package de.adorsys.psd2.consent.service.security;

import de.adorsys.psd2.consent.service.security.provider.CryptoProvider;
import de.adorsys.psd2.consent.service.security.provider.CryptoProviderFactory;
import java.beans.ConstructorProperties;
import java.util.Base64;
import java.util.Optional;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/lib/consent-management-lib-1.17.jar:de/adorsys/psd2/consent/service/security/SecurityDataService.class */
public class SecurityDataService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SecurityDataService.class);
    private static final String SEPARATOR = "_=_";
    private String serverKey;
    private final CryptoProviderFactory cryptoProviderFactory;

    @Autowired
    public SecurityDataService(Environment environment, CryptoProviderFactory cryptoProviderFactory) {
        this.cryptoProviderFactory = cryptoProviderFactory;
        this.serverKey = environment.getProperty("server_key");
        if (StringUtils.isBlank(this.serverKey)) {
            log.error("The 'server_key' must be specified at CMS start");
            throw new IllegalArgumentException("CMS_SERVER_KEY_MISSING");
        }
    }

    public Optional<String> encryptId(String str) {
        Optional<String> map = identifierCP().encryptData(concatWithSeparator(str, RandomStringUtils.random(16, true, true)).getBytes(), this.serverKey).map((v0) -> {
            return v0.getData();
        }).map(bArr -> {
            return Base64.getUrlEncoder().encodeToString(bArr);
        }).map(this::addVersionToEncryptedId);
        if (!map.isPresent()) {
            log.warn("Couldn't encrypt ID: {}", str);
        }
        return map;
    }

    public Optional<String> decryptId(String str) {
        if (!str.contains(SEPARATOR)) {
            log.warn("Couldn't decrypt ID: {}", str);
            return Optional.empty();
        }
        Optional map = decryptCompositeId(str).map(str2 -> {
            return str2.split(SEPARATOR)[0];
        });
        if (!map.isPresent()) {
            log.warn("Couldn't decrypt ID: {}", str);
        }
        return map;
    }

    public Optional<EncryptedData> encryptConsentData(String str, byte[] bArr) {
        return getConsentKeyByEncryptedId(str).flatMap(str2 -> {
            return consentDataCP().encryptData(bArr, str2);
        });
    }

    public Optional<DecryptedData> decryptConsentData(String str, byte[] bArr) {
        return getConsentKeyByEncryptedId(str).flatMap(str2 -> {
            return consentDataCP().decryptData(bArr, str2);
        });
    }

    public boolean isConsentIdEncrypted(String str) {
        return str.contains(SEPARATOR);
    }

    private Optional<String> decryptCompositeId(String str) {
        byte[] decode64 = decode64(str.substring(0, str.indexOf(SEPARATOR)), true);
        if (decode64 == null) {
            return Optional.empty();
        }
        return this.cryptoProviderFactory.getCryptoProviderByAlgorithmVersion(str.substring(str.indexOf(SEPARATOR) + SEPARATOR.length())).flatMap(cryptoProvider -> {
            return cryptoProvider.decryptData(decode64, this.serverKey);
        }).map(decryptedData -> {
            return new String(decryptedData.getData());
        }).filter((v0) -> {
            return StringUtils.isAsciiPrintable(v0);
        });
    }

    private Optional<String> getConsentKeyByEncryptedId(String str) {
        return decryptCompositeId(str).map(str2 -> {
            return str2.split(SEPARATOR)[1];
        });
    }

    private byte[] decode64(String str, boolean z) {
        try {
            return z ? Base64.getUrlDecoder().decode(str) : Base64.getDecoder().decode(str);
        } catch (IllegalArgumentException e) {
            log.error("Input id has wrong format: {}", str);
            return null;
        }
    }

    private String addVersionToEncryptedId(String str) {
        return concatWithSeparator(str, identifierCP().getAlgorithmVersion().getExternalId());
    }

    private CryptoProvider consentDataCP() {
        return this.cryptoProviderFactory.actualConsentDataCryptoProvider();
    }

    private CryptoProvider identifierCP() {
        return this.cryptoProviderFactory.actualIdentifierCryptoProvider();
    }

    private String concatWithSeparator(String str, String str2) {
        return str + SEPARATOR + str2;
    }

    @ConstructorProperties({"cryptoProviderFactory"})
    public SecurityDataService(CryptoProviderFactory cryptoProviderFactory) {
        this.cryptoProviderFactory = cryptoProviderFactory;
    }
}
