package com.zollsoft.eRezeptServices;

import java.io.BufferedInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.util.Arrays;
import java.util.Random;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.mail.EmailConstants;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.ParseException;
import org.apache.http.client.methods.HttpEntityEnclosingRequestBase;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ByteArrayEntity;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
import org.bouncycastle.crypto.params.HKDFParameters;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jose4j.jwe.SimpleAeadCipher;
import org.jose4j.keys.AesKey;

/* loaded from: input_file:com/zollsoft/eRezeptServices/VAUMessageGenerator.class */
public class VAUMessageGenerator {
    private String requestId;
    private static final SecureRandom secureRandom = new SecureRandom();
    private X509Certificate publicVauCertificate;
    private PublicKey publicVauKey;
    private KeyPair ecKeyPair;
    private SecretKey secretAes128KeyForResponse;
    private byte[] sharedSecret;
    private byte[] ivForAes;
    public static final int AES_KEY_SIZE = 128;
    public static final int GCM_IV_LENGTH = 12;
    public static final int GCM_TAG_LENGTH = 16;
    public static final int GCM_NONCE_LENGTH = 12;
    private String vauCertificateURL = new String(ERezeptFachdienstMessenger.eRezeptDienstServerUrl + "/VAUCertificate");
    private String nutzerpseudonym = "0";
    private String vauURL = new String(ERezeptFachdienstMessenger.eRezeptDienstServerUrl + "/VAU/" + this.nutzerpseudonym);
    private byte[] secretAes128KeyForRequest = new byte[16];

    public X509Certificate loadVAUCertificate() throws MalformedURLException, IOException, CertificateException, NoSuchProviderException {
        Security.addProvider(new BouncyCastleProvider());
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME).generateCertificate(new BufferedInputStream(new URL(this.vauCertificateURL).openStream()));
        this.publicVauCertificate = x509Certificate;
        this.publicVauKey = x509Certificate.getPublicKey();
        return x509Certificate;
    }

    public HttpPost createOuterRequestFromInnerRequest(HttpEntityEnclosingRequestBase httpEntityEnclosingRequestBase, String str, String str2) throws ParseException, NoSuchAlgorithmException, IOException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchProviderException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, CertificateException {
        String generateContentFromInnerUrlRequest = generateContentFromInnerUrlRequest(httpEntityEnclosingRequestBase, str);
        loadVAUCertificate();
        generateKeyPair();
        generateSharedSecretForECDH(this.ecKeyPair.getPrivate(), this.publicVauKey);
        generateHKDFfromSecret();
        generateIV();
        byte[] generateEncryptedMessageWithVersionPublicKeyIvEcryptetContent = generateEncryptedMessageWithVersionPublicKeyIvEcryptetContent(new byte[]{1}, this.ecKeyPair.getPublic(), this.ivForAes, encrypMessageWithAesSecretKey(this.secretAes128KeyForRequest, generateContentFromInnerUrlRequest.getBytes(EmailConstants.UTF_8), this.ivForAes));
        HttpPost httpPost = new HttpPost(this.vauURL);
        httpPost.addHeader("X-erp-user", "l");
        httpPost.addHeader("X-erp-resource", "Task");
        httpPost.addHeader("Content-Type", "application/octet-stream");
        httpPost.addHeader("Accept", "application/octet-stream");
        httpPost.setEntity(new ByteArrayEntity(generateEncryptedMessageWithVersionPublicKeyIvEcryptetContent));
        return httpPost;
    }

    public String decryptResponse(byte[] bArr) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, 12);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 12, bArr.length);
        System.out.println(Hex.encodeHexString(this.secretAes128KeyForResponse.getEncoded()));
        return decryptMessage(copyOfRange2, this.secretAes128KeyForResponse.getEncoded(), copyOfRange);
    }

    private String generateContentFromInnerUrlRequest(HttpEntityEnclosingRequestBase httpEntityEnclosingRequestBase, String str) throws ParseException, IOException, NoSuchAlgorithmException {
        generateRequestId();
        String str2 = this.requestId;
        generateSecretKey();
        String str3 = "1 " + str + StringUtils.SPACE + str2 + StringUtils.SPACE + String.valueOf(Hex.encodeHex(this.secretAes128KeyForResponse.getEncoded())) + StringUtils.SPACE + generateStringFromURLRequest(httpEntityEnclosingRequestBase);
        System.out.println("Content: " + str3);
        return str3;
    }

    private String generateStringFromURLRequest(HttpEntityEnclosingRequestBase httpEntityEnclosingRequestBase) throws ParseException, IOException {
        String str = httpEntityEnclosingRequestBase.getMethod() + StringUtils.SPACE + httpEntityEnclosingRequestBase.getURI().getPath() + StringUtils.SPACE + httpEntityEnclosingRequestBase.getProtocolVersion().getProtocol() + "/1.1\nHost: " + httpEntityEnclosingRequestBase.getURI().getHost();
        for (Header header : httpEntityEnclosingRequestBase.getAllHeaders()) {
            str = str + "\n" + header.getName() + ": " + header.getValue();
        }
        HttpEntity entity = httpEntityEnclosingRequestBase.getEntity();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        httpEntityEnclosingRequestBase.getEntity().writeTo(byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        String str2 = new String(byteArray);
        String str3 = str + "\nContent-Length: " + byteArray.length;
        if (entity != null) {
            str3 = str3 + "\n\n" + str2;
        }
        return str3;
    }

    public void generateKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDH", new BouncyCastleProvider());
        keyPairGenerator.initialize(new ECGenParameterSpec("brainpoolp256r1"));
        this.ecKeyPair = keyPairGenerator.generateKeyPair();
    }

    public byte[] generateSharedSecretForECDH(PrivateKey privateKey, PublicKey publicKey) throws InvalidKeyException, IllegalStateException, NoSuchAlgorithmException {
        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
        keyAgreement.init(privateKey);
        keyAgreement.doPhase(publicKey, true);
        this.sharedSecret = keyAgreement.generateSecret();
        if (this.sharedSecret.length > 32) {
            System.out.println("zu groß");
            this.sharedSecret = Arrays.copyOfRange(this.sharedSecret, this.sharedSecret.length - 32, this.sharedSecret.length);
        } else if (this.sharedSecret.length < 32) {
            System.out.println("zu klein");
            byte[] bArr = new byte[32 - this.sharedSecret.length];
            ByteBuffer wrap = ByteBuffer.wrap(new byte[32]);
            wrap.put(bArr);
            wrap.put(this.sharedSecret);
            this.sharedSecret = wrap.array();
        }
        return this.sharedSecret;
    }

    public void generateHKDFfromSecret() {
        HKDFBytesGenerator hKDFBytesGenerator = new HKDFBytesGenerator(new SHA256Digest());
        hKDFBytesGenerator.init(new HKDFParameters(this.sharedSecret, new byte[0], "ecies-vau-transport".getBytes(StandardCharsets.UTF_8)));
        hKDFBytesGenerator.generateBytes(this.secretAes128KeyForRequest, 0, 16);
    }

    public byte[] encrypMessageWithAesSecretKey(byte[] bArr, byte[] bArr2, byte[] bArr3) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher = Cipher.getInstance(SimpleAeadCipher.GCM_TRANSFORMATION_NAME);
        cipher.init(1, new SecretKeySpec(bArr, AesKey.ALGORITHM), new GCMParameterSpec(128, bArr3));
        return cipher.doFinal(bArr2);
    }

    public void generateIV() {
        this.ivForAes = new byte[12];
        new SecureRandom().nextBytes(this.ivForAes);
    }

    public byte[] generateEncryptedMessageWithVersionPublicKeyIvEcryptetContent(byte[] bArr, PublicKey publicKey, byte[] bArr2, byte[] bArr3) {
        byte[] encoded = publicKey.getEncoded();
        byte[] copyOfRange = Arrays.copyOfRange(encoded, encoded.length - 64, encoded.length);
        ByteBuffer wrap = ByteBuffer.wrap(new byte[bArr.length + copyOfRange.length + bArr2.length + bArr3.length]);
        wrap.put(bArr);
        wrap.put(copyOfRange);
        wrap.put(bArr2);
        wrap.put(bArr3);
        return wrap.array();
    }

    public String decryptMessage(byte[] bArr, byte[] bArr2, byte[] bArr3) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher = Cipher.getInstance(SimpleAeadCipher.GCM_TRANSFORMATION_NAME);
        cipher.init(2, new SecretKeySpec(bArr2, AesKey.ALGORITHM), new GCMParameterSpec(128, bArr3));
        return new String(cipher.doFinal(bArr));
    }

    public void generateSecretKey() throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(AesKey.ALGORITHM);
        keyGenerator.init(128);
        this.secretAes128KeyForResponse = keyGenerator.generateKey();
    }

    private void generateRequestId() {
        Random random = new Random();
        StringBuffer stringBuffer = new StringBuffer();
        while (stringBuffer.length() < 32) {
            stringBuffer.append(Integer.toHexString(random.nextInt()));
        }
        this.requestId = stringBuffer.toString().substring(0, 32);
    }

    public byte[] hexStringToByteArray(String str) {
        int length = str.length();
        byte[] bArr = new byte[length / 2];
        for (int i = 0; i < length; i += 2) {
            bArr[i / 2] = (byte) ((Character.digit(str.charAt(i), 16) << 4) + Character.digit(str.charAt(i + 1), 16));
        }
        return bArr;
    }

    public PublicKey publicKeyFromXandY(byte[] bArr, byte[] bArr2) throws InvalidKeySpecException, NoSuchAlgorithmException, InvalidParameterSpecException, NoSuchProviderException {
        ECPoint eCPoint = new ECPoint(new BigInteger(1, bArr), new BigInteger(1, bArr2));
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
        algorithmParameters.init(new ECGenParameterSpec("brainpoolp256r1"));
        return (ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
    }

    public void readHeaderFromDecryptedVAUResopnse(String str) {
    }

    public String readEntityFromDecryptedVAUResponse(String str) {
        return str.substring(str.lastIndexOf("\n"));
    }

    public static void main(String[] strArr) throws Exception {
        VAUMessageGenerator vAUMessageGenerator = new VAUMessageGenerator();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDH", new BouncyCastleProvider());
        keyPairGenerator.initialize(new ECGenParameterSpec("brainpoolp256r1"));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        KeyPair generateKeyPair2 = keyPairGenerator.generateKeyPair();
        System.out.println(Hex.encodeHexString(vAUMessageGenerator.publicKeyFromXandY(vAUMessageGenerator.hexStringToByteArray("754e548941e5cd073fed6d734578a484be9f0bbfa1b6fa3168ed7ffb22878f0f"), vAUMessageGenerator.hexStringToByteArray("9aef9bbd932a020d8828367bd080a3e72b36c41ee40c87253f9b1b0beb8371bf")).getEncoded()));
        System.out.println(Hex.encodeHexString(generateKeyPair.getPublic().getEncoded()));
        System.out.println(Hex.encodeHexString(generateKeyPair2.getPrivate().getEncoded()));
        System.out.println(Hex.encodeHexString(vAUMessageGenerator.generateSharedSecretForECDH(generateKeyPair.getPrivate(), generateKeyPair2.getPublic())));
        System.out.println(Hex.encodeHexString(vAUMessageGenerator.generateSharedSecretForECDH(generateKeyPair2.getPrivate(), generateKeyPair.getPublic())));
    }
}
