package com.webank.weid.service.impl;

import com.webank.weid.constant.CredentialConstant;
import com.webank.weid.constant.CredentialFieldDisclosureValue;
import com.webank.weid.constant.ErrorCode;
import com.webank.weid.constant.ParamKeyConstant;
import com.webank.weid.constant.WeIdConstant;
import com.webank.weid.exception.DataTypeCastException;
import com.webank.weid.exception.WeIdBaseException;
import com.webank.weid.protocol.base.Challenge;
import com.webank.weid.protocol.base.ClaimPolicy;
import com.webank.weid.protocol.base.Cpt;
import com.webank.weid.protocol.base.CredentialPojo;
import com.webank.weid.protocol.base.PresentationE;
import com.webank.weid.protocol.base.PresentationPolicyE;
import com.webank.weid.protocol.base.WeIdAuthentication;
import com.webank.weid.protocol.base.WeIdDocument;
import com.webank.weid.protocol.base.WeIdPublicKey;
import com.webank.weid.protocol.request.CreateCredentialPojoArgs;
import com.webank.weid.protocol.response.ResponseData;
import com.webank.weid.rpc.CptService;
import com.webank.weid.rpc.CredentialPojoService;
import com.webank.weid.rpc.WeIdService;
import com.webank.weid.service.BaseService;
import com.webank.weid.util.CredentialPojoUtils;
import com.webank.weid.util.CredentialUtils;
import com.webank.weid.util.DataToolUtils;
import com.webank.weid.util.DateUtils;
import com.webank.weid.util.WeIdUtils;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.stream.Collectors;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.bcos.web3j.abi.datatypes.Address;
import org.bcos.web3j.crypto.ECKeyPair;
import org.bcos.web3j.crypto.Keys;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/webank/weid/service/impl/CredentialPojoServiceImpl.class */
public class CredentialPojoServiceImpl extends BaseService implements CredentialPojoService {
    private static final Logger logger = LoggerFactory.getLogger(CredentialPojoServiceImpl.class);
    private static WeIdService weIdService = new WeIdServiceImpl();
    private static CptService cptService = new CptServiceImpl();
    private static final String NOT_DISCLOSED = CredentialFieldDisclosureValue.NOT_DISCLOSED.getStatus().toString();
    private static final String DISCLOSED = CredentialFieldDisclosureValue.DISCLOSED.getStatus().toString();
    private static final String EXISTED = CredentialFieldDisclosureValue.EXISTED.getStatus().toString();

    public static void generateSalt(Map<String, Object> map) {
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            Object value = entry.getValue();
            if (value instanceof Map) {
                generateSalt((HashMap) value);
            } else if (!(value instanceof List)) {
                addSalt(entry);
            } else if (!generateSaltFromList((ArrayList) value)) {
                addSalt(entry);
            }
        }
    }

    private static void addSalt(Map.Entry<String, Object> entry) {
        entry.setValue(DataToolUtils.getRandomSalt());
    }

    private static boolean generateSaltFromList(List<Object> list) {
        for (Object obj : list) {
            if (obj instanceof Map) {
                generateSalt((HashMap) obj);
            } else {
                if (!(obj instanceof List)) {
                    return false;
                }
                boolean generateSaltFromList = generateSaltFromList((ArrayList) obj);
                if (!generateSaltFromList) {
                    return generateSaltFromList;
                }
            }
        }
        return true;
    }

    private static boolean validCredentialMapArgs(Map<String, Object> map, Map<String, Object> map2, Map<String, Object> map3) {
        if (map == null || map2 == null || map3 == null || !map.keySet().equals(map2.keySet())) {
            return false;
        }
        for (Map.Entry<String, Object> entry : map3.entrySet()) {
            String key = entry.getKey();
            Object value = entry.getValue();
            if (!map.containsKey(key)) {
                return false;
            }
            Object obj = map2.get(key);
            Object obj2 = map.get(key);
            if (value instanceof Map) {
                if (!validCredentialMapArgs((HashMap) obj2, (HashMap) obj, (HashMap) value)) {
                    return false;
                }
            } else if ((value instanceof List) && !validCredentialListArgs((ArrayList) obj2, (ArrayList) obj, (ArrayList) value)) {
                return false;
            }
        }
        return true;
    }

    private static boolean validCredentialListArgs(List<Object> list, List<Object> list2, List<Object> list3) {
        boolean validCredentialListArgs;
        if (list == null || list2 == null || list3 == null || list.size() != list2.size()) {
            return false;
        }
        for (int i = 0; i < list3.size(); i++) {
            Object obj = list3.get(i);
            Object obj2 = list.get(i);
            Object obj3 = list2.get(i);
            if (obj instanceof Map) {
                boolean validCredentialListArgs2 = validCredentialListArgs(list, list2, (HashMap) obj);
                if (!validCredentialListArgs2) {
                    return validCredentialListArgs2;
                }
            } else if ((obj instanceof List) && !(validCredentialListArgs = validCredentialListArgs((ArrayList) obj2, (ArrayList) obj3, (ArrayList) obj))) {
                return validCredentialListArgs;
            }
        }
        return true;
    }

    private static boolean validCredentialListArgs(List<Object> list, List<Object> list2, Map<String, Object> map) {
        if (list == null || list2 == null || list2.size() != list.size()) {
            return false;
        }
        for (int i = 0; i < list.size(); i++) {
            boolean validCredentialMapArgs = validCredentialMapArgs((HashMap) list.get(i), (HashMap) list2.get(i), map);
            if (!validCredentialMapArgs) {
                return validCredentialMapArgs;
            }
        }
        return true;
    }

    private static void addKeyToPolicy(Map<String, Object> map, Map<String, Object> map2) {
        for (Map.Entry<String, Object> entry : map2.entrySet()) {
            String key = entry.getKey();
            Object value = entry.getValue();
            if (value instanceof Map) {
                HashMap hashMap = (HashMap) value;
                if (!map.containsKey(key)) {
                    map.put(key, new HashMap());
                }
                addKeyToPolicy((HashMap) map.get(key), hashMap);
            } else if (value instanceof List) {
                ArrayList arrayList = (ArrayList) value;
                if (!isSampleListForClaim(arrayList)) {
                    if (!map.containsKey(key)) {
                        map.put(key, new ArrayList());
                    }
                    addKeyToPolicyList((ArrayList) map.get(key), arrayList);
                } else if (!map.containsKey(key)) {
                    map.put(key, Integer.valueOf(Integer.parseInt(NOT_DISCLOSED)));
                }
            } else if (!map.containsKey(key)) {
                map.put(key, Integer.valueOf(Integer.parseInt(NOT_DISCLOSED)));
            }
        }
    }

    private static void addKeyToPolicyList(ArrayList arrayList, ArrayList arrayList2) {
        for (int i = 0; i < arrayList2.size(); i++) {
            Object obj = arrayList2.get(i);
            if (obj instanceof Map) {
                if ((arrayList.size() == 0 ? null : arrayList.get(0)) == null) {
                    arrayList.add(new HashMap());
                }
                addKeyToPolicy((HashMap) arrayList.get(0), (HashMap) obj);
                return;
            } else {
                if (obj instanceof List) {
                    if (arrayList.get(i) == null) {
                        arrayList.add(new ArrayList());
                    }
                    addKeyToPolicyList((ArrayList) arrayList.get(i), (ArrayList) obj);
                }
            }
        }
    }

    private static boolean isSampleListForClaim(ArrayList arrayList) {
        if (CollectionUtils.isEmpty(arrayList)) {
            return true;
        }
        Object obj = arrayList.get(0);
        if (obj instanceof Map) {
            return false;
        }
        if (obj instanceof List) {
            return isSampleListForClaim((ArrayList) obj);
        }
        return true;
    }

    private static void addSelectSalt(Map<String, Object> map, Map<String, Object> map2, Map<String, Object> map3) {
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            String key = entry.getKey();
            Object value = entry.getValue();
            Object obj = map2.get(key);
            Object obj2 = map3.get(key);
            if (value == null) {
                throw new WeIdBaseException(ErrorCode.CREDENTIAL_POLICY_DISCLOSUREVALUE_ILLEGAL);
            }
            if (value instanceof Map) {
                addSelectSalt((HashMap) value, (HashMap) obj, (HashMap) obj2);
            } else if (value instanceof List) {
                addSaltForList((ArrayList) value, (ArrayList) obj, (ArrayList) obj2);
            } else {
                addHashToClaim(map2, map3, key, value, obj, obj2);
            }
        }
    }

    private static void addHashToClaim(Map<String, Object> map, Map<String, Object> map2, String str, Object obj, Object obj2, Object obj3) {
        if (((Integer) obj).equals(Integer.valueOf(Integer.parseInt(NOT_DISCLOSED))) && map2.containsKey(str)) {
            map.put(str, NOT_DISCLOSED);
            map2.put(str, CredentialPojoUtils.getFieldSaltHash(String.valueOf(obj3), String.valueOf(obj2)));
        }
    }

    private static void addSaltForList(List<Object> list, List<Object> list2, List<Object> list3) {
        for (int i = 0; list3 != null && i < list.size(); i++) {
            Object obj = list.get(i);
            Object obj2 = list3.get(i);
            Object obj3 = list2.get(i);
            if (obj instanceof Map) {
                addSaltForList((HashMap) obj, list2, list3);
            } else if (obj instanceof List) {
                addSaltForList((ArrayList) obj, (ArrayList) obj3, (ArrayList) obj2);
            }
        }
    }

    private static void addSaltForList(Map<String, Object> map, List<Object> list, List<Object> list2) {
        for (int i = 0; list2 != null && i < list2.size(); i++) {
            addSelectSalt(map, (HashMap) list.get(i), (HashMap) list2.get(i));
        }
    }

    private static ErrorCode verifyContent(CredentialPojo credentialPojo, String str) {
        try {
            return verifyContentInner(credentialPojo, str);
        } catch (WeIdBaseException e) {
            logger.error("[verifyContent] verify credential has exception.", e);
            return e.getErrorCode();
        }
    }

    private static ErrorCode verifyContentInner(CredentialPojo credentialPojo, String str) {
        ErrorCode isCredentialPojoValid = CredentialPojoUtils.isCredentialPojoValid(credentialPojo);
        if (ErrorCode.SUCCESS.getCode() != isCredentialPojoValid.getCode()) {
            return isCredentialPojoValid;
        }
        if (credentialPojo.getCptId().intValue() == CredentialConstant.CREDENTIAL_EMBEDDED_SIGNATURE_CPT.intValue()) {
            return ErrorCode.CPT_ID_ILLEGAL;
        }
        if (credentialPojo.getCptId().intValue() != CredentialConstant.CREDENTIALPOJO_EMBEDDED_SIGNATURE_CPT.intValue()) {
            return verifySingleSignedCredential(credentialPojo, str);
        }
        ErrorCode verifySingleSignedCredential = verifySingleSignedCredential(credentialPojo, str);
        if (verifySingleSignedCredential != ErrorCode.SUCCESS) {
            return verifySingleSignedCredential;
        }
        try {
            if (credentialPojo.getClaim().get("credentialList") instanceof String) {
                return ErrorCode.SUCCESS;
            }
            Iterator it = ((ArrayList) credentialPojo.getClaim().get("credentialList")).iterator();
            while (it.hasNext()) {
                try {
                    ErrorCode verifyContentInner = verifyContentInner((CredentialPojo) DataToolUtils.mapToObj((Map) it.next(), CredentialPojo.class), null);
                    if (verifyContentInner != ErrorCode.SUCCESS) {
                        return verifyContentInner;
                    }
                } catch (Exception e) {
                    logger.error("Failed to convert credentialPojo to object: " + e.getMessage());
                    return ErrorCode.ILLEGAL_INPUT;
                }
            }
            return ErrorCode.SUCCESS;
        } catch (Exception e2) {
            return ErrorCode.CREDENTIAL_CLAIM_DATA_ILLEGAL;
        }
    }

    private static ErrorCode verifySingleSignedCredential(CredentialPojo credentialPojo, String str) {
        ErrorCode verifyCptFormat = verifyCptFormat(credentialPojo.getCptId(), credentialPojo.getClaim(), CredentialPojoUtils.isSelectivelyDisclosed(credentialPojo.getSalt()));
        if (ErrorCode.SUCCESS.getCode() != verifyCptFormat.getCode()) {
            return verifyCptFormat;
        }
        String credentialThumbprintWithoutSig = CredentialPojoUtils.getCredentialThumbprintWithoutSig(credentialPojo, credentialPojo.getSalt(), null);
        String issuer = credentialPojo.getIssuer();
        if (!StringUtils.isEmpty(str)) {
            try {
                return !DataToolUtils.verifySignature(credentialThumbprintWithoutSig, credentialPojo.getSignature(), new BigInteger(str)) ? ErrorCode.CREDENTIAL_SIGNATURE_BROKEN : ErrorCode.SUCCESS;
            } catch (Exception e) {
                logger.error("[verifyContent] verify signature fail.", e);
                return ErrorCode.CREDENTIAL_SIGNATURE_BROKEN;
            }
        }
        ResponseData<WeIdDocument> weIdDocument = weIdService.getWeIdDocument(issuer);
        if (weIdDocument.getErrorCode().intValue() == ErrorCode.SUCCESS.getCode()) {
            return DataToolUtils.verifySignatureFromWeId(credentialThumbprintWithoutSig, credentialPojo.getSignature(), weIdDocument.getResult());
        }
        logger.error("Error occurred when fetching WeIdentity DID document for: {}, msg: {}", issuer, weIdDocument.getErrorMessage());
        return ErrorCode.getTypeByErrorCode(weIdDocument.getErrorCode().intValue());
    }

    private static ErrorCode verifyCptFormat(Integer num, Map<String, Object> map, boolean z) {
        if (num.intValue() == CredentialConstant.CREDENTIALPOJO_EMBEDDED_SIGNATURE_CPT.intValue()) {
            return !map.containsKey("credentialList") ? ErrorCode.CREDENTIAL_CLAIM_DATA_ILLEGAL : ErrorCode.SUCCESS;
        }
        try {
            String serialize = DataToolUtils.serialize(map);
            Cpt result = cptService.queryCpt(num).getResult();
            if (result == null) {
                logger.error(ErrorCode.CREDENTIAL_CPT_NOT_EXISTS.getCodeDesc());
                return ErrorCode.CREDENTIAL_CPT_NOT_EXISTS;
            }
            String serialize2 = DataToolUtils.serialize(result.getCptJsonSchema());
            if (!DataToolUtils.isCptJsonSchemaValid(serialize2)) {
                logger.error(ErrorCode.CPT_JSON_SCHEMA_INVALID.getCodeDesc());
                return ErrorCode.CPT_JSON_SCHEMA_INVALID;
            }
            if (z || DataToolUtils.isValidateJsonVersusSchema(serialize, serialize2)) {
                return ErrorCode.SUCCESS;
            }
            logger.error(ErrorCode.CREDENTIAL_CLAIM_DATA_ILLEGAL.getCodeDesc());
            return ErrorCode.CREDENTIAL_CLAIM_DATA_ILLEGAL;
        } catch (Exception e) {
            logger.error("Generic error occurred during verify cpt format when verifyCredential: " + e);
            return ErrorCode.CREDENTIAL_ERROR;
        }
    }

    @Override // com.webank.weid.rpc.CredentialPojoService
    public ResponseData<CredentialPojo> createCredential(CreateCredentialPojoArgs createCredentialPojoArgs) {
        try {
            ErrorCode isCreateCredentialPojoArgsValid = CredentialPojoUtils.isCreateCredentialPojoArgsValid(createCredentialPojoArgs);
            if (ErrorCode.SUCCESS.getCode() != isCreateCredentialPojoArgsValid.getCode()) {
                logger.error("Create Credential Args illegal: {}", isCreateCredentialPojoArgsValid.getCodeDesc());
                return new ResponseData<>(null, isCreateCredentialPojoArgsValid);
            }
            CredentialPojo credentialPojo = new CredentialPojo();
            credentialPojo.setContext(CredentialUtils.getDefaultCredentialContext());
            credentialPojo.setId(UUID.randomUUID().toString());
            credentialPojo.setCptId(createCredentialPojoArgs.getCptId());
            if (createCredentialPojoArgs.getIssuanceDate() == null) {
                credentialPojo.setIssuanceDate(DateUtils.getNoMillisecondTimeStamp());
            } else {
                Long convertToNoMillisecondTimeStamp = DateUtils.convertToNoMillisecondTimeStamp(createCredentialPojoArgs.getIssuanceDate());
                if (convertToNoMillisecondTimeStamp == null) {
                    logger.error("Create Credential Args illegal.");
                    return new ResponseData<>(null, ErrorCode.CREDENTIAL_ISSUANCE_DATE_ILLEGAL);
                }
                credentialPojo.setIssuanceDate(convertToNoMillisecondTimeStamp);
            }
            if (!WeIdUtils.validatePrivateKeyWeIdMatches(createCredentialPojoArgs.getWeIdAuthentication().getWeIdPrivateKey(), createCredentialPojoArgs.getIssuer())) {
                logger.error("Create Credential, private key does not match the current weid.");
                return new ResponseData<>(null, ErrorCode.WEID_PRIVATEKEY_DOES_NOT_MATCH);
            }
            credentialPojo.setIssuer(createCredentialPojoArgs.getIssuer());
            Long convertToNoMillisecondTimeStamp2 = DateUtils.convertToNoMillisecondTimeStamp(createCredentialPojoArgs.getExpirationDate());
            if (convertToNoMillisecondTimeStamp2 == null) {
                logger.error("Create Credential Args illegal.");
                return new ResponseData<>(null, ErrorCode.CREDENTIAL_EXPIRE_DATE_ILLEGAL);
            }
            credentialPojo.setExpirationDate(convertToNoMillisecondTimeStamp2);
            credentialPojo.addType(CredentialConstant.DEFAULT_CREDENTIAL_TYPE);
            Object claim = createCredentialPojoArgs.getClaim();
            HashMap hashMap = (HashMap) DataToolUtils.deserialize(!(claim instanceof String) ? DataToolUtils.serialize(claim) : (String) claim, HashMap.class);
            credentialPojo.setClaim(hashMap);
            Map<String, Object> map = (Map) DataToolUtils.clone(hashMap);
            generateSalt(map);
            String sign = DataToolUtils.sign(CredentialPojoUtils.getCredentialThumbprintWithoutSig(credentialPojo, map, null), createCredentialPojoArgs.getWeIdAuthentication().getWeIdPrivateKey().getPrivateKey());
            credentialPojo.putProofValue("created", credentialPojo.getIssuanceDate());
            credentialPojo.putProofValue(ParamKeyConstant.PROOF_CREATOR, createCredentialPojoArgs.getWeIdAuthentication().getWeIdPublicKeyId());
            credentialPojo.putProofValue("type", CredentialConstant.CredentialProofType.ECDSA.getTypeName());
            credentialPojo.putProofValue(ParamKeyConstant.PROOF_SIGNATURE, sign);
            credentialPojo.setSalt(map);
            return new ResponseData<>(credentialPojo, ErrorCode.SUCCESS);
        } catch (Exception e) {
            logger.error("Generate Credential failed due to system error. ", e);
            return new ResponseData<>(null, ErrorCode.CREDENTIAL_ERROR);
        }
    }

    @Override // com.webank.weid.rpc.CredentialPojoService
    public ResponseData<CredentialPojo> addSignature(List<CredentialPojo> list, WeIdAuthentication weIdAuthentication) {
        if (list == null || list.size() == 0 || CredentialPojoUtils.isWeIdAuthenticationValid(weIdAuthentication) != ErrorCode.SUCCESS) {
            return new ResponseData<>(null, ErrorCode.ILLEGAL_INPUT);
        }
        CredentialPojo credentialPojo = new CredentialPojo();
        credentialPojo.setCptId(CredentialConstant.CREDENTIALPOJO_EMBEDDED_SIGNATURE_CPT);
        credentialPojo.setIssuanceDate(DateUtils.getNoMillisecondTimeStamp());
        credentialPojo.setId(UUID.randomUUID().toString());
        credentialPojo.setContext(CredentialUtils.getDefaultCredentialContext());
        Long l = 0L;
        for (CredentialPojo credentialPojo2 : list) {
            if (credentialPojo2.getExpirationDate().longValue() > l.longValue()) {
                l = credentialPojo2.getExpirationDate();
            }
        }
        Long convertToNoMillisecondTimeStamp = DateUtils.convertToNoMillisecondTimeStamp(l);
        if (convertToNoMillisecondTimeStamp == null) {
            logger.error("Create Credential Args illegal.");
            return new ResponseData<>(null, ErrorCode.CREDENTIAL_EXPIRE_DATE_ILLEGAL);
        }
        credentialPojo.setExpirationDate(convertToNoMillisecondTimeStamp);
        if (!WeIdUtils.validatePrivateKeyWeIdMatches(weIdAuthentication.getWeIdPrivateKey(), weIdAuthentication.getWeId())) {
            logger.error("Create Credential, private key does not match the current weid.");
            return new ResponseData<>(null, ErrorCode.WEID_PRIVATEKEY_DOES_NOT_MATCH);
        }
        if (!weIdService.isWeIdExist(weIdAuthentication.getWeId()).getResult().booleanValue()) {
            return new ResponseData<>(null, ErrorCode.WEID_DOES_NOT_EXIST);
        }
        String privateKey = weIdAuthentication.getWeIdPrivateKey().getPrivateKey();
        credentialPojo.setIssuer(WeIdUtils.convertAddressToWeId(new Address(Keys.getAddress(ECKeyPair.create(new BigInteger(privateKey)))).toString()));
        credentialPojo.addType(CredentialConstant.DEFAULT_CREDENTIAL_TYPE);
        ArrayList arrayList = new ArrayList();
        for (CredentialPojo credentialPojo3 : list) {
            boolean z = false;
            Iterator it = arrayList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (CredentialPojoUtils.isEqual(credentialPojo3, (CredentialPojo) it.next())) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                ErrorCode isCredentialPojoValid = CredentialPojoUtils.isCredentialPojoValid(credentialPojo3);
                if (isCredentialPojoValid != ErrorCode.SUCCESS) {
                    return new ResponseData<>(null, isCredentialPojoValid);
                }
                arrayList.add(credentialPojo3);
            }
        }
        ArrayList arrayList2 = new ArrayList();
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                arrayList2.add(DataToolUtils.objToMap((CredentialPojo) it2.next()));
            } catch (Exception e) {
                logger.error("Failed to convert Credential to map structure.");
                return new ResponseData<>(null, ErrorCode.ILLEGAL_INPUT);
            }
        }
        HashMap hashMap = new HashMap();
        hashMap.put("credentialList", arrayList2);
        credentialPojo.setClaim(hashMap);
        Map<String, Object> map = (Map) DataToolUtils.clone(hashMap);
        generateSalt(map);
        String sign = DataToolUtils.sign(CredentialPojoUtils.getCredentialThumbprintWithoutSig(credentialPojo, map, null), privateKey);
        credentialPojo.putProofValue("created", credentialPojo.getIssuanceDate());
        credentialPojo.putProofValue(ParamKeyConstant.PROOF_CREATOR, weIdAuthentication.getWeIdPublicKeyId());
        credentialPojo.putProofValue("type", CredentialConstant.CredentialProofType.ECDSA.getTypeName());
        credentialPojo.putProofValue(ParamKeyConstant.PROOF_SIGNATURE, sign);
        credentialPojo.setSalt(map);
        return new ResponseData<>(credentialPojo, ErrorCode.SUCCESS);
    }

    @Override // com.webank.weid.rpc.CredentialPojoService
    public ResponseData<CredentialPojo> createSelectiveCredential(CredentialPojo credentialPojo, ClaimPolicy claimPolicy) {
        try {
            CredentialPojo credentialPojo2 = (CredentialPojo) DataToolUtils.clone(credentialPojo);
            ErrorCode isCredentialPojoValid = CredentialPojoUtils.isCredentialPojoValid(credentialPojo2);
            if (ErrorCode.SUCCESS.getCode() != isCredentialPojoValid.getCode()) {
                return new ResponseData<>(null, isCredentialPojoValid);
            }
            if (credentialPojo2.getCptId().equals(CredentialConstant.CREDENTIALPOJO_EMBEDDED_SIGNATURE_CPT)) {
                return new ResponseData<>(null, ErrorCode.CPT_ID_ILLEGAL);
            }
            if (claimPolicy == null) {
                logger.error("[createSelectiveCredential] claimPolicy is null.");
                return new ResponseData<>(null, ErrorCode.CREDENTIAL_CLAIM_POLICY_NOT_EXIST);
            }
            if (CredentialPojoUtils.isSelectivelyDisclosed(credentialPojo.getSalt())) {
                return new ResponseData<>(null, ErrorCode.CREDENTIAL_RE_DISCLOSED);
            }
            String fieldsToBeDisclosed = claimPolicy.getFieldsToBeDisclosed();
            Map<String, Object> salt = credentialPojo2.getSalt();
            Map<String, Object> claim = credentialPojo2.getClaim();
            Map map = (Map) DataToolUtils.deserialize(fieldsToBeDisclosed, HashMap.class);
            if (!validCredentialMapArgs(claim, salt, map)) {
                logger.error("[createSelectiveCredential] create failed. message is {}", ErrorCode.CREDENTIAL_POLICY_FORMAT_DOSE_NOT_MATCH_CLAIM.getCodeDesc());
                return new ResponseData<>(null, ErrorCode.CREDENTIAL_POLICY_FORMAT_DOSE_NOT_MATCH_CLAIM);
            }
            addKeyToPolicy(map, claim);
            addSelectSalt(map, salt, claim);
            credentialPojo2.setSalt(salt);
            ResponseData<CredentialPojo> responseData = new ResponseData<>();
            responseData.setResult(credentialPojo2);
            responseData.setErrorCode(ErrorCode.SUCCESS);
            return responseData;
        } catch (DataTypeCastException e) {
            logger.error("Generate SelectiveCredential failed, credential disclosure data type illegal. ", e);
            return new ResponseData<>(null, ErrorCode.CREDENTIAL_DISCLOSURE_DATA_TYPE_ILLEGAL);
        } catch (WeIdBaseException e2) {
            logger.error("Generate SelectiveCredential failed, policy disclosurevalue illegal. ", e2);
            return new ResponseData<>(null, ErrorCode.CREDENTIAL_POLICY_DISCLOSUREVALUE_ILLEGAL);
        } catch (Exception e3) {
            logger.error("Generate SelectiveCredential failed due to system error. ", e3);
            return new ResponseData<>(null, ErrorCode.CREDENTIAL_ERROR);
        }
    }

    @Override // com.webank.weid.rpc.CredentialPojoService
    public ResponseData<String> getCredentialPojoHash(CredentialPojo credentialPojo) {
        ErrorCode isCredentialPojoValid = CredentialPojoUtils.isCredentialPojoValid(credentialPojo);
        if (ErrorCode.SUCCESS.getCode() == isCredentialPojoValid.getCode()) {
            return new ResponseData<>(CredentialPojoUtils.getCredentialPojoHash(credentialPojo, null), ErrorCode.SUCCESS);
        }
        logger.error("Create Evidence input format error!");
        return new ResponseData<>("", isCredentialPojoValid);
    }

    @Override // com.webank.weid.rpc.CredentialPojoService
    public ResponseData<Boolean> verify(String str, CredentialPojo credentialPojo) {
        if (!StringUtils.equals(str, credentialPojo.getIssuer())) {
            logger.error("[verify] The input issuer weid is not match the credential's.");
            return new ResponseData<>(false, ErrorCode.CREDENTIAL_ISSUER_MISMATCH);
        }
        ErrorCode verifyContent = verifyContent(credentialPojo, null);
        if (verifyContent.getCode() == ErrorCode.SUCCESS.getCode()) {
            return new ResponseData<>(true, ErrorCode.SUCCESS);
        }
        logger.error("[verify] credential verify failed. error message :{}", verifyContent);
        return new ResponseData<>(false, verifyContent);
    }

    @Override // com.webank.weid.rpc.CredentialPojoService
    public ResponseData<Boolean> verify(WeIdPublicKey weIdPublicKey, CredentialPojo credentialPojo) {
        String publicKey = weIdPublicKey.getPublicKey();
        if (StringUtils.isEmpty(publicKey)) {
            return new ResponseData<>(false, ErrorCode.CREDENTIAL_PUBLIC_KEY_NOT_EXISTS);
        }
        ErrorCode verifyContent = verifyContent(credentialPojo, publicKey);
        return verifyContent.getCode() != ErrorCode.SUCCESS.getCode() ? new ResponseData<>(false, verifyContent) : new ResponseData<>(true, ErrorCode.SUCCESS);
    }

    @Override // com.webank.weid.rpc.CredentialPojoService
    public ResponseData<Boolean> verify(String str, PresentationPolicyE presentationPolicyE, Challenge challenge, PresentationE presentationE) {
        ErrorCode checkInputArgs = checkInputArgs(str, presentationPolicyE, challenge, presentationE);
        if (checkInputArgs.getCode() != ErrorCode.SUCCESS.getCode()) {
            logger.error("[verify] checkInputArgs fail.");
            return new ResponseData<>(false, checkInputArgs);
        }
        List<CredentialPojo> verifiableCredential = presentationE.getVerifiableCredential();
        Map<Integer, ClaimPolicy> policy = presentationPolicyE.getPolicy();
        ErrorCode verifyCptId = verifyCptId(policy, verifiableCredential);
        if (verifyCptId.getCode() != ErrorCode.SUCCESS.getCode()) {
            logger.error("[verify] verify cptId failed.");
            return new ResponseData<>(false, verifyCptId);
        }
        try {
            for (CredentialPojo credentialPojo : verifiableCredential) {
                ClaimPolicy claimPolicy = policy.get(credentialPojo.getCptId());
                if (claimPolicy != null) {
                    ErrorCode verifyPolicy = verifyPolicy(credentialPojo, claimPolicy, str);
                    if (verifyPolicy.getCode() != ErrorCode.SUCCESS.getCode()) {
                        logger.error("[verify] verify policy {} failed.", policy);
                        return new ResponseData<>(false, verifyPolicy);
                    }
                }
                ErrorCode verifyContent = verifyContent(credentialPojo, null);
                if (verifyContent.getCode() != ErrorCode.SUCCESS.getCode()) {
                    logger.error("[verify] verify credential {} failed.", credentialPojo);
                    return new ResponseData<>(false, verifyContent);
                }
            }
            return new ResponseData<>(true, ErrorCode.SUCCESS);
        } catch (Exception e) {
            logger.error("[verify] verify credential error.", e);
            return new ResponseData<>(false, ErrorCode.UNKNOW_ERROR);
        }
    }

    private ErrorCode checkInputArgs(String str, PresentationPolicyE presentationPolicyE, Challenge challenge, PresentationE presentationE) {
        if (StringUtils.isBlank(str) || challenge == null || StringUtils.isBlank(challenge.getNonce()) || !CredentialPojoUtils.checkPresentationPolicyEValid(presentationPolicyE)) {
            logger.error("[verify] presentation verify failed, please check your input.");
            return ErrorCode.ILLEGAL_INPUT;
        }
        ErrorCode checkPresentationEValid = CredentialPojoUtils.checkPresentationEValid(presentationE);
        if (checkPresentationEValid.getCode() != ErrorCode.SUCCESS.getCode()) {
            logger.error("[verify] presentation verify failed, error message : {}", checkPresentationEValid.getCodeDesc());
            return checkPresentationEValid;
        }
        if (StringUtils.isNotBlank(challenge.getWeId()) && !str.equals(challenge.getWeId())) {
            logger.error("[verify] The input issuer weid is not match the presentian's.");
            return ErrorCode.CREDENTIAL_PRESENTERWEID_NOTMATCH;
        }
        if (!challenge.getNonce().equals(presentationE.getNonce())) {
            logger.error("[verify] The nonce of challenge is not matched with the presentationE's.");
            return ErrorCode.PRESENTATION_CHALLENGE_NONCE_MISMATCH;
        }
        WeIdDocument result = weIdService.getWeIdDocument(str).getResult();
        if (result == null) {
            logger.error("[verify]presentation verify failed, because the presenter weid :{} does not exist.", str);
            return ErrorCode.WEID_DOES_NOT_EXIST;
        }
        ErrorCode verifySignatureFromWeId = DataToolUtils.verifySignatureFromWeId(presentationE.toRawData(), presentationE.getSignature(), result);
        if (verifySignatureFromWeId.getCode() == ErrorCode.SUCCESS.getCode()) {
            return ErrorCode.SUCCESS;
        }
        logger.error("[verify] verify presentation signature failed, error message : {}.", verifySignatureFromWeId.getCodeDesc());
        return ErrorCode.PRESENTATION_SIGNATURE_MISMATCH;
    }

    private ErrorCode verifyCptId(Map<Integer, ClaimPolicy> map, List<CredentialPojo> list) {
        if (map.size() > list.size()) {
            return ErrorCode.CREDENTIAL_CPTID_NOTMATCH;
        }
        List list2 = (List) list.stream().map(credentialPojo -> {
            return credentialPojo.getCptId();
        }).collect(Collectors.toList());
        return (list2 == null || list2.isEmpty()) ? ErrorCode.CREDENTIAL_CPTID_NOTMATCH : !list2.containsAll(map.keySet()) ? ErrorCode.CREDENTIAL_CPTID_NOTMATCH : ErrorCode.SUCCESS;
    }

    private ErrorCode verifyDisclosureAndSalt(Map<String, Object> map, Map<String, Object> map2) {
        for (String str : map.keySet()) {
            Object obj = map.get(str);
            Object obj2 = map2.get(str);
            if (obj instanceof Map) {
                ErrorCode verifyDisclosureAndSalt = verifyDisclosureAndSalt((HashMap) obj, (HashMap) obj2);
                if (verifyDisclosureAndSalt.getCode() != ErrorCode.SUCCESS.getCode()) {
                    return verifyDisclosureAndSalt;
                }
            } else if (obj instanceof List) {
                ErrorCode verifyDisclosureAndSaltList = verifyDisclosureAndSaltList((ArrayList) obj, (ArrayList) obj2);
                if (verifyDisclosureAndSaltList.getCode() != ErrorCode.SUCCESS.getCode()) {
                    return verifyDisclosureAndSaltList;
                }
            } else {
                String valueOf = String.valueOf(obj);
                if (obj2 == null || !(valueOf.equals(NOT_DISCLOSED) || valueOf.equals(DISCLOSED) || valueOf.equals(EXISTED))) {
                    logger.error("[verifyDisclosureAndSalt] policy disclosureValue {} illegal.", map);
                    return ErrorCode.CREDENTIAL_POLICY_DISCLOSUREVALUE_ILLEGAL;
                }
                String valueOf2 = String.valueOf(obj2);
                if ((valueOf.equals(NOT_DISCLOSED) && valueOf2.length() > 1) || (valueOf.equals(NOT_DISCLOSED) && !valueOf2.equals(NOT_DISCLOSED))) {
                    return ErrorCode.CREDENTIAL_DISCLOSUREVALUE_NOTMATCH_SALTVALUE;
                }
                if (valueOf.equals(DISCLOSED) && valueOf2.length() <= 1) {
                    return ErrorCode.CREDENTIAL_DISCLOSUREVALUE_NOTMATCH_SALTVALUE;
                }
            }
        }
        return ErrorCode.SUCCESS;
    }

    private ErrorCode verifyDisclosureAndSaltList(List<Object> list, List<Object> list2) {
        for (int i = 0; i < list.size(); i++) {
            Object obj = list.get(i);
            Object obj2 = list2.get(i);
            if (obj instanceof Map) {
                ErrorCode verifyDisclosureAndSaltList = verifyDisclosureAndSaltList((HashMap) obj, (ArrayList) list2);
                if (verifyDisclosureAndSaltList.getCode() != ErrorCode.SUCCESS.getCode()) {
                    return verifyDisclosureAndSaltList;
                }
            } else if (obj instanceof List) {
                ErrorCode verifyDisclosureAndSaltList2 = verifyDisclosureAndSaltList((ArrayList) obj, (ArrayList) obj2);
                if (verifyDisclosureAndSaltList2.getCode() != ErrorCode.SUCCESS.getCode()) {
                    return verifyDisclosureAndSaltList2;
                }
            } else {
                continue;
            }
        }
        return ErrorCode.SUCCESS;
    }

    private ErrorCode verifyDisclosureAndSaltList(Map<String, Object> map, List<Object> list) {
        for (int i = 0; i < list.size(); i++) {
            ErrorCode verifyDisclosureAndSalt = verifyDisclosureAndSalt((HashMap) map, (HashMap) list.get(i));
            if (verifyDisclosureAndSalt.getCode() != ErrorCode.SUCCESS.getCode()) {
                return verifyDisclosureAndSalt;
            }
        }
        return ErrorCode.SUCCESS;
    }

    private ErrorCode verifyPolicy(CredentialPojo credentialPojo, ClaimPolicy claimPolicy, String str) {
        Map<String, Object> salt = credentialPojo.getSalt();
        Map<String, Object> map = (Map) DataToolUtils.deserialize(claimPolicy.getFieldsToBeDisclosed(), HashMap.class);
        Object obj = map.get(ParamKeyConstant.CREDENTIAL_ID);
        if (obj != null) {
            Object obj2 = credentialPojo.getClaim().get(ParamKeyConstant.CREDENTIAL_ID);
            if (StringUtils.equals(String.valueOf(obj), DISCLOSED)) {
                if (!StringUtils.equals(String.valueOf(obj2), str)) {
                    logger.error("[verifyPolicy] the presenter weid->{} of presentation does not match the credential's ->{}. ", str, obj2);
                    return ErrorCode.PRESENTATION_WEID_CREDENTIAL_WEID_MISMATCH;
                }
            } else if (StringUtils.equals(String.valueOf(obj), EXISTED) && !credentialPojo.getClaim().containsKey(ParamKeyConstant.CREDENTIAL_ID)) {
                logger.error("[verifyPolicy] the presenter weid->{} of presentation does not match the credential's ->{}. ", str, obj2);
                return ErrorCode.PRESENTATION_CREDENTIAL_CLAIM_WEID_NOT_EXIST;
            }
        }
        return verifyDisclosureAndSalt(map, salt);
    }

    @Override // com.webank.weid.rpc.CredentialPojoService
    public ResponseData<PresentationE> createPresentation(List<CredentialPojo> list, PresentationPolicyE presentationPolicyE, Challenge challenge, WeIdAuthentication weIdAuthentication) {
        PresentationE presentationE = new PresentationE();
        try {
            ErrorCode validateCreateArgs = validateCreateArgs(list, presentationPolicyE, challenge, weIdAuthentication);
            if (validateCreateArgs.getCode() != ErrorCode.SUCCESS.getCode()) {
                logger.error("check input error:{}-{}", Integer.valueOf(validateCreateArgs.getCode()), validateCreateArgs.getCodeDesc());
                return new ResponseData<>(null, validateCreateArgs);
            }
            ErrorCode processCredentialList = processCredentialList(list, presentationPolicyE, presentationE);
            if (processCredentialList.getCode() != ErrorCode.SUCCESS.getCode()) {
                logger.error("process credentialList error:{}-{}", Integer.valueOf(processCredentialList.getCode()), processCredentialList.getCodeDesc());
                return new ResponseData<>(null, processCredentialList);
            }
            presentationE.getContext().add(CredentialConstant.DEFAULT_CREDENTIAL_CONTEXT);
            presentationE.getType().add(WeIdConstant.DEFAULT_PRESENTATION_TYPE);
            generatePresentationProof(challenge, weIdAuthentication, presentationE);
            return new ResponseData<>(presentationE, ErrorCode.SUCCESS);
        } catch (Exception e) {
            logger.error("create PresentationE error", e);
            return new ResponseData<>(null, ErrorCode.UNKNOW_ERROR);
        }
    }

    private ErrorCode validateCreateArgs(List<CredentialPojo> list, PresentationPolicyE presentationPolicyE, Challenge challenge, WeIdAuthentication weIdAuthentication) {
        return (challenge == null || weIdAuthentication == null) ? ErrorCode.ILLEGAL_INPUT : (StringUtils.isBlank(challenge.getNonce()) || challenge.getVersion() == null) ? ErrorCode.PRESENTATION_CHALLENGE_INVALID : (weIdAuthentication.getWeIdPrivateKey() == null || !WeIdUtils.validatePrivateKeyWeIdMatches(weIdAuthentication.getWeIdPrivateKey(), weIdAuthentication.getWeId())) ? ErrorCode.WEID_PRIVATEKEY_DOES_NOT_MATCH : (StringUtils.isBlank(challenge.getWeId()) || challenge.getWeId().equals(weIdAuthentication.getWeId())) ? StringUtils.isBlank(weIdAuthentication.getWeIdPublicKeyId()) ? ErrorCode.PRESENTATION_WEID_PUBLICKEY_ID_INVALID : validateClaimPolicy(list, presentationPolicyE) : ErrorCode.PRESENTATION_CHALLENGE_WEID_MISMATCH;
    }

    private ErrorCode validateClaimPolicy(List<CredentialPojo> list, PresentationPolicyE presentationPolicyE) {
        if (CollectionUtils.isEmpty(list)) {
            return ErrorCode.ILLEGAL_INPUT;
        }
        if (presentationPolicyE == null || presentationPolicyE.getPolicy() == null) {
            return ErrorCode.PRESENTATION_POLICY_INVALID;
        }
        if (!WeIdUtils.isWeIdValid(presentationPolicyE.getPolicyPublisherWeId())) {
            return ErrorCode.PRESENTATION_POLICY_PUBLISHER_WEID_INVALID;
        }
        ResponseData<Boolean> isWeIdExist = weIdService.isWeIdExist(presentationPolicyE.getPolicyPublisherWeId());
        if (ErrorCode.SUCCESS.getCode() != isWeIdExist.getErrorCode().intValue() || !isWeIdExist.getResult().booleanValue()) {
            return ErrorCode.PRESENTATION_POLICY_PUBLISHER_WEID_NOT_EXIST;
        }
        Iterator<CredentialPojo> it = list.iterator();
        while (it.hasNext()) {
            ErrorCode isCredentialPojoValid = CredentialPojoUtils.isCredentialPojoValid(it.next());
            if (ErrorCode.SUCCESS.getCode() != isCredentialPojoValid.getCode()) {
                return isCredentialPojoValid;
            }
        }
        return !((List) list.stream().map(credentialPojo -> {
            return credentialPojo.getCptId();
        }).collect(Collectors.toList())).containsAll(presentationPolicyE.getPolicy().keySet()) ? ErrorCode.PRESENTATION_CREDENTIALLIST_MISMATCH_CLAIM_POLICY : ErrorCode.SUCCESS;
    }

    private ErrorCode processCredentialList(List<CredentialPojo> list, PresentationPolicyE presentationPolicyE, PresentationE presentationE) {
        ArrayList arrayList = new ArrayList();
        Map<Integer, ClaimPolicy> policy = presentationPolicyE.getPolicy();
        for (CredentialPojo credentialPojo : list) {
            ClaimPolicy claimPolicy = policy.get(credentialPojo.getCptId());
            if (claimPolicy != null) {
                ResponseData<CredentialPojo> createSelectiveCredential = createSelectiveCredential(credentialPojo, claimPolicy);
                if (createSelectiveCredential.getErrorCode().intValue() != ErrorCode.SUCCESS.getCode()) {
                    return ErrorCode.getTypeByErrorCode(createSelectiveCredential.getErrorCode().intValue());
                }
                arrayList.add(createSelectiveCredential.getResult());
            }
        }
        presentationE.setVerifiableCredential(arrayList);
        return ErrorCode.SUCCESS;
    }

    private void generatePresentationProof(Challenge challenge, WeIdAuthentication weIdAuthentication, PresentationE presentationE) {
        presentationE.putProofValue("type", CredentialConstant.CredentialProofType.ECDSA.getTypeName());
        presentationE.putProofValue("created", DateUtils.getNoMillisecondTimeStamp());
        presentationE.putProofValue(ParamKeyConstant.PROOF_VERIFICATION_METHOD, weIdAuthentication.getWeIdPublicKeyId());
        presentationE.putProofValue(ParamKeyConstant.PROOF_NONCE, challenge.getNonce());
        presentationE.putProofValue(ParamKeyConstant.PROOF_SIGNATURE, DataToolUtils.sign(presentationE.toRawData(), weIdAuthentication.getWeIdPrivateKey().getPrivateKey()));
    }
}
