package io.getlime.security.powerauth.rest.api.jaxrs.service.v2;

import com.google.common.io.BaseEncoding;
import io.getlime.powerauth.soap.v2.PowerAuthPortV2ServiceStub;
import io.getlime.security.powerauth.http.PowerAuthHttpBody;
import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader;
import io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException;
import io.getlime.security.powerauth.http.validator.PowerAuthSignatureHttpHeaderValidator;
import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException;
import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException;
import io.getlime.security.powerauth.rest.api.jaxrs.converter.v2.SignatureTypeConverter;
import io.getlime.security.powerauth.rest.api.jaxrs.provider.PowerAuthAuthenticationProvider;
import io.getlime.security.powerauth.rest.api.model.request.v2.VaultUnlockRequest;
import io.getlime.security.powerauth.rest.api.model.response.v2.VaultUnlockResponse;
import io.getlime.security.powerauth.soap.axis.client.PowerAuthServiceClient;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Stateless(name = "SecureVaultServiceV2")
/* loaded from: input_file:io/getlime/security/powerauth/rest/api/jaxrs/service/v2/SecureVaultService.class */
public class SecureVaultService {
    private static final Logger logger = LoggerFactory.getLogger(SecureVaultService.class);

    @Inject
    private PowerAuthServiceClient powerAuthClient;

    @Inject
    private PowerAuthAuthenticationProvider authenticationProvider;

    public VaultUnlockResponse vaultUnlock(String str, VaultUnlockRequest vaultUnlockRequest, HttpServletRequest httpServletRequest) throws PowerAuthSecureVaultException, PowerAuthAuthenticationException {
        byte[] extractRequestBodyBytes;
        try {
            PowerAuthSignatureHttpHeader fromValue = new PowerAuthSignatureHttpHeader().fromValue(str);
            try {
                PowerAuthSignatureHttpHeaderValidator.validate(fromValue);
                SignatureTypeConverter signatureTypeConverter = new SignatureTypeConverter();
                String activationId = fromValue.getActivationId();
                String applicationKey = fromValue.getApplicationKey();
                String signature = fromValue.getSignature();
                PowerAuthPortV2ServiceStub.SignatureType convertFrom = signatureTypeConverter.convertFrom(fromValue.getSignatureType());
                String nonce = fromValue.getNonce();
                String str2 = null;
                if ("2.0".equals(fromValue.getVersion())) {
                    extractRequestBodyBytes = null;
                } else {
                    if (!"2.1".equals(fromValue.getVersion())) {
                        throw new PowerAuthSecureVaultException();
                    }
                    if (vaultUnlockRequest != null && vaultUnlockRequest.getReason() != null) {
                        str2 = vaultUnlockRequest.getReason();
                    }
                    extractRequestBodyBytes = this.authenticationProvider.extractRequestBodyBytes(httpServletRequest);
                }
                PowerAuthPortV2ServiceStub.VaultUnlockResponse unlockVault = this.powerAuthClient.v2().unlockVault(activationId, applicationKey, PowerAuthHttpBody.getSignatureBaseString("POST", "/pa/vault/unlock", BaseEncoding.base64().decode(nonce), extractRequestBodyBytes), signature, convertFrom, str2);
                if (!unlockVault.getSignatureValid()) {
                    throw new PowerAuthAuthenticationException();
                }
                VaultUnlockResponse vaultUnlockResponse = new VaultUnlockResponse();
                vaultUnlockResponse.setActivationId(unlockVault.getActivationId());
                vaultUnlockResponse.setEncryptedVaultEncryptionKey(unlockVault.getEncryptedVaultEncryptionKey());
                return vaultUnlockResponse;
            } catch (InvalidPowerAuthHttpHeaderException e) {
                throw new PowerAuthAuthenticationException(e.getMessage());
            }
        } catch (Exception e2) {
            logger.warn("PowerAuth vault unlock failed", e2);
            throw new PowerAuthSecureVaultException();
        } catch (PowerAuthAuthenticationException e3) {
            throw e3;
        }
    }
}
