package de.gematik.rbellogger.converter;

import de.gematik.rbellogger.converter.brainpool.BrainpoolCurves;
import de.gematik.rbellogger.data.RbelElement;
import de.gematik.rbellogger.data.facet.RbelRootFacet;
import de.gematik.rbellogger.data.facet.RbelVauErpFacet;
import de.gematik.rbellogger.key.RbelKey;
import de.gematik.rbellogger.util.CryptoUtils;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import lombok.Generated;
import org.bouncycastle.util.encoders.DecoderException;
import org.bouncycastle.util.encoders.Hex;
import org.jose4j.keys.AesKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/rbellogger-0.28.2.jar:de/gematik/rbellogger/converter/RbelErpVauDecrpytionConverter.class */
public class RbelErpVauDecrpytionConverter implements RbelConverterPlugin {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) RbelErpVauDecrpytionConverter.class);

    @Override // de.gematik.rbellogger.converter.RbelConverterPlugin
    public void consumeElement(RbelElement rbelElement, RbelConverter rbelConverter) {
        log.trace("Trying to decipher '{}'...", rbelElement.getRawStringContent());
        decipherVauMessage(rbelElement, rbelConverter).ifPresent(rbelVauErpFacet -> {
            rbelElement.addFacet(rbelVauErpFacet);
            rbelElement.addFacet(new RbelRootFacet(rbelVauErpFacet));
        });
    }

    private Optional<byte[]> decrypt(byte[] bArr, ECPrivateKey eCPrivateKey) {
        try {
            if (bArr.length < 1 || bArr[0] != 1) {
                return Optional.empty();
            }
            byte[] hkdf = CryptoUtils.hkdf(CryptoUtils.ecka(eCPrivateKey, extractPublicKeyFromVauMessage(bArr)), "ecies-vau-transport", 16);
            SecretKeySpec secretKeySpec = new SecretKeySpec(hkdf, AesKey.ALGORITHM);
            byte[] copyOfRange = Arrays.copyOfRange(bArr, 65, bArr.length);
            log.trace("Decrypting. AesKey '{}' and ciphertext {}", Base64.getEncoder().encodeToString(hkdf), Base64.getEncoder().encodeToString(copyOfRange));
            return CryptoUtils.decrypt(copyOfRange, secretKeySpec);
        } catch (Exception e) {
            return Optional.empty();
        }
    }

    private ECPublicKey extractPublicKeyFromVauMessage(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return (ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, Arrays.copyOfRange(bArr, 1, 33)), new BigInteger(1, Arrays.copyOfRange(bArr, 33, 65))), BrainpoolCurves.BP256));
    }

    private Optional<RbelVauErpFacet> decipherVauMessage(RbelElement rbelElement, RbelConverter rbelConverter) {
        for (RbelKey rbelKey : (List) rbelConverter.getRbelKeyManager().getAllKeys().filter(rbelKey2 -> {
            return (rbelKey2.getKey() instanceof ECPrivateKey) || (rbelKey2.getKey() instanceof SecretKey);
        }).collect(Collectors.toList())) {
            Optional<byte[]> decrypt = decrypt(rbelElement.getRawContent(), rbelKey.getKey());
            if (decrypt.isPresent()) {
                try {
                    log.trace("Succesfully deciphered VAU message! ({})", new String(decrypt.get(), StandardCharsets.UTF_8));
                    return isVauResponse(decrypt) ? buildVauMessageFromCleartextResponse(rbelConverter, decrypt.get(), rbelElement.getRawContent(), rbelKey, rbelElement) : buildVauMessageFromCleartextRequest(rbelConverter, decrypt.get(), rbelElement.getRawContent(), rbelKey, rbelElement);
                } catch (RuntimeException e) {
                    log.error("Exception while deciphering VAU message:", (Throwable) e);
                    throw e;
                }
            }
        }
        return Optional.empty();
    }

    private boolean isVauResponse(Optional<byte[]> optional) {
        return ((Boolean) optional.map(bArr -> {
            return new String(bArr, StandardCharsets.UTF_8);
        }).map(str -> {
            return Integer.valueOf(str.split("1 [\\da-f]{32} ").length);
        }).map(num -> {
            return Boolean.valueOf(num.intValue() > 1);
        }).orElse(false)).booleanValue();
    }

    private Optional<byte[]> decrypt(byte[] bArr, Key key) {
        if (key instanceof ECPrivateKey) {
            return decrypt(bArr, (ECPrivateKey) key);
        }
        if (key instanceof SecretKey) {
            return CryptoUtils.decrypt(bArr, key, 12, 16);
        }
        throw new RuntimeException("Unexpected key-type encountered (" + key.getClass().getSimpleName() + ")");
    }

    private Optional<RbelVauErpFacet> buildVauMessageFromCleartextRequest(RbelConverter rbelConverter, byte[] bArr, byte[] bArr2, RbelKey rbelKey, RbelElement rbelElement) {
        String[] split = new String(bArr, StandardCharsets.UTF_8).split(" ", 5);
        SecretKeySpec buildAesKeyFromHex = buildAesKeyFromHex(split[3]);
        rbelConverter.getRbelKeyManager().addKey("VAU Response-Key", buildAesKeyFromHex, 0);
        return Optional.of(RbelVauErpFacet.builder().message(rbelConverter.convertElement(split[4], rbelElement)).encryptedMessage(RbelElement.wrap(bArr2, rbelElement, null)).requestId(RbelElement.wrap(rbelElement, split[2])).pVersionNumber(RbelElement.wrap(rbelElement, Integer.valueOf(Integer.parseInt(split[0])))).responseKey(RbelElement.wrap(rbelElement, buildAesKeyFromHex)).keyIdUsed(RbelElement.wrap(rbelElement, rbelKey.getKeyName())).decryptedPString(RbelElement.wrap(bArr, rbelElement, new String(bArr, StandardCharsets.UTF_8))).keyUsed(Optional.of(rbelKey)).build());
    }

    private Optional<RbelVauErpFacet> buildVauMessageFromCleartextResponse(RbelConverter rbelConverter, byte[] bArr, byte[] bArr2, RbelKey rbelKey, RbelElement rbelElement) {
        String[] split = new String(bArr, StandardCharsets.UTF_8).split(" ", 3);
        return Optional.of(RbelVauErpFacet.builder().message(rbelConverter.convertElement(split[2], rbelElement)).encryptedMessage(RbelElement.wrap(rbelElement, bArr2)).requestId(RbelElement.wrap(rbelElement, split[1])).pVersionNumber(RbelElement.wrap(rbelElement, Integer.valueOf(Integer.parseInt(split[0])))).keyIdUsed(RbelElement.wrap(rbelElement, rbelKey.getKeyName())).keyUsed(Optional.of(rbelKey)).decryptedPString(RbelElement.wrap(rbelElement, new String(bArr, StandardCharsets.UTF_8))).build());
    }

    private SecretKeySpec buildAesKeyFromHex(String str) {
        try {
            return new SecretKeySpec(Hex.decode(str), AesKey.ALGORITHM);
        } catch (DecoderException e) {
            throw new RuntimeException("Error during Key decoding from '" + str + "'", e);
        }
    }
}
