package io.getlime.security.powerauth.lib.cmd.steps.v3;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.io.BaseEncoding;
import io.getlime.security.powerauth.crypto.client.keyfactory.PowerAuthClientKeyFactory;
import io.getlime.security.powerauth.crypto.client.signature.PowerAuthClientSignature;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.EciesEncryptor;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.EciesFactory;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesCryptogram;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesSharedInfo1;
import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureFormat;
import io.getlime.security.powerauth.crypto.lib.generator.KeyGenerator;
import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor;
import io.getlime.security.powerauth.http.PowerAuthHttpBody;
import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader;
import io.getlime.security.powerauth.lib.cmd.logging.StepLogger;
import io.getlime.security.powerauth.lib.cmd.steps.BaseStep;
import io.getlime.security.powerauth.lib.cmd.steps.model.VerifySignatureStepModel;
import io.getlime.security.powerauth.lib.cmd.util.CounterUtil;
import io.getlime.security.powerauth.lib.cmd.util.EncryptedStorageUtil;
import io.getlime.security.powerauth.lib.cmd.util.HttpUtil;
import io.getlime.security.powerauth.lib.cmd.util.JsonUtil;
import io.getlime.security.powerauth.lib.cmd.util.RestClientConfiguration;
import io.getlime.security.powerauth.lib.cmd.util.VerifySignatureUtil;
import io.getlime.security.powerauth.rest.api.model.request.v3.EciesEncryptedRequest;
import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse;
import java.io.FileWriter;
import java.nio.charset.StandardCharsets;
import java.security.interfaces.ECPublicKey;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.SecretKey;
import kong.unirest.HttpResponse;
import kong.unirest.Unirest;
import kong.unirest.UnirestException;
import org.json.simple.JSONObject;

/* loaded from: input_file:io/getlime/security/powerauth/lib/cmd/steps/v3/SignAndEncryptStep.class */
public class SignAndEncryptStep implements BaseStep {
    private static final KeyConvertor keyConvertor = new KeyConvertor();
    private static final KeyGenerator keyGenerator = new KeyGenerator();
    private static final PowerAuthClientSignature signature = new PowerAuthClientSignature();
    private static final PowerAuthClientKeyFactory keyFactory = new PowerAuthClientKeyFactory();
    private static final ObjectMapper mapper = RestClientConfiguration.defaultMapper();
    private static final EciesFactory eciesFactory = new EciesFactory();

    @Override // io.getlime.security.powerauth.lib.cmd.steps.BaseStep
    public JSONObject execute(StepLogger stepLogger, Map<String, Object> map) throws Exception {
        VerifySignatureStepModel verifySignatureStepModel = new VerifySignatureStepModel();
        verifySignatureStepModel.fromMap(map);
        if (stepLogger != null) {
            stepLogger.writeItem("sign-encrypt-start", "Sign and Encrypt Request Started", null, "OK", null);
        }
        if (verifySignatureStepModel.getHttpMethod() == null) {
            if (stepLogger == null) {
                return null;
            }
            stepLogger.writeError("sign-encrypt-error-http-method", "HTTP method not specified", "Specify HTTP method to use for sending request");
            stepLogger.writeDoneFailed("sign-encrypt-failed");
            return null;
        }
        if (!"POST".equals(verifySignatureStepModel.getHttpMethod().toUpperCase())) {
            if (stepLogger == null) {
                return null;
            }
            stepLogger.writeError("sign-encrypt-error-http-method-invalid", "Sign and Encrypt Request Failed", "Unsupported HTTP method: " + verifySignatureStepModel.getHttpMethod().toUpperCase());
            stepLogger.writeDoneFailed("sign-encrypt-failed");
            return null;
        }
        byte[] data = verifySignatureStepModel.getData();
        if (data == null) {
            if (stepLogger == null) {
                return null;
            }
            stepLogger.writeError("sign-encrypt-error-file", "Sign and Encrypt Request Failed", "Request data for encryption and signing is null.");
            stepLogger.writeDoneFailed("sign-encrypt-failed");
            return null;
        }
        if (stepLogger != null) {
            stepLogger.writeItem("sign-encrypt-request-prepare", "Preparing Request Data", "Following data will be encrypted", "OK", data);
        }
        String stringValue = JsonUtil.stringValue(verifySignatureStepModel.getResultStatusObject(), "activationId");
        long longValue = JsonUtil.longValue(verifySignatureStepModel.getResultStatusObject(), "counter");
        byte[] decode = BaseEncoding.base64().decode(JsonUtil.stringValue(verifySignatureStepModel.getResultStatusObject(), "signaturePossessionKey"));
        byte[] decode2 = BaseEncoding.base64().decode(JsonUtil.stringValue(verifySignatureStepModel.getResultStatusObject(), "signatureBiometryKey"));
        byte[] decode3 = BaseEncoding.base64().decode(JsonUtil.stringValue(verifySignatureStepModel.getResultStatusObject(), "signatureKnowledgeKeySalt"));
        byte[] decode4 = BaseEncoding.base64().decode(JsonUtil.stringValue(verifySignatureStepModel.getResultStatusObject(), "signatureKnowledgeKeyEncrypted"));
        char[] knowledgeKeyPassword = VerifySignatureUtil.getKnowledgeKeyPassword(verifySignatureStepModel);
        SecretKey convertBytesToSharedSecretKey = keyConvertor.convertBytesToSharedSecretKey(decode);
        SecretKey signatureKnowledgeKey = EncryptedStorageUtil.getSignatureKnowledgeKey(knowledgeKeyPassword, decode4, decode3, keyGenerator);
        SecretKey convertBytesToSharedSecretKey2 = keyConvertor.convertBytesToSharedSecretKey(decode2);
        byte[] generateRandomBytes = keyGenerator.generateRandomBytes(16);
        byte[] extractRequestDataBytes = VerifySignatureUtil.extractRequestDataBytes(verifySignatureStepModel, stepLogger);
        String str = PowerAuthHttpBody.getSignatureBaseString(verifySignatureStepModel.getHttpMethod().toUpperCase(), verifySignatureStepModel.getResourceId(), generateRandomBytes, extractRequestDataBytes) + "&" + verifySignatureStepModel.getApplicationSecret();
        byte[] ctrData = CounterUtil.getCtrData(verifySignatureStepModel, stepLogger);
        String buildHttpHeader = new PowerAuthSignatureHttpHeader(stringValue, verifySignatureStepModel.getApplicationKey(), signature.signatureForData(str.getBytes(StandardCharsets.UTF_8), keyFactory.keysForSignatureType(verifySignatureStepModel.getSignatureType(), convertBytesToSharedSecretKey, signatureKnowledgeKey, convertBytesToSharedSecretKey2), ctrData, PowerAuthSignatureFormat.getFormatForSignatureVersion(verifySignatureStepModel.getVersion())), verifySignatureStepModel.getSignatureType().toString(), BaseEncoding.base64().encode(generateRandomBytes), verifySignatureStepModel.getVersion()).buildHttpHeader();
        CounterUtil.incrementCounter(verifySignatureStepModel);
        String writeValueAsString = mapper.writerWithDefaultPrettyPrinter().writeValueAsString(verifySignatureStepModel.getResultStatusObject());
        FileWriter fileWriter = new FileWriter(verifySignatureStepModel.getStatusFileName());
        Throwable th = null;
        try {
            fileWriter.write(writeValueAsString);
            if (fileWriter != null) {
                if (0 != 0) {
                    try {
                        fileWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    fileWriter.close();
                }
            }
            String stringValue2 = JsonUtil.stringValue(verifySignatureStepModel.getResultStatusObject(), "transportMasterKey");
            String stringValue3 = JsonUtil.stringValue(verifySignatureStepModel.getResultStatusObject(), "serverPublicKey");
            EciesEncryptor eciesEncryptorForActivation = eciesFactory.getEciesEncryptorForActivation((ECPublicKey) keyConvertor.convertBytesToPublicKey(BaseEncoding.base64().decode(stringValue3)), verifySignatureStepModel.getApplicationSecret().getBytes(StandardCharsets.UTF_8), BaseEncoding.base64().decode(stringValue2), EciesSharedInfo1.ACTIVATION_SCOPE_GENERIC);
            if (stepLogger != null) {
                HashMap hashMap = new HashMap();
                hashMap.put("counter", String.valueOf(longValue));
                if (JsonUtil.intValue(verifySignatureStepModel.getResultStatusObject(), "version") == 3) {
                    hashMap.put("ctrData", BaseEncoding.base64().encode(ctrData));
                }
                hashMap.put("signatureBaseString", str);
                hashMap.put("resourceId", verifySignatureStepModel.getResourceId());
                hashMap.put("nonce", BaseEncoding.base64().encode(generateRandomBytes));
                hashMap.put("applicationKey", verifySignatureStepModel.getApplicationKey());
                hashMap.put("applicationSecret", verifySignatureStepModel.getApplicationSecret());
                hashMap.put("transportKey", stringValue2);
                hashMap.put("serverPublicKey", stringValue3);
                hashMap.put("activationId", stringValue);
                stepLogger.writeItem("sign-encrypt-signature-computed", "Signature Calculation Parameters", "Low level cryptographic inputs required to compute signature and keys used for data encryption.", "OK", hashMap);
            }
            boolean z = !"3.0".equals(verifySignatureStepModel.getVersion());
            EciesCryptogram encryptRequest = eciesEncryptorForActivation.encryptRequest(data, z);
            EciesEncryptedRequest eciesEncryptedRequest = new EciesEncryptedRequest();
            String encode = BaseEncoding.base64().encode(encryptRequest.getEphemeralPublicKey());
            String encode2 = BaseEncoding.base64().encode(encryptRequest.getEncryptedData());
            String encode3 = BaseEncoding.base64().encode(encryptRequest.getMac());
            String encode4 = z ? BaseEncoding.base64().encode(encryptRequest.getNonce()) : null;
            eciesEncryptedRequest.setEphemeralPublicKey(encode);
            eciesEncryptedRequest.setEncryptedData(encode2);
            eciesEncryptedRequest.setMac(encode3);
            eciesEncryptedRequest.setNonce(encode4);
            byte[] writeValueAsBytes = RestClientConfiguration.defaultMapper().writeValueAsBytes(eciesEncryptedRequest);
            if (stepLogger != null) {
                stepLogger.writeItem("sign-encrypt-request-encrypt", "Encrypting Request Data", "Following data is sent to intermediate server", "OK", eciesEncryptedRequest);
            }
            try {
                Map<String, ?> hashMap2 = new HashMap<>();
                hashMap2.put("Accept", "application/json");
                hashMap2.put("Content-Type", "application/json");
                hashMap2.put("X-PowerAuth-Authorization", buildHttpHeader);
                hashMap2.putAll(verifySignatureStepModel.getHeaders());
                if (stepLogger != null) {
                    stepLogger.writeServerCall("sign-encrypt-request-sent", verifySignatureStepModel.getUriString(), verifySignatureStepModel.getHttpMethod().toUpperCase(), new String(extractRequestDataBytes, StandardCharsets.UTF_8), hashMap2);
                }
                HttpResponse asString = Unirest.post(verifySignatureStepModel.getUriString()).headers(hashMap2).body(writeValueAsBytes).asString();
                if (asString.getStatus() != 200) {
                    if (stepLogger == null) {
                        return null;
                    }
                    stepLogger.writeServerCallError("sign-encrypt-error-server-call", asString.getStatus(), asString.getBody(), HttpUtil.flattenHttpHeaders(asString.getHeaders()));
                    stepLogger.writeDoneFailed("sign-encrypt-failed");
                    return null;
                }
                EciesEncryptedResponse eciesEncryptedResponse = (EciesEncryptedResponse) RestClientConfiguration.defaultMapper().readValue((String) asString.getBody(), EciesEncryptedResponse.class);
                if (stepLogger != null) {
                    stepLogger.writeServerCallOK("sign-encrypt-response-received", eciesEncryptedResponse, HttpUtil.flattenHttpHeaders(asString.getHeaders()));
                }
                Object str2 = new String(eciesEncryptorForActivation.decryptResponse(new EciesCryptogram(BaseEncoding.base64().decode(eciesEncryptedResponse.getMac()), BaseEncoding.base64().decode(eciesEncryptedResponse.getEncryptedData()))), StandardCharsets.UTF_8);
                verifySignatureStepModel.getResultStatusObject().put("responseData", str2);
                if (stepLogger != null) {
                    stepLogger.writeItem("sign-encrypt-response-decrypted", "Decrypted Response", "Following data were decrypted", "OK", str2);
                    stepLogger.writeDoneOK("sign-encrypt-success");
                }
                return verifySignatureStepModel.getResultStatusObject();
            } catch (UnirestException e) {
                if (stepLogger == null) {
                    return null;
                }
                stepLogger.writeServerCallConnectionError("sign-encrypt-error-connection", e);
                stepLogger.writeDoneFailed("sign-encrypt-failed");
                return null;
            } catch (Exception e2) {
                if (stepLogger == null) {
                    return null;
                }
                stepLogger.writeError("sign-encrypt-error-generic", e2);
                stepLogger.writeDoneFailed("sign-encrypt-failed");
                return null;
            }
        } catch (Throwable th3) {
            if (fileWriter != null) {
                if (0 != 0) {
                    try {
                        fileWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileWriter.close();
                }
            }
            throw th3;
        }
    }
}
