package io.getlime.security.powerauth.lib.cmd.steps;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.getlime.security.powerauth.crypto.client.activation.PowerAuthClientActivation;
import io.getlime.security.powerauth.crypto.client.keyfactory.PowerAuthClientKeyFactory;
import io.getlime.security.powerauth.crypto.client.vault.PowerAuthClientVault;
import io.getlime.security.powerauth.crypto.lib.encryptor.ClientEncryptor;
import io.getlime.security.powerauth.crypto.lib.encryptor.EncryptorFactory;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptedResponse;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptorId;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptorParameters;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.v3.ClientEncryptorSecrets;
import io.getlime.security.powerauth.crypto.lib.generator.KeyGenerator;
import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor;
import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthConst;
import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthStep;
import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthVersion;
import io.getlime.security.powerauth.lib.cmd.logging.StepLoggerFactory;
import io.getlime.security.powerauth.lib.cmd.status.ResultStatusService;
import io.getlime.security.powerauth.lib.cmd.steps.context.StepContext;
import io.getlime.security.powerauth.lib.cmd.steps.context.security.ActivationSecurityContext;
import io.getlime.security.powerauth.lib.cmd.steps.model.PrepareActivationStepModel;
import io.getlime.security.powerauth.lib.cmd.steps.model.data.ActivationData;
import io.getlime.security.powerauth.lib.cmd.steps.pojo.ResultStatusObject;
import io.getlime.security.powerauth.lib.cmd.util.EncryptedStorageUtil;
import io.getlime.security.powerauth.lib.cmd.util.RestClientConfiguration;
import io.getlime.security.powerauth.lib.cmd.util.SecurityUtil;
import io.getlime.security.powerauth.rest.api.model.request.ActivationLayer1Request;
import io.getlime.security.powerauth.rest.api.model.request.ActivationLayer2Request;
import io.getlime.security.powerauth.rest.api.model.request.EciesEncryptedRequest;
import io.getlime.security.powerauth.rest.api.model.response.ActivationLayer1Response;
import io.getlime.security.powerauth.rest.api.model.response.ActivationLayer2Response;
import io.getlime.security.powerauth.rest.api.model.response.EciesEncryptedResponse;
import java.security.PublicKey;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.SecretKey;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.util.Assert;

/* loaded from: input_file:io/getlime/security/powerauth/lib/cmd/steps/AbstractActivationStep.class */
public abstract class AbstractActivationStep<M extends ActivationData> extends AbstractBaseStep<M, EciesEncryptedResponse> {
    private static final PowerAuthClientActivation ACTIVATION = new PowerAuthClientActivation();
    private static final EncryptorFactory ENCRYPTOR_FACTORY = new EncryptorFactory();
    private static final KeyConvertor KEY_CONVERTOR = new KeyConvertor();
    private static final PowerAuthClientKeyFactory KEY_FACTORY = new PowerAuthClientKeyFactory();
    private static final KeyGenerator KEY_GENERATOR = new KeyGenerator();
    private static final PowerAuthClientVault VAULT = new PowerAuthClientVault();
    private static final ObjectMapper MAPPER = RestClientConfiguration.defaultMapper();

    public AbstractActivationStep(PowerAuthStep powerAuthStep, List<PowerAuthVersion> list, ResultStatusService resultStatusService, StepLoggerFactory stepLoggerFactory) {
        super(powerAuthStep, list, resultStatusService, stepLoggerFactory);
    }

    @Override // io.getlime.security.powerauth.lib.cmd.steps.AbstractBaseStep
    public void processResponse(StepContext<M, EciesEncryptedResponse> stepContext) throws Exception {
        EciesEncryptedResponse responseBodyObject = stepContext.getResponseContext().getResponseBodyObject();
        M model = stepContext.getModel();
        ActivationSecurityContext activationSecurityContext = (ActivationSecurityContext) stepContext.getSecurityContext();
        ResultStatusObject processResponse = processResponse(responseBodyObject, stepContext);
        model.setResultStatus(processResponse);
        this.resultStatusService.save(model);
        HashMap hashMap = new HashMap();
        hashMap.put("activationId", processResponse.getActivationId());
        hashMap.put("activationStatusFile", model.getStatusFileName());
        hashMap.put("activationStatusFileContent", model.getResultStatus());
        hashMap.put("deviceKeyFingerprint", ACTIVATION.computeActivationFingerprint(activationSecurityContext.getDeviceKeyPair().getPublic(), processResponse.getServerPublicKeyObject(), processResponse.getActivationId()));
        stepContext.getStepLogger().writeItem(getStep().id() + "-custom-activation-done", "Activation Done", "Public key exchange was successfully completed, commit the activation on server if required", "OK", hashMap);
    }

    public ResultStatusObject processResponse(EciesEncryptedResponse eciesEncryptedResponse, StepContext<M, EciesEncryptedResponse> stepContext) throws Exception {
        char[] charArray;
        M model = stepContext.getModel();
        model.getVersion();
        ActivationSecurityContext activationSecurityContext = (ActivationSecurityContext) stepContext.getSecurityContext();
        ActivationLayer1Response activationLayer1Response = (ActivationLayer1Response) MAPPER.readValue(activationSecurityContext.getEncryptorL1().decryptResponse(new EncryptedResponse(eciesEncryptedResponse.getEncryptedData(), eciesEncryptedResponse.getMac(), eciesEncryptedResponse.getNonce(), eciesEncryptedResponse.getTimestamp())), ActivationLayer1Response.class);
        stepContext.getStepLogger().writeItem(getStep().id() + "-response-decrypt", "Decrypted Layer 1 Response", "Following layer 1 activation data were decrypted", "OK", activationLayer1Response);
        EciesEncryptedResponse activationData = activationLayer1Response.getActivationData();
        ActivationLayer2Response activationLayer2Response = (ActivationLayer2Response) MAPPER.readValue(activationSecurityContext.getEncryptorL2().decryptResponse(new EncryptedResponse(activationData.getEncryptedData(), activationData.getMac(), activationData.getNonce(), activationData.getTimestamp())), ActivationLayer2Response.class);
        stepContext.getStepLogger().writeItem(getStep().id() + "-response-decrypt-inner", "Decrypted Layer 2 Response", "Following layer 2 activation data were decrypted", "OK", activationLayer2Response);
        String activationId = activationLayer2Response.getActivationId();
        String ctrData = activationLayer2Response.getCtrData();
        PublicKey convertBytesToPublicKey = KEY_CONVERTOR.convertBytesToPublicKey(Base64.getDecoder().decode(activationLayer2Response.getServerPublicKey()));
        SecretKey generateClientMasterSecretKey = KEY_FACTORY.generateClientMasterSecretKey(activationSecurityContext.getDeviceKeyPair().getPrivate(), convertBytesToPublicKey);
        SecretKey generateClientSignaturePossessionKey = KEY_FACTORY.generateClientSignaturePossessionKey(generateClientMasterSecretKey);
        SecretKey generateClientSignatureKnowledgeKey = KEY_FACTORY.generateClientSignatureKnowledgeKey(generateClientMasterSecretKey);
        SecretKey generateClientSignatureBiometryKey = KEY_FACTORY.generateClientSignatureBiometryKey(generateClientMasterSecretKey);
        SecretKey generateServerTransportKey = KEY_FACTORY.generateServerTransportKey(generateClientMasterSecretKey);
        byte[] encryptDevicePrivateKey = VAULT.encryptDevicePrivateKey(activationSecurityContext.getDeviceKeyPair().getPrivate(), KEY_FACTORY.generateServerEncryptedVaultKey(generateClientMasterSecretKey));
        if (model.getPassword() == null) {
            charArray = System.console().readPassword("Select a password to encrypt the knowledge related key: ", new Object[0]);
            Assert.state(charArray != null, "Not able to read a password from the console");
        } else {
            charArray = model.getPassword().toCharArray();
        }
        byte[] generateRandomBytes = KEY_GENERATOR.generateRandomBytes(16);
        byte[] storeSignatureKnowledgeKey = EncryptedStorageUtil.storeSignatureKnowledgeKey(charArray, generateClientSignatureKnowledgeKey, generateRandomBytes, KEY_GENERATOR);
        ResultStatusObject resultStatus = model.getResultStatus();
        resultStatus.setActivationId(activationId);
        resultStatus.setCounter(0L);
        resultStatus.setCtrData(ctrData);
        resultStatus.setEncryptedDevicePrivateKeyBytes(encryptDevicePrivateKey);
        resultStatus.setServerPublicKeyObject(convertBytesToPublicKey);
        resultStatus.setSignatureBiometryKeyObject(generateClientSignatureBiometryKey);
        resultStatus.setSignatureKnowledgeKeyEncryptedBytes(storeSignatureKnowledgeKey);
        resultStatus.setSignatureKnowledgeKeySaltBytes(generateRandomBytes);
        resultStatus.setSignaturePossessionKeyObject(generateClientSignaturePossessionKey);
        resultStatus.setTransportMasterKeyObject(generateServerTransportKey);
        resultStatus.setVersion(3L);
        return resultStatus;
    }

    protected abstract ActivationLayer1Request prepareLayer1Request(StepContext<M, EciesEncryptedResponse> stepContext, EciesEncryptedRequest eciesEncryptedRequest);

    @Override // io.getlime.security.powerauth.lib.cmd.steps.AbstractBaseStep
    protected ParameterizedTypeReference<EciesEncryptedResponse> getResponseTypeReference() {
        return PowerAuthConst.RESPONSE_TYPE_REFERENCE_V3;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addEncryptedRequest(StepContext<M, EciesEncryptedResponse> stepContext) throws Exception {
        M model = stepContext.getModel();
        ClientEncryptor clientEncryptor = ENCRYPTOR_FACTORY.getClientEncryptor(EncryptorId.APPLICATION_SCOPE_GENERIC, new EncryptorParameters(model.getVersion().value(), model.getApplicationKey(), (String) null), new ClientEncryptorSecrets(model.getMasterPublicKey(), model.getApplicationSecret()));
        ClientEncryptor clientEncryptor2 = ENCRYPTOR_FACTORY.getClientEncryptor(EncryptorId.ACTIVATION_LAYER_2, new EncryptorParameters(model.getVersion().value(), model.getApplicationKey(), (String) null), new ClientEncryptorSecrets(model.getMasterPublicKey(), model.getApplicationSecret()));
        ActivationSecurityContext build = ActivationSecurityContext.builder().encryptorL1(clientEncryptor).encryptorL2(clientEncryptor2).deviceKeyPair(ACTIVATION.generateDeviceKeyPair()).build();
        stepContext.setSecurityContext(build);
        Map<String, String> identityAttributes = model.getIdentityAttributes();
        if (identityAttributes != null && !identityAttributes.isEmpty()) {
            stepContext.getStepLogger().writeItem(getStep().id() + "-identity-attributes", "Identity Attributes", "Following attributes are used to authenticate user", "OK", identityAttributes);
        }
        Map<String, Object> customAttributes = model.getCustomAttributes();
        if (customAttributes != null && !customAttributes.isEmpty()) {
            stepContext.getStepLogger().writeItem(getStep().id() + "-custom-attributes", "Custom Attributes", "Following attributes are used as custom attributes for the request", "OK", customAttributes);
        }
        String encodeToString = Base64.getEncoder().encodeToString(KEY_CONVERTOR.convertPublicKeyToBytes(build.getDeviceKeyPair().getPublic()));
        ActivationLayer2Request activationLayer2Request = new ActivationLayer2Request();
        activationLayer2Request.setActivationName(model.getActivationName());
        if (model instanceof PrepareActivationStepModel) {
            activationLayer2Request.setActivationOtp(((PrepareActivationStepModel) model).getAdditionalActivationOtp());
        }
        activationLayer2Request.setDevicePublicKey(encodeToString);
        activationLayer2Request.setPlatform(model.getPlatform());
        activationLayer2Request.setDeviceInfo(model.getDeviceInfo());
        ActivationLayer1Request prepareLayer1Request = prepareLayer1Request(stepContext, SecurityUtil.createEncryptedRequest(SecurityUtil.encryptObject(clientEncryptor2, activationLayer2Request)));
        stepContext.getStepLogger().writeItem(getStep().id() + "-request-encrypt", "Building activation request object", "Following activation attributes will be encrypted and sent to the server", "OK", prepareLayer1Request);
        stepContext.getRequestContext().setRequestObject(SecurityUtil.createEncryptedRequest(SecurityUtil.encryptObject(clientEncryptor, prepareLayer1Request)));
    }
}
