package io.github.intoto.helpers;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.databind.json.JsonMapper;
import io.github.intoto.dsse.models.IntotoEnvelope;
import io.github.intoto.dsse.models.Signature;
import io.github.intoto.dsse.models.Signer;
import io.github.intoto.exceptions.InvalidModelException;
import io.github.intoto.models.Statement;
import jakarta.validation.Validation;
import jakarta.validation.Validator;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.util.Base64;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;

/* loaded from: input_file:io/github/intoto/helpers/IntotoHelper.class */
public class IntotoHelper {
    private static final ObjectMapper objectMapper = JsonMapper.builder().findAndAddModules().build();
    private static final Validator validator = Validation.buildDefaultValidatorFactory().getValidator();

    public static String produceIntotoEnvelopeAsJson(Statement statement, Signer signer, boolean z) throws InvalidModelException, JsonProcessingException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        IntotoEnvelope produceIntotoEnvelope = produceIntotoEnvelope(statement, signer);
        return z ? objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(produceIntotoEnvelope) : objectMapper.writeValueAsString(produceIntotoEnvelope);
    }

    public static IntotoEnvelope produceIntotoEnvelope(Statement statement, Signer signer) throws InvalidModelException, JsonProcessingException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        String validateAndTransformToJson = validateAndTransformToJson(statement, false);
        String encodeToString = Base64.getEncoder().encodeToString(validateAndTransformToJson.getBytes());
        IntotoEnvelope intotoEnvelope = new IntotoEnvelope();
        byte[] sign = signer.sign(createPreAuthenticationEncoding(intotoEnvelope.getPayloadType(), validateAndTransformToJson.getBytes()));
        Signature signature = new Signature();
        signature.setKeyId(signer.getKeyId());
        signature.setSig(Base64.getEncoder().encodeToString(sign));
        intotoEnvelope.setPayload(encodeToString);
        intotoEnvelope.setSignatures(List.of(signature));
        return intotoEnvelope;
    }

    public static byte[] createPreAuthenticationEncoding(String str, byte[] bArr) {
        return String.format("DSSEv1 %d %s %d %s", Integer.valueOf(str.length()), str, Integer.valueOf(bArr.length), new String(bArr, StandardCharsets.UTF_8)).getBytes(StandardCharsets.UTF_8);
    }

    public static String validateAndTransformToJson(Statement statement, boolean z) throws JsonProcessingException, InvalidModelException {
        Set validate = validator.validate(statement, new Class[0]);
        if (!validate.isEmpty()) {
            throw new InvalidModelException((String) validate.stream().map((v0) -> {
                return v0.getMessage();
            }).collect(Collectors.joining(",/n")));
        }
        objectMapper.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
        return z ? objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(statement) : objectMapper.writeValueAsString(statement);
    }
}
