package io.getlime.security.powerauth.rest.api.jaxrs.controller;

import com.google.common.io.BaseEncoding;
import io.getlime.core.rest.model.base.response.ObjectResponse;
import io.getlime.powerauth.soap.PowerAuthPortServiceStub;
import io.getlime.security.powerauth.http.PowerAuthHttpBody;
import io.getlime.security.powerauth.http.PowerAuthHttpHeader;
import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException;
import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException;
import io.getlime.security.powerauth.rest.api.model.response.VaultUnlockResponse;
import io.getlime.security.powerauth.soap.axis.client.PowerAuthServiceClient;
import java.util.Map;
import javax.inject.Inject;
import javax.ws.rs.Consumes;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;

@Produces({"application/json"})
@Path("pa/vault")
/* loaded from: input_file:io/getlime/security/powerauth/rest/api/jaxrs/controller/SecureVaultController.class */
public class SecureVaultController {

    @Inject
    private PowerAuthServiceClient powerAuthClient;

    @Path("unlock")
    @Consumes({"application/json"})
    @POST
    @Produces({"application/json"})
    public ObjectResponse<VaultUnlockResponse> unlockVault(@HeaderParam("X-PowerAuth-Authorization") String str) throws PowerAuthAuthenticationException, PowerAuthSecureVaultException {
        try {
            Map parsePowerAuthSignatureHTTPHeader = PowerAuthHttpHeader.parsePowerAuthSignatureHTTPHeader(str);
            String str2 = (String) parsePowerAuthSignatureHTTPHeader.get("pa_activation_id");
            String str3 = (String) parsePowerAuthSignatureHTTPHeader.get("pa_application_key");
            String str4 = (String) parsePowerAuthSignatureHTTPHeader.get("pa_signature");
            String str5 = (String) parsePowerAuthSignatureHTTPHeader.get("pa_signature_type");
            PowerAuthPortServiceStub.VaultUnlockResponse unlockVault = this.powerAuthClient.unlockVault(str2, str3, PowerAuthHttpBody.getSignatureBaseString("POST", "/pa/vault/unlock", BaseEncoding.base64().decode((String) parsePowerAuthSignatureHTTPHeader.get("pa_nonce")), (byte[]) null), str4, str5);
            if (!unlockVault.getSignatureValid()) {
                throw new PowerAuthAuthenticationException();
            }
            VaultUnlockResponse vaultUnlockResponse = new VaultUnlockResponse();
            vaultUnlockResponse.setActivationId(unlockVault.getActivationId());
            vaultUnlockResponse.setEncryptedVaultEncryptionKey(unlockVault.getEncryptedVaultEncryptionKey());
            return new ObjectResponse<>(vaultUnlockResponse);
        } catch (PowerAuthAuthenticationException e) {
            throw e;
        } catch (Exception e2) {
            throw new PowerAuthSecureVaultException();
        }
    }
}
