package io.getlime.security.powerauth.rest.api.spring.provider;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.getlime.security.powerauth.crypto.lib.encryptor.EncryptorFactory;
import io.getlime.security.powerauth.crypto.lib.encryptor.ServerEncryptor;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptedRequest;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptedResponse;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptorParameters;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.v3.ServerEncryptorSecrets;
import io.getlime.security.powerauth.http.PowerAuthEncryptionHttpHeader;
import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader;
import io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException;
import io.getlime.security.powerauth.http.validator.PowerAuthEncryptionHttpHeaderValidator;
import io.getlime.security.powerauth.http.validator.PowerAuthSignatureHttpHeaderValidator;
import io.getlime.security.powerauth.rest.api.model.request.EciesEncryptedRequest;
import io.getlime.security.powerauth.rest.api.model.response.EciesEncryptedResponse;
import io.getlime.security.powerauth.rest.api.spring.encryption.EncryptionContext;
import io.getlime.security.powerauth.rest.api.spring.encryption.EncryptionScope;
import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEncryptorData;
import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEncryptorParameters;
import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException;
import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestBody;
import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestObjects;
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.lang.reflect.Type;
import java.util.Base64;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthEncryptionProviderBase.class */
public abstract class PowerAuthEncryptionProviderBase {
    private static final Logger logger = LoggerFactory.getLogger(PowerAuthEncryptionProviderBase.class);
    private final ObjectMapper objectMapper = new ObjectMapper();
    private final EncryptorFactory encryptorFactory = new EncryptorFactory();

    @Nonnull
    public abstract PowerAuthEncryptorParameters getEciesDecryptorParameters(@Nullable String str, @Nonnull String str2, @Nonnull String str3, @Nonnull String str4, String str5, Long l) throws PowerAuthEncryptionException;

    public void decryptRequest(@Nonnull HttpServletRequest httpServletRequest, @Nonnull Type type, @Nonnull EncryptionScope encryptionScope) throws PowerAuthEncryptionException {
        if (!"POST".equals(httpServletRequest.getMethod())) {
            logger.warn("Invalid HTTP method: {}", httpServletRequest.getMethod());
            throw new PowerAuthEncryptionException();
        }
        EncryptionContext extractEciesEncryptionContext = extractEciesEncryptionContext(httpServletRequest, encryptionScope);
        PowerAuthEncryptorData powerAuthEncryptorData = new PowerAuthEncryptorData(extractEciesEncryptionContext);
        try {
            PowerAuthRequestBody powerAuthRequestBody = (PowerAuthRequestBody) httpServletRequest.getAttribute(PowerAuthRequestObjects.REQUEST_BODY);
            if (powerAuthRequestBody == null) {
                logger.warn("The X-PowerAuth-Request-Body request attribute is missing. Register the PowerAuthRequestFilter to fix this error.");
                throw new PowerAuthEncryptionException();
            }
            byte[] requestBytes = powerAuthRequestBody.getRequestBytes();
            if (requestBytes == null || requestBytes.length == 0) {
                logger.warn("Invalid HTTP request");
                throw new PowerAuthEncryptionException();
            }
            try {
                EciesEncryptedRequest eciesEncryptedRequest = (EciesEncryptedRequest) this.objectMapper.readValue(requestBytes, EciesEncryptedRequest.class);
                if (eciesEncryptedRequest == null) {
                    logger.warn("Deserialization of request body bytes resulted in null value.");
                    throw new PowerAuthEncryptionException();
                }
                String version = extractEciesEncryptionContext.getVersion();
                String applicationKey = extractEciesEncryptionContext.getApplicationKey();
                String activationId = extractEciesEncryptionContext.getActivationId();
                EncryptedRequest encryptedRequest = new EncryptedRequest(eciesEncryptedRequest.getEphemeralPublicKey(), eciesEncryptedRequest.getEncryptedData(), eciesEncryptedRequest.getMac(), eciesEncryptedRequest.getNonce(), eciesEncryptedRequest.getTimestamp());
                if (!this.encryptorFactory.getRequestResponseValidator(version).validateEncryptedRequest(encryptedRequest)) {
                    logger.warn("Invalid encrypted request data");
                    throw new PowerAuthEncryptionException();
                }
                if (encryptionScope == EncryptionScope.ACTIVATION_SCOPE && activationId == null) {
                    logger.warn("Activation ID is required for activation scope");
                    throw new PowerAuthEncryptionException();
                }
                PowerAuthEncryptorParameters eciesDecryptorParameters = getEciesDecryptorParameters(activationId, applicationKey, encryptedRequest.getEphemeralPublicKey(), version, encryptedRequest.getNonce(), encryptedRequest.getTimestamp());
                ServerEncryptor serverEncryptor = this.encryptorFactory.getServerEncryptor(powerAuthEncryptorData.getEncryptorId(), new EncryptorParameters(version, applicationKey, activationId), new ServerEncryptorSecrets(Base64.getDecoder().decode(eciesDecryptorParameters.secretKey()), Base64.getDecoder().decode(eciesDecryptorParameters.sharedInfo2())));
                byte[] decryptRequest = serverEncryptor.decryptRequest(encryptedRequest);
                powerAuthEncryptorData.setEncryptedRequest(encryptedRequest);
                powerAuthEncryptorData.setDecryptedRequest(decryptRequest);
                powerAuthEncryptorData.setServerEncryptor(serverEncryptor);
                if (decryptRequest.length != 0) {
                    powerAuthEncryptorData.setRequestObject(deserializeRequestData(decryptRequest, type));
                }
                httpServletRequest.setAttribute(PowerAuthRequestObjects.ENCRYPTION_OBJECT, powerAuthEncryptorData);
            } catch (IOException e) {
                logger.warn("Request deserialization failed, error: {}", e.getMessage());
                logger.debug(e.getMessage(), e);
                throw new PowerAuthEncryptionException();
            }
        } catch (Exception e2) {
            logger.warn("Request decryption failed, error: " + e2.getMessage());
            logger.debug(e2.getMessage(), e2);
            throw new PowerAuthEncryptionException();
        }
    }

    @Nullable
    public EciesEncryptedResponse encryptResponse(@Nonnull Object obj, @Nonnull PowerAuthEncryptorData powerAuthEncryptorData) {
        try {
            EncryptionContext context = powerAuthEncryptorData.getContext();
            ServerEncryptor serverEncryptor = powerAuthEncryptorData.getServerEncryptor();
            if (context == null) {
                logger.warn("Encryption context is not prepared");
                throw new PowerAuthEncryptionException();
            }
            if (serverEncryptor == null || serverEncryptor.canEncryptResponse()) {
                logger.warn("Encryptor is not available or not prepared for encryption. Scope: {}", context.getEncryptionScope());
                throw new PowerAuthEncryptionException();
            }
            EncryptedResponse encryptResponse = serverEncryptor.encryptResponse(serializeResponseData(obj));
            return new EciesEncryptedResponse(encryptResponse.getEncryptedData(), encryptResponse.getMac(), encryptResponse.getNonce(), encryptResponse.getTimestamp());
        } catch (Exception e) {
            logger.debug("Response encryption failed, error: " + e.getMessage(), e);
            return null;
        }
    }

    private Object deserializeRequestData(byte[] bArr, Type type) throws IOException {
        if (type.equals(byte[].class)) {
            return bArr;
        }
        return this.objectMapper.readValue(bArr, this.objectMapper.getTypeFactory().constructType(type));
    }

    private byte[] serializeResponseData(Object obj) throws JsonProcessingException {
        return obj.getClass().equals(byte[].class) ? (byte[]) obj : this.objectMapper.writeValueAsBytes(obj);
    }

    private EncryptionContext extractEciesEncryptionContext(HttpServletRequest httpServletRequest, EncryptionScope encryptionScope) throws PowerAuthEncryptionException {
        String header = httpServletRequest.getHeader("X-PowerAuth-Encryption");
        String header2 = httpServletRequest.getHeader("X-PowerAuth-Authorization");
        if (header == null && header2 == null) {
            logger.warn("Neither signature nor encryption HTTP header is present");
            throw new PowerAuthEncryptionException();
        }
        if (header2 != null) {
            PowerAuthSignatureHttpHeader fromValue = new PowerAuthSignatureHttpHeader().fromValue(header2);
            try {
                PowerAuthSignatureHttpHeaderValidator.validate(fromValue);
                return new EncryptionContext(fromValue.getApplicationKey(), fromValue.getActivationId(), fromValue.getVersion(), fromValue, encryptionScope);
            } catch (InvalidPowerAuthHttpHeaderException e) {
                logger.warn("Signature HTTP header validation failed, error: {}", e.getMessage());
                logger.debug(e.getMessage(), e);
                throw new PowerAuthEncryptionException();
            }
        }
        PowerAuthEncryptionHttpHeader fromValue2 = new PowerAuthEncryptionHttpHeader().fromValue(header);
        try {
            PowerAuthEncryptionHttpHeaderValidator.validate(fromValue2, encryptionScope.toEncryptorScope());
            return new EncryptionContext(fromValue2.getApplicationKey(), fromValue2.getActivationId(), fromValue2.getVersion(), fromValue2, encryptionScope);
        } catch (InvalidPowerAuthHttpHeaderException e2) {
            logger.warn("Encryption validation failed, error: {}", e2.getMessage());
            logger.debug(e2.getMessage(), e2);
            throw new PowerAuthEncryptionException();
        }
    }
}
