package de.gematik.rbellogger.modifier;

import de.gematik.rbellogger.converter.brainpool.BrainpoolCurves;
import de.gematik.rbellogger.data.RbelElement;
import de.gematik.rbellogger.data.facet.RbelVauErpFacet;
import de.gematik.rbellogger.exceptions.RbelPkiException;
import de.gematik.rbellogger.key.RbelKey;
import de.gematik.rbellogger.util.CryptoUtils;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.util.Arrays;
import java.util.Base64;
import java.util.Optional;
import java.util.concurrent.ThreadLocalRandom;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import lombok.Generated;
import org.apache.commons.lang3.ArrayUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jose4j.jwe.SimpleAeadCipher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/tiger-rbel-3.2.4.jar:de/gematik/rbellogger/modifier/RbelVauErpWriter.class */
public class RbelVauErpWriter implements RbelElementWriter {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) RbelVauErpWriter.class);

    public static byte[] encrypt(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[12];
        ThreadLocalRandom.current().nextBytes(bArr3);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "AES");
        Cipher cipher = Cipher.getInstance(SimpleAeadCipher.GCM_TRANSFORMATION_NAME, BouncyCastleProvider.PROVIDER_NAME);
        cipher.init(1, secretKeySpec, new GCMParameterSpec(128, bArr3));
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] copyOf = Arrays.copyOf(bArr3, 12 + doFinal.length);
        System.arraycopy(doFinal, 0, copyOf, 12, doFinal.length);
        return copyOf;
    }

    @Override // de.gematik.rbellogger.modifier.RbelElementWriter
    public boolean canWrite(RbelElement rbelElement) {
        return rbelElement.hasFacet(RbelVauErpFacet.class) && rbelElement.getFacet(RbelVauErpFacet.class).flatMap((v0) -> {
            return v0.getKeyUsed();
        }).isPresent();
    }

    @Override // de.gematik.rbellogger.modifier.RbelElementWriter
    public byte[] write(RbelElement rbelElement, RbelElement rbelElement2, byte[] bArr) {
        Optional flatMap = rbelElement.getFacet(RbelVauErpFacet.class).flatMap((v0) -> {
            return v0.getKeyUsed();
        });
        if (flatMap.isEmpty()) {
            throw new RbelPkiException("Error while trying to write VAU Erp Message: No decryption-key found!");
        }
        return ((RbelKey) flatMap.get()).getKey() instanceof ECPrivateKey ? rewriteErpVauRequest(rbelElement, bArr, (RbelKey) flatMap.get()) : rewriteErpVauResponse(rbelElement, bArr, (RbelKey) flatMap.get());
    }

    private byte[] rewriteErpVauResponse(RbelElement rbelElement, byte[] bArr, RbelKey rbelKey) {
        String[] split = rbelElement.getFacet(RbelVauErpFacet.class).map((v0) -> {
            return v0.getDecryptedPString();
        }).flatMap((v0) -> {
            return v0.seekValue();
        }).get().toString().split(" ");
        return encrypt(ArrayUtils.addAll((split[0] + " " + split[1] + " ").getBytes(StandardCharsets.UTF_8), bArr), rbelKey.getKey().getEncoded());
    }

    private byte[] rewriteErpVauRequest(RbelElement rbelElement, byte[] bArr, RbelKey rbelKey) {
        String[] split = rbelElement.getFacet(RbelVauErpFacet.class).map((v0) -> {
            return v0.getDecryptedPString();
        }).flatMap((v0) -> {
            return v0.seekValue();
        }).get().toString().split(" ");
        byte[] hkdf = CryptoUtils.hkdf(CryptoUtils.ecka((PrivateKey) rbelKey.getKey(), extractPublicKeyFromVauMessage(rbelElement.getRawContent())), "ecies-vau-transport", 16);
        byte[] encrypt = encrypt(ArrayUtils.addAll((split[0] + " " + split[1] + " " + split[2] + " " + split[3] + " ").getBytes(StandardCharsets.UTF_8), bArr), hkdf);
        if (log.isTraceEnabled()) {
            log.trace("Encrypting. AesKey '{}' and ciphertext {}", Base64.getEncoder().encodeToString(hkdf), Base64.getEncoder().encodeToString(encrypt));
        }
        return ArrayUtils.addAll(Arrays.copyOfRange((byte[]) rbelElement.getFacet(RbelVauErpFacet.class).map((v0) -> {
            return v0.getEncryptedMessage();
        }).map((v0) -> {
            return v0.getRawContent();
        }).orElseThrow(), 0, 65), encrypt);
    }

    private ECPublicKey extractPublicKeyFromVauMessage(byte[] bArr) {
        return (ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, Arrays.copyOfRange(bArr, 1, 33)), new BigInteger(1, Arrays.copyOfRange(bArr, 33, 65))), BrainpoolCurves.BP256));
    }

    @Generated
    public RbelVauErpWriter() {
    }
}
