package de.adorsys.psd2.consent.service.security;

import de.adorsys.psd2.consent.service.security.provider.CryptoProviderHolder;
import java.beans.ConstructorProperties;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Optional;
import java.util.Random;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/lib/consent-management-lib-6.2.jar:de/adorsys/psd2/consent/service/security/SecurityDataService.class */
public class SecurityDataService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SecurityDataService.class);
    private static final String SEPARATOR = "_=_";
    private String serverKey;
    private final CryptoProviderHolder cryptoProviderHolder;
    private final Random random = new SecureRandom();

    @Autowired
    public SecurityDataService(Environment environment, CryptoProviderHolder cryptoProviderHolder) {
        this.cryptoProviderHolder = cryptoProviderHolder;
        this.serverKey = environment.getProperty("server_key");
        if (StringUtils.isBlank(this.serverKey)) {
            log.info("The 'server_key' missing - must be specified at CMS start");
            throw new IllegalArgumentException("CMS_SERVER_KEY_MISSING");
        }
    }

    public Optional<String> encryptId(String str) {
        Optional<String> map = this.cryptoProviderHolder.getDefaultIdProvider().encryptData(concatWithSeparator(str, RandomStringUtils.random(16, 0, 0, true, true, null, this.random), this.cryptoProviderHolder.getDefaultDataProvider().getCryptoProviderId()).getBytes(), this.serverKey).map((v0) -> {
            return v0.getData();
        }).map(bArr -> {
            return Base64.getUrlEncoder().encodeToString(bArr);
        }).map(this::addVersionToEncryptedId);
        if (!map.isPresent()) {
            log.info("ID: [{}]. Couldn't encrypt ID", str);
        }
        return map;
    }

    public Optional<String> decryptId(String str) {
        if (!str.contains(SEPARATOR)) {
            log.info("ID: [{}]. Couldn't decrypt, because id does not contain separator [{}]", str, SEPARATOR);
            return Optional.empty();
        }
        Optional map = decryptCompositeId(str).map(str2 -> {
            return str2.split(SEPARATOR)[0];
        });
        if (!map.isPresent()) {
            log.info("ID: [{}]. Couldn't decrypt ID", str);
        }
        return map;
    }

    public Optional<EncryptedData> encryptConsentData(String str, byte[] bArr) {
        return getDecryptedIdSetByEncryptedId(str).flatMap(decryptedIdSet -> {
            return getEncryptedData(decryptedIdSet, bArr);
        });
    }

    public Optional<DecryptedData> decryptConsentData(String str, byte[] bArr) {
        return getDecryptedIdSetByEncryptedId(str).flatMap(decryptedIdSet -> {
            return getDecryptedData(decryptedIdSet, bArr);
        });
    }

    public boolean isConsentIdEncrypted(String str) {
        return str.contains(SEPARATOR);
    }

    private Optional<DecryptedData> getDecryptedData(DecryptedIdSet decryptedIdSet, byte[] bArr) {
        return this.cryptoProviderHolder.getProviderById(decryptedIdSet.getDataEncryptionProviderId()).flatMap(cryptoProvider -> {
            return cryptoProvider.decryptData(bArr, decryptedIdSet.getRandomSecretKey());
        });
    }

    private Optional<EncryptedData> getEncryptedData(DecryptedIdSet decryptedIdSet, byte[] bArr) {
        return this.cryptoProviderHolder.getProviderById(decryptedIdSet.getDataEncryptionProviderId()).flatMap(cryptoProvider -> {
            return cryptoProvider.encryptData(bArr, decryptedIdSet.getRandomSecretKey());
        });
    }

    private Optional<DecryptedIdSet> getDecryptedIdSetByEncryptedId(String str) {
        return decryptCompositeId(str).map(str2 -> {
            return new DecryptedIdSet(str2.split(SEPARATOR));
        });
    }

    private Optional<String> decryptCompositeId(String str) {
        byte[] decode64 = decode64(str.substring(0, str.indexOf(SEPARATOR)));
        if (decode64 == null) {
            log.info("ID: [{}]. Couldn't decrypt composite id", str);
            return Optional.empty();
        }
        return this.cryptoProviderHolder.getProviderById(str.substring(str.indexOf(SEPARATOR) + SEPARATOR.length())).flatMap(cryptoProvider -> {
            return cryptoProvider.decryptData(decode64, this.serverKey);
        }).map(decryptedData -> {
            return new String(decryptedData.getData());
        }).filter((v0) -> {
            return StringUtils.isAsciiPrintable(v0);
        });
    }

    private byte[] decode64(String str) {
        try {
            return Base64.getUrlDecoder().decode(str);
        } catch (IllegalArgumentException e) {
            log.info("ID: [{}]. Input id has wrong format", str);
            return null;
        }
    }

    private String addVersionToEncryptedId(String str) {
        return concatWithSeparator(str, this.cryptoProviderHolder.getDefaultIdProvider().getCryptoProviderId());
    }

    private String concatWithSeparator(String... strArr) {
        return StringUtils.join(strArr, SEPARATOR);
    }

    @ConstructorProperties({"cryptoProviderHolder"})
    public SecurityDataService(CryptoProviderHolder cryptoProviderHolder) {
        this.cryptoProviderHolder = cryptoProviderHolder;
    }
}
