package io.getlime.security.powerauth.lib.cmd.header;

import com.google.common.io.BaseEncoding;
import io.getlime.security.powerauth.crypto.client.keyfactory.PowerAuthClientKeyFactory;
import io.getlime.security.powerauth.crypto.client.signature.PowerAuthClientSignature;
import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureFormat;
import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes;
import io.getlime.security.powerauth.crypto.lib.generator.KeyGenerator;
import io.getlime.security.powerauth.http.PowerAuthHttpBody;
import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader;
import io.getlime.security.powerauth.lib.cmd.steps.context.RequestContext;
import io.getlime.security.powerauth.lib.cmd.steps.context.StepContext;
import io.getlime.security.powerauth.lib.cmd.steps.model.VerifySignatureStepModel;
import io.getlime.security.powerauth.lib.cmd.steps.model.data.SignatureHeaderData;
import io.getlime.security.powerauth.lib.cmd.steps.pojo.ResultStatusObject;
import io.getlime.security.powerauth.lib.cmd.util.CounterUtil;
import io.getlime.security.powerauth.lib.cmd.util.EncryptedStorageUtil;
import io.getlime.security.powerauth.lib.cmd.util.HttpUtil;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import javax.crypto.SecretKey;

/* loaded from: input_file:io/getlime/security/powerauth/lib/cmd/header/SignatureHeaderProvider.class */
public class SignatureHeaderProvider implements PowerAuthHeaderProvider<SignatureHeaderData> {
    private static final PowerAuthClientKeyFactory KEY_FACTORY = new PowerAuthClientKeyFactory();
    private static final KeyGenerator KEY_GENERATOR = new KeyGenerator();
    private static final PowerAuthClientSignature SIGNATURE = new PowerAuthClientSignature();

    @Override // io.getlime.security.powerauth.lib.cmd.header.PowerAuthHeaderProvider
    public void addHeader(StepContext<? extends SignatureHeaderData, ?> stepContext) throws Exception {
        SignatureHeaderData model = stepContext.getModel();
        RequestContext requestContext = stepContext.getRequestContext();
        ResultStatusObject resultStatus = model.getResultStatus();
        SecretKey signaturePossessionKeyObject = resultStatus.getSignaturePossessionKeyObject();
        SecretKey signatureBiometryKeyObject = resultStatus.getSignatureBiometryKeyObject();
        byte[] generateRandomBytes = KEY_GENERATOR.generateRandomBytes(16);
        String str = PowerAuthHttpBody.getSignatureBaseString(requestContext.getSignatureHttpMethod(), requestContext.getSignatureRequestUri(), generateRandomBytes, HttpUtil.toRequestBytes(requestContext.getRequestObject())) + "&" + model.getApplicationSecret();
        byte[] ctrData = CounterUtil.getCtrData(resultStatus, stepContext.getStepLogger());
        PowerAuthSignatureHttpHeader powerAuthSignatureHttpHeader = new PowerAuthSignatureHttpHeader(resultStatus.getActivationId(), model.getApplicationKey(), SIGNATURE.signatureForData(str.getBytes(StandardCharsets.UTF_8), PowerAuthSignatureTypes.POSSESSION.equals(model.getSignatureType()) ? Collections.singletonList(signaturePossessionKeyObject) : PowerAuthSignatureTypes.POSSESSION_KNOWLEDGE.equals(model.getSignatureType()) ? Arrays.asList(signaturePossessionKeyObject, getSignatureKnowledgeKey(model)) : KEY_FACTORY.keysForSignatureType(model.getSignatureType(), signaturePossessionKeyObject, getSignatureKnowledgeKey(model), signatureBiometryKeyObject), ctrData, PowerAuthSignatureFormat.getFormatForSignatureVersion(model.getVersion().value())), model.getSignatureType().toString(), BaseEncoding.base64().encode(generateRandomBytes), model.getVersion().value());
        HashMap hashMap = new HashMap();
        hashMap.put("counter", String.valueOf(resultStatus.getCounter()));
        if (resultStatus.getVersion().intValue() == 3) {
            hashMap.put("ctrData", BaseEncoding.base64().encode(ctrData));
        }
        hashMap.put("signatureBaseString", str);
        hashMap.put("nonce", BaseEncoding.base64().encode(generateRandomBytes));
        hashMap.put("applicationSecret", model.getApplicationSecret());
        if (model instanceof VerifySignatureStepModel) {
            hashMap.put("activationId", resultStatus.getActivationId());
            hashMap.put("applicationKey", model.getApplicationKey());
            hashMap.put("resourceId", ((VerifySignatureStepModel) model).getResourceId());
            hashMap.put("serverPublicKey", resultStatus.getServerPublicKey());
            hashMap.put("transportKey", resultStatus.getTransportMasterKey());
        }
        stepContext.getStepLogger().writeItem(stepContext.getStep().id() + "-prepare-request", "Signature Calculation Parameters", "Low level cryptographic inputs required to compute signature - mainly a signature base string and a counter value.", "OK", hashMap);
        String buildHttpHeader = powerAuthSignatureHttpHeader.buildHttpHeader();
        requestContext.setAuthorizationHeader(buildHttpHeader);
        requestContext.setAuthorizationHeaderName("X-PowerAuth-Authorization");
        requestContext.getHttpHeaders().put("X-PowerAuth-Authorization", buildHttpHeader);
    }

    private <M extends SignatureHeaderData> SecretKey getSignatureKnowledgeKey(M m) throws Exception {
        byte[] signatureKnowledgeKeySaltBytes = m.getResultStatus().getSignatureKnowledgeKeySaltBytes();
        return EncryptedStorageUtil.getSignatureKnowledgeKey(m.getPassword() == null ? System.console().readPassword("Enter your password to unlock the knowledge related key: ", new Object[0]) : m.getPassword().toCharArray(), m.getResultStatus().getSignatureKnowledgeKeyEncryptedBytes(), signatureKnowledgeKeySaltBytes, KEY_GENERATOR);
    }
}
