ObjectMapper!");
            Objects.requireNonNull(this.verifier.suiteRegistry, "Must have a Signature registry!");
            return this.verifier;
        }
    }

    private LdpVerifier() {
    }

    public boolean canHandle(String str) {
        try {
            JsonParser createParser = this.jsonLdMapper.createParser(str);
            try {
                createParser.nextToken();
                if (createParser != null) {
                    createParser.close();
                }
                return true;
            } finally {
            }
        } catch (IOException e) {
            return false;
        }
    }

    public Result<Void> verify(String str, VerifierContext verifierContext) {
        try {
            JsonObject jsonObject = (JsonObject) this.jsonLdMapper.readValue(str, JsonObject.class);
            JsonArray jsonArray = jsonObject.containsKey("@context") ? JsonUtils.toJsonArray((JsonValue) jsonObject.get("@context")) : null;
            Result expand = this.jsonLd.expand(jsonObject);
            if (this.loader == null) {
                this.loader = SchemeRouter.defaultInstance();
            }
            return expand.compose(jsonObject2 -> {
                try {
                    return verifyExpanded(jsonObject2, verifierContext, jsonArray);
                } catch (VerificationError e) {
                    return Result.failure("Could not verify VP-LDP: %s | message: %s".formatted(e.getCode(), e.getMessage()));
                } catch (DocumentError e2) {
                    return Result.failure("Could not verify VP-LDP: message: %s, code: %s".formatted(e2.getMessage(), e2.getCode()));
                }
            });
        } catch (JsonProcessingException e) {
            return Result.failure("Failed to parse JSON: %s".formatted(e.toString()));
        }
    }

    public URI getBase() {
        return this.base;
    }

    private VerificationMethod resolveMethod(URI uri, Proof proof, DocumentLoader documentLoader) throws DocumentError {
        if (uri == null) {
            throw new DocumentError(DocumentError.ErrorType.Missing, "ProofVerificationId");
        }
        Optional<MethodResolver> findFirst = this.methodResolvers.stream().filter(methodResolver -> {
            return methodResolver.isAccepted(uri);
        }).findFirst();
        if (findFirst.isPresent()) {
            return findFirst.get().resolve(uri, documentLoader, proof);
        }
        throw new DocumentError(DocumentError.ErrorType.Unknown, "ProofVerificationId");
    }

    private Result<Void> validateCredentialIssuer(JsonObject jsonObject, VerificationMethod verificationMethod) {
        try {
            LdNode node = LdNode.of(jsonObject).node(VcVocab.ISSUER);
            return !node.exists() ? Result.failure("Document must contain an 'issuer' property.") : !UriUtils.equalsIgnoreFragment(node.id(), verificationMethod.id()) ? Result.failure("Issuer and proof.verificationMethod mismatch: %s <> %s".formatted(node, verificationMethod.id())) : Result.success();
        } catch (DocumentError e) {
            return Result.failure("Error getting issuer: %s".formatted(e.getMessage()));
        }
    }

    private Result<Void> verifyExpanded(JsonObject jsonObject, VerifierContext verifierContext, JsonStructure jsonStructure) throws VerificationError, DocumentError {
        if (isCredential(jsonObject)) {
            return verifyProofs(jsonObject, jsonStructure);
        }
        if (!isPresentation(jsonObject)) {
            return Result.failure("%s: %s".formatted(DocumentError.ErrorType.Unknown, Term.TYPE));
        }
        Result<Void> verifyProofs = verifyProofs(jsonObject, jsonStructure);
        if (!verifyProofs.succeeded()) {
            return verifyProofs.mapTo();
        }
        ArrayList arrayList = new ArrayList();
        for (JsonObject jsonObject2 : Presentation.getCredentials(jsonObject)) {
            if (JsonUtils.isNotObject(jsonObject2)) {
                return Result.failure("Presentation contained an invalid 'verifiableCredential' object!");
            }
            arrayList.add(jsonObject2.asJsonObject());
        }
        return (Result) arrayList.stream().map(jsonObject3 -> {
            return verifierContext.verify(jsonObject3.toString());
        }).reduce((v0, v1) -> {
            return v0.merge(v1);
        }).orElse(Result.success());
    }

    private Result<Void> verifyProofs(JsonObject jsonObject, JsonStructure jsonStructure) throws VerificationError, DocumentError {
        Collection<JsonObject> assertProof = EmbeddedProof.assertProof(jsonObject);
        ArrayList arrayList = new ArrayList(assertProof.size());
        JsonObject removeProofs = EmbeddedProof.removeProofs(jsonObject);
        for (JsonObject jsonObject2 : assertProof) {
            if (JsonUtils.isNotObject(jsonObject2)) {
                return Result.failure("%s: %s".formatted(DocumentError.ErrorType.Invalid, VcVocab.PROOF));
            }
            Collection<String> strings = LdType.strings(jsonObject2);
            if (strings == null || strings.isEmpty()) {
                return Result.failure("%s: %s, %s".formatted(DocumentError.ErrorType.Missing, VcVocab.PROOF, Term.TYPE));
            }
            SignatureSuite findSuite = findSuite(strings, jsonObject2);
            if (findSuite == null) {
                return Result.failure("No SignatureSuite found for proof type(s) '%s'.".formatted(String.join(",", new CharSequence[0])));
            }
            Proof proof = findSuite.getProof(jsonObject2, this.loader);
            if (proof == null) {
                return Result.failure("The suite [" + findSuite + "] returns null as a proof.");
            }
            arrayList.add(proof);
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            Proof proof2 = (Proof) it.next();
            try {
                proof2.validate(Map.of());
                if (proof2.signature() == null) {
                    return Result.failure("Proof did not contain a valid signature.");
                }
                VerificationKey method = getMethod(proof2, this.loader);
                if (method == null) {
                    return Result.failure("Proof did not contain a VerificationMethod.");
                }
                if (!(method instanceof VerificationKey)) {
                    return Result.failure("Proof did not contain a valid VerificationMethod, expected VerificationKey, got: %s".formatted(method.getClass()));
                }
                if (isCredential(jsonObject)) {
                    Result<Void> validateCredentialIssuer = validateCredentialIssuer(jsonObject, method);
                    if (validateCredentialIssuer.failed()) {
                        return validateCredentialIssuer;
                    }
                }
                proof2.verify(jsonStructure, removeProofs, method);
            } catch (DocumentError e) {
                return Result.failure("Could not verify VP-LDP: message: %s, code: %s".formatted(e.getMessage(), e.getCode()));
            } catch (VerificationError e2) {
                return Result.failure("Verification failed: %s".formatted(e2.getMessage()));
            }
        }
        return Result.success();
    }

    private VerificationMethod getMethod(Proof proof, DocumentLoader documentLoader) throws DocumentError {
        VerificationKey method = proof.method();
        if (method == null) {
            throw new DocumentError(DocumentError.ErrorType.Missing, "ProofVerificationMethod");
        }
        return (method.type() == null || !(method instanceof VerificationKey) || method.publicKey() == null) ? resolveMethod(method.id(), proof, documentLoader) : method;
    }

    private SignatureSuite findSuite(Collection<String> collection, JsonObject jsonObject) {
        return (SignatureSuite) this.suiteRegistry.getAllSuites().stream().filter(signatureSuite -> {
            return collection.stream().anyMatch(str -> {
                return signatureSuite.isSupported(str, jsonObject);
            });
        }).findFirst().orElse(null);
    }

    private boolean isCredential(JsonObject jsonObject) {
        return LdNode.isTypeOf(VcVocab.CREDENTIAL_TYPE.uri(), jsonObject);
    }

    private boolean isPresentation(JsonObject jsonObject) {
        return LdNode.isTypeOf(VcVocab.PRESENTATION_TYPE.uri(), jsonObject);
    }
}
