package io.getlime.security.powerauth.rest.api.spring.annotation.support;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.getlime.security.powerauth.rest.api.spring.annotation.EncryptedRequestBody;
import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthEncryption;
import io.getlime.security.powerauth.rest.api.spring.encryption.EncryptionContext;
import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEncryptorData;
import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestObjects;
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.lang.reflect.Type;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.MethodParameter;
import org.springframework.lang.NonNull;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;

/* loaded from: input_file:io/getlime/security/powerauth/rest/api/spring/annotation/support/PowerAuthEncryptionArgumentResolver.class */
public class PowerAuthEncryptionArgumentResolver implements HandlerMethodArgumentResolver {
    private static final Logger logger = LoggerFactory.getLogger(PowerAuthEncryptionArgumentResolver.class);
    private final ObjectMapper objectMapper = new ObjectMapper();

    public boolean supportsParameter(@NonNull MethodParameter methodParameter) {
        return methodParameter.hasMethodAnnotation(PowerAuthEncryption.class) && (methodParameter.hasParameterAnnotation(EncryptedRequestBody.class) || EncryptionContext.class.isAssignableFrom(methodParameter.getParameterType()));
    }

    public Object resolveArgument(@NonNull MethodParameter methodParameter, ModelAndViewContainer modelAndViewContainer, @NonNull NativeWebRequest nativeWebRequest, WebDataBinderFactory webDataBinderFactory) {
        PowerAuthEncryptorData powerAuthEncryptorData = (PowerAuthEncryptorData) ((HttpServletRequest) nativeWebRequest.getNativeRequest()).getAttribute(PowerAuthRequestObjects.ENCRYPTION_OBJECT);
        if (!methodParameter.hasParameterAnnotation(EncryptedRequestBody.class) || powerAuthEncryptorData == null || powerAuthEncryptorData.getDecryptedRequest() == null) {
            if (powerAuthEncryptorData == null || !EncryptionContext.class.isAssignableFrom(methodParameter.getParameterType()) || ((PowerAuthEncryption) methodParameter.getMethodAnnotation(PowerAuthEncryption.class)) == null) {
                return null;
            }
            EncryptionContext context = powerAuthEncryptorData.getContext();
            if (validateEciesScope(context)) {
                return context;
            }
            return null;
        }
        Type genericParameterType = methodParameter.getGenericParameterType();
        if (genericParameterType.equals(byte[].class)) {
            return powerAuthEncryptorData.getDecryptedRequest();
        }
        try {
            return this.objectMapper.readValue(powerAuthEncryptorData.getDecryptedRequest(), this.objectMapper.getTypeFactory().constructType(genericParameterType));
        } catch (IOException e) {
            logger.warn("Invalid request, error: {}", e.getMessage());
            logger.debug("Error details", e);
            return null;
        }
    }

    private boolean validateEciesScope(EncryptionContext encryptionContext) {
        switch (encryptionContext.getEncryptionScope()) {
            case ACTIVATION_SCOPE:
                if (encryptionContext.getApplicationKey() == null || encryptionContext.getApplicationKey().isEmpty()) {
                    logger.warn("ECIES activation scope is invalid because of missing application key");
                    return false;
                }
                if (encryptionContext.getActivationId() != null && !encryptionContext.getActivationId().isEmpty()) {
                    return true;
                }
                logger.warn("ECIES activation scope is invalid because of missing activation ID");
                return false;
            case APPLICATION_SCOPE:
                if (encryptionContext.getApplicationKey() != null && !encryptionContext.getApplicationKey().isEmpty()) {
                    return true;
                }
                logger.warn("ECIES application scope is invalid because of missing application key");
                return false;
            default:
                logger.warn("Unsupported ECIES scope: {}", encryptionContext.getEncryptionScope());
                return false;
        }
    }
}
