package de.gematik.rbellogger.converter;

import de.gematik.rbellogger.data.RbelElement;
import de.gematik.rbellogger.data.RbelMultiMap;
import de.gematik.rbellogger.data.facet.RbelCborFacet;
import de.gematik.rbellogger.data.facet.RbelHttpMessageFacet;
import de.gematik.rbellogger.data.facet.RbelMapFacet;
import de.gematik.rbellogger.data.facet.RbelNestedFacet;
import de.gematik.rbellogger.data.facet.RbelNoteFacet;
import de.gematik.rbellogger.data.facet.RbelPrintableHashFacet;
import de.gematik.rbellogger.data.facet.RbelRootFacet;
import de.gematik.rbellogger.data.facet.RbelVau3EncryptionFacet;
import de.gematik.rbellogger.key.RbelKey;
import de.gematik.rbellogger.key.RbelKeyManager;
import de.gematik.rbellogger.util.CryptoUtils;
import de.gematik.rbellogger.util.RbelContent;
import de.gematik.rbellogger.util.email_crypto.elliptic_curve.ObjectIdentifier;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.Key;
import java.security.KeyFactory;
import java.util.Arrays;
import java.util.Base64;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.stream.Stream;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import lombok.Generated;
import org.apache.commons.lang3.ArrayUtils;
import org.bouncycastle.asn1.sec.SECNamedCurves;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.pqc.crypto.crystals.kyber.KyberParameters;
import org.bouncycastle.pqc.crypto.crystals.kyber.KyberPublicKeyParameters;
import org.bouncycastle.pqc.jcajce.provider.kyber.BCKyberPublicKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ConverterInfo(onlyActivateFor = {"epa3-vau"})
/* loaded from: input_file:BOOT-INF/lib/tiger-rbel-3.7.0.jar:de/gematik/rbellogger/converter/RbelVauEpa3Converter.class */
public class RbelVauEpa3Converter implements RbelConverterPlugin {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) RbelVauEpa3Converter.class);
    private static final int HEADER_VERSION_INDEX = 0;
    private static final int HEADER_PU_INDEX = 1;
    private static final int HEADER_REQ_INDEX = 2;
    private static final int HEADER_REQ_COUNTER_INDEX = 3;
    private static final int HEADER_REQ_COUNTER_LENGTH = 8;
    private static final int HEADER_KEY_ID_INDEX = 11;
    private static final int HEADER_KEY_ID_LENGTH = 32;
    private static final int BODY_INDEX = 43;
    private static final int BODY_IV_LENGTH = 12;
    private static final int BODY_CT_INDEX = 55;
    private static final String VAU_3_HANDSHAKE_S_K1_C2S = "vau3_handshake_s_k1_c2s_";
    private static final String VAU_DEBUG_K1_C2S = "VAU-DEBUG-S_K1_c2s";
    private static final String VAU_DEBUG_K1_S2C = "VAU-DEBUG-S_K1_s2c";
    private static final String K1_S2C_NOTE = "S_K1_s2c, absent in a real-life implementation";
    private static final String VAU_3_PAYLOAD_KEYS = "vau_non_pu_tracing_";
    private static final String AEAD_CT_KEY_CONFIRMATION_NOTE = "Decrypted AEAD_ct_key_confirmation. This is the server's transcript hash. Decryption for clarification purposes only. In a real-life implementation, this would be done by the client.";
    public static final String CONTENT = "content";

    @Override // de.gematik.rbellogger.converter.RbelConverterPlugin
    public void consumeElement(RbelElement rbelElement, RbelConverter rbelConverter) {
        if (log.isTraceEnabled()) {
            log.trace("Trying to decipher '{}'...", rbelElement.getRawStringContent());
        }
        rbelConverter.waitForAllElementsBeforeGivenToBeParsed(rbelElement.findRootElement());
        if (rbelElement.hasFacet(RbelCborFacet.class)) {
            tryToParseVauEpa3HandshakeMessage(rbelElement, rbelConverter);
        } else {
            if (rbelElement.getParentNode() == null || !rbelElement.getParentNode().hasFacet(RbelHttpMessageFacet.class)) {
                return;
            }
            tryToExtractVauNonPuTracingKeys(rbelElement, rbelConverter);
            tryToParseVauEpa3Message(rbelElement, rbelConverter);
        }
    }

    private void tryToParseVauEpa3Message(RbelElement rbelElement, RbelConverter rbelConverter) {
        rbelConverter.getRbelKeyManager().getAllKeys().filter(rbelKey -> {
            return rbelKey.getKey() instanceof SecretKeySpec;
        }).filter(rbelKey2 -> {
            return rbelKey2.getKey().getAlgorithm().equals("AES");
        }).filter(rbelKey3 -> {
            return rbelKey3.getKeyName().startsWith(VAU_3_PAYLOAD_KEYS);
        }).anyMatch(rbelKey4 -> {
            return decryptEpa3VauSuccessfull(rbelElement, rbelKey4.getKey(), rbelConverter);
        });
    }

    private boolean decryptEpa3VauSuccessfull(RbelElement rbelElement, Key key, RbelConverter rbelConverter) {
        try {
            byte[] rawContent = rbelElement.getRawContent();
            byte[] subarray = ArrayUtils.subarray(rawContent, 0, 43);
            byte[] performActualDecryption = performActualDecryption(key, ArrayUtils.subarray(rawContent, 43, 55), ArrayUtils.subarray(rawContent, 55, rawContent.length), subarray);
            if (log.isTraceEnabled()) {
                log.trace("Decrypted VAU EPA3: {}", new String(performActualDecryption));
            }
            RbelElement convertElement = rbelConverter.convertElement(subarray, rbelElement);
            byte[] copyOfRange = Arrays.copyOfRange(subarray, 3, 11);
            convertElement.addFacet(new RbelMapFacet(new RbelMultiMap().with("version", RbelElement.wrap(new byte[]{subarray[0]}, convertElement, Byte.valueOf(subarray[0]))).with("pu", RbelElement.wrap(new byte[]{subarray[1]}, convertElement, Byte.valueOf(subarray[1]))).with("req", RbelElement.wrap(new byte[]{subarray[2]}, convertElement, Byte.valueOf(subarray[2]))).with("reqCtr", RbelElement.wrap(copyOfRange, convertElement, Long.valueOf(ByteBuffer.wrap(copyOfRange).getLong()))).with("keyId", RbelElement.wrap(Arrays.copyOfRange(subarray, 11, 43), convertElement, new BigInteger(Arrays.copyOfRange(subarray, 11, 43))))));
            rbelElement.addFacet(new RbelVau3EncryptionFacet(rbelConverter.convertElement(performActualDecryption, rbelElement), convertElement));
            return true;
        } catch (Exception e) {
            log.trace("Failed to parse VAU EPA3: ", (Throwable) e);
            return false;
        }
    }

    private static byte[] performActualDecryption(Key key, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, key, new GCMParameterSpec(128, bArr));
        cipher.updateAAD(bArr3);
        return cipher.doFinal(bArr2);
    }

    private void tryToExtractVauNonPuTracingKeys(RbelElement rbelElement, RbelConverter rbelConverter) {
        Stream flatMap = Optional.ofNullable(rbelElement.getParentNode()).flatMap(rbelElement2 -> {
            return rbelElement2.getFacet(RbelHttpMessageFacet.class);
        }).map((v0) -> {
            return v0.getHeader();
        }).flatMap(rbelElement3 -> {
            return rbelElement3.getFirst("VAU-nonPU-Tracing");
        }).map((v0) -> {
            return v0.getRawStringContent();
        }).map(str -> {
            return str.split(" ");
        }).stream().flatMap((v0) -> {
            return Stream.of(v0);
        });
        Base64.Decoder decoder = Base64.getDecoder();
        Objects.requireNonNull(decoder);
        flatMap.map(decoder::decode).map(bArr -> {
            return new SecretKeySpec(bArr, "AES");
        }).map(secretKeySpec -> {
            return new RbelKey(secretKeySpec, "vau_non_pu_tracing_" + String.valueOf(UUID.randomUUID()), 0);
        }).forEach(rbelKey -> {
            rbelConverter.getRbelKeyManager().addKey(rbelKey);
        });
    }

    private void tryToParseVauEpa3HandshakeMessage(RbelElement rbelElement, RbelConverter rbelConverter) {
        try {
            Optional<RbelElement> first = rbelElement.getFirst("MessageType");
            if (first.isPresent()) {
                String str = (String) first.get().getFirst("content").map((v0) -> {
                    return v0.getRawStringContent();
                }).orElse("");
                boolean z = -1;
                switch (str.hashCode()) {
                    case 2436:
                        if (str.equals("M1")) {
                            z = false;
                            break;
                        }
                        break;
                    case 2437:
                        if (str.equals("M2")) {
                            z = true;
                            break;
                        }
                        break;
                    case 2438:
                        if (str.equals("M3")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 2439:
                        if (str.equals("M4")) {
                            z = 3;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        parseM1(rbelElement, rbelConverter);
                        break;
                    case true:
                        parseM2(rbelElement, rbelConverter);
                        break;
                    case true:
                        parseM3(rbelElement, rbelConverter);
                        break;
                    case true:
                        parseM4(rbelElement, rbelConverter);
                        break;
                    default:
                        rbelElement.addFacet(new RbelNoteFacet("Unknown VAU EPA3 message type: " + str));
                        break;
                }
            }
        } catch (RuntimeException e) {
            log.trace("Failed to parse VAU EPA3: {}", e.getMessage());
        }
    }

    private void parseM3(RbelElement rbelElement, RbelConverter rbelConverter) {
        Optional<RbelElement> first = rbelElement.getFirst("AEAD_ct_key_confirmation");
        Optional<RbelElement> first2 = rbelElement.getFirst("AEAD_ct");
        if (first.isEmpty() || first2.isEmpty()) {
            return;
        }
        first.get().addFacet(new RbelNoteFacet("aead_ciphertext_key_confirmation"));
        first2.get().addFacet(new RbelNoteFacet("aead_ciphertext_msg_3"));
        for (RbelKey rbelKey : rbelConverter.getRbelKeyManager().getAllKeys().toList()) {
            Key key = rbelKey.getKey();
            if (key instanceof SecretKeySpec) {
                SecretKeySpec secretKeySpec = (SecretKeySpec) key;
                if (rbelKey.getKey().getAlgorithm().equals("AES") && rbelKey.getKeyName().startsWith(VAU_3_HANDSHAKE_S_K1_C2S) && tryToDecipherAeadCt(first2.get(), rbelConverter, secretKeySpec)) {
                    return;
                }
            }
        }
    }

    private void parseM2(RbelElement rbelElement, RbelConverter rbelConverter) {
        Optional<RbelElement> first = rbelElement.getFirst("ECDH_ct");
        Optional<RbelElement> first2 = rbelElement.getFirst("Kyber768_ct");
        Optional<RbelElement> first3 = rbelElement.getFirst("AEAD_ct");
        if (first.isEmpty() || first2.isEmpty() || first3.isEmpty()) {
            return;
        }
        first.get().addFacet(new RbelNoteFacet("ECC ciphertext of the server for this handshake"));
        first2.get().addFacet(new RbelNoteFacet("Kyber768 ciphertext of the server for this handshake"));
        first3.get().addFacet(new RbelNoteFacet("aead_ciphertext_msg_2"));
        Optional<byte[]> extractKeyFromHttpHeader = extractKeyFromHttpHeader(first3.get(), VAU_DEBUG_K1_S2C, K1_S2C_NOTE);
        if (extractKeyFromHttpHeader.isEmpty()) {
            return;
        }
        tryToDecipherAeadCt(first3.get(), rbelConverter, new SecretKeySpec(extractKeyFromHttpHeader.get(), "AES"));
        manageClientToServerKey(rbelElement, rbelConverter);
    }

    private void parseM4(RbelElement rbelElement, RbelConverter rbelConverter) {
        RbelElement orElseThrow = rbelElement.getFirst("AEAD_ct_key_confirmation").orElseThrow();
        RbelContent rbelContent = (RbelContent) orElseThrow.getFirst("content").map((v0) -> {
            return v0.getContent();
        }).orElseThrow();
        extractKeyFromHttpHeader(rbelElement, "VAU-DEBUG-S_K2_s2c_keyConfirmation", K1_S2C_NOTE).map(bArr -> {
            return new SecretKeySpec(bArr, "AES");
        }).flatMap(secretKeySpec -> {
            return CryptoUtils.decrypt(rbelContent, secretKeySpec);
        }).ifPresent(bArr2 -> {
            RbelPrintableHashFacet rbelPrintableHashFacet = new RbelPrintableHashFacet("SHA-256 Hash of the transcript");
            orElseThrow.addFacet(new RbelNestedFacet(new RbelElement(bArr2, orElseThrow).addFacet(rbelPrintableHashFacet).addFacet(new RbelRootFacet(rbelPrintableHashFacet)), "decrypted"));
            orElseThrow.addFacet(new RbelNoteFacet(AEAD_CT_KEY_CONFIRMATION_NOTE));
        });
    }

    private static void manageClientToServerKey(RbelElement rbelElement, RbelConverter rbelConverter) {
        extractKeyFromHttpHeader(rbelElement, VAU_DEBUG_K1_C2S, "S_K1_c2s, absent in a real-life implementation").map(bArr -> {
            return new SecretKeySpec(bArr, "AES");
        }).map(secretKeySpec -> {
            return new RbelKey(secretKeySpec, "vau3_handshake_s_k1_c2s_" + String.valueOf(UUID.randomUUID()), 0);
        }).ifPresent(rbelKey -> {
            rbelConverter.getRbelKeyManager().addKey(rbelKey);
        });
    }

    private boolean tryToDecipherAeadCt(RbelElement rbelElement, RbelConverter rbelConverter, SecretKeySpec secretKeySpec) {
        Optional<RbelElement> first = rbelElement.getFirst("content");
        if (first.isEmpty()) {
            return false;
        }
        Optional<byte[]> decrypt = CryptoUtils.decrypt(first.get().getContent(), secretKeySpec, 12, 16);
        if (decrypt.isEmpty()) {
            return false;
        }
        RbelElement convertElement = rbelConverter.convertElement(decrypt.get(), rbelElement);
        convertElement.addFacet(new RbelNoteFacet("Decrypted AEAD_ct element. Decryption for clarification purposes only. In a real-life implementation, this would be done by the client."));
        rbelElement.addFacet(new RbelNestedFacet(convertElement, "decrypted_content"));
        return true;
    }

    private static Optional<byte[]> extractKeyFromHttpHeader(RbelElement rbelElement, String str, String str2) {
        Optional map = rbelElement.findRootElement().getFacet(RbelHttpMessageFacet.class).map((v0) -> {
            return v0.getHeader();
        }).flatMap(rbelElement2 -> {
            return rbelElement2.getFirst(str);
        }).map(rbelElement3 -> {
            return rbelElement3.addFacet(new RbelNoteFacet(str2));
        }).map((v0) -> {
            return v0.getRawContent();
        });
        Base64.Decoder decoder = Base64.getDecoder();
        Objects.requireNonNull(decoder);
        return map.map(decoder::decode);
    }

    private void parseM1(RbelElement rbelElement, RbelConverter rbelConverter) {
        Optional<RbelElement> first = rbelElement.getFirst("ECDH_PK");
        Optional<RbelElement> first2 = rbelElement.getFirst("Kyber768_PK");
        if (first.isEmpty() || first2.isEmpty()) {
            return;
        }
        first.get().addFacet(new RbelNoteFacet("ECC public key of the client for this handshake"));
        first2.get().addFacet(new RbelNoteFacet("Kyber public key of the client for this handshake (Concatenation of the two kyber parameters)"));
        tryToAddEccKeyToKeyManager(rbelElement, rbelConverter);
    }

    private void tryToAddEccKeyToKeyManager(RbelElement rbelElement, RbelConverter rbelConverter) {
        RbelKeyManager rbelKeyManager = rbelConverter.getRbelKeyManager();
        String uuid = UUID.randomUUID().toString();
        rbelElement.getFirst("ECDH_PK").map(this::toEcPublicKey).ifPresent(eCPublicKey -> {
            rbelKeyManager.addKey("vau3_handshake_client_ecdh_pk_" + uuid, eCPublicKey, 0);
        });
        rbelElement.getFirst("Kyber768_PK").map(this::toKyberPublicKey).ifPresent(key -> {
            rbelKeyManager.addKey("vau3_handshake_client_kyber_pk" + uuid, key, 0);
        });
    }

    private Key toKyberPublicKey(RbelElement rbelElement) {
        return new BCKyberPublicKey(new KyberPublicKeyParameters(KyberParameters.kyber768, rbelElement.getRawContent()));
    }

    public ECPublicKey toEcPublicKey(RbelElement rbelElement) {
        RbelElement orElseThrow = rbelElement.getFirst("x").orElseThrow();
        RbelElement orElseThrow2 = rbelElement.getFirst("y").orElseThrow();
        return (ECPublicKey) KeyFactory.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME).generatePublic(new ECPublicKeySpec(SECNamedCurves.getByName(ObjectIdentifier.SECP256R1).getCurve().createPoint(new BigInteger(1, orElseThrow.getRawContent(), 0, orElseThrow.getRawContent().length), new BigInteger(1, orElseThrow2.getRawContent(), 0, orElseThrow2.getRawContent().length)), ECNamedCurveTable.getParameterSpec(ObjectIdentifier.SECP256R1)));
    }
}
