package io.getlime.security.powerauth.lib.cmd.steps.v2;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.io.BaseEncoding;
import io.getlime.core.rest.model.base.request.ObjectRequest;
import io.getlime.core.rest.model.base.response.ObjectResponse;
import io.getlime.security.powerauth.crypto.client.activation.PowerAuthClientActivation;
import io.getlime.security.powerauth.crypto.client.keyfactory.PowerAuthClientKeyFactory;
import io.getlime.security.powerauth.crypto.client.vault.PowerAuthClientVault;
import io.getlime.security.powerauth.crypto.lib.generator.KeyGenerator;
import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor;
import io.getlime.security.powerauth.lib.cmd.logging.StepLogger;
import io.getlime.security.powerauth.lib.cmd.steps.BaseStep;
import io.getlime.security.powerauth.lib.cmd.steps.model.PrepareActivationStepModel;
import io.getlime.security.powerauth.lib.cmd.util.EncryptedStorageUtil;
import io.getlime.security.powerauth.lib.cmd.util.HttpUtil;
import io.getlime.security.powerauth.lib.cmd.util.RestClientConfiguration;
import io.getlime.security.powerauth.rest.api.model.request.v2.ActivationCreateRequest;
import io.getlime.security.powerauth.rest.api.model.response.v2.ActivationCreateResponse;
import java.io.FileWriter;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;
import javax.crypto.SecretKey;
import kong.unirest.HttpResponse;
import kong.unirest.Unirest;
import kong.unirest.UnirestException;
import org.json.simple.JSONObject;

/* loaded from: input_file:io/getlime/security/powerauth/lib/cmd/steps/v2/PrepareActivationStep.class */
public class PrepareActivationStep implements BaseStep {
    private static final PowerAuthClientActivation activation = new PowerAuthClientActivation();
    private static final KeyConvertor keyConversion = new KeyConvertor();
    private static final PowerAuthClientKeyFactory keyFactory = new PowerAuthClientKeyFactory();
    private static final KeyGenerator keyGenerator = new KeyGenerator();
    private static final PowerAuthClientVault vault = new PowerAuthClientVault();
    private static final ObjectMapper mapper = RestClientConfiguration.defaultMapper();

    @Override // io.getlime.security.powerauth.lib.cmd.steps.BaseStep
    public JSONObject execute(StepLogger stepLogger, Map<String, Object> map) throws Exception {
        PrepareActivationStepModel prepareActivationStepModel = new PrepareActivationStepModel();
        prepareActivationStepModel.fromMap(map);
        if (stepLogger != null) {
            stepLogger.writeItem("activation-create-start", "Activation Started", null, "OK", null);
        }
        String str = prepareActivationStepModel.getUriString() + "/pa/activation/create";
        if (!Pattern.compile("^[A-Z2-7]{5}-[A-Z2-7]{5}-[A-Z2-7]{5}-[A-Z2-7]{5}(#.*)?$").matcher(prepareActivationStepModel.getActivationCode()).find() && stepLogger != null) {
            stepLogger.writeError("activation-create-error-activation-code", "Activation failed", "Activation code has invalid format");
            stepLogger.writeDoneFailed("activation-create-failed");
            return null;
        }
        String substring = prepareActivationStepModel.getActivationCode().substring(0, 11);
        String substring2 = prepareActivationStepModel.getActivationCode().substring(12, 23);
        HashMap hashMap = new HashMap();
        hashMap.put("activationCode", prepareActivationStepModel.getActivationCode());
        hashMap.put("activationIdShort", substring);
        hashMap.put("activationOtp", substring2);
        if (stepLogger != null) {
            stepLogger.writeItem("activation-create-activation-code-parsed", "Activation code", "Parsing activation code to short activation ID and activation OTP", "OK", hashMap);
        }
        KeyPair generateKeyPair = keyGenerator.generateKeyPair();
        KeyPair generateDeviceKeyPair = activation.generateDeviceKeyPair();
        byte[] generateActivationNonce = activation.generateActivationNonce();
        byte[] encryptDevicePublicKey = activation.encryptDevicePublicKey(generateDeviceKeyPair.getPublic(), generateKeyPair.getPrivate(), prepareActivationStepModel.getMasterPublicKey(), substring2, substring, generateActivationNonce);
        byte[] computeApplicationSignature = activation.computeApplicationSignature(substring, generateActivationNonce, encryptDevicePublicKey, BaseEncoding.base64().decode(prepareActivationStepModel.getApplicationKey()), BaseEncoding.base64().decode(prepareActivationStepModel.getApplicationSecret()));
        byte[] convertPublicKeyToBytes = keyConversion.convertPublicKeyToBytes(generateKeyPair.getPublic());
        ActivationCreateRequest activationCreateRequest = new ActivationCreateRequest();
        activationCreateRequest.setActivationIdShort(substring);
        activationCreateRequest.setApplicationKey(prepareActivationStepModel.getApplicationKey());
        activationCreateRequest.setActivationName(prepareActivationStepModel.getActivationName());
        activationCreateRequest.setActivationNonce(BaseEncoding.base64().encode(generateActivationNonce));
        activationCreateRequest.setEphemeralPublicKey(BaseEncoding.base64().encode(convertPublicKeyToBytes));
        activationCreateRequest.setEncryptedDevicePublicKey(BaseEncoding.base64().encode(encryptDevicePublicKey));
        activationCreateRequest.setApplicationSignature(BaseEncoding.base64().encode(computeApplicationSignature));
        ObjectRequest objectRequest = new ObjectRequest();
        objectRequest.setRequestObject(activationCreateRequest);
        try {
            Map<String, ?> hashMap2 = new HashMap<>();
            hashMap2.put("Accept", "application/json");
            hashMap2.put("Content-Type", "application/json");
            hashMap2.putAll(prepareActivationStepModel.getHeaders());
            if (stepLogger != null) {
                stepLogger.writeServerCall("activation-create-request-sent", str, "POST", activationCreateRequest, hashMap2);
            }
            HttpResponse asString = Unirest.post(str).headers(hashMap2).body(objectRequest).asString();
            if (asString.getStatus() != 200) {
                if (stepLogger == null) {
                    return null;
                }
                stepLogger.writeServerCallError("activation-create-error-server-call", asString.getStatus(), asString.getBody(), HttpUtil.flattenHttpHeaders(asString.getHeaders()));
                stepLogger.writeDoneFailed("activation-create-failed");
                return null;
            }
            ObjectResponse objectResponse = (ObjectResponse) RestClientConfiguration.defaultMapper().readValue((String) asString.getBody(), new TypeReference<ObjectResponse<ActivationCreateResponse>>() { // from class: io.getlime.security.powerauth.lib.cmd.steps.v2.PrepareActivationStep.1
            });
            if (stepLogger != null) {
                stepLogger.writeServerCallOK("activation-create-response-received", objectResponse, HttpUtil.flattenHttpHeaders(asString.getHeaders()));
            }
            ActivationCreateResponse activationCreateResponse = (ActivationCreateResponse) objectResponse.getResponseObject();
            String activationId = activationCreateResponse.getActivationId();
            byte[] decode = BaseEncoding.base64().decode(activationCreateResponse.getActivationNonce());
            byte[] decode2 = BaseEncoding.base64().decode(activationCreateResponse.getEncryptedServerPublicKey());
            byte[] decode3 = BaseEncoding.base64().decode(activationCreateResponse.getEncryptedServerPublicKeySignature());
            PublicKey convertBytesToPublicKey = keyConversion.convertBytesToPublicKey(BaseEncoding.base64().decode(activationCreateResponse.getEphemeralPublicKey()));
            if (!activation.verifyServerDataSignature(activationId, decode2, decode3, prepareActivationStepModel.getMasterPublicKey())) {
                if (stepLogger == null) {
                    return null;
                }
                stepLogger.writeError("activation-create-activation-signature-mismatch", "Activation data signature does not match. Either someone tried to spoof your connection, or your device master key is invalid.");
                stepLogger.writeDoneFailed("activation-create-failed");
                return null;
            }
            PublicKey decryptServerPublicKey = activation.decryptServerPublicKey(decode2, generateDeviceKeyPair.getPrivate(), convertBytesToPublicKey, substring2, substring, decode);
            SecretKey generateClientMasterSecretKey = keyFactory.generateClientMasterSecretKey(generateDeviceKeyPair.getPrivate(), decryptServerPublicKey);
            SecretKey generateClientSignaturePossessionKey = keyFactory.generateClientSignaturePossessionKey(generateClientMasterSecretKey);
            SecretKey generateClientSignatureKnowledgeKey = keyFactory.generateClientSignatureKnowledgeKey(generateClientMasterSecretKey);
            SecretKey generateClientSignatureBiometryKey = keyFactory.generateClientSignatureBiometryKey(generateClientMasterSecretKey);
            SecretKey generateServerTransportKey = keyFactory.generateServerTransportKey(generateClientMasterSecretKey);
            byte[] encryptDevicePrivateKey = vault.encryptDevicePrivateKey(generateDeviceKeyPair.getPrivate(), keyFactory.generateServerEncryptedVaultKey(generateClientMasterSecretKey));
            char[] readPassword = prepareActivationStepModel.getPassword() == null ? System.console().readPassword("Select a password to encrypt the knowledge related key: ", new Object[0]) : prepareActivationStepModel.getPassword().toCharArray();
            byte[] generateRandomBytes = keyGenerator.generateRandomBytes(16);
            byte[] storeSignatureKnowledgeKey = EncryptedStorageUtil.storeSignatureKnowledgeKey(readPassword, generateClientSignatureKnowledgeKey, generateRandomBytes, keyGenerator);
            prepareActivationStepModel.getResultStatusObject().put("activationId", activationId);
            prepareActivationStepModel.getResultStatusObject().put("serverPublicKey", BaseEncoding.base64().encode(keyConversion.convertPublicKeyToBytes(decryptServerPublicKey)));
            prepareActivationStepModel.getResultStatusObject().put("encryptedDevicePrivateKey", BaseEncoding.base64().encode(encryptDevicePrivateKey));
            prepareActivationStepModel.getResultStatusObject().put("signaturePossessionKey", BaseEncoding.base64().encode(keyConversion.convertSharedSecretKeyToBytes(generateClientSignaturePossessionKey)));
            prepareActivationStepModel.getResultStatusObject().put("signatureKnowledgeKeyEncrypted", BaseEncoding.base64().encode(storeSignatureKnowledgeKey));
            prepareActivationStepModel.getResultStatusObject().put("signatureKnowledgeKeySalt", BaseEncoding.base64().encode(generateRandomBytes));
            prepareActivationStepModel.getResultStatusObject().put("signatureBiometryKey", BaseEncoding.base64().encode(keyConversion.convertSharedSecretKeyToBytes(generateClientSignatureBiometryKey)));
            prepareActivationStepModel.getResultStatusObject().put("transportMasterKey", BaseEncoding.base64().encode(keyConversion.convertSharedSecretKeyToBytes(generateServerTransportKey)));
            prepareActivationStepModel.getResultStatusObject().put("counter", 0L);
            prepareActivationStepModel.getResultStatusObject().put("ctrData", (Object) null);
            prepareActivationStepModel.getResultStatusObject().put("version", 2L);
            String writeValueAsString = mapper.writerWithDefaultPrettyPrinter().writeValueAsString(prepareActivationStepModel.getResultStatusObject());
            FileWriter fileWriter = new FileWriter(prepareActivationStepModel.getStatusFileName());
            Throwable th = null;
            try {
                try {
                    fileWriter.write(writeValueAsString);
                    if (fileWriter != null) {
                        if (0 != 0) {
                            try {
                                fileWriter.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileWriter.close();
                        }
                    }
                    HashMap hashMap3 = new HashMap();
                    hashMap3.put("activationId", activationId);
                    hashMap3.put("activationStatusFile", prepareActivationStepModel.getStatusFileName());
                    hashMap3.put("activationStatusFileContent", prepareActivationStepModel.getResultStatusObject());
                    hashMap3.put("deviceKeyFingerprint", activation.computeActivationFingerprint(generateDeviceKeyPair.getPublic()));
                    if (stepLogger != null) {
                        stepLogger.writeItem("activation-create-activation-done", "Activation Done", "Public key exchange was successfully completed, commit the activation on server", "OK", hashMap3);
                        stepLogger.writeDoneOK("activation-create-success");
                    }
                    return prepareActivationStepModel.getResultStatusObject();
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (fileWriter != null) {
                    if (th != null) {
                        try {
                            fileWriter.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        fileWriter.close();
                    }
                }
                throw th4;
            }
        } catch (Exception e) {
            if (stepLogger == null) {
                return null;
            }
            stepLogger.writeError("activation-create-error-generic", e);
            stepLogger.writeDoneFailed("activation-create-failed");
            return null;
        } catch (UnirestException e2) {
            if (stepLogger == null) {
                return null;
            }
            stepLogger.writeServerCallConnectionError("activation-create-error-connection", e2);
            stepLogger.writeDoneFailed("activation-create-failed");
            return null;
        }
    }
}
