package io.getlime.security.powerauth.lib.cmd.steps;

import com.google.common.io.BaseEncoding;
import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureFormat;
import io.getlime.security.powerauth.crypto.lib.generator.KeyGenerator;
import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor;
import io.getlime.security.powerauth.crypto.lib.util.SignatureUtils;
import io.getlime.security.powerauth.http.PowerAuthHttpBody;
import io.getlime.security.powerauth.lib.cmd.consts.BackwardCompatibilityConst;
import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthStep;
import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthVersion;
import io.getlime.security.powerauth.lib.cmd.logging.StepLogger;
import io.getlime.security.powerauth.lib.cmd.logging.StepLoggerFactory;
import io.getlime.security.powerauth.lib.cmd.status.ResultStatusService;
import io.getlime.security.powerauth.lib.cmd.steps.context.RequestContext;
import io.getlime.security.powerauth.lib.cmd.steps.context.StepContext;
import io.getlime.security.powerauth.lib.cmd.steps.model.ComputeOfflineSignatureStepModel;
import io.getlime.security.powerauth.lib.cmd.steps.pojo.ResultStatusObject;
import io.getlime.security.powerauth.lib.cmd.util.CounterUtil;
import io.getlime.security.powerauth.lib.cmd.util.EncryptedStorageUtil;
import java.nio.charset.StandardCharsets;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.SecretKey;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/getlime/security/powerauth/lib/cmd/steps/ComputeOfflineSignatureStep.class */
public class ComputeOfflineSignatureStep extends AbstractBaseStep<ComputeOfflineSignatureStepModel, Void> {
    private static final KeyGenerator KEY_GENERATOR = new KeyGenerator();
    private static final KeyConvertor KEY_CONVERTOR = new KeyConvertor();
    private static final SignatureUtils SIGNATURE_UTILS = new SignatureUtils();

    @Autowired
    public ComputeOfflineSignatureStep(ResultStatusService resultStatusService, StepLoggerFactory stepLoggerFactory) {
        super(PowerAuthStep.SIGNATURE_OFFLINE_COMPUTE, PowerAuthVersion.ALL_VERSIONS, resultStatusService, stepLoggerFactory);
    }

    public ComputeOfflineSignatureStep() {
        this(BackwardCompatibilityConst.RESULT_STATUS_SERVICE, BackwardCompatibilityConst.STEP_LOGGER_FACTORY);
    }

    @Override // io.getlime.security.powerauth.lib.cmd.steps.AbstractBaseStep
    public ParameterizedTypeReference<Void> getResponseTypeReference() {
        return null;
    }

    @Override // io.getlime.security.powerauth.lib.cmd.steps.AbstractBaseStep
    public StepContext<ComputeOfflineSignatureStepModel, Void> prepareStepContext(StepLogger stepLogger, Map<String, Object> map) throws Exception {
        ComputeOfflineSignatureStepModel computeOfflineSignatureStepModel = new ComputeOfflineSignatureStepModel();
        computeOfflineSignatureStepModel.fromMap(map);
        StepContext<ComputeOfflineSignatureStepModel, Void> buildStepContext = buildStepContext(stepLogger, computeOfflineSignatureStepModel, RequestContext.builder().uri(computeOfflineSignatureStepModel.getUriString()).build());
        if (computeOfflineSignatureStepModel.getQrCodeData() == null) {
            stepLogger.writeError(getStep().id() + "-error-missing-qr-code-data", "Missing offline signature data", "Specify offline signature data which is encoded in QR code");
            stepLogger.writeDoneFailed(getStep().id() + "-failed");
            return null;
        }
        String unescape = unescape(computeOfflineSignatureStepModel.getQrCodeData());
        HashMap hashMap = new HashMap();
        hashMap.put("qrCodeData", unescape);
        stepLogger.writeItem(getStep().id() + "-start", "Offline Signature Computation Started", null, "OK", hashMap);
        String calculateOfflineSignature = calculateOfflineSignature(unescape, stepLogger, computeOfflineSignatureStepModel.getResultStatus(), computeOfflineSignatureStepModel.getPassword() == null ? System.console().readPassword("Enter your password to unlock the knowledge related key: ", new Object[0]) : computeOfflineSignatureStepModel.getPassword().toCharArray());
        if (calculateOfflineSignature == null) {
            return null;
        }
        HashMap hashMap2 = new HashMap();
        hashMap2.put("offlineSignature", calculateOfflineSignature);
        stepLogger.writeItem(getStep().id() + "-finished", "Offline Signature Computation Finished", null, "OK", hashMap2);
        incrementCounter(buildStepContext.getModel());
        return buildStepContext;
    }

    private String unescape(String str) {
        return str.replace("\\n", "\n");
    }

    private String calculateOfflineSignature(String str, StepLogger stepLogger, ResultStatusObject resultStatusObject, char[] cArr) {
        String[] split = str.split("\n");
        if (split.length < 7) {
            stepLogger.writeError(getStep().id() + "-error-invalid-qr-code-data", "Invalid QR code data", "Invalid QR code, expected 7 lines of data or more");
            stepLogger.writeDoneFailed(getStep().id() + "-failed");
            return null;
        }
        String str2 = split[0];
        String str3 = split[3];
        String str4 = split[5];
        String str5 = split[split.length - 1];
        if (!"1".equals(str5.substring(0, 1))) {
            stepLogger.writeError(getStep().id() + "-error-invalid-signature-type", "Invalid signature type", "Personalized offline signature expected, however other signature type is used");
            stepLogger.writeDoneFailed(getStep().id() + "-failed");
            return null;
        }
        try {
            String substring = str5.substring(1);
            if (!SIGNATURE_UTILS.validateECDSASignature(str.substring(0, str.length() - substring.length()).getBytes(StandardCharsets.UTF_8), BaseEncoding.base64().decode(substring), (ECPublicKey) KEY_CONVERTOR.convertBytesToPublicKey(BaseEncoding.base64().decode(resultStatusObject.getServerPublicKey())))) {
                stepLogger.writeError(getStep().id() + "-error-invalid-signature", "Invalid signature", "Invalid signature of offline data");
                stepLogger.writeDoneFailed(getStep().id() + "-failed");
                return null;
            }
            String signatureBaseString = PowerAuthHttpBody.getSignatureBaseString("POST", "/operation/authorize/offline", BaseEncoding.base64().decode(str4), (str2 + "&" + str3).getBytes(StandardCharsets.UTF_8));
            byte[] decode = BaseEncoding.base64().decode(resultStatusObject.getSignaturePossessionKey());
            byte[] decode2 = BaseEncoding.base64().decode(resultStatusObject.getSignatureKnowledgeKeySalt());
            byte[] decode3 = BaseEncoding.base64().decode(resultStatusObject.getSignatureKnowledgeKeyEncrypted());
            SecretKey convertBytesToSharedSecretKey = KEY_CONVERTOR.convertBytesToSharedSecretKey(decode);
            SecretKey signatureKnowledgeKey = EncryptedStorageUtil.getSignatureKnowledgeKey(cArr, decode3, decode2, KEY_GENERATOR);
            ArrayList arrayList = new ArrayList();
            arrayList.add(convertBytesToSharedSecretKey);
            arrayList.add(signatureKnowledgeKey);
            return SIGNATURE_UTILS.computePowerAuthSignature((signatureBaseString + "&offline").getBytes(StandardCharsets.UTF_8), arrayList, CounterUtil.getCtrData(resultStatusObject, stepLogger), PowerAuthSignatureFormat.DECIMAL);
        } catch (Exception e) {
            stepLogger.writeError(getStep().id() + "-error-cryptography", "Cryptography error", e.getMessage());
            stepLogger.writeDoneFailed(getStep().id() + "-failed");
            return null;
        }
    }
}
