package io.getlime.security.powerauth.lib.cmd.steps.v3;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.io.BaseEncoding;
import io.getlime.security.powerauth.crypto.client.keyfactory.PowerAuthClientKeyFactory;
import io.getlime.security.powerauth.crypto.client.signature.PowerAuthClientSignature;
import io.getlime.security.powerauth.crypto.client.vault.PowerAuthClientVault;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.EciesEncryptor;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.EciesFactory;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesCryptogram;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesSharedInfo1;
import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureFormat;
import io.getlime.security.powerauth.crypto.lib.generator.KeyGenerator;
import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor;
import io.getlime.security.powerauth.http.PowerAuthHttpBody;
import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader;
import io.getlime.security.powerauth.lib.cmd.logging.StepLogger;
import io.getlime.security.powerauth.lib.cmd.steps.BaseStep;
import io.getlime.security.powerauth.lib.cmd.steps.model.VaultUnlockStepModel;
import io.getlime.security.powerauth.lib.cmd.util.CounterUtil;
import io.getlime.security.powerauth.lib.cmd.util.EncryptedStorageUtil;
import io.getlime.security.powerauth.lib.cmd.util.HttpUtil;
import io.getlime.security.powerauth.lib.cmd.util.JsonUtil;
import io.getlime.security.powerauth.lib.cmd.util.RestClientConfiguration;
import io.getlime.security.powerauth.rest.api.model.request.v3.EciesEncryptedRequest;
import io.getlime.security.powerauth.rest.api.model.request.v3.VaultUnlockRequestPayload;
import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse;
import io.getlime.security.powerauth.rest.api.model.response.v3.VaultUnlockResponsePayload;
import java.io.FileWriter;
import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.security.interfaces.ECPublicKey;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.SecretKey;
import kong.unirest.HttpResponse;
import kong.unirest.Unirest;
import kong.unirest.UnirestException;
import org.json.simple.JSONObject;

/* loaded from: input_file:io/getlime/security/powerauth/lib/cmd/steps/v3/VaultUnlockStep.class */
public class VaultUnlockStep implements BaseStep {
    private static final KeyConvertor keyConvertor = new KeyConvertor();
    private static final KeyGenerator keyGenerator = new KeyGenerator();
    private static final PowerAuthClientSignature signature = new PowerAuthClientSignature();
    private static final PowerAuthClientKeyFactory keyFactory = new PowerAuthClientKeyFactory();
    private static final ObjectMapper mapper = RestClientConfiguration.defaultMapper();
    private static final EciesFactory eciesFactory = new EciesFactory();

    @Override // io.getlime.security.powerauth.lib.cmd.steps.BaseStep
    public JSONObject execute(StepLogger stepLogger, Map<String, Object> map) throws Exception {
        VaultUnlockStepModel vaultUnlockStepModel = new VaultUnlockStepModel();
        vaultUnlockStepModel.fromMap(map);
        if (stepLogger != null) {
            stepLogger.writeItem("vault-unlock-start", "Vault Unlock Started", null, "OK", null);
        }
        String str = vaultUnlockStepModel.getUriString() + "/pa/v3/vault/unlock";
        String stringValue = JsonUtil.stringValue(vaultUnlockStepModel.getResultStatusObject(), "activationId");
        byte[] decode = BaseEncoding.base64().decode(JsonUtil.stringValue(vaultUnlockStepModel.getResultStatusObject(), "signaturePossessionKey"));
        byte[] decode2 = BaseEncoding.base64().decode(JsonUtil.stringValue(vaultUnlockStepModel.getResultStatusObject(), "signatureBiometryKey"));
        byte[] decode3 = BaseEncoding.base64().decode(JsonUtil.stringValue(vaultUnlockStepModel.getResultStatusObject(), "signatureKnowledgeKeySalt"));
        byte[] decode4 = BaseEncoding.base64().decode(JsonUtil.stringValue(vaultUnlockStepModel.getResultStatusObject(), "signatureKnowledgeKeyEncrypted"));
        byte[] decode5 = BaseEncoding.base64().decode(JsonUtil.stringValue(vaultUnlockStepModel.getResultStatusObject(), "transportMasterKey"));
        byte[] decode6 = BaseEncoding.base64().decode(JsonUtil.stringValue(vaultUnlockStepModel.getResultStatusObject(), "encryptedDevicePrivateKey"));
        byte[] decode7 = BaseEncoding.base64().decode(JsonUtil.stringValue(vaultUnlockStepModel.getResultStatusObject(), "serverPublicKey"));
        char[] readPassword = vaultUnlockStepModel.getPassword() == null ? System.console().readPassword("Enter your password to unlock the knowledge related key: ", new Object[0]) : vaultUnlockStepModel.getPassword().toCharArray();
        SecretKey convertBytesToSharedSecretKey = keyConvertor.convertBytesToSharedSecretKey(decode);
        SecretKey signatureKnowledgeKey = EncryptedStorageUtil.getSignatureKnowledgeKey(readPassword, decode4, decode3, keyGenerator);
        SecretKey convertBytesToSharedSecretKey2 = keyConvertor.convertBytesToSharedSecretKey(decode2);
        SecretKey convertBytesToSharedSecretKey3 = keyConvertor.convertBytesToSharedSecretKey(decode5);
        byte[] generateRandomBytes = keyGenerator.generateRandomBytes(16);
        String reason = vaultUnlockStepModel.getReason();
        VaultUnlockRequestPayload vaultUnlockRequestPayload = new VaultUnlockRequestPayload();
        vaultUnlockRequestPayload.setReason(reason);
        boolean z = !"3.0".equals(vaultUnlockStepModel.getVersion());
        byte[] bytes = vaultUnlockStepModel.getApplicationSecret().getBytes(StandardCharsets.UTF_8);
        ECPublicKey eCPublicKey = (ECPublicKey) keyConvertor.convertBytesToPublicKey(decode7);
        EciesEncryptor eciesEncryptorForActivation = eciesFactory.getEciesEncryptorForActivation(eCPublicKey, bytes, decode5, EciesSharedInfo1.VAULT_UNLOCK);
        EciesCryptogram encryptRequest = eciesEncryptorForActivation.encryptRequest(RestClientConfiguration.defaultMapper().writeValueAsBytes(vaultUnlockRequestPayload), z);
        EciesEncryptedRequest eciesEncryptedRequest = new EciesEncryptedRequest();
        eciesEncryptedRequest.setEphemeralPublicKey(BaseEncoding.base64().encode(encryptRequest.getEphemeralPublicKey()));
        eciesEncryptedRequest.setEncryptedData(BaseEncoding.base64().encode(encryptRequest.getEncryptedData()));
        eciesEncryptedRequest.setMac(BaseEncoding.base64().encode(encryptRequest.getMac()));
        eciesEncryptedRequest.setNonce(z ? BaseEncoding.base64().encode(encryptRequest.getNonce()) : null);
        byte[] writeValueAsBytes = mapper.writeValueAsBytes(eciesEncryptedRequest);
        String buildHttpHeader = new PowerAuthSignatureHttpHeader(stringValue, vaultUnlockStepModel.getApplicationKey(), signature.signatureForData((PowerAuthHttpBody.getSignatureBaseString("POST", "/pa/vault/unlock", generateRandomBytes, writeValueAsBytes) + "&" + vaultUnlockStepModel.getApplicationSecret()).getBytes(StandardCharsets.UTF_8), keyFactory.keysForSignatureType(vaultUnlockStepModel.getSignatureType(), convertBytesToSharedSecretKey, signatureKnowledgeKey, convertBytesToSharedSecretKey2), CounterUtil.getCtrData(vaultUnlockStepModel, stepLogger), PowerAuthSignatureFormat.getFormatForSignatureVersion(vaultUnlockStepModel.getVersion())), vaultUnlockStepModel.getSignatureType().toString(), BaseEncoding.base64().encode(generateRandomBytes), vaultUnlockStepModel.getVersion()).buildHttpHeader();
        CounterUtil.incrementCounter(vaultUnlockStepModel);
        String writeValueAsString = mapper.writerWithDefaultPrettyPrinter().writeValueAsString(vaultUnlockStepModel.getResultStatusObject());
        FileWriter fileWriter = new FileWriter(vaultUnlockStepModel.getStatusFileName());
        Throwable th = null;
        try {
            try {
                fileWriter.write(writeValueAsString);
                if (fileWriter != null) {
                    if (0 != 0) {
                        try {
                            fileWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileWriter.close();
                    }
                }
                try {
                    Map<String, ?> hashMap = new HashMap<>();
                    hashMap.put("Accept", "application/json");
                    hashMap.put("Content-Type", "application/json");
                    hashMap.put("X-PowerAuth-Authorization", buildHttpHeader);
                    hashMap.putAll(vaultUnlockStepModel.getHeaders());
                    if (stepLogger != null) {
                        stepLogger.writeServerCall("vault-unlock-request-sent", str, "POST", eciesEncryptedRequest, hashMap);
                    }
                    HttpResponse asString = Unirest.post(str).headers(hashMap).body(writeValueAsBytes).asString();
                    if (asString.getStatus() != 200) {
                        if (stepLogger == null) {
                            return null;
                        }
                        stepLogger.writeServerCallError("vault-unlock-error-server-call", asString.getStatus(), asString.getBody(), HttpUtil.flattenHttpHeaders(asString.getHeaders()));
                        stepLogger.writeDoneFailed("vault-unlock-failed");
                        return null;
                    }
                    EciesEncryptedResponse eciesEncryptedResponse = (EciesEncryptedResponse) RestClientConfiguration.defaultMapper().readValue((String) asString.getBody(), EciesEncryptedResponse.class);
                    if (stepLogger != null) {
                        stepLogger.writeServerCallOK("vault-unlock-response-received", eciesEncryptedResponse, HttpUtil.flattenHttpHeaders(asString.getHeaders()));
                    }
                    VaultUnlockResponsePayload vaultUnlockResponsePayload = (VaultUnlockResponsePayload) mapper.readValue(eciesEncryptorForActivation.decryptResponse(new EciesCryptogram(BaseEncoding.base64().decode(eciesEncryptedResponse.getMac()), BaseEncoding.base64().decode(eciesEncryptedResponse.getEncryptedData()))), VaultUnlockResponsePayload.class);
                    if (stepLogger != null) {
                        stepLogger.writeItem("vault-unlock-response-decrypt", "Decrypted Response", "Following vault unlock data were decrypted", "OK", vaultUnlockResponsePayload);
                    }
                    byte[] decode8 = BaseEncoding.base64().decode(vaultUnlockResponsePayload.getEncryptedVaultEncryptionKey());
                    PowerAuthClientVault powerAuthClientVault = new PowerAuthClientVault();
                    SecretKey decryptVaultEncryptionKey = powerAuthClientVault.decryptVaultEncryptionKey(decode8, convertBytesToSharedSecretKey3);
                    PrivateKey decryptDevicePrivateKey = powerAuthClientVault.decryptDevicePrivateKey(decode6, decryptVaultEncryptionKey);
                    boolean equals = keyFactory.generateServerTransportKey(keyFactory.generateClientMasterSecretKey(decryptDevicePrivateKey, eCPublicKey)).equals(convertBytesToSharedSecretKey3);
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put("activationId", stringValue);
                    hashMap2.put("encryptedVaultEncryptionKey", BaseEncoding.base64().encode(decode8));
                    hashMap2.put("transportMasterKey", BaseEncoding.base64().encode(keyConvertor.convertSharedSecretKeyToBytes(convertBytesToSharedSecretKey3)));
                    hashMap2.put("vaultEncryptionKey", BaseEncoding.base64().encode(keyConvertor.convertSharedSecretKeyToBytes(decryptVaultEncryptionKey)));
                    hashMap2.put("devicePrivateKey", BaseEncoding.base64().encode(keyConvertor.convertPrivateKeyToBytes(decryptDevicePrivateKey)));
                    hashMap2.put("privateKeyDecryptionSuccessful", equals ? "true" : "false");
                    if (stepLogger != null) {
                        stepLogger.writeItem("vault-unlock-vault-unlocked", "Vault Unlocked", "Secure vault was successfully unlocked", "OK", hashMap2);
                        stepLogger.writeDoneOK("vault-unlock-success");
                    }
                    return vaultUnlockStepModel.getResultStatusObject();
                } catch (Exception e) {
                    if (stepLogger == null) {
                        return null;
                    }
                    stepLogger.writeError("vault-unlock-error-generic", e);
                    stepLogger.writeDoneFailed("vault-unlock-failed");
                    return null;
                } catch (UnirestException e2) {
                    if (stepLogger == null) {
                        return null;
                    }
                    stepLogger.writeServerCallConnectionError("vault-unlock-error-connection", e2);
                    stepLogger.writeDoneFailed("vault-unlock-failed");
                    return null;
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (fileWriter != null) {
                if (th != null) {
                    try {
                        fileWriter.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    fileWriter.close();
                }
            }
            throw th4;
        }
    }
}
