package de.gematik.rbellogger.converter;

import de.gematik.rbellogger.converter.brainpool.BrainpoolCurves;
import de.gematik.rbellogger.data.RbelBinaryElement;
import de.gematik.rbellogger.data.RbelElement;
import de.gematik.rbellogger.data.RbelNestedElement;
import de.gematik.rbellogger.data.RbelVauMessage;
import de.gematik.rbellogger.data.RbelVauProtocolType;
import de.gematik.rbellogger.key.RbelKey;
import de.gematik.rbellogger.util.CryptoUtils;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import wiremock.org.apache.commons.codec.binary.Hex;

/* loaded from: input_file:de/gematik/rbellogger/converter/RbelErpVauDecryptionConverter.class */
public class RbelErpVauDecryptionConverter implements RbelConverterPlugin {
    private static final Logger log = LoggerFactory.getLogger(RbelErpVauDecryptionConverter.class);

    private Optional<byte[]> decrypt(byte[] bArr, ECPrivateKey eCPrivateKey) {
        try {
            if (bArr[0] != 1) {
                return Optional.empty();
            }
            return CryptoUtils.decrypt(Arrays.copyOfRange(bArr, 65, bArr.length), new SecretKeySpec(CryptoUtils.hkdf(CryptoUtils.ecka(eCPrivateKey, extractPublicKeyFromVauMessage(bArr)), "ecies-vau-transport", 16), "AES"));
        } catch (Exception e) {
            return Optional.empty();
        }
    }

    private ECPublicKey extractPublicKeyFromVauMessage(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return (ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, Arrays.copyOfRange(bArr, 1, 33)), new BigInteger(1, Arrays.copyOfRange(bArr, 33, 65))), BrainpoolCurves.BP256));
    }

    private Optional<RbelVauMessage> decipherVauMessage(RbelElement rbelElement, RbelConverter rbelConverter) {
        byte[] binaryContent = getBinaryContent(rbelElement);
        for (RbelKey rbelKey : (List) rbelConverter.getRbelKeyManager().getAllKeys().filter(rbelKey2 -> {
            return (rbelKey2.getKey() instanceof ECPrivateKey) || (rbelKey2.getKey() instanceof SecretKey);
        }).collect(Collectors.toList())) {
            Optional<byte[]> decrypt = decrypt(binaryContent, rbelKey.getKey());
            if (decrypt.isPresent()) {
                try {
                    log.trace("Succesfully deciphered VAU message! ({})", new String(decrypt.get()));
                    return isVauResponse(decrypt) ? buildVauMessageFromCleartextResponse(rbelConverter, decrypt.get(), binaryContent, rbelKey.getKeyName()) : buildVauMessageFromCleartextRequest(rbelConverter, decrypt.get(), binaryContent, rbelKey.getKeyName());
                } catch (RuntimeException e) {
                    log.error("Exception while deciphering VAU message:", e);
                    throw e;
                }
            }
        }
        return Optional.empty();
    }

    private boolean isVauResponse(Optional<byte[]> optional) {
        return new String(optional.get()).split("1 [\\da-f]{32} ").length > 1;
    }

    private Optional<byte[]> decrypt(byte[] bArr, Key key) {
        if (key instanceof ECPrivateKey) {
            return decrypt(bArr, (ECPrivateKey) key);
        }
        if (key instanceof SecretKey) {
            return CryptoUtils.decrypt(bArr, key, 12, 16);
        }
        throw new RuntimeException("Unexpected key-type encountered (" + key.getClass().getSimpleName() + ")");
    }

    private Optional<RbelVauMessage> buildVauMessageFromCleartextRequest(RbelConverter rbelConverter, byte[] bArr, byte[] bArr2, String str) {
        String[] split = new String(bArr).split(" ", 5);
        SecretKeySpec buildAesKeyFromHex = buildAesKeyFromHex(split[3]);
        rbelConverter.getRbelKeyManager().addKey("VAU Response-Key", buildAesKeyFromHex, 0);
        return Optional.of(RbelVauMessage.builder().message(rbelConverter.convertMessage(split[4])).encryptedMessage(bArr2).requestId(split[2]).pVersionNumber(Integer.valueOf(Integer.parseInt(split[0]))).responseKey(buildAesKeyFromHex).rbelVauProtocolType(RbelVauProtocolType.VAU_EREZEPT).keyIdUsed(str).build());
    }

    private Optional<RbelVauMessage> buildVauMessageFromCleartextResponse(RbelConverter rbelConverter, byte[] bArr, byte[] bArr2, String str) {
        String[] split = new String(bArr).split(" ", 3);
        return Optional.of(RbelVauMessage.builder().message(rbelConverter.convertMessage(split[2])).encryptedMessage(bArr2).requestId(split[1]).pVersionNumber(Integer.valueOf(Integer.parseInt(split[0]))).rbelVauProtocolType(RbelVauProtocolType.VAU_EREZEPT).keyIdUsed(str).build());
    }

    private SecretKeySpec buildAesKeyFromHex(String str) {
        try {
            return new SecretKeySpec(Hex.decodeHex(str), "AES");
        } catch (Exception e) {
            throw new RuntimeException("Error during Key decoding", e);
        }
    }

    @Override // de.gematik.rbellogger.converter.RbelConverterPlugin
    public boolean canConvertElement(RbelElement rbelElement, RbelConverter rbelConverter) {
        return decipherVauMessage(rbelElement, rbelConverter).isPresent();
    }

    @Override // de.gematik.rbellogger.converter.RbelConverterPlugin
    public RbelElement convertElement(RbelElement rbelElement, RbelConverter rbelConverter) {
        log.trace("Trying to decipher '{}'...", rbelElement.getContent());
        Optional<RbelVauMessage> decipherVauMessage = decipherVauMessage(rbelElement, rbelConverter);
        if (decipherVauMessage.isEmpty()) {
            return rbelElement;
        }
        if (!(rbelElement instanceof RbelNestedElement)) {
            return decipherVauMessage.get();
        }
        ((RbelNestedElement) rbelElement).setNestedElement(decipherVauMessage.get());
        return rbelElement;
    }

    private byte[] getBinaryContent(RbelElement rbelElement) {
        return rbelElement instanceof RbelBinaryElement ? ((RbelBinaryElement) rbelElement).getRawData() : Base64.getDecoder().decode(rbelElement.getContent());
    }
}
