package io.mosip.authentication.common.service.transaction.manager;

import io.mosip.authentication.common.service.repository.UinHashSaltRepo;
import io.mosip.authentication.core.constant.IdAuthenticationErrorConstants;
import io.mosip.authentication.core.exception.IdAuthenticationBusinessException;
import io.mosip.authentication.core.logger.IdaLogger;
import io.mosip.kernel.core.exception.ExceptionUtils;
import io.mosip.kernel.core.logger.spi.Logger;
import io.mosip.kernel.core.util.CryptoUtil;
import io.mosip.kernel.core.util.DateUtils;
import io.mosip.kernel.core.util.HMACUtils;
import io.mosip.kernel.crypto.jce.core.CryptoCore;
import io.mosip.kernel.cryptomanager.dto.CryptomanagerRequestDto;
import io.mosip.kernel.cryptomanager.service.CryptomanagerService;
import io.mosip.kernel.keygenerator.bouncycastle.KeyGenerator;
import io.mosip.kernel.keymanagerservice.entity.DataEncryptKeystore;
import io.mosip.kernel.keymanagerservice.exception.NoUniqueAliasException;
import io.mosip.kernel.keymanagerservice.repository.DataEncryptKeystoreRepository;
import io.mosip.kernel.signature.dto.SignRequestDto;
import io.mosip.kernel.signature.service.SignatureService;
import io.mosip.kernel.zkcryptoservice.dto.CryptoDataDto;
import io.mosip.kernel.zkcryptoservice.dto.ZKCryptoRequestDto;
import io.mosip.kernel.zkcryptoservice.service.spi.ZKCryptoManagerService;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.crypto.SecretKey;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/mosip/authentication/common/service/transaction/manager/IdAuthSecurityManager.class */
public class IdAuthSecurityManager {
    private static final String SALT_FOR_THE_GIVEN_ID = "Salt for the given ID";

    @Value("${mosip.kernel.keymanager.softhsm.config-path}")
    private String configPath;

    @Value("${mosip.kernel.crypto.symmetric-algorithm-name}")
    private String aesGCMTransformation;

    @Value("${application.id}")
    private String applicationId;

    @Value("${identity-cache.reference.id}")
    private String referenceId;
    private static final String ENCRYPT_DECRYPT_DATA = "encryptDecryptData";
    private static final String ID_AUTH_TRANSACTION_MANAGER = "IdAuthSecurityManager";
    private Logger mosipLogger = IdaLogger.getLogger(IdAuthSecurityManager.class);

    @Autowired
    private Environment env;

    @Autowired
    private CryptomanagerService cryptomanagerService;

    @Autowired
    private SignatureService signatureService;

    @Value("${mosip.sign.applicationid:KERNEL}")
    private String signApplicationid;

    @Value("${mosip.sign.refid:SIGN}")
    private String signRefid;

    @Autowired
    private UinHashSaltRepo uinHashSaltRepo;

    @Autowired
    private DataEncryptKeystoreRepository repo;

    @Autowired
    private ZKCryptoManagerService zkCryptoManagerService;

    @Autowired
    private CryptoCore cryptoCore;

    @Autowired
    private KeyGenerator keyGenerator;

    @Value("${mosip.kernel.tokenid.length}")
    private int tokenIDLength;

    @Value("${mosip.kernel.data-key-splitter}")
    private String keySplitter;

    public String getUser() {
        return this.env.getProperty("mosip.ida.auth.clientId");
    }

    public byte[] encrypt(String str, String str2, String str3, String str4) throws IdAuthenticationBusinessException {
        try {
            CryptomanagerRequestDto cryptomanagerRequestDto = new CryptomanagerRequestDto();
            cryptomanagerRequestDto.setApplicationId(this.env.getProperty("application.id"));
            cryptomanagerRequestDto.setTimeStamp(DateUtils.getUTCCurrentDateTime());
            cryptomanagerRequestDto.setData(str);
            cryptomanagerRequestDto.setReferenceId(str2);
            cryptomanagerRequestDto.setAad(str3);
            cryptomanagerRequestDto.setSalt(str4);
            return CryptoUtil.decodeBase64(this.cryptomanagerService.encrypt(cryptomanagerRequestDto).getData());
        } catch (NoUniqueAliasException e) {
            this.mosipLogger.error(getUser(), ID_AUTH_TRANSACTION_MANAGER, ENCRYPT_DECRYPT_DATA, ExceptionUtils.getStackTrace(e));
            throw new IdAuthenticationBusinessException(IdAuthenticationErrorConstants.PUBLICKEY_EXPIRED, e);
        } catch (Exception e2) {
            this.mosipLogger.error(getUser(), ID_AUTH_TRANSACTION_MANAGER, ENCRYPT_DECRYPT_DATA, ExceptionUtils.getStackTrace(e2));
            throw new IdAuthenticationBusinessException(IdAuthenticationErrorConstants.FAILED_TO_ENCRYPT, e2);
        }
    }

    public byte[] decrypt(String str, String str2, String str3, String str4) throws IdAuthenticationBusinessException {
        try {
            CryptomanagerRequestDto cryptomanagerRequestDto = new CryptomanagerRequestDto();
            cryptomanagerRequestDto.setApplicationId(this.env.getProperty("application.id"));
            cryptomanagerRequestDto.setTimeStamp(DateUtils.getUTCCurrentDateTime());
            cryptomanagerRequestDto.setData(str);
            cryptomanagerRequestDto.setReferenceId(str2);
            cryptomanagerRequestDto.setAad(str3);
            cryptomanagerRequestDto.setSalt(str4);
            return CryptoUtil.decodeBase64(this.cryptomanagerService.decrypt(cryptomanagerRequestDto).getData());
        } catch (NoUniqueAliasException e) {
            this.mosipLogger.error(getUser(), ID_AUTH_TRANSACTION_MANAGER, ENCRYPT_DECRYPT_DATA, ExceptionUtils.getStackTrace(e));
            throw new IdAuthenticationBusinessException(IdAuthenticationErrorConstants.PUBLICKEY_EXPIRED, e);
        } catch (Exception e2) {
            this.mosipLogger.error(getUser(), ID_AUTH_TRANSACTION_MANAGER, ENCRYPT_DECRYPT_DATA, ExceptionUtils.getStackTrace(e2));
            throw new IdAuthenticationBusinessException(IdAuthenticationErrorConstants.INVALID_ENCRYPTION, e2);
        }
    }

    public String reEncryptRandomKey(String str) {
        return this.zkCryptoManagerService.zkReEncryptRandomKey(str).getEncryptedKey();
    }

    public void reEncryptAndStoreRandomKey(String str, String str2) {
        Integer valueOf = Integer.valueOf(str);
        if (this.repo.findKeyById(valueOf) == null) {
            String reEncryptRandomKey = reEncryptRandomKey(str2);
            DataEncryptKeystore dataEncryptKeystore = new DataEncryptKeystore();
            dataEncryptKeystore.setId(valueOf);
            dataEncryptKeystore.setKey(reEncryptRandomKey);
            dataEncryptKeystore.setCrBy("IDA");
            dataEncryptKeystore.setCrDTimes(DateUtils.getUTCCurrentDateTime());
            this.repo.save(dataEncryptKeystore);
        }
    }

    public Map<String, String> zkDecrypt(String str, Map<String, String> map) throws IdAuthenticationBusinessException {
        ZKCryptoRequestDto zKCryptoRequestDto = new ZKCryptoRequestDto();
        zKCryptoRequestDto.setId(str);
        zKCryptoRequestDto.setZkDataAttributes((List) map.entrySet().stream().map(entry -> {
            return new CryptoDataDto((String) entry.getKey(), (String) entry.getValue());
        }).collect(Collectors.toList()));
        return (Map) this.zkCryptoManagerService.zkDecrypt(zKCryptoRequestDto).getZkDataAttributes().stream().collect(Collectors.toMap((v0) -> {
            return v0.getIdentifier();
        }, (v0) -> {
            return v0.getValue();
        }));
    }

    public String createRandomToken(byte[] bArr) throws IdAuthenticationBusinessException {
        SecretKey symmetricKey = this.keyGenerator.getSymmetricKey();
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr2 = new byte[12];
        byte[] bArr3 = new byte[32];
        secureRandom.nextBytes(bArr2);
        secureRandom.nextBytes(bArr3);
        return new BigInteger(HMACUtils.digestAsPlainText(HMACUtils.generateHash(this.cryptoCore.symmetricEncrypt(symmetricKey, bArr, bArr2, bArr3))).getBytes()).toString().substring(0, this.tokenIDLength);
    }

    public String sign(String str) {
        return this.signatureService.sign(new SignRequestDto(str)).getData();
    }

    public String hash(String str) throws IdAuthenticationBusinessException {
        String retrieveSaltById = this.uinHashSaltRepo.retrieveSaltById(Long.valueOf(Long.parseLong(str) % ((Integer) this.env.getProperty("ida.uin.salt.modulo", Integer.class)).intValue()));
        if (retrieveSaltById != null) {
            return HMACUtils.digestAsPlainTextWithSalt(str.getBytes(), retrieveSaltById.getBytes());
        }
        throw new IdAuthenticationBusinessException(IdAuthenticationErrorConstants.ID_NOT_AVAILABLE.getErrorCode(), String.format(IdAuthenticationErrorConstants.ID_NOT_AVAILABLE.getErrorMessage(), SALT_FOR_THE_GIVEN_ID));
    }

    private X509Certificate getX509Certificate(String str) throws IdAuthenticationBusinessException {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(trimBeginEnd(str))));
        } catch (CertificateException e) {
            throw new IdAuthenticationBusinessException(IdAuthenticationErrorConstants.UNABLE_TO_PROCESS, e);
        }
    }

    public String encryptData(byte[] bArr, String str) throws IdAuthenticationBusinessException {
        return CryptoUtil.encodeBase64(encrypt(getX509Certificate(str).getPublicKey(), bArr));
    }

    public byte[] encrypt(PublicKey publicKey, byte[] bArr) {
        SecretKey symmetricKey = this.keyGenerator.getSymmetricKey();
        return combineDataToEncrypt(this.cryptoCore.symmetricEncrypt(symmetricKey, bArr, (byte[]) null), this.cryptoCore.asymmetricEncrypt(publicKey, symmetricKey.getEncoded()));
    }

    public byte[] combineDataToEncrypt(byte[] bArr, byte[] bArr2) {
        return CryptoUtil.combineByteArray(bArr, bArr2, this.keySplitter);
    }

    public static String trimBeginEnd(String str) {
        return str.replaceAll("-*BEGIN([^-]*)-*(\r?\n)?", "").replaceAll("-*END([^-]*)-*(\r?\n)?", "").replaceAll("\\s", "");
    }
}
