package org.eclipse.edc.identityhub.api.v1;

import com.nimbusds.jwt.SignedJWT;
import jakarta.json.JsonObject;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.HeaderParam;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Response;
import java.text.ParseException;
import java.util.List;
import java.util.Optional;
import java.util.stream.Stream;
import org.eclipse.edc.iam.identitytrust.spi.model.PresentationQueryMessage;
import org.eclipse.edc.identityhub.spi.participantcontext.ParticipantContextId;
import org.eclipse.edc.identityhub.spi.participantcontext.ParticipantContextService;
import org.eclipse.edc.identityhub.spi.participantcontext.model.ParticipantContext;
import org.eclipse.edc.identityhub.spi.verifiablecredentials.generator.VerifiablePresentationService;
import org.eclipse.edc.identityhub.spi.verifiablecredentials.resolution.CredentialQueryResolver;
import org.eclipse.edc.identityhub.spi.verification.AccessTokenVerifier;
import org.eclipse.edc.spi.EdcException;
import org.eclipse.edc.spi.monitor.Monitor;
import org.eclipse.edc.transform.spi.TypeTransformerRegistry;
import org.eclipse.edc.validator.spi.JsonObjectValidatorRegistry;
import org.eclipse.edc.web.spi.ApiErrorDetail;
import org.eclipse.edc.web.spi.exception.AuthenticationFailedException;
import org.eclipse.edc.web.spi.exception.InvalidRequestException;
import org.eclipse.edc.web.spi.exception.NotAuthorizedException;
import org.eclipse.edc.web.spi.exception.ServiceResultHandler;
import org.eclipse.edc.web.spi.exception.ValidationFailureException;
import org.jetbrains.annotations.Nullable;

@Produces({"application/json"})
@Path("/v1/participants/{participantId}/presentations")
@Consumes({"application/json"})
/* loaded from: input_file:org/eclipse/edc/identityhub/api/v1/PresentationApiController.class */
public class PresentationApiController implements PresentationApi {
    private final JsonObjectValidatorRegistry validatorRegistry;
    private final TypeTransformerRegistry transformerRegistry;
    private final CredentialQueryResolver queryResolver;
    private final AccessTokenVerifier accessTokenVerifier;
    private final VerifiablePresentationService verifiablePresentationService;
    private final Monitor monitor;
    private final ParticipantContextService participantContextService;

    public PresentationApiController(JsonObjectValidatorRegistry jsonObjectValidatorRegistry, TypeTransformerRegistry typeTransformerRegistry, CredentialQueryResolver credentialQueryResolver, AccessTokenVerifier accessTokenVerifier, VerifiablePresentationService verifiablePresentationService, Monitor monitor, ParticipantContextService participantContextService) {
        this.validatorRegistry = jsonObjectValidatorRegistry;
        this.transformerRegistry = typeTransformerRegistry;
        this.queryResolver = credentialQueryResolver;
        this.accessTokenVerifier = accessTokenVerifier;
        this.verifiablePresentationService = verifiablePresentationService;
        this.monitor = monitor;
        this.participantContextService = participantContextService;
    }

    @Override // org.eclipse.edc.identityhub.api.v1.PresentationApi
    @POST
    @Path("/query")
    public Response queryPresentation(@PathParam("participantId") String str, JsonObject jsonObject, @HeaderParam("Authorization") String str2) {
        if (str2 == null) {
            throw new AuthenticationFailedException("Authorization header missing");
        }
        String trim = str2.replace("Bearer", "").trim();
        this.validatorRegistry.validate("https://w3id.org/tractusx-trust/v0.8/PresentationQueryMessage", jsonObject).orElseThrow(ValidationFailureException::new);
        String str3 = (String) ParticipantContextId.onEncoded(str).orElseThrow(InvalidRequestException::new);
        PresentationQueryMessage presentationQueryMessage = (PresentationQueryMessage) this.transformerRegistry.transform(jsonObject, PresentationQueryMessage.class).orElseThrow(InvalidRequestException::new);
        if (presentationQueryMessage.getPresentationDefinition() != null) {
            this.monitor.warning("DIF Presentation Queries are not supported yet. This will get implemented in future iterations.", new Throwable[0]);
            return notImplemented();
        }
        this.participantContextService.getParticipantContext(str3).orElseThrow(ServiceResultHandler.exceptionMapper(ParticipantContext.class, str3));
        Stream stream = (Stream) this.queryResolver.query(str3, presentationQueryMessage, (List) this.accessTokenVerifier.verify(trim, str3).orElseThrow(failure -> {
            return new AuthenticationFailedException("ID token verification failed: %s".formatted(failure.getFailureDetail()));
        })).orElseThrow(queryFailure -> {
            return new NotAuthorizedException(queryFailure.getFailureDetail());
        });
        return Response.ok().entity((JsonObject) this.verifiablePresentationService.createPresentation(str3, stream.toList(), presentationQueryMessage.getPresentationDefinition(), getAudience(trim)).compose(presentationResponseMessage -> {
            return this.transformerRegistry.transform(presentationResponseMessage, JsonObject.class);
        }).orElseThrow(failure2 -> {
            return new EdcException("Error creating VerifiablePresentation: %s".formatted(failure2.getFailureDetail()));
        })).build();
    }

    @Nullable
    private String getAudience(String str) {
        try {
            return (String) Optional.ofNullable(SignedJWT.parse(str).getJWTClaimsSet().getClaim("iss")).map((v0) -> {
                return v0.toString();
            }).orElse(null);
        } catch (ParseException e) {
            throw new RuntimeException(e);
        }
    }

    private Response notImplemented() {
        return Response.status(503).entity(ApiErrorDetail.Builder.newInstance().message("Not implemented.").type("Not implemented.").build()).build();
    }
}
