package at.gv.egiz.eaaf.core.impl.idp.auth.builder;

import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Assert;
import org.springframework.util.Base64Utils;

/* loaded from: input_file:at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.class */
public class BpkBuilder {
    private static final Logger log = LoggerFactory.getLogger(BpkBuilder.class);
    private static final String ERROR_MSG_WRONG_TARGET_FORMAT = "bPK-target format must be full URI";

    public static Pair<String, String> generateAreaSpecificPersonIdentifier(String str, String str2) throws EaafBuilderException {
        return generateAreaSpecificPersonIdentifier(str, "urn:publicid:gv.at:baseid", str2);
    }

    public static Pair<String, String> generateAreaSpecificPersonIdentifier(String str, String str2, String str3) throws EaafBuilderException {
        if (StringUtils.isEmpty(str)) {
            throw new EaafBuilderException("builder.00", new Object[]{"baseID is empty or null"}, "BaseId is empty or null");
        }
        if (StringUtils.isEmpty(str2)) {
            throw new EaafBuilderException("builder.00", new Object[]{"the type of baseID is empty or null"}, "Type of baseId is empty or null");
        }
        if (StringUtils.isEmpty(str3)) {
            throw new EaafBuilderException("builder.00", new Object[]{"SP specific target identifier is empty or null"}, "SP specific target identifier is empty or null");
        }
        if (!str2.equals("urn:publicid:gv.at:baseid")) {
            log.trace("BaseID is not of type urn:publicid:gv.at:baseid. Check type against requested target ...");
            if (str2.equals(str3)) {
                log.debug("Unique identifier is already area specific. Is nothing todo");
                return Pair.newInstance(str, str3);
            }
            log.warn("Get unique identifier for target: " + str2 + " but target: " + str3 + " is required!");
            throw new EaafBuilderException("builder.00", new Object[]{"Get unique identifier for target: " + str2 + " but target: " + str3 + " is required"}, "Get unique identifier for target: " + str2 + " but target: " + str3 + " is required");
        }
        log.trace("Find baseID. Starting unique identifier caluclation for this target");
        if (str3.startsWith("urn:publicid:gv.at:cdid+")) {
            log.trace("Calculate bPK identifier for target: " + str3);
            return Pair.newInstance(calculatebPKwbPK(str + "+" + str3), str3);
        }
        if (str3.startsWith("urn:publicid:gv.at:wbpk+")) {
            log.trace("Calculate  wbPK identifier for target: " + str3);
            return Pair.newInstance(calculatebPKwbPK(str + "+" + normalizeBpkTargetIdentifierToCalculationFormat(str3)), normalizeBpkTargetIdentifierToCommonFormat(str3));
        }
        if (!str3.startsWith("urn:publicid:gv.at:eidasid+")) {
            throw new EaafBuilderException("builder.00", new Object[]{"Target identifier: " + str3 + " is NOT allowed or unknown"}, "Target identifier: " + str3 + " is NOT allowed or unknown");
        }
        log.trace("Calculate eIDAS identifier for target: " + str3);
        String[] split = str3.split("\\+");
        String str4 = split[1];
        String str5 = split[2];
        if (str4.equalsIgnoreCase(str5)) {
            log.warn("Suspect configuration FOUND!!! CitizenCountry equals DestinationCountry");
        }
        return buildEidasIdentifer(str, str2, str4, str5);
    }

    public static String encryptBpk(String str, String str2, PublicKey publicKey) throws EaafBuilderException {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
        if (!str2.startsWith("urn:publicid:gv.at:")) {
            throw new EaafBuilderException("builder.32", (Object[]) null, ERROR_MSG_WRONG_TARGET_FORMAT);
        }
        try {
            return new String(Base64Utils.encode(encrypt(("V1::" + normalizeBpkTargetIdentifierToCalculationFormat(str2) + "::" + str + "::" + simpleDateFormat.format(new Date())).getBytes("ISO-8859-1"), publicKey)), "ISO-8859-1").replaceAll("\r\n", "");
        } catch (Exception e) {
            throw new EaafBuilderException("bPK encryption FAILED", (Object[]) null, e.getMessage(), e);
        }
    }

    public static Pair<String, String> decryptBpk(String str, String str2, PrivateKey privateKey) throws EaafBuilderException {
        if (!str2.startsWith("urn:publicid:gv.at:")) {
            throw new EaafBuilderException("builder.32", (Object[]) null, ERROR_MSG_WRONG_TARGET_FORMAT);
        }
        try {
            String str3 = new String(decrypt(Base64Utils.decode(str.getBytes("ISO-8859-1")), privateKey), "ISO-8859-1");
            String[] split = str3.split("::");
            if (split.length != 4) {
                log.trace("Encrypted bPK has value: {}", str3);
                throw new EaafBuilderException("builder.31", new Object[]{Integer.valueOf(split.length)}, "encBpk has a suspect format");
            }
            String str4 = split[1];
            String str5 = split[2];
            if (str2.equals(normalizeBpkTargetIdentifierToCommonFormat(str4))) {
                return Pair.newInstance(str5, str2);
            }
            throw new EaafBuilderException("builder.30", new Object[]{str4, str2}, "Decrypted bPK-target does not match");
        } catch (Exception e) {
            throw new EaafBuilderException("bPK decryption FAILED", (Object[]) null, e.getMessage(), e);
        }
    }

    @Nullable
    public static String normalizeBpkTargetIdentifierToCommonFormat(@Nullable String str) {
        if (str != null && !str.startsWith("urn:publicid:gv.at:wbpk+X")) {
            for (Map.Entry entry : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) {
                if (str.startsWith((String) entry.getValue())) {
                    String str2 = ((String) entry.getKey()) + str.substring(((String) entry.getValue()).length());
                    log.trace("Normalize wbPK target: {} to {}", str, str2);
                    return str2;
                }
            }
        }
        return str;
    }

    @Nullable
    public static String normalizeBpkTargetIdentifierToCalculationFormat(@Nullable String str) {
        if (str != null && str.startsWith("urn:publicid:gv.at:wbpk+")) {
            for (Map.Entry entry : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) {
                if (str.startsWith((String) entry.getKey())) {
                    String str2 = ((String) entry.getValue()) + str.substring(((String) entry.getKey()).length());
                    log.trace("Find new wbPK target: {}. Replace it by: {}", str, str2);
                    return str2;
                }
            }
        }
        return str;
    }

    @Nonnull
    public static String removeBpkTypePrefix(@Nonnull String str) {
        Assert.isTrue(str != null, "bPKType is 'NULL'");
        return str.startsWith("urn:publicid:gv.at:wbpk+") ? str.substring("urn:publicid:gv.at:wbpk+".length()) : str.startsWith("urn:publicid:gv.at:cdid+") ? str.substring("urn:publicid:gv.at:cdid+".length()) : str.startsWith("urn:publicid:gv.at:eidasid+") ? str.substring("urn:publicid:gv.at:eidasid+".length()) : str;
    }

    private static Pair<String, String> buildEidasIdentifer(String str, String str2, String str3, String str4) throws EaafBuilderException {
        String str5;
        String str6 = null;
        if (str2.startsWith("urn:publicid:gv.at:baseid")) {
            str6 = "urn:publicid:gv.at:eidasid+" + str3 + "+" + str4;
            log.debug("Building eIDAS identification from: [identValue]+" + str6);
            str5 = calculatebPKwbPK(str + "+" + str6);
        } else {
            log.debug("eIDAS eIdentifier already provided by BKU");
            str5 = str;
        }
        if (StringUtils.isEmpty(str5) || StringUtils.isEmpty(str3) || StringUtils.isEmpty(str4)) {
            throw new EaafBuilderException("builder.00", new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" + str5 + ", Zielland=" + str4 + ", Ursprungsland=" + str3}, "eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + str5 + ", Zielland=" + str4 + ", Ursprungsland=" + str3);
        }
        log.trace("eIDAS pseudonym generation finished. ");
        return Pair.newInstance(str3 + "/" + str4 + "/" + str5, str6);
    }

    private static String calculatebPKwbPK(String str) throws EaafBuilderException {
        try {
            return new String(Base64Utils.encode(MessageDigest.getInstance("SHA-1").digest(str.getBytes("ISO-8859-1"))), "ISO-8859-1").replaceAll("\r\n", "");
        } catch (Exception e) {
            throw new EaafBuilderException("builder.00", new Object[]{"bPK/wbPK", e.toString()}, e.getMessage(), e);
        }
    }

    private static byte[] encrypt(byte[] bArr, PublicKey publicKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher;
        try {
            cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
        } catch (NoSuchAlgorithmException e) {
            cipher = Cipher.getInstance("RSA/ECB/OAEP");
        }
        cipher.init(1, publicKey);
        return cipher.doFinal(bArr);
    }

    private static byte[] decrypt(byte[] bArr, PrivateKey privateKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher;
        try {
            cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
        } catch (NoSuchAlgorithmException e) {
            cipher = Cipher.getInstance("RSA/ECB/OAEP");
        }
        cipher.init(2, privateKey);
        return cipher.doFinal(bArr);
    }
}
