package io.getlime.security.powerauth.rest.api.spring.provider;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.io.BaseEncoding;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.EciesDecryptor;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.EciesEnvelopeKey;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.EciesFactory;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesCryptogram;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesScope;
import io.getlime.security.powerauth.http.PowerAuthEncryptionHttpHeader;
import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader;
import io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException;
import io.getlime.security.powerauth.http.validator.PowerAuthEncryptionHttpHeaderValidator;
import io.getlime.security.powerauth.http.validator.PowerAuthSignatureHttpHeaderValidator;
import io.getlime.security.powerauth.rest.api.model.request.v3.EciesEncryptedRequest;
import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse;
import io.getlime.security.powerauth.rest.api.spring.encryption.EciesEncryptionContext;
import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEciesDecryptorParameters;
import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEciesEncryption;
import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException;
import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestBody;
import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestObjects;
import java.io.IOException;
import java.lang.reflect.Type;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthEncryptionProviderBase.class */
public abstract class PowerAuthEncryptionProviderBase {
    private static final Logger logger = LoggerFactory.getLogger(PowerAuthEncryptionProviderBase.class);
    private final ObjectMapper objectMapper = new ObjectMapper();
    private final EciesFactory eciesFactory = new EciesFactory();

    /* renamed from: io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthEncryptionProviderBase$1, reason: invalid class name */
    /* loaded from: input_file:io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthEncryptionProviderBase$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$getlime$security$powerauth$crypto$lib$encryptor$ecies$model$EciesScope = new int[EciesScope.values().length];

        static {
            try {
                $SwitchMap$io$getlime$security$powerauth$crypto$lib$encryptor$ecies$model$EciesScope[EciesScope.ACTIVATION_SCOPE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$getlime$security$powerauth$crypto$lib$encryptor$ecies$model$EciesScope[EciesScope.APPLICATION_SCOPE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    @Nonnull
    public abstract PowerAuthEciesDecryptorParameters getEciesDecryptorParameters(@Nullable String str, @Nonnull String str2, @Nonnull String str3) throws PowerAuthEncryptionException;

    @Nonnull
    public PowerAuthEciesEncryption decryptRequest(@Nonnull HttpServletRequest httpServletRequest, @Nonnull Type type, @Nonnull EciesScope eciesScope) throws PowerAuthEncryptionException {
        PowerAuthEciesDecryptorParameters eciesDecryptorParameters;
        if (!"POST".equals(httpServletRequest.getMethod())) {
            logger.warn("Invalid HTTP method: {}", httpServletRequest.getMethod());
            throw new PowerAuthEncryptionException();
        }
        EciesEncryptionContext extractEciesEncryptionContext = extractEciesEncryptionContext(httpServletRequest);
        PowerAuthEciesEncryption powerAuthEciesEncryption = new PowerAuthEciesEncryption(extractEciesEncryptionContext);
        powerAuthEciesEncryption.getContext().setEciesScope(eciesScope);
        try {
            PowerAuthRequestBody powerAuthRequestBody = (PowerAuthRequestBody) httpServletRequest.getAttribute(PowerAuthRequestObjects.REQUEST_BODY);
            if (powerAuthRequestBody == null) {
                logger.warn("The X-PowerAuth-Request-Body request attribute is missing. Register the PowerAuthRequestFilter to fix this error.");
                throw new PowerAuthEncryptionException();
            }
            byte[] requestBytes = powerAuthRequestBody.getRequestBytes();
            if (requestBytes == null || requestBytes.length == 0) {
                logger.warn("Invalid HTTP request");
                throw new PowerAuthEncryptionException();
            }
            try {
                EciesEncryptedRequest eciesEncryptedRequest = (EciesEncryptedRequest) this.objectMapper.readValue(requestBytes, EciesEncryptedRequest.class);
                if (eciesEncryptedRequest == null) {
                    logger.warn("Deserialization of request body bytes resulted in null value.");
                    throw new PowerAuthEncryptionException();
                }
                String ephemeralPublicKey = eciesEncryptedRequest.getEphemeralPublicKey();
                String encryptedData = eciesEncryptedRequest.getEncryptedData();
                String mac = eciesEncryptedRequest.getMac();
                String nonce = eciesEncryptedRequest.getNonce();
                if (ephemeralPublicKey == null || encryptedData == null || mac == null) {
                    logger.warn("Invalid ECIES request data");
                    throw new PowerAuthEncryptionException();
                }
                if (nonce == null && !"3.0".equals(extractEciesEncryptionContext.getVersion())) {
                    logger.warn("Missing nonce in ECIES request data");
                    throw new PowerAuthEncryptionException();
                }
                byte[] decode = BaseEncoding.base64().decode(ephemeralPublicKey);
                byte[] decode2 = BaseEncoding.base64().decode(encryptedData);
                byte[] decode3 = BaseEncoding.base64().decode(mac);
                byte[] decode4 = nonce != null ? BaseEncoding.base64().decode(nonce) : null;
                String applicationKey = powerAuthEciesEncryption.getContext().getApplicationKey();
                switch (AnonymousClass1.$SwitchMap$io$getlime$security$powerauth$crypto$lib$encryptor$ecies$model$EciesScope[eciesScope.ordinal()]) {
                    case 1:
                        String activationId = powerAuthEciesEncryption.getContext().getActivationId();
                        if (activationId != null) {
                            eciesDecryptorParameters = getEciesDecryptorParameters(activationId, applicationKey, ephemeralPublicKey);
                            break;
                        } else {
                            logger.warn("Activation ID is required in ECIES activation scope");
                            throw new PowerAuthEncryptionException();
                        }
                    case 2:
                        eciesDecryptorParameters = getEciesDecryptorParameters(null, applicationKey, ephemeralPublicKey);
                        break;
                    default:
                        logger.warn("Unsupported ECIES scope: {}", eciesScope);
                        throw new PowerAuthEncryptionException();
                }
                EciesDecryptor eciesDecryptor = this.eciesFactory.getEciesDecryptor(new EciesEnvelopeKey(BaseEncoding.base64().decode(eciesDecryptorParameters.getSecretKey()), decode), BaseEncoding.base64().decode(eciesDecryptorParameters.getSharedInfo2()));
                powerAuthEciesEncryption.setEciesDecryptor(eciesDecryptor);
                byte[] decryptRequest = eciesDecryptor.decryptRequest(new EciesCryptogram(decode, decode3, decode2, decode4));
                powerAuthEciesEncryption.setEncryptedRequest(decode2);
                powerAuthEciesEncryption.setDecryptedRequest(decryptRequest);
                if (decryptRequest.length != 0) {
                    powerAuthEciesEncryption.setRequestObject(deserializeRequestData(decryptRequest, type));
                }
                httpServletRequest.setAttribute(PowerAuthRequestObjects.ENCRYPTION_OBJECT, powerAuthEciesEncryption);
                return powerAuthEciesEncryption;
            } catch (IOException e) {
                logger.warn("Request deserialization failed, error: {}", e.getMessage());
                logger.debug(e.getMessage(), e);
                throw new PowerAuthEncryptionException();
            }
        } catch (Exception e2) {
            logger.warn("Request decryption failed, error: " + e2.getMessage());
            logger.debug(e2.getMessage(), e2);
            throw new PowerAuthEncryptionException();
        }
    }

    @Nullable
    public EciesEncryptedResponse encryptResponse(@Nonnull Object obj, @Nonnull PowerAuthEciesEncryption powerAuthEciesEncryption) {
        try {
            EciesCryptogram encryptResponse = powerAuthEciesEncryption.getEciesDecryptor().encryptResponse(serializeResponseData(obj));
            return new EciesEncryptedResponse(BaseEncoding.base64().encode(encryptResponse.getEncryptedData()), BaseEncoding.base64().encode(encryptResponse.getMac()));
        } catch (Exception e) {
            logger.debug("Response encryption failed, error: " + e.getMessage(), e);
            return null;
        }
    }

    private Object deserializeRequestData(byte[] bArr, Type type) throws IOException {
        if (type.equals(byte[].class)) {
            return bArr;
        }
        return this.objectMapper.readValue(bArr, this.objectMapper.getTypeFactory().constructType(type));
    }

    private byte[] serializeResponseData(Object obj) throws JsonProcessingException {
        return obj.getClass().equals(byte[].class) ? (byte[]) obj : this.objectMapper.writeValueAsBytes(obj);
    }

    private EciesEncryptionContext extractEciesEncryptionContext(HttpServletRequest httpServletRequest) throws PowerAuthEncryptionException {
        String header = httpServletRequest.getHeader("X-PowerAuth-Encryption");
        String header2 = httpServletRequest.getHeader("X-PowerAuth-Authorization");
        if (header == null && header2 == null) {
            logger.warn("Neither signature nor encryption HTTP header is present");
            throw new PowerAuthEncryptionException();
        }
        if (header2 != null) {
            PowerAuthSignatureHttpHeader fromValue = new PowerAuthSignatureHttpHeader().fromValue(header2);
            try {
                PowerAuthSignatureHttpHeaderValidator.validate(fromValue);
                return new EciesEncryptionContext(fromValue.getApplicationKey(), fromValue.getActivationId(), fromValue.getVersion(), fromValue);
            } catch (InvalidPowerAuthHttpHeaderException e) {
                logger.warn("Signature HTTP header validation failed, error: {}", e.getMessage());
                logger.debug(e.getMessage(), e);
                throw new PowerAuthEncryptionException();
            }
        }
        PowerAuthEncryptionHttpHeader fromValue2 = new PowerAuthEncryptionHttpHeader().fromValue(header);
        try {
            PowerAuthEncryptionHttpHeaderValidator.validate(fromValue2);
            return new EciesEncryptionContext(fromValue2.getApplicationKey(), fromValue2.getActivationId(), fromValue2.getVersion(), fromValue2);
        } catch (InvalidPowerAuthHttpHeaderException e2) {
            logger.warn("Encryption validation failed, error: {}", e2.getMessage());
            logger.debug(e2.getMessage(), e2);
            throw new PowerAuthEncryptionException();
        }
    }
}
