package io.getlime.security.powerauth.lib.cmd.steps.v3;

import com.google.common.io.BaseEncoding;
import io.getlime.security.powerauth.crypto.client.keyfactory.PowerAuthClientKeyFactory;
import io.getlime.security.powerauth.crypto.client.vault.PowerAuthClientVault;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesSharedInfo1;
import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor;
import io.getlime.security.powerauth.lib.cmd.consts.BackwardCompatibilityConst;
import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthConst;
import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthStep;
import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthVersion;
import io.getlime.security.powerauth.lib.cmd.header.PowerAuthHeaderFactory;
import io.getlime.security.powerauth.lib.cmd.logging.StepLogger;
import io.getlime.security.powerauth.lib.cmd.logging.StepLoggerFactory;
import io.getlime.security.powerauth.lib.cmd.status.ResultStatusService;
import io.getlime.security.powerauth.lib.cmd.steps.AbstractBaseStep;
import io.getlime.security.powerauth.lib.cmd.steps.context.RequestContext;
import io.getlime.security.powerauth.lib.cmd.steps.context.StepContext;
import io.getlime.security.powerauth.lib.cmd.steps.model.VaultUnlockStepModel;
import io.getlime.security.powerauth.lib.cmd.steps.pojo.ResultStatusObject;
import io.getlime.security.powerauth.lib.cmd.util.RestClientConfiguration;
import io.getlime.security.powerauth.rest.api.model.request.v3.VaultUnlockRequestPayload;
import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse;
import io.getlime.security.powerauth.rest.api.model.response.v3.VaultUnlockResponsePayload;
import java.security.PrivateKey;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.SecretKey;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.stereotype.Component;

@Component("vaultUnlockStepV3")
/* loaded from: input_file:io/getlime/security/powerauth/lib/cmd/steps/v3/VaultUnlockStep.class */
public class VaultUnlockStep extends AbstractBaseStep<VaultUnlockStepModel, EciesEncryptedResponse> {
    private final PowerAuthHeaderFactory powerAuthHeaderFactory;
    private static final KeyConvertor KEY_CONVERTOR = new KeyConvertor();
    private static final PowerAuthClientKeyFactory KEY_FACTORY = new PowerAuthClientKeyFactory();

    @Autowired
    public VaultUnlockStep(PowerAuthHeaderFactory powerAuthHeaderFactory, ResultStatusService resultStatusService, StepLoggerFactory stepLoggerFactory) {
        super(PowerAuthStep.VAULT_UNLOCK, PowerAuthVersion.VERSION_3, resultStatusService, stepLoggerFactory);
        this.powerAuthHeaderFactory = powerAuthHeaderFactory;
    }

    public VaultUnlockStep() {
        this(BackwardCompatibilityConst.POWER_AUTH_HEADER_FACTORY, BackwardCompatibilityConst.RESULT_STATUS_SERVICE, BackwardCompatibilityConst.STEP_LOGGER_FACTORY);
    }

    @Override // io.getlime.security.powerauth.lib.cmd.steps.AbstractBaseStep
    protected ParameterizedTypeReference<EciesEncryptedResponse> getResponseTypeReference() {
        return PowerAuthConst.RESPONSE_TYPE_REFERENCE_V3;
    }

    @Override // io.getlime.security.powerauth.lib.cmd.steps.AbstractBaseStep
    public StepContext<VaultUnlockStepModel, EciesEncryptedResponse> prepareStepContext(StepLogger stepLogger, Map<String, Object> map) throws Exception {
        VaultUnlockStepModel vaultUnlockStepModel = new VaultUnlockStepModel();
        vaultUnlockStepModel.fromMap(map);
        StepContext<VaultUnlockStepModel, EciesEncryptedResponse> buildStepContext = buildStepContext(stepLogger, vaultUnlockStepModel, RequestContext.builder().signatureHttpMethod("POST").signatureRequestUri("/pa/vault/unlock").uri(vaultUnlockStepModel.getUriString() + "/pa/v3/vault/unlock").build());
        VaultUnlockRequestPayload vaultUnlockRequestPayload = new VaultUnlockRequestPayload();
        vaultUnlockRequestPayload.setReason(vaultUnlockStepModel.getReason());
        addEncryptedRequest(buildStepContext, vaultUnlockStepModel.getApplicationSecret(), EciesSharedInfo1.VAULT_UNLOCK, RestClientConfiguration.defaultMapper().writeValueAsBytes(vaultUnlockRequestPayload));
        this.powerAuthHeaderFactory.getHeaderProvider((PowerAuthHeaderFactory) vaultUnlockStepModel).addHeader(buildStepContext);
        incrementCounter(vaultUnlockStepModel);
        return buildStepContext;
    }

    @Override // io.getlime.security.powerauth.lib.cmd.steps.AbstractBaseStep
    public void processResponse(StepContext<VaultUnlockStepModel, EciesEncryptedResponse> stepContext) throws Exception {
        VaultUnlockResponsePayload vaultUnlockResponsePayload = (VaultUnlockResponsePayload) decryptResponse(stepContext, VaultUnlockResponsePayload.class);
        ResultStatusObject resultStatus = stepContext.getModel().getResultStatus();
        SecretKey transportMasterKeyObject = resultStatus.getTransportMasterKeyObject();
        byte[] encryptedDevicePrivateKeyBytes = resultStatus.getEncryptedDevicePrivateKeyBytes();
        byte[] decode = BaseEncoding.base64().decode(vaultUnlockResponsePayload.getEncryptedVaultEncryptionKey());
        PowerAuthClientVault powerAuthClientVault = new PowerAuthClientVault();
        SecretKey decryptVaultEncryptionKey = powerAuthClientVault.decryptVaultEncryptionKey(decode, transportMasterKeyObject);
        PrivateKey decryptDevicePrivateKey = powerAuthClientVault.decryptDevicePrivateKey(encryptedDevicePrivateKeyBytes, decryptVaultEncryptionKey);
        boolean equals = KEY_FACTORY.generateServerTransportKey(KEY_FACTORY.generateClientMasterSecretKey(decryptDevicePrivateKey, resultStatus.getServerPublicKeyObject())).equals(transportMasterKeyObject);
        HashMap hashMap = new HashMap();
        hashMap.put("activationId", resultStatus.getActivationId());
        hashMap.put("encryptedVaultEncryptionKey", BaseEncoding.base64().encode(decode));
        hashMap.put("transportMasterKey", BaseEncoding.base64().encode(KEY_CONVERTOR.convertSharedSecretKeyToBytes(transportMasterKeyObject)));
        hashMap.put("vaultEncryptionKey", BaseEncoding.base64().encode(KEY_CONVERTOR.convertSharedSecretKeyToBytes(decryptVaultEncryptionKey)));
        hashMap.put("devicePrivateKey", BaseEncoding.base64().encode(KEY_CONVERTOR.convertPrivateKeyToBytes(decryptDevicePrivateKey)));
        hashMap.put("privateKeyDecryptionSuccessful", equals ? "true" : "false");
        stepContext.getStepLogger().writeItem(getStep().id() + "-vault-unlocked", "Vault Unlocked", "Secure vault was successfully unlocked", "OK", hashMap);
    }
}
