package io.getlime.security.powerauth.lib.cmd.steps.v2;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.io.BaseEncoding;
import com.wultra.core.rest.client.base.RestClient;
import com.wultra.core.rest.client.base.RestClientException;
import io.getlime.core.rest.model.base.request.ObjectRequest;
import io.getlime.core.rest.model.base.response.ObjectResponse;
import io.getlime.security.powerauth.crypto.client.activation.PowerAuthClientActivation;
import io.getlime.security.powerauth.crypto.client.encryptor.ClientNonPersonalizedEncryptor;
import io.getlime.security.powerauth.crypto.client.keyfactory.PowerAuthClientKeyFactory;
import io.getlime.security.powerauth.crypto.client.vault.PowerAuthClientVault;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.NonPersonalizedEncryptedMessage;
import io.getlime.security.powerauth.crypto.lib.generator.KeyGenerator;
import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor;
import io.getlime.security.powerauth.http.PowerAuthRequestCanonizationUtils;
import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthStep;
import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthVersion;
import io.getlime.security.powerauth.lib.cmd.logging.StepLogger;
import io.getlime.security.powerauth.lib.cmd.steps.model.CreateActivationStepModel;
import io.getlime.security.powerauth.lib.cmd.steps.pojo.ResultStatusObject;
import io.getlime.security.powerauth.lib.cmd.util.EncryptedStorageUtil;
import io.getlime.security.powerauth.lib.cmd.util.HttpUtil;
import io.getlime.security.powerauth.lib.cmd.util.MapUtil;
import io.getlime.security.powerauth.lib.cmd.util.RestClientConfiguration;
import io.getlime.security.powerauth.lib.cmd.util.RestClientFactory;
import io.getlime.security.powerauth.rest.api.model.entity.NonPersonalizedEncryptedPayloadModel;
import io.getlime.security.powerauth.rest.api.model.request.v2.ActivationCreateCustomRequest;
import io.getlime.security.powerauth.rest.api.model.request.v2.ActivationCreateRequest;
import io.getlime.security.powerauth.rest.api.model.response.v2.ActivationCreateResponse;
import java.io.FileWriter;
import java.net.URLEncoder;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import javax.crypto.SecretKey;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;
import org.springframework.util.MultiValueMap;

@Component("createActivationStepV2")
/* loaded from: input_file:io/getlime/security/powerauth/lib/cmd/steps/v2/CreateActivationStep.class */
public class CreateActivationStep extends AbstractBaseStepV2 {
    private static final PowerAuthClientActivation activation = new PowerAuthClientActivation();
    private static final KeyConvertor keyConvertor = new KeyConvertor();
    private static final PowerAuthClientKeyFactory keyFactory = new PowerAuthClientKeyFactory();
    private static final KeyGenerator keyGenerator = new KeyGenerator();
    private static final PowerAuthClientVault vault = new PowerAuthClientVault();
    private static final ObjectMapper mapper = RestClientConfiguration.defaultMapper();

    @Autowired
    public CreateActivationStep(StepLogger stepLogger) {
        super(PowerAuthStep.ACTIVATION_CREATE_CUSTOM, PowerAuthVersion.VERSION_2, stepLogger);
    }

    public CreateActivationStep() {
        this(DEFAULT_STEP_LOGGER);
    }

    @Override // io.getlime.security.powerauth.lib.cmd.steps.BaseStep
    public ResultStatusObject execute(Map<String, Object> map) throws Exception {
        CreateActivationStepModel createActivationStepModel = new CreateActivationStepModel();
        createActivationStepModel.fromMap(map);
        String uriString = createActivationStepModel.getUriString();
        Map<String, String> identityAttributes = createActivationStepModel.getIdentityAttributes();
        this.stepLogger.writeItem("activation-create-custom-identity-attributes", "Identity Attributes", "Following attributes are used to authenticate user", "OK", identityAttributes);
        Map<String, Object> customAttributes = createActivationStepModel.getCustomAttributes();
        this.stepLogger.writeItem("activation-create-custom-custom-attributes", "Custom Attributes", "Following attributes are used as custom attributes for the request", "OK", customAttributes);
        String activationOtp = createActivationStepModel.getActivationOtp() != null ? createActivationStepModel.getActivationOtp() : "00000-00000";
        this.stepLogger.writeItem("activation-create-custom-activation-otp-use", "Using activation OTP", "Following string is used as activation OTP ('00000-00000' is used by default)'", "OK", activationOtp);
        String str = null;
        for (String str2 : identityAttributes.keySet()) {
            String str3 = URLEncoder.encode(str2, "UTF-8") + "=" + URLEncoder.encode(identityAttributes.get(str2), "UTF-8");
            str = str == null ? str3 : str + "&" + str3;
        }
        if (str == null) {
            this.stepLogger.writeError("activation-create-custom-error-identity-attributes", "No identity attributes were provided - exiting.");
            this.stepLogger.writeDoneFailed("activation-create-custom-failed");
            return null;
        }
        String canonizeGetParameters = PowerAuthRequestCanonizationUtils.canonizeGetParameters(str);
        if (canonizeGetParameters == null) {
            this.stepLogger.writeError("activation-create-custom-error-query-string", "Failed to extract parameters from query string - exiting.");
            this.stepLogger.writeDoneFailed("activation-create-custom-failed");
            return null;
        }
        this.stepLogger.writeItem("activation-create-custom-identity-string", "Building identity string", "Using following normalized identity string", "OK", canonizeGetParameters);
        KeyPair generateKeyPair = keyGenerator.generateKeyPair();
        KeyPair generateDeviceKeyPair = activation.generateDeviceKeyPair();
        byte[] generateActivationNonce = activation.generateActivationNonce();
        byte[] encryptDevicePublicKey = activation.encryptDevicePublicKey(generateDeviceKeyPair.getPublic(), generateKeyPair.getPrivate(), createActivationStepModel.getMasterPublicKey(), activationOtp, canonizeGetParameters, generateActivationNonce);
        byte[] computeApplicationSignature = activation.computeApplicationSignature(canonizeGetParameters, generateActivationNonce, encryptDevicePublicKey, BaseEncoding.base64().decode(createActivationStepModel.getApplicationKey()), BaseEncoding.base64().decode(createActivationStepModel.getApplicationSecret()));
        byte[] convertPublicKeyToBytes = keyConvertor.convertPublicKeyToBytes(generateKeyPair.getPublic());
        ActivationCreateRequest activationCreateRequest = new ActivationCreateRequest();
        activationCreateRequest.setActivationIdShort(canonizeGetParameters);
        activationCreateRequest.setApplicationKey(createActivationStepModel.getApplicationKey());
        activationCreateRequest.setActivationName(createActivationStepModel.getActivationName());
        activationCreateRequest.setActivationNonce(BaseEncoding.base64().encode(generateActivationNonce));
        activationCreateRequest.setEphemeralPublicKey(BaseEncoding.base64().encode(convertPublicKeyToBytes));
        activationCreateRequest.setEncryptedDevicePublicKey(BaseEncoding.base64().encode(encryptDevicePublicKey));
        activationCreateRequest.setApplicationSignature(BaseEncoding.base64().encode(computeApplicationSignature));
        ActivationCreateCustomRequest activationCreateCustomRequest = new ActivationCreateCustomRequest();
        activationCreateCustomRequest.setIdentity(identityAttributes);
        activationCreateCustomRequest.setCustomAttributes(customAttributes);
        activationCreateCustomRequest.setPowerauth(activationCreateRequest);
        this.stepLogger.writeItem("activation-create-custom-request-prepare", "Building activation request object", "Following activation attributes will be encrypted and sent to the server", "OK", activationCreateCustomRequest);
        byte[] writeValueAsBytes = mapper.writeValueAsBytes(activationCreateCustomRequest);
        ClientNonPersonalizedEncryptor clientNonPersonalizedEncryptor = new ClientNonPersonalizedEncryptor(BaseEncoding.base64().decode(createActivationStepModel.getApplicationKey()), createActivationStepModel.getMasterPublicKey());
        NonPersonalizedEncryptedMessage encrypt = clientNonPersonalizedEncryptor.encrypt(writeValueAsBytes);
        NonPersonalizedEncryptedPayloadModel nonPersonalizedEncryptedPayloadModel = new NonPersonalizedEncryptedPayloadModel();
        nonPersonalizedEncryptedPayloadModel.setAdHocIndex(BaseEncoding.base64().encode(encrypt.getAdHocIndex()));
        nonPersonalizedEncryptedPayloadModel.setApplicationKey(BaseEncoding.base64().encode(encrypt.getApplicationKey()));
        nonPersonalizedEncryptedPayloadModel.setEncryptedData(BaseEncoding.base64().encode(encrypt.getEncryptedData()));
        nonPersonalizedEncryptedPayloadModel.setEphemeralPublicKey(BaseEncoding.base64().encode(encrypt.getEphemeralPublicKey()));
        nonPersonalizedEncryptedPayloadModel.setMac(BaseEncoding.base64().encode(encrypt.getMac()));
        nonPersonalizedEncryptedPayloadModel.setMacIndex(BaseEncoding.base64().encode(encrypt.getMacIndex()));
        nonPersonalizedEncryptedPayloadModel.setNonce(BaseEncoding.base64().encode(encrypt.getNonce()));
        nonPersonalizedEncryptedPayloadModel.setSessionIndex(BaseEncoding.base64().encode(encrypt.getSessionIndex()));
        ObjectRequest objectRequest = new ObjectRequest();
        objectRequest.setRequestObject(nonPersonalizedEncryptedPayloadModel);
        this.stepLogger.writeItem("activation-create-custom-request-encrypt", "Encrypting request object", "Following encrypted object is used for activation", "OK", objectRequest);
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("Accept", "application/json");
            hashMap.put("Content-Type", "application/json");
            hashMap.putAll(createActivationStepModel.getHeaders());
            this.stepLogger.writeServerCall("activation-create-custom-request-sent", uriString, "POST", activationCreateCustomRequest, writeValueAsBytes, hashMap);
            RestClient restClient = RestClientFactory.getRestClient();
            if (restClient == null) {
                return null;
            }
            try {
                ResponseEntity post = restClient.post(uriString, objectRequest, (MultiValueMap) null, MapUtil.toMultiValueMap(hashMap), new ParameterizedTypeReference<ObjectResponse<NonPersonalizedEncryptedPayloadModel>>() { // from class: io.getlime.security.powerauth.lib.cmd.steps.v2.CreateActivationStep.1
                });
                ObjectResponse objectResponse = (ObjectResponse) Objects.requireNonNull((ObjectResponse) post.getBody());
                this.stepLogger.writeServerCallOK("activation-create-custom-response-received", objectResponse, HttpUtil.flattenHttpHeaders(post.getHeaders()));
                NonPersonalizedEncryptedPayloadModel nonPersonalizedEncryptedPayloadModel2 = (NonPersonalizedEncryptedPayloadModel) objectResponse.getResponseObject();
                encrypt.setApplicationKey(BaseEncoding.base64().decode(nonPersonalizedEncryptedPayloadModel2.getApplicationKey()));
                encrypt.setAdHocIndex(BaseEncoding.base64().decode(nonPersonalizedEncryptedPayloadModel2.getAdHocIndex()));
                encrypt.setEphemeralPublicKey(BaseEncoding.base64().decode(nonPersonalizedEncryptedPayloadModel2.getEphemeralPublicKey()));
                encrypt.setEncryptedData(BaseEncoding.base64().decode(nonPersonalizedEncryptedPayloadModel2.getEncryptedData()));
                encrypt.setMac(BaseEncoding.base64().decode(nonPersonalizedEncryptedPayloadModel2.getMac()));
                encrypt.setMacIndex(BaseEncoding.base64().decode(nonPersonalizedEncryptedPayloadModel2.getMacIndex()));
                encrypt.setNonce(BaseEncoding.base64().decode(nonPersonalizedEncryptedPayloadModel2.getNonce()));
                encrypt.setSessionIndex(BaseEncoding.base64().decode(nonPersonalizedEncryptedPayloadModel2.getSessionIndex()));
                ActivationCreateResponse activationCreateResponse = (ActivationCreateResponse) mapper.readValue(clientNonPersonalizedEncryptor.decrypt(encrypt), ActivationCreateResponse.class);
                this.stepLogger.writeItem("activation-create-custom-response-decrypt", "Decrypted response", "Following activation data were decrypted", "OK", activationCreateResponse);
                String activationId = activationCreateResponse.getActivationId();
                byte[] decode = BaseEncoding.base64().decode(activationCreateResponse.getActivationNonce());
                byte[] decode2 = BaseEncoding.base64().decode(activationCreateResponse.getEncryptedServerPublicKey());
                byte[] decode3 = BaseEncoding.base64().decode(activationCreateResponse.getEncryptedServerPublicKeySignature());
                PublicKey convertBytesToPublicKey = keyConvertor.convertBytesToPublicKey(BaseEncoding.base64().decode(activationCreateResponse.getEphemeralPublicKey()));
                if (!activation.verifyServerDataSignature(activationId, decode2, decode3, createActivationStepModel.getMasterPublicKey())) {
                    this.stepLogger.writeError("activation-create-custom-error-signature-data", "Activation data signature does not match. Either someone tried to spoof your connection, or your device master key is invalid.");
                    this.stepLogger.writeDoneFailed("activation-create-custom-failed");
                    return null;
                }
                PublicKey decryptServerPublicKey = activation.decryptServerPublicKey(decode2, generateDeviceKeyPair.getPrivate(), convertBytesToPublicKey, activationOtp, canonizeGetParameters, decode);
                SecretKey generateClientMasterSecretKey = keyFactory.generateClientMasterSecretKey(generateDeviceKeyPair.getPrivate(), decryptServerPublicKey);
                SecretKey generateClientSignaturePossessionKey = keyFactory.generateClientSignaturePossessionKey(generateClientMasterSecretKey);
                SecretKey generateClientSignatureKnowledgeKey = keyFactory.generateClientSignatureKnowledgeKey(generateClientMasterSecretKey);
                SecretKey generateClientSignatureBiometryKey = keyFactory.generateClientSignatureBiometryKey(generateClientMasterSecretKey);
                SecretKey generateServerTransportKey = keyFactory.generateServerTransportKey(generateClientMasterSecretKey);
                byte[] encryptDevicePrivateKey = vault.encryptDevicePrivateKey(generateDeviceKeyPair.getPrivate(), keyFactory.generateServerEncryptedVaultKey(generateClientMasterSecretKey));
                char[] readPassword = createActivationStepModel.getPassword() == null ? System.console().readPassword("Select a password to encrypt the knowledge related key: ", new Object[0]) : createActivationStepModel.getPassword().toCharArray();
                byte[] generateRandomBytes = keyGenerator.generateRandomBytes(16);
                byte[] storeSignatureKnowledgeKey = EncryptedStorageUtil.storeSignatureKnowledgeKey(readPassword, generateClientSignatureKnowledgeKey, generateRandomBytes, keyGenerator);
                ResultStatusObject resultStatus = createActivationStepModel.getResultStatus();
                resultStatus.setActivationId(activationId);
                resultStatus.setCounter(0L);
                resultStatus.setCtrData(null);
                resultStatus.setEncryptedDevicePrivateKeyBytes(encryptDevicePrivateKey);
                resultStatus.setServerPublicKeyObject(decryptServerPublicKey);
                resultStatus.setSignatureBiometryKeyObject(generateClientSignatureBiometryKey);
                resultStatus.setSignatureKnowledgeKeyEncryptedBytes(storeSignatureKnowledgeKey);
                resultStatus.setSignatureKnowledgeKeySaltBytes(generateRandomBytes);
                resultStatus.setSignaturePossessionKeyObject(generateClientSignaturePossessionKey);
                resultStatus.setTransportMasterKeyObject(generateServerTransportKey);
                resultStatus.setVersion(2L);
                createActivationStepModel.setResultStatus(resultStatus);
                String writeValueAsString = mapper.writerWithDefaultPrettyPrinter().writeValueAsString(createActivationStepModel.getResultStatus());
                FileWriter fileWriter = new FileWriter(createActivationStepModel.getStatusFileName());
                try {
                    fileWriter.write(writeValueAsString);
                    fileWriter.close();
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put("activationId", activationId);
                    hashMap2.put("activationStatusFile", createActivationStepModel.getStatusFileName());
                    hashMap2.put("activationStatusFileContent", createActivationStepModel.getResultStatus());
                    hashMap2.put("deviceKeyFingerprint", activation.computeActivationFingerprint(generateDeviceKeyPair.getPublic()));
                    this.stepLogger.writeItem("activation-create-custom-activation-done", "Activation Done", "Public key exchange was successfully completed, commit the activation on server if required", "OK", hashMap2);
                    this.stepLogger.writeDoneOK("activation-create-custom-success");
                    return createActivationStepModel.getResultStatus();
                } finally {
                }
            } catch (RestClientException e) {
                this.stepLogger.writeServerCallError("activation-create-custom-error-server-call", e.getStatusCode().value(), e.getResponse(), HttpUtil.flattenHttpHeaders(e.getResponseHeaders()));
                this.stepLogger.writeDoneFailed("activation-create-custom-failed");
                return null;
            }
        } catch (Exception e2) {
            this.stepLogger.writeError("activation-create-custom-error-generic", e2);
            this.stepLogger.writeDoneFailed("activation-create-custom-failed");
            return null;
        }
    }
}
