package io.getlime.security.powerauth.rest.api.spring.controller;

import com.google.common.io.BaseEncoding;
import io.getlime.core.rest.model.base.response.ObjectResponse;
import io.getlime.security.powerauth.http.PowerAuthHttpBody;
import io.getlime.security.powerauth.http.PowerAuthHttpHeader;
import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException;
import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException;
import io.getlime.security.powerauth.rest.api.model.response.VaultUnlockResponse;
import io.getlime.security.powerauth.soap.spring.client.PowerAuthServiceClient;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

@RequestMapping({"/pa/vault"})
@Controller
/* loaded from: input_file:io/getlime/security/powerauth/rest/api/spring/controller/SecureVaultController.class */
public class SecureVaultController {
    private PowerAuthServiceClient powerAuthClient;

    @Autowired
    public void setPowerAuthClient(PowerAuthServiceClient powerAuthServiceClient) {
        this.powerAuthClient = powerAuthServiceClient;
    }

    @RequestMapping(value = {"unlock"}, method = {RequestMethod.POST})
    @ResponseBody
    public ObjectResponse<VaultUnlockResponse> unlockVault(@RequestHeader(value = "X-PowerAuth-Authorization", defaultValue = "unknown") String str) throws PowerAuthAuthenticationException, PowerAuthSecureVaultException {
        try {
            Map parsePowerAuthSignatureHTTPHeader = PowerAuthHttpHeader.parsePowerAuthSignatureHTTPHeader(str);
            String str2 = (String) parsePowerAuthSignatureHTTPHeader.get("pa_activation_id");
            String str3 = (String) parsePowerAuthSignatureHTTPHeader.get("pa_application_key");
            String str4 = (String) parsePowerAuthSignatureHTTPHeader.get("pa_signature");
            String str5 = (String) parsePowerAuthSignatureHTTPHeader.get("pa_signature_type");
            io.getlime.powerauth.soap.VaultUnlockResponse unlockVault = this.powerAuthClient.unlockVault(str2, str3, PowerAuthHttpBody.getSignatureBaseString("POST", "/pa/vault/unlock", BaseEncoding.base64().decode((String) parsePowerAuthSignatureHTTPHeader.get("pa_nonce")), (byte[]) null), str4, str5);
            if (!unlockVault.isSignatureValid()) {
                throw new PowerAuthAuthenticationException();
            }
            VaultUnlockResponse vaultUnlockResponse = new VaultUnlockResponse();
            vaultUnlockResponse.setActivationId(unlockVault.getActivationId());
            vaultUnlockResponse.setEncryptedVaultEncryptionKey(unlockVault.getEncryptedVaultEncryptionKey());
            return new ObjectResponse<>(vaultUnlockResponse);
        } catch (Exception e) {
            if (PowerAuthAuthenticationException.class.equals(e.getClass())) {
                throw e;
            }
            throw new PowerAuthSecureVaultException();
        }
    }
}
