package se.digg.dgc.service.impl;

import com.upokecenter.cbor.CBORException;
import java.io.IOException;
import java.security.SignatureException;
import java.security.cert.CertificateExpiredException;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.digg.dgc.encoding.Base45;
import se.digg.dgc.encoding.DGCConstants;
import se.digg.dgc.encoding.Zlib;
import se.digg.dgc.payload.v1.DGCSchemaException;
import se.digg.dgc.payload.v1.DigitalGreenCertificate;
import se.digg.dgc.payload.v1.MapperUtils;
import se.digg.dgc.service.DGCDecoder;
import se.digg.dgc.signatures.CertificateProvider;
import se.digg.dgc.signatures.DGCSignatureVerifier;
import se.digg.dgc.signatures.impl.DefaultDGCSignatureVerifier;

/* loaded from: input_file:se/digg/dgc/service/impl/DefaultDGCDecoder.class */
public class DefaultDGCDecoder implements DGCDecoder {
    private static final Logger log = LoggerFactory.getLogger(DefaultDGCDecoder.class);
    private final DGCSignatureVerifier dgcSignatureVerifier;
    private final CertificateProvider certificateProvider;

    public DefaultDGCDecoder(DGCSignatureVerifier dGCSignatureVerifier, CertificateProvider certificateProvider) {
        this.dgcSignatureVerifier = (DGCSignatureVerifier) Optional.ofNullable(dGCSignatureVerifier).orElse(new DefaultDGCSignatureVerifier());
        this.certificateProvider = (CertificateProvider) Optional.ofNullable(certificateProvider).orElseThrow(() -> {
            return new IllegalArgumentException("certificateProvider must be supplied");
        });
    }

    @Override // se.digg.dgc.service.DGCDecoder
    public DigitalGreenCertificate decode(String str) throws DGCSchemaException, SignatureException, CertificateExpiredException, IOException {
        byte[] decodeToBytes = decodeToBytes(str);
        log.trace("CBOR decoding DGC ...");
        DigitalGreenCertificate digitalGreenCertificate = MapperUtils.toDigitalGreenCertificate(decodeToBytes);
        log.trace("Decoded into: {}", digitalGreenCertificate);
        return digitalGreenCertificate;
    }

    @Override // se.digg.dgc.service.DGCDecoder
    public byte[] decodeToBytes(String str) throws SignatureException, CertificateExpiredException, IOException {
        String str2 = str;
        if (str2.startsWith(DGCConstants.DGC_V1_HEADER)) {
            str2 = str2.substring(DGCConstants.DGC_V1_HEADER.length());
            log.trace("Stripped {} header - Base45 encoding is {} characters long", DGCConstants.DGC_V1_HEADER, Integer.valueOf(str2.length()));
        } else {
            log.info("Missing header - {}", DGCConstants.DGC_V1_HEADER);
        }
        log.trace("Base45 decoding into a compressed CWT ...");
        byte[] decode = Base45.getDecoder().decode(str2);
        log.trace("Compressed CWT is {} bytes long", Integer.valueOf(decode.length));
        log.trace("De-compressing the CWT ...");
        if (!Zlib.isCompressed(decode)) {
            log.info("The data to inflate is missing ZLIB header byte - assuming un-compressed data");
        }
        byte[] decompress = Zlib.decompress(decode, false);
        log.trace("Inflated data into CWT of length {}", Integer.valueOf(decompress.length));
        return decodeRawToBytes(decompress);
    }

    @Override // se.digg.dgc.service.DGCDecoder
    public DigitalGreenCertificate decodeRaw(byte[] bArr) throws DGCSchemaException, SignatureException, CertificateExpiredException, IOException {
        byte[] decodeRawToBytes = decodeRawToBytes(bArr);
        log.trace("CBOR decoding DGC ...");
        DigitalGreenCertificate digitalGreenCertificate = MapperUtils.toDigitalGreenCertificate(decodeRawToBytes);
        log.trace("Decoded into: {}", digitalGreenCertificate);
        return digitalGreenCertificate;
    }

    @Override // se.digg.dgc.service.DGCDecoder
    public byte[] decodeRawToBytes(byte[] bArr) throws SignatureException, CertificateExpiredException, IOException {
        try {
            log.trace("Verifying signature on signed CWT ...");
            DGCSignatureVerifier.Result verify = this.dgcSignatureVerifier.verify(bArr, this.certificateProvider);
            log.debug("Successful signature validation of signed CWT. dgc-length='{}', issuing-country='{}', issued-at='{}', expires='{}'", new Object[]{Integer.valueOf(verify.getDgcPayload().length), verify.getCountry(), verify.getIssuedAt(), verify.getExpires()});
            log.trace("Subject DN of certificate used to verify signature: {}", verify.getSignerCertificate().getSubjectX500Principal().toString());
            return verify.getDgcPayload();
        } catch (CBORException e) {
            throw new IOException("CBOR error - " + e.getMessage(), e);
        }
    }
}
