package com.webank.weid.service.impl;

import com.webank.weid.constant.CredentialConstant;
import com.webank.weid.constant.CredentialFieldDisclosureValue;
import com.webank.weid.constant.ErrorCode;
import com.webank.weid.constant.ParamKeyConstant;
import com.webank.weid.exception.WeIdBaseException;
import com.webank.weid.protocol.base.Cpt;
import com.webank.weid.protocol.base.Credential;
import com.webank.weid.protocol.base.CredentialWrapper;
import com.webank.weid.protocol.base.WeIdDocument;
import com.webank.weid.protocol.base.WeIdPrivateKey;
import com.webank.weid.protocol.base.WeIdPublicKey;
import com.webank.weid.protocol.request.CreateCredentialArgs;
import com.webank.weid.protocol.response.ResponseData;
import com.webank.weid.rpc.CptService;
import com.webank.weid.rpc.CredentialService;
import com.webank.weid.rpc.WeIdService;
import com.webank.weid.service.BaseService;
import com.webank.weid.util.CredentialUtils;
import com.webank.weid.util.DataToolUtils;
import com.webank.weid.util.DateUtils;
import com.webank.weid.util.WeIdUtils;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.bcos.web3j.abi.datatypes.Address;
import org.bcos.web3j.crypto.ECKeyPair;
import org.bcos.web3j.crypto.Keys;
import org.bcos.web3j.crypto.Sign;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/webank/weid/service/impl/CredentialServiceImpl.class */
public class CredentialServiceImpl extends BaseService implements CredentialService {
    private static final Logger logger = LoggerFactory.getLogger(CredentialServiceImpl.class);
    private CptService cptService = new CptServiceImpl();
    private WeIdService weIdService = new WeIdServiceImpl();

    @Override // com.webank.weid.rpc.CredentialService
    public ResponseData<CredentialWrapper> createCredential(CreateCredentialArgs createCredentialArgs) {
        CredentialWrapper credentialWrapper = new CredentialWrapper();
        try {
            ErrorCode checkCreateCredentialArgsValidity = checkCreateCredentialArgsValidity(createCredentialArgs, true);
            if (ErrorCode.SUCCESS.getCode() != checkCreateCredentialArgsValidity.getCode()) {
                logger.error("Generate Credential input format error!");
                return new ResponseData<>(null, checkCreateCredentialArgsValidity);
            }
            Credential credential = new Credential();
            credential.setContext(CredentialUtils.getDefaultCredentialContext());
            credential.setId(UUID.randomUUID().toString());
            credential.setCptId(createCredentialArgs.getCptId());
            credential.setIssuer(createCredentialArgs.getIssuer());
            if (createCredentialArgs.getIssuanceDate() == null) {
                credential.setIssuanceDate(DateUtils.getNoMillisecondTimeStamp());
            } else {
                Long convertToNoMillisecondTimeStamp = DateUtils.convertToNoMillisecondTimeStamp(createCredentialArgs.getIssuanceDate());
                if (convertToNoMillisecondTimeStamp == null) {
                    logger.error("Create Credential Args illegal.");
                    return new ResponseData<>(null, ErrorCode.CREDENTIAL_ISSUANCE_DATE_ILLEGAL);
                }
                credential.setIssuanceDate(convertToNoMillisecondTimeStamp);
            }
            Long convertToNoMillisecondTimeStamp2 = DateUtils.convertToNoMillisecondTimeStamp(createCredentialArgs.getExpirationDate());
            if (convertToNoMillisecondTimeStamp2 == null) {
                logger.error("Create Credential Args illegal.");
                return new ResponseData<>(null, ErrorCode.CREDENTIAL_EXPIRE_DATE_ILLEGAL);
            }
            credential.setExpirationDate(convertToNoMillisecondTimeStamp2);
            credential.setClaim(createCredentialArgs.getClaim());
            HashMap hashMap = new HashMap(createCredentialArgs.getClaim());
            Iterator<Map.Entry<String, Object>> it = hashMap.entrySet().iterator();
            while (it.hasNext()) {
                hashMap.put(it.next().getKey(), CredentialFieldDisclosureValue.DISCLOSED.getStatus());
            }
            credentialWrapper.setDisclosure(hashMap);
            credential.setProof(CredentialUtils.buildCredentialProof(credential, createCredentialArgs.getWeIdPrivateKey().getPrivateKey(), hashMap));
            credentialWrapper.setCredential(credential);
            return new ResponseData<>(credentialWrapper, ErrorCode.SUCCESS);
        } catch (Exception e) {
            logger.error("Generate Credential failed due to system error. ", e);
            return new ResponseData<>(null, ErrorCode.CREDENTIAL_ERROR);
        }
    }

    private boolean isMultiSignedCredential(Credential credential) {
        return credential != null && credential.getCptId().intValue() == CredentialConstant.CREDENTIAL_EMBEDDED_SIGNATURE_CPT.intValue();
    }

    @Override // com.webank.weid.rpc.CredentialService
    public ResponseData<Credential> addSignature(List<Credential> list, WeIdPrivateKey weIdPrivateKey) {
        if (list == null || list.size() == 0 || !WeIdUtils.isPrivateKeyValid(weIdPrivateKey)) {
            return new ResponseData<>(null, ErrorCode.ILLEGAL_INPUT);
        }
        Credential credential = new Credential();
        credential.setCptId(CredentialConstant.CREDENTIAL_EMBEDDED_SIGNATURE_CPT);
        credential.setIssuanceDate(DateUtils.getNoMillisecondTimeStamp());
        credential.setId(UUID.randomUUID().toString());
        credential.setContext(CredentialUtils.getDefaultCredentialContext());
        Long l = 0L;
        for (Credential credential2 : list) {
            if (credential2.getExpirationDate().longValue() > l.longValue()) {
                l = credential2.getExpirationDate();
            }
        }
        Long convertToNoMillisecondTimeStamp = DateUtils.convertToNoMillisecondTimeStamp(l);
        if (convertToNoMillisecondTimeStamp == null) {
            logger.error("Create Credential Args illegal.");
            return new ResponseData<>(null, ErrorCode.CREDENTIAL_EXPIRE_DATE_ILLEGAL);
        }
        credential.setExpirationDate(convertToNoMillisecondTimeStamp);
        String privateKey = weIdPrivateKey.getPrivateKey();
        String convertAddressToWeId = WeIdUtils.convertAddressToWeId(new Address(Keys.getAddress(ECKeyPair.create(new BigInteger(privateKey)))).toString());
        if (!this.weIdService.isWeIdExist(convertAddressToWeId).getResult().booleanValue()) {
            return new ResponseData<>(null, ErrorCode.WEID_DOES_NOT_EXIST);
        }
        credential.setIssuer(convertAddressToWeId);
        ArrayList arrayList = new ArrayList();
        for (Credential credential3 : list) {
            boolean z = false;
            Iterator it = arrayList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (CredentialUtils.isEqual(credential3, (Credential) it.next())) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                arrayList.add(credential3);
            }
        }
        HashMap hashMap = new HashMap();
        hashMap.put("credentialList", arrayList);
        credential.setClaim(hashMap);
        credential.setProof(CredentialUtils.buildCredentialProof(credential, privateKey, null));
        return new ResponseData<>(credential, ErrorCode.SUCCESS);
    }

    @Override // com.webank.weid.rpc.CredentialService
    public ResponseData<Boolean> verify(CredentialWrapper credentialWrapper) {
        return verifyCredentialContent(credentialWrapper, null);
    }

    @Override // com.webank.weid.rpc.CredentialService
    public ResponseData<Boolean> verify(Credential credential) {
        HashMap hashMap = new HashMap(credential.getClaim());
        Iterator<Map.Entry<String, Object>> it = hashMap.entrySet().iterator();
        while (it.hasNext()) {
            hashMap.put(it.next().getKey(), CredentialFieldDisclosureValue.DISCLOSED.getStatus());
        }
        CredentialWrapper credentialWrapper = new CredentialWrapper();
        credentialWrapper.setCredential(credential);
        credentialWrapper.setDisclosure(hashMap);
        return verifyCredentialContent(credentialWrapper, null);
    }

    @Override // com.webank.weid.rpc.CredentialService
    public ResponseData<Boolean> verifyCredentialWithSpecifiedPubKey(CredentialWrapper credentialWrapper, WeIdPublicKey weIdPublicKey) {
        return credentialWrapper == null ? new ResponseData<>(false, ErrorCode.ILLEGAL_INPUT) : weIdPublicKey == null ? new ResponseData<>(false, ErrorCode.CREDENTIAL_ISSUER_MISMATCH) : verifyCredentialContent(credentialWrapper, weIdPublicKey.getPublicKey());
    }

    @Override // com.webank.weid.rpc.CredentialService
    public ResponseData<String> getCredentialHash(Credential credential) {
        ErrorCode isCredentialValid = CredentialUtils.isCredentialValid(credential);
        return ErrorCode.SUCCESS.getCode() != isCredentialValid.getCode() ? new ResponseData<>("", isCredentialValid) : new ResponseData<>(CredentialUtils.getCredentialHash(credential), ErrorCode.SUCCESS);
    }

    @Override // com.webank.weid.rpc.CredentialService
    public ResponseData<String> getCredentialHash(CredentialWrapper credentialWrapper) {
        if (credentialWrapper == null) {
            return new ResponseData<>("", ErrorCode.ILLEGAL_INPUT);
        }
        if (credentialWrapper.getDisclosure() == null || credentialWrapper.getDisclosure().size() == 0) {
            return getCredentialHash(credentialWrapper.getCredential());
        }
        ErrorCode isCredentialValid = CredentialUtils.isCredentialValid(credentialWrapper.getCredential());
        return ErrorCode.SUCCESS.getCode() != isCredentialValid.getCode() ? new ResponseData<>("", isCredentialValid) : new ResponseData<>(CredentialUtils.getCredentialWrapperHash(credentialWrapper), ErrorCode.SUCCESS);
    }

    private ResponseData<Boolean> verifyCredentialContent(CredentialWrapper credentialWrapper, String str) {
        Credential credential = credentialWrapper.getCredential();
        ErrorCode isCredentialValid = CredentialUtils.isCredentialValid(credential);
        if (ErrorCode.SUCCESS.getCode() != isCredentialValid.getCode()) {
            logger.error("Credential input format error!");
            return new ResponseData<>(false, isCredentialValid);
        }
        if (credential.getCptId().intValue() == CredentialConstant.CREDENTIALPOJO_EMBEDDED_SIGNATURE_CPT.intValue()) {
            return new ResponseData<>(false, ErrorCode.CPT_ID_ILLEGAL);
        }
        if (credential.getCptId().intValue() != CredentialConstant.CREDENTIAL_EMBEDDED_SIGNATURE_CPT.intValue()) {
            return verifySingleSignedCredential(credentialWrapper, str);
        }
        Map<String, Object> disclosure = credentialWrapper.getDisclosure();
        credentialWrapper.setDisclosure(null);
        ResponseData<Boolean> verifySingleSignedCredential = verifySingleSignedCredential(credentialWrapper, str);
        if (!verifySingleSignedCredential.getResult().booleanValue()) {
            return new ResponseData<>(false, verifySingleSignedCredential.getErrorCode(), verifySingleSignedCredential.getErrorMessage());
        }
        credentialWrapper.setDisclosure(disclosure);
        try {
            if (credentialWrapper.getCredential().getClaim().get("credentialList") instanceof String) {
                return new ResponseData<>(true, ErrorCode.SUCCESS);
            }
            for (Credential credential2 : (ArrayList) credentialWrapper.getCredential().getClaim().get("credentialList")) {
                credentialWrapper.setCredential(credential2);
                if (disclosure != null && disclosure.size() <= 1 && disclosure.size() != credential2.getClaim().size() && disclosure.containsKey("credentialList")) {
                    credentialWrapper.setDisclosure(null);
                }
                if (disclosure == null) {
                    credentialWrapper.setDisclosure(null);
                }
                ResponseData<Boolean> verifyCredentialContent = verifyCredentialContent(credentialWrapper, str);
                if (!verifyCredentialContent.getResult().booleanValue()) {
                    return new ResponseData<>(false, verifyCredentialContent.getErrorCode(), verifyCredentialContent.getErrorMessage());
                }
            }
            return new ResponseData<>(true, ErrorCode.SUCCESS);
        } catch (Exception e) {
            return new ResponseData<>(false, ErrorCode.CREDENTIAL_CLAIM_DATA_ILLEGAL);
        }
    }

    private ResponseData<Boolean> verifySingleSignedCredential(CredentialWrapper credentialWrapper, String str) {
        Credential credential = credentialWrapper.getCredential();
        ResponseData<Boolean> verifyIssuerExistence = verifyIssuerExistence(credential.getIssuer());
        if (!verifyIssuerExistence.getResult().booleanValue()) {
            return verifyIssuerExistence;
        }
        ErrorCode verifyCptFormat = verifyCptFormat(credential.getCptId(), credential.getClaim());
        if (ErrorCode.SUCCESS.getCode() != verifyCptFormat.getCode()) {
            return new ResponseData<>(false, verifyCptFormat);
        }
        ResponseData<Boolean> verifyNotExpired = verifyNotExpired(credential);
        return !verifyNotExpired.getResult().booleanValue() ? verifyNotExpired : verifySignature(credentialWrapper, str);
    }

    private ErrorCode checkCreateCredentialArgsValidity(CreateCredentialArgs createCredentialArgs, boolean z) {
        ErrorCode isCreateCredentialArgsValid = CredentialUtils.isCreateCredentialArgsValid(createCredentialArgs);
        if (ErrorCode.SUCCESS.getCode() != isCreateCredentialArgsValid.getCode()) {
            logger.error("Create Credential Args illegal: {}", isCreateCredentialArgsValid.getCodeDesc());
            return isCreateCredentialArgsValid;
        }
        if (!z || !StringUtils.isEmpty(createCredentialArgs.getWeIdPrivateKey().getPrivateKey())) {
            return ErrorCode.SUCCESS;
        }
        logger.error(ErrorCode.CREDENTIAL_PRIVATE_KEY_NOT_EXISTS.getCodeDesc());
        return ErrorCode.CREDENTIAL_PRIVATE_KEY_NOT_EXISTS;
    }

    private ResponseData<Boolean> verifyIssuerExistence(String str) {
        ResponseData<Boolean> isWeIdExist = this.weIdService.isWeIdExist(str);
        return (isWeIdExist == null || !isWeIdExist.getResult().booleanValue()) ? new ResponseData<>(false, ErrorCode.CREDENTIAL_ISSUER_NOT_EXISTS) : isWeIdExist;
    }

    private ErrorCode verifyCptFormat(Integer num, Map<String, Object> map) {
        if (num.intValue() == CredentialConstant.CREDENTIAL_EMBEDDED_SIGNATURE_CPT.intValue()) {
            return !map.containsKey("credentialList") ? ErrorCode.CREDENTIAL_CLAIM_DATA_ILLEGAL : ErrorCode.SUCCESS;
        }
        try {
            String serialize = DataToolUtils.serialize(map);
            Cpt result = this.cptService.queryCpt(num).getResult();
            if (result == null) {
                logger.error(ErrorCode.CREDENTIAL_CPT_NOT_EXISTS.getCodeDesc());
                return ErrorCode.CREDENTIAL_CPT_NOT_EXISTS;
            }
            String serialize2 = DataToolUtils.serialize(result.getCptJsonSchema());
            if (!DataToolUtils.isCptJsonSchemaValid(serialize2)) {
                logger.error(ErrorCode.CPT_JSON_SCHEMA_INVALID.getCodeDesc());
                return ErrorCode.CPT_JSON_SCHEMA_INVALID;
            }
            if (DataToolUtils.isValidateJsonVersusSchema(serialize, serialize2)) {
                return ErrorCode.SUCCESS;
            }
            logger.error(ErrorCode.CREDENTIAL_CLAIM_DATA_ILLEGAL.getCodeDesc());
            return ErrorCode.CREDENTIAL_CLAIM_DATA_ILLEGAL;
        } catch (Exception e) {
            logger.error("Generic error occurred during verify cpt format when verifyCredential: " + e);
            return ErrorCode.CREDENTIAL_ERROR;
        }
    }

    private ResponseData<Boolean> verifyNotExpired(Credential credential) {
        try {
            boolean isAfterCurrentTime = DateUtils.isAfterCurrentTime(credential.getExpirationDate());
            ResponseData<Boolean> responseData = new ResponseData<>(Boolean.valueOf(isAfterCurrentTime), ErrorCode.SUCCESS);
            if (!isAfterCurrentTime) {
                responseData.setErrorCode(ErrorCode.CREDENTIAL_EXPIRED);
            }
            return responseData;
        } catch (Exception e) {
            logger.error("Generic error occurred during verify expiration when verifyCredential: " + e);
            return new ResponseData<>(false, ErrorCode.CREDENTIAL_ERROR);
        }
    }

    private ResponseData<Boolean> verifySignature(CredentialWrapper credentialWrapper, String str) {
        try {
            Credential credential = credentialWrapper.getCredential();
            String credentialThumbprintWithoutSig = CredentialUtils.getCredentialThumbprintWithoutSig(credential, credentialWrapper.getDisclosure());
            Sign.SignatureData simpleSignatureDeserialization = DataToolUtils.simpleSignatureDeserialization(DataToolUtils.base64Decode(credential.getSignature().getBytes(StandardCharsets.UTF_8)));
            if (!StringUtils.isEmpty(str)) {
                return !DataToolUtils.verifySignature(credentialThumbprintWithoutSig, simpleSignatureDeserialization, new BigInteger(str)) ? new ResponseData<>(false, ErrorCode.CREDENTIAL_SIGNATURE_BROKEN) : new ResponseData<>(true, ErrorCode.SUCCESS);
            }
            String issuer = credential.getIssuer();
            ResponseData<WeIdDocument> weIdDocument = this.weIdService.getWeIdDocument(issuer);
            if (weIdDocument.getErrorCode().intValue() != ErrorCode.SUCCESS.getCode()) {
                logger.error("Error occurred when fetching WeIdentity DID document for: {}, msg: {}", issuer, weIdDocument.getErrorMessage());
                return new ResponseData<>(false, ErrorCode.CREDENTIAL_WEID_DOCUMENT_ILLEGAL);
            }
            ErrorCode verifySignatureFromWeId = DataToolUtils.verifySignatureFromWeId(credentialThumbprintWithoutSig, simpleSignatureDeserialization, weIdDocument.getResult());
            return verifySignatureFromWeId.getCode() != ErrorCode.SUCCESS.getCode() ? new ResponseData<>(false, verifySignatureFromWeId) : new ResponseData<>(true, ErrorCode.SUCCESS);
        } catch (WeIdBaseException e) {
            logger.error("Generic signatureException occurred during verify signature ", e);
            return new ResponseData<>(false, ErrorCode.CREDENTIAL_SIGNATURE_BROKEN);
        } catch (SignatureException e2) {
            logger.error("Generic signatureException occurred during verify signature when verifyCredential: ", e2);
            return new ResponseData<>(false, ErrorCode.CREDENTIAL_EXCEPTION_VERIFYSIGNATURE);
        } catch (Exception e3) {
            logger.error("Generic exception occurred during verify signature when verifyCredential: ", e3);
            return new ResponseData<>(false, ErrorCode.CREDENTIAL_ERROR);
        }
    }

    @Override // com.webank.weid.rpc.CredentialService
    public ResponseData<CredentialWrapper> createSelectiveCredential(Credential credential, String str) {
        CredentialWrapper credentialWrapper = new CredentialWrapper();
        ErrorCode isCredentialValid = CredentialUtils.isCredentialValid(credential);
        if (ErrorCode.SUCCESS.getCode() != isCredentialValid.getCode()) {
            return new ResponseData<>(credentialWrapper, isCredentialValid);
        }
        if (isMultiSignedCredential(credential)) {
            return new ResponseData<>(credentialWrapper, ErrorCode.CPT_ID_ILLEGAL);
        }
        Map<String, Object> claim = credential.getClaim();
        HashMap hashMap = new HashMap(claim);
        for (Map.Entry<String, Object> entry : claim.entrySet()) {
            claim.put(entry.getKey(), CredentialUtils.getFieldHash(entry.getValue()));
        }
        Map<String, Object> map = (Map) DataToolUtils.deserialize(str, HashMap.class);
        for (Map.Entry<String, Object> entry2 : map.entrySet()) {
            if (CredentialFieldDisclosureValue.DISCLOSED.getStatus().equals(entry2.getValue())) {
                claim.put(entry2.getKey(), hashMap.get(entry2.getKey()));
            }
        }
        credentialWrapper.setCredential(credential);
        credentialWrapper.setDisclosure(map);
        return new ResponseData<>(credentialWrapper, ErrorCode.SUCCESS);
    }

    @Override // com.webank.weid.rpc.CredentialService
    public ResponseData<String> getCredentialJson(Credential credential) {
        ErrorCode isCredentialValid = CredentialUtils.isCredentialValid(credential);
        if (isCredentialValid.getCode() != ErrorCode.SUCCESS.getCode()) {
            return new ResponseData<>("", ErrorCode.getTypeByErrorCode(isCredentialValid.getCode()));
        }
        try {
            Map<String, Object> objToMap = DataToolUtils.objToMap(credential);
            String convertTimestampToUtc = DateUtils.convertTimestampToUtc(credential.getIssuanceDate());
            String convertTimestampToUtc2 = DateUtils.convertTimestampToUtc(credential.getExpirationDate());
            objToMap.put(ParamKeyConstant.ISSUANCE_DATE, convertTimestampToUtc);
            objToMap.put("expirationDate", convertTimestampToUtc2);
            objToMap.remove(ParamKeyConstant.CONTEXT);
            objToMap.put(CredentialConstant.CREDENTIAL_CONTEXT_PORTABLE_JSON_FIELD, CredentialConstant.DEFAULT_CREDENTIAL_CONTEXT);
            return new ResponseData<>(DataToolUtils.mapToCompactJson(objToMap), ErrorCode.SUCCESS);
        } catch (Exception e) {
            logger.error("Json conversion failed in getCredentialJson: ", e);
            return new ResponseData<>("", ErrorCode.CREDENTIAL_ERROR);
        }
    }
}
