package de.gematik.rbellogger.converter.listener;

import de.gematik.rbellogger.converter.RbelConverter;
import de.gematik.rbellogger.data.elements.RbelElement;
import de.gematik.rbellogger.data.elements.RbelNestedJsonElement;
import de.gematik.rbellogger.key.RbelKey;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import javax.crypto.KeyAgreement;
import javax.crypto.spec.SecretKeySpec;
import lombok.Generated;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
import org.bouncycastle.crypto.params.HKDFParameters;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import wiremock.org.apache.commons.codec.binary.Hex;

/* loaded from: input_file:de/gematik/rbellogger/converter/listener/RbelVauKeyDeriver.class */
public class RbelVauKeyDeriver implements BiConsumer<RbelElement, RbelConverter> {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(RbelVauKeyDeriver.class);
    private static final String KeyID = "KeyID";
    private static final String AES256GCMKey = "AES-256-GCM-Key";
    private static final String AES256GCMKeyServer2Client = "AES-256-GCM-Key-Server-to-Client";
    private static final String AES256GCMKeyClient2Server = "AES-256-GCM-Key-Client-to-Server";

    @Override // java.util.function.BiConsumer
    public void accept(RbelElement rbelElement, RbelConverter rbelConverter) {
        Optional ofNullable = Optional.ofNullable(rbelElement);
        Class<RbelNestedJsonElement> cls = RbelNestedJsonElement.class;
        Objects.requireNonNull(RbelNestedJsonElement.class);
        Optional filter = ofNullable.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<RbelNestedJsonElement> cls2 = RbelNestedJsonElement.class;
        Objects.requireNonNull(RbelNestedJsonElement.class);
        Optional flatMap = filter.map((v1) -> {
            return r1.cast(v1);
        }).map((v0) -> {
            return v0.getData();
        }).flatMap(rbelElement2 -> {
            return rbelElement2.getFirst("PublicKey");
        }).flatMap(this::publicKeyFromJsonKey);
        if (flatMap.isEmpty()) {
            return;
        }
        log.trace("Found otherside public key");
        for (RbelKey rbelKey : rbelConverter.getRbelKeyManager().getAllKeys()) {
            Optional<U> map = rbelKey.retrieveCorrespondingKeyPair().map((v0) -> {
                return v0.getPrivate();
            });
            Class<PrivateKey> cls3 = PrivateKey.class;
            Objects.requireNonNull(PrivateKey.class);
            Optional filter2 = map.filter((v1) -> {
                return r1.isInstance(v1);
            });
            Class<PrivateKey> cls4 = PrivateKey.class;
            Objects.requireNonNull(PrivateKey.class);
            Optional or = filter2.map((v1) -> {
                return r1.cast(v1);
            }).or(() -> {
                Optional of = Optional.of(rbelKey.getKey());
                Class<PrivateKey> cls5 = PrivateKey.class;
                Objects.requireNonNull(PrivateKey.class);
                Optional filter3 = of.filter((v1) -> {
                    return r1.isInstance(v1);
                });
                Class<PrivateKey> cls6 = PrivateKey.class;
                Objects.requireNonNull(PrivateKey.class);
                return filter3.map((v1) -> {
                    return r1.cast(v1);
                });
            });
            if (!or.isEmpty()) {
                log.trace("Trying key derivation...");
                List<RbelKey> keyDerivation = keyDerivation((PublicKey) flatMap.get(), (PrivateKey) or.get());
                if (!keyDerivation.isEmpty()) {
                    for (RbelKey rbelKey2 : keyDerivation) {
                        if (rbelConverter.getRbelKeyManager().findKeyByName(rbelKey2.getKeyName()).isEmpty()) {
                            log.trace("Adding VAU key");
                            rbelConverter.getRbelKeyManager().addKey(rbelKey2);
                        }
                    }
                }
            }
        }
    }

    private Optional<PublicKey> publicKeyFromJsonKey(RbelElement rbelElement) {
        try {
            return Optional.ofNullable(KeyFactory.getInstance("ECDSA", "BC").generatePublic(new X509EncodedKeySpec(extractBinaryDataFromElement(rbelElement))));
        } catch (Exception e) {
            log.debug("Exception while converting Public Key {}:", rbelElement.getContent(), e);
            return Optional.empty();
        }
    }

    private byte[] extractBinaryDataFromElement(RbelElement rbelElement) {
        return Base64.getDecoder().decode(rbelElement.getRawMessage().replace("\"", ""));
    }

    private List<RbelKey> keyDerivation(PublicKey publicKey, PrivateKey privateKey) {
        try {
            if ((publicKey instanceof ECPublicKey) && "brainpoolP256r1".equals(((ECPublicKey) publicKey).getParams().getName())) {
                log.trace("Performing ECKA with {} and {}", Base64.getEncoder().encodeToString(privateKey.getEncoded()), Base64.getEncoder().encodeToString(publicKey.getEncoded()));
                byte[] ecka = ecka(privateKey, publicKey);
                log.trace("shared secret: " + Hex.encodeHexString(ecka));
                byte[] hkdf = hkdf(ecka, KeyID, 256);
                log.trace("keyID: " + Hex.encodeHexString(hkdf));
                return List.of(mapToRbelKey(AES256GCMKeyClient2Server, "_client", hkdf, ecka), mapToRbelKey(AES256GCMKeyServer2Client, "_server", hkdf, ecka), mapToRbelKey(AES256GCMKey, "_old", hkdf, ecka));
            }
            return List.of();
        } catch (Exception e) {
            return List.of();
        }
    }

    private RbelKey mapToRbelKey(String str, String str2, byte[] bArr, byte[] bArr2) {
        byte[] hkdf = hkdf(bArr2, str, 256);
        log.trace("symKey: " + Hex.encodeHexString(hkdf));
        return new RbelKey(new SecretKeySpec(hkdf, "AES"), Hex.encodeHexString(bArr) + str2, 0);
    }

    private byte[] ecka(PrivateKey privateKey, PublicKey publicKey) throws Exception {
        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", "BC");
        keyAgreement.init(privateKey);
        keyAgreement.doPhase(publicKey, true);
        return keyAgreement.generateSecret();
    }

    private byte[] hkdf(byte[] bArr, String str, int i) throws IllegalArgumentException, DataLengthException {
        return hkdf(bArr, str.getBytes(), i);
    }

    private byte[] hkdf(byte[] bArr, byte[] bArr2, int i) throws IllegalArgumentException, DataLengthException {
        HKDFBytesGenerator hKDFBytesGenerator = new HKDFBytesGenerator(new SHA256Digest());
        hKDFBytesGenerator.init(new HKDFParameters(bArr, (byte[]) null, bArr2));
        byte[] bArr3 = new byte[i / 8];
        hKDFBytesGenerator.generateBytes(bArr3, 0, i / 8);
        return bArr3;
    }
}
