package io.getlime.security.powerauth.rest.api.spring.service.v3;

import com.google.common.io.BaseEncoding;
import io.getlime.powerauth.soap.v3.SignatureType;
import io.getlime.powerauth.soap.v3.VaultUnlockResponse;
import io.getlime.security.powerauth.http.PowerAuthHttpBody;
import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader;
import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException;
import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException;
import io.getlime.security.powerauth.rest.api.model.request.v3.EciesEncryptedRequest;
import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse;
import io.getlime.security.powerauth.rest.api.spring.converter.v3.SignatureTypeConverter;
import io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthAuthenticationProvider;
import io.getlime.security.powerauth.soap.spring.client.PowerAuthServiceClient;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service("secureVaultServiceV3")
/* loaded from: input_file:io/getlime/security/powerauth/rest/api/spring/service/v3/SecureVaultService.class */
public class SecureVaultService {
    private PowerAuthServiceClient powerAuthClient;
    private PowerAuthAuthenticationProvider authenticationProvider;
    private static final Logger logger = LoggerFactory.getLogger(SecureVaultService.class);

    @Autowired
    public void setPowerAuthClient(PowerAuthServiceClient powerAuthServiceClient) {
        this.powerAuthClient = powerAuthServiceClient;
    }

    @Autowired
    public void setAuthenticationProvider(PowerAuthAuthenticationProvider powerAuthAuthenticationProvider) {
        this.authenticationProvider = powerAuthAuthenticationProvider;
    }

    public EciesEncryptedResponse vaultUnlock(PowerAuthSignatureHttpHeader powerAuthSignatureHttpHeader, EciesEncryptedRequest eciesEncryptedRequest, HttpServletRequest httpServletRequest) throws PowerAuthSecureVaultException, PowerAuthAuthenticationException {
        try {
            SignatureTypeConverter signatureTypeConverter = new SignatureTypeConverter();
            String activationId = powerAuthSignatureHttpHeader.getActivationId();
            String applicationKey = powerAuthSignatureHttpHeader.getApplicationKey();
            String signature = powerAuthSignatureHttpHeader.getSignature();
            SignatureType convertFrom = signatureTypeConverter.convertFrom(powerAuthSignatureHttpHeader.getSignatureType());
            String nonce = powerAuthSignatureHttpHeader.getNonce();
            String ephemeralPublicKey = eciesEncryptedRequest.getEphemeralPublicKey();
            String encryptedData = eciesEncryptedRequest.getEncryptedData();
            String mac = eciesEncryptedRequest.getMac();
            VaultUnlockResponse unlockVault = this.powerAuthClient.unlockVault(activationId, applicationKey, signature, convertFrom, PowerAuthHttpBody.getSignatureBaseString("POST", "/pa/vault/unlock", BaseEncoding.base64().decode(nonce), this.authenticationProvider.extractRequestBodyBytes(httpServletRequest)), ephemeralPublicKey, encryptedData, mac);
            if (unlockVault.isSignatureValid()) {
                return new EciesEncryptedResponse(unlockVault.getEncryptedData(), unlockVault.getMac());
            }
            throw new PowerAuthAuthenticationException();
        } catch (Exception e) {
            logger.warn("PowerAuth vault unlock failed", e);
            throw new PowerAuthSecureVaultException();
        } catch (PowerAuthAuthenticationException e2) {
            throw e2;
        }
    }
}
