package io.getlime.security.powerauth.lib.cmd.steps.v2;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.io.BaseEncoding;
import com.wultra.core.rest.client.base.RestClient;
import com.wultra.core.rest.client.base.RestClientException;
import io.getlime.core.rest.model.base.request.ObjectRequest;
import io.getlime.core.rest.model.base.response.ObjectResponse;
import io.getlime.security.powerauth.crypto.client.activation.PowerAuthClientActivation;
import io.getlime.security.powerauth.crypto.client.keyfactory.PowerAuthClientKeyFactory;
import io.getlime.security.powerauth.crypto.client.vault.PowerAuthClientVault;
import io.getlime.security.powerauth.crypto.lib.generator.KeyGenerator;
import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor;
import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthStep;
import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthVersion;
import io.getlime.security.powerauth.lib.cmd.logging.StepLogger;
import io.getlime.security.powerauth.lib.cmd.steps.model.PrepareActivationStepModel;
import io.getlime.security.powerauth.lib.cmd.steps.pojo.ResultStatusObject;
import io.getlime.security.powerauth.lib.cmd.util.EncryptedStorageUtil;
import io.getlime.security.powerauth.lib.cmd.util.HttpUtil;
import io.getlime.security.powerauth.lib.cmd.util.MapUtil;
import io.getlime.security.powerauth.lib.cmd.util.RestClientConfiguration;
import io.getlime.security.powerauth.lib.cmd.util.RestClientFactory;
import io.getlime.security.powerauth.rest.api.model.request.v2.ActivationCreateRequest;
import io.getlime.security.powerauth.rest.api.model.response.v2.ActivationCreateResponse;
import java.io.FileWriter;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.regex.Pattern;
import javax.crypto.SecretKey;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;
import org.springframework.util.MultiValueMap;

@Component("prepareActivationStepV2")
/* loaded from: input_file:io/getlime/security/powerauth/lib/cmd/steps/v2/PrepareActivationStep.class */
public class PrepareActivationStep extends AbstractBaseStepV2 {
    private static final PowerAuthClientActivation activation = new PowerAuthClientActivation();
    private static final KeyConvertor keyConversion = new KeyConvertor();
    private static final PowerAuthClientKeyFactory keyFactory = new PowerAuthClientKeyFactory();
    private static final KeyGenerator keyGenerator = new KeyGenerator();
    private static final PowerAuthClientVault vault = new PowerAuthClientVault();
    private static final ObjectMapper mapper = RestClientConfiguration.defaultMapper();

    @Autowired
    public PrepareActivationStep(StepLogger stepLogger) {
        super(PowerAuthStep.ACTIVATION_CREATE, PowerAuthVersion.VERSION_2, (StepLogger) Objects.requireNonNull(stepLogger, "stepLogger must not be null"));
    }

    public PrepareActivationStep() {
        this(DEFAULT_STEP_LOGGER);
    }

    @Override // io.getlime.security.powerauth.lib.cmd.steps.BaseStep
    public ResultStatusObject execute(Map<String, Object> map) throws Exception {
        PrepareActivationStepModel prepareActivationStepModel = new PrepareActivationStepModel();
        prepareActivationStepModel.fromMap(map);
        String str = prepareActivationStepModel.getUriString() + "/pa/activation/create";
        if (!Pattern.compile("^[A-Z2-7]{5}-[A-Z2-7]{5}-[A-Z2-7]{5}-[A-Z2-7]{5}(#.*)?$").matcher(prepareActivationStepModel.getActivationCode()).find()) {
            this.stepLogger.writeError("activation-create-error-activation-code", "Activation failed", "Activation code has invalid format");
            this.stepLogger.writeDoneFailed("activation-create-failed");
            return null;
        }
        String substring = prepareActivationStepModel.getActivationCode().substring(0, 11);
        String substring2 = prepareActivationStepModel.getActivationCode().substring(12, 23);
        HashMap hashMap = new HashMap();
        hashMap.put("activationCode", prepareActivationStepModel.getActivationCode());
        hashMap.put("activationIdShort", substring);
        hashMap.put("activationOtp", substring2);
        this.stepLogger.writeItem("activation-create-activation-code-parsed", "Activation code", "Parsing activation code to short activation ID and activation OTP", "OK", hashMap);
        KeyPair generateKeyPair = keyGenerator.generateKeyPair();
        KeyPair generateDeviceKeyPair = activation.generateDeviceKeyPair();
        byte[] generateActivationNonce = activation.generateActivationNonce();
        byte[] encryptDevicePublicKey = activation.encryptDevicePublicKey(generateDeviceKeyPair.getPublic(), generateKeyPair.getPrivate(), prepareActivationStepModel.getMasterPublicKey(), substring2, substring, generateActivationNonce);
        byte[] computeApplicationSignature = activation.computeApplicationSignature(substring, generateActivationNonce, encryptDevicePublicKey, BaseEncoding.base64().decode(prepareActivationStepModel.getApplicationKey()), BaseEncoding.base64().decode(prepareActivationStepModel.getApplicationSecret()));
        byte[] convertPublicKeyToBytes = keyConversion.convertPublicKeyToBytes(generateKeyPair.getPublic());
        ActivationCreateRequest activationCreateRequest = new ActivationCreateRequest();
        activationCreateRequest.setActivationIdShort(substring);
        activationCreateRequest.setApplicationKey(prepareActivationStepModel.getApplicationKey());
        activationCreateRequest.setActivationName(prepareActivationStepModel.getActivationName());
        activationCreateRequest.setActivationNonce(BaseEncoding.base64().encode(generateActivationNonce));
        activationCreateRequest.setEphemeralPublicKey(BaseEncoding.base64().encode(convertPublicKeyToBytes));
        activationCreateRequest.setEncryptedDevicePublicKey(BaseEncoding.base64().encode(encryptDevicePublicKey));
        activationCreateRequest.setApplicationSignature(BaseEncoding.base64().encode(computeApplicationSignature));
        ObjectRequest objectRequest = new ObjectRequest();
        objectRequest.setRequestObject(activationCreateRequest);
        try {
            HashMap hashMap2 = new HashMap();
            hashMap2.put("Accept", "application/json");
            hashMap2.put("Content-Type", "application/json");
            hashMap2.putAll(prepareActivationStepModel.getHeaders());
            this.stepLogger.writeServerCall("activation-create-request-sent", str, "POST", activationCreateRequest, null, hashMap2);
            RestClient restClient = RestClientFactory.getRestClient();
            if (restClient == null) {
                return null;
            }
            try {
                ResponseEntity post = restClient.post(str, objectRequest, (MultiValueMap) null, MapUtil.toMultiValueMap(hashMap2), new ParameterizedTypeReference<ObjectResponse<ActivationCreateResponse>>() { // from class: io.getlime.security.powerauth.lib.cmd.steps.v2.PrepareActivationStep.1
                });
                ObjectResponse objectResponse = (ObjectResponse) Objects.requireNonNull((ObjectResponse) post.getBody());
                this.stepLogger.writeServerCallOK("activation-create-response-received", objectResponse, HttpUtil.flattenHttpHeaders(post.getHeaders()));
                ActivationCreateResponse activationCreateResponse = (ActivationCreateResponse) objectResponse.getResponseObject();
                String activationId = activationCreateResponse.getActivationId();
                byte[] decode = BaseEncoding.base64().decode(activationCreateResponse.getActivationNonce());
                byte[] decode2 = BaseEncoding.base64().decode(activationCreateResponse.getEncryptedServerPublicKey());
                byte[] decode3 = BaseEncoding.base64().decode(activationCreateResponse.getEncryptedServerPublicKeySignature());
                PublicKey convertBytesToPublicKey = keyConversion.convertBytesToPublicKey(BaseEncoding.base64().decode(activationCreateResponse.getEphemeralPublicKey()));
                if (!activation.verifyServerDataSignature(activationId, decode2, decode3, prepareActivationStepModel.getMasterPublicKey())) {
                    this.stepLogger.writeError("activation-create-activation-signature-mismatch", "Activation data signature does not match. Either someone tried to spoof your connection, or your device master key is invalid.");
                    this.stepLogger.writeDoneFailed("activation-create-failed");
                    return null;
                }
                PublicKey decryptServerPublicKey = activation.decryptServerPublicKey(decode2, generateDeviceKeyPair.getPrivate(), convertBytesToPublicKey, substring2, substring, decode);
                SecretKey generateClientMasterSecretKey = keyFactory.generateClientMasterSecretKey(generateDeviceKeyPair.getPrivate(), decryptServerPublicKey);
                SecretKey generateClientSignaturePossessionKey = keyFactory.generateClientSignaturePossessionKey(generateClientMasterSecretKey);
                SecretKey generateClientSignatureKnowledgeKey = keyFactory.generateClientSignatureKnowledgeKey(generateClientMasterSecretKey);
                SecretKey generateClientSignatureBiometryKey = keyFactory.generateClientSignatureBiometryKey(generateClientMasterSecretKey);
                SecretKey generateServerTransportKey = keyFactory.generateServerTransportKey(generateClientMasterSecretKey);
                byte[] encryptDevicePrivateKey = vault.encryptDevicePrivateKey(generateDeviceKeyPair.getPrivate(), keyFactory.generateServerEncryptedVaultKey(generateClientMasterSecretKey));
                char[] readPassword = prepareActivationStepModel.getPassword() == null ? System.console().readPassword("Select a password to encrypt the knowledge related key: ", new Object[0]) : prepareActivationStepModel.getPassword().toCharArray();
                byte[] generateRandomBytes = keyGenerator.generateRandomBytes(16);
                byte[] storeSignatureKnowledgeKey = EncryptedStorageUtil.storeSignatureKnowledgeKey(readPassword, generateClientSignatureKnowledgeKey, generateRandomBytes, keyGenerator);
                ResultStatusObject resultStatus = prepareActivationStepModel.getResultStatus();
                resultStatus.setActivationId(activationId);
                resultStatus.setCounter(0L);
                resultStatus.setCtrData(null);
                resultStatus.setEncryptedDevicePrivateKeyBytes(encryptDevicePrivateKey);
                resultStatus.setServerPublicKeyObject(decryptServerPublicKey);
                resultStatus.setSignatureBiometryKeyObject(generateClientSignatureBiometryKey);
                resultStatus.setSignatureKnowledgeKeyEncryptedBytes(storeSignatureKnowledgeKey);
                resultStatus.setSignatureKnowledgeKeySaltBytes(generateRandomBytes);
                resultStatus.setSignaturePossessionKeyObject(generateClientSignaturePossessionKey);
                resultStatus.setTransportMasterKeyObject(generateServerTransportKey);
                resultStatus.setVersion(2L);
                String writeValueAsString = mapper.writerWithDefaultPrettyPrinter().writeValueAsString(prepareActivationStepModel.getResultStatus());
                FileWriter fileWriter = new FileWriter(prepareActivationStepModel.getStatusFileName());
                try {
                    fileWriter.write(writeValueAsString);
                    fileWriter.close();
                    HashMap hashMap3 = new HashMap();
                    hashMap3.put("activationId", activationId);
                    hashMap3.put("activationStatusFile", prepareActivationStepModel.getStatusFileName());
                    hashMap3.put("activationStatusFileContent", prepareActivationStepModel.getResultStatus());
                    hashMap3.put("deviceKeyFingerprint", activation.computeActivationFingerprint(generateDeviceKeyPair.getPublic()));
                    this.stepLogger.writeItem("activation-create-activation-done", "Activation Done", "Public key exchange was successfully completed, commit the activation on server", "OK", hashMap3);
                    this.stepLogger.writeDoneOK("activation-create-success");
                    return prepareActivationStepModel.getResultStatus();
                } finally {
                }
            } catch (RestClientException e) {
                this.stepLogger.writeServerCallError("activation-create-error-server-call", e.getStatusCode().value(), e.getResponse(), HttpUtil.flattenHttpHeaders(e.getResponseHeaders()));
                this.stepLogger.writeDoneFailed("activation-create-failed");
                return null;
            }
        } catch (Exception e2) {
            this.stepLogger.writeError("activation-create-error-generic", e2);
            this.stepLogger.writeDoneFailed("activation-create-failed");
            return null;
        }
    }
}
