package io.getlime.security.powerauth.rest.api.spring.controller;

import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader;
import io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException;
import io.getlime.security.powerauth.http.validator.PowerAuthSignatureHttpHeaderValidator;
import io.getlime.security.powerauth.rest.api.model.request.EciesEncryptedRequest;
import io.getlime.security.powerauth.rest.api.model.response.EciesEncryptedResponse;
import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException;
import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthSecureVaultException;
import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException;
import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException;
import io.getlime.security.powerauth.rest.api.spring.service.SecureVaultService;
import io.getlime.security.powerauth.rest.api.spring.util.PowerAuthVersionUtil;
import jakarta.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/pa/v3/vault"})
@RestController("secureVaultControllerV3")
/* loaded from: input_file:io/getlime/security/powerauth/rest/api/spring/controller/SecureVaultController.class */
public class SecureVaultController {
    private static final Logger logger = LoggerFactory.getLogger(SecureVaultController.class);
    private SecureVaultService secureVaultServiceV3;

    @Autowired
    public void setSecureVaultServiceV3(SecureVaultService secureVaultService) {
        this.secureVaultServiceV3 = secureVaultService;
    }

    @PostMapping({"unlock"})
    public EciesEncryptedResponse unlockVault(@RequestHeader(value = "X-PowerAuth-Authorization", defaultValue = "unknown") String str, @RequestBody EciesEncryptedRequest eciesEncryptedRequest, HttpServletRequest httpServletRequest) throws PowerAuthAuthenticationException, PowerAuthSecureVaultException {
        if (eciesEncryptedRequest == null) {
            logger.warn("Invalid request object in vault unlock");
            throw new PowerAuthInvalidRequestException();
        }
        PowerAuthSignatureHttpHeader fromValue = new PowerAuthSignatureHttpHeader().fromValue(str);
        try {
            PowerAuthSignatureHttpHeaderValidator.validate(fromValue);
            PowerAuthVersionUtil.checkUnsupportedVersion(fromValue.getVersion());
            PowerAuthVersionUtil.checkMissingRequiredNonce(fromValue.getVersion(), eciesEncryptedRequest.getNonce());
            PowerAuthVersionUtil.checkMissingRequiredTimestamp(fromValue.getVersion(), eciesEncryptedRequest.getTimestamp());
            return this.secureVaultServiceV3.vaultUnlock(fromValue, eciesEncryptedRequest, httpServletRequest);
        } catch (InvalidPowerAuthHttpHeaderException e) {
            logger.warn("Signature HTTP header validation failed, error: {}", e.getMessage());
            logger.debug(e.getMessage(), e);
            throw new PowerAuthSignatureInvalidException();
        }
    }
}
