package io.getlime.security.powerauth.rest.api.spring.service.v3;

import com.google.common.io.BaseEncoding;
import com.wultra.security.powerauth.client.PowerAuthClient;
import com.wultra.security.powerauth.client.v3.SignatureType;
import com.wultra.security.powerauth.client.v3.VaultUnlockResponse;
import io.getlime.security.powerauth.http.PowerAuthHttpBody;
import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader;
import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException;
import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException;
import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureInvalidException;
import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureTypeInvalidException;
import io.getlime.security.powerauth.rest.api.model.request.v3.EciesEncryptedRequest;
import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse;
import io.getlime.security.powerauth.rest.api.spring.converter.v3.SignatureTypeConverter;
import io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthAuthenticationProvider;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service("secureVaultServiceV3")
/* loaded from: input_file:io/getlime/security/powerauth/rest/api/spring/service/v3/SecureVaultService.class */
public class SecureVaultService {
    private PowerAuthClient powerAuthClient;
    private PowerAuthAuthenticationProvider authenticationProvider;
    private static final Logger logger = LoggerFactory.getLogger(SecureVaultService.class);

    @Autowired
    public void setPowerAuthClient(PowerAuthClient powerAuthClient) {
        this.powerAuthClient = powerAuthClient;
    }

    @Autowired
    public void setAuthenticationProvider(PowerAuthAuthenticationProvider powerAuthAuthenticationProvider) {
        this.authenticationProvider = powerAuthAuthenticationProvider;
    }

    public EciesEncryptedResponse vaultUnlock(PowerAuthSignatureHttpHeader powerAuthSignatureHttpHeader, EciesEncryptedRequest eciesEncryptedRequest, HttpServletRequest httpServletRequest) throws PowerAuthSecureVaultException, PowerAuthAuthenticationException {
        try {
            SignatureTypeConverter signatureTypeConverter = new SignatureTypeConverter();
            String activationId = powerAuthSignatureHttpHeader.getActivationId();
            String applicationKey = powerAuthSignatureHttpHeader.getApplicationKey();
            String signature = powerAuthSignatureHttpHeader.getSignature();
            SignatureType convertFrom = signatureTypeConverter.convertFrom(powerAuthSignatureHttpHeader.getSignatureType());
            if (convertFrom == null) {
                logger.warn("Invalid signature type: {}", powerAuthSignatureHttpHeader.getSignatureType());
                throw new PowerAuthSignatureTypeInvalidException();
            }
            String version = powerAuthSignatureHttpHeader.getVersion();
            String nonce = powerAuthSignatureHttpHeader.getNonce();
            String ephemeralPublicKey = eciesEncryptedRequest.getEphemeralPublicKey();
            String encryptedData = eciesEncryptedRequest.getEncryptedData();
            String mac = eciesEncryptedRequest.getMac();
            String nonce2 = eciesEncryptedRequest.getNonce();
            VaultUnlockResponse unlockVault = this.powerAuthClient.unlockVault(activationId, applicationKey, signature, convertFrom, version, PowerAuthHttpBody.getSignatureBaseString("POST", "/pa/vault/unlock", BaseEncoding.base64().decode(nonce), this.authenticationProvider.extractRequestBodyBytes(httpServletRequest)), ephemeralPublicKey, encryptedData, mac, nonce2);
            if (unlockVault.isSignatureValid()) {
                return new EciesEncryptedResponse(unlockVault.getEncryptedData(), unlockVault.getMac());
            }
            logger.debug("Signature validation failed");
            throw new PowerAuthSignatureInvalidException();
        } catch (PowerAuthAuthenticationException e) {
            throw e;
        } catch (Exception e2) {
            logger.warn("PowerAuth vault unlock failed, error: {}", e2.getMessage());
            logger.debug(e2.getMessage(), e2);
            throw new PowerAuthSecureVaultException();
        }
    }
}
