package com.tokera.ate.io.repo;

import com.tokera.ate.dao.kafka.MessageSerializer;
import com.tokera.ate.dto.EffectivePermissions;
import com.tokera.ate.dto.msg.MessageDataDigestDto;
import com.tokera.ate.dto.msg.MessageDataHeaderDto;
import com.tokera.ate.dto.msg.MessagePrivateKeyDto;
import com.tokera.ate.scopes.Startup;
import com.tokera.ate.security.EncryptKeyCachePerRequest;
import com.tokera.ate.security.Encryptor;
import com.tokera.ate.security.core.qtesla_predictable.Parameter;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Iterator;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.apache.commons.codec.binary.Base64;

@ApplicationScoped
@Startup
/* loaded from: input_file:com/tokera/ate/io/repo/DataSignatureBuilder.class */
public class DataSignatureBuilder {

    @Inject
    private Encryptor encryptor;

    @Inject
    private EncryptKeyCachePerRequest encryptSession;

    private byte[] generateStreamBytes(MessageDataHeaderDto messageDataHeaderDto, byte[] bArr) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        MessageSerializer.writeBytes(byteArrayOutputStream, messageDataHeaderDto.createFlatBuffer());
        if (bArr != null) {
            try {
                byteArrayOutputStream.write(bArr);
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
        return byteArrayOutputStream.toByteArray();
    }

    private MessageDataDigestDto generateVerifiedSignature(byte[] bArr, MessagePrivateKeyDto messagePrivateKeyDto) {
        String generateSecret64 = this.encryptor.generateSecret64(Parameter.N_I);
        byte[] hashSha = this.encryptor.hashSha(Base64.decodeBase64(generateSecret64), bArr);
        String encodeBase64URLSafeString = Base64.encodeBase64URLSafeString(hashSha);
        String publicKeyHash = messagePrivateKeyDto.getPublicKeyHash();
        if (publicKeyHash == null) {
            throw new RuntimeException("No public hash attached.");
        }
        String encodeBase64URLSafeString2 = Base64.encodeBase64URLSafeString(this.encryptor.sign(messagePrivateKeyDto, hashSha));
        if (this.encryptor.verify(messagePrivateKeyDto, Base64.decodeBase64(encodeBase64URLSafeString), Base64.decodeBase64(encodeBase64URLSafeString2))) {
            return new MessageDataDigestDto(generateSecret64, encodeBase64URLSafeString2, encodeBase64URLSafeString, publicKeyHash);
        }
        throw new RuntimeException("Failed to verify the key.");
    }

    public MessageDataDigestDto signDataMessage(MessageDataHeaderDto messageDataHeaderDto, byte[] bArr, EffectivePermissions effectivePermissions) {
        byte[] generateStreamBytes = generateStreamBytes(messageDataHeaderDto, bArr);
        Iterator<String> it = effectivePermissions.rolesWrite.iterator();
        while (it.hasNext()) {
            MessagePrivateKeyDto signKey = this.encryptSession.getSignKey(it.next());
            if (signKey != null) {
                int i = 0;
                while (true) {
                    try {
                        return generateVerifiedSignature(generateStreamBytes, signKey);
                    } catch (Exception e) {
                        if (i >= 15) {
                            throw new RuntimeException(e);
                        }
                        i++;
                    }
                }
            }
        }
        return null;
    }
}
