package com.tokera.ate.constraints;

import com.tokera.ate.dao.enumerations.KeyType;
import com.tokera.ate.dao.enumerations.KeyUse;
import com.tokera.ate.delegates.AteDelegate;
import com.tokera.ate.dto.msg.MessageKeyPartDto;
import com.tokera.ate.dto.msg.MessagePrivateKeyDto;
import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.crypto.InvalidCipherTextException;

/* loaded from: input_file:com/tokera/ate/constraints/PrivateKeyValidator.class */
public class PrivateKeyValidator implements ConstraintValidator<PrivateKeyConstraint, MessagePrivateKeyDto> {
    public void initialize(PrivateKeyConstraint privateKeyConstraint) {
    }

    public boolean isValid(MessagePrivateKeyDto messagePrivateKeyDto, ConstraintValidatorContext constraintValidatorContext) {
        if (messagePrivateKeyDto == null) {
            return true;
        }
        boolean z = true;
        if (messagePrivateKeyDto.getPublicParts() == null) {
            if (1 == 1) {
                constraintValidatorContext.disableDefaultConstraintViolation();
            }
            constraintValidatorContext.buildConstraintViolationWithTemplate("The key has no public parts.").addConstraintViolation();
            z = false;
        }
        if (messagePrivateKeyDto.getPublicParts().size() <= 0) {
            if (z) {
                constraintValidatorContext.disableDefaultConstraintViolation();
            }
            constraintValidatorContext.buildConstraintViolationWithTemplate("The key public parts are empty.").addConstraintViolation();
            z = false;
        }
        if (messagePrivateKeyDto.getPublicKeyHash() == null) {
            if (z) {
                constraintValidatorContext.disableDefaultConstraintViolation();
            }
            constraintValidatorContext.buildConstraintViolationWithTemplate("The key has no public key hash.").addConstraintViolation();
            z = false;
        }
        Iterator<MessageKeyPartDto> it = messagePrivateKeyDto.getPublicParts().iterator();
        while (it.hasNext()) {
            if (it.next().getType() == KeyType.unknown) {
                if (z) {
                    constraintValidatorContext.disableDefaultConstraintViolation();
                }
                constraintValidatorContext.buildConstraintViolationWithTemplate("The key has public parts that use an unknown crypto algorithm.").addConstraintViolation();
                z = false;
            }
        }
        if (messagePrivateKeyDto.getPrivateParts() == null) {
            if (z) {
                constraintValidatorContext.disableDefaultConstraintViolation();
            }
            constraintValidatorContext.buildConstraintViolationWithTemplate("The key has no private parts.").addConstraintViolation();
            z = false;
        }
        if (messagePrivateKeyDto.getPrivateParts().size() <= 0) {
            if (z) {
                constraintValidatorContext.disableDefaultConstraintViolation();
            }
            constraintValidatorContext.buildConstraintViolationWithTemplate("The key private parts are empty.").addConstraintViolation();
            z = false;
        }
        if (messagePrivateKeyDto.getPrivateKeyHash() == null) {
            if (z) {
                constraintValidatorContext.disableDefaultConstraintViolation();
            }
            constraintValidatorContext.buildConstraintViolationWithTemplate("The key has no private key hash.").addConstraintViolation();
            z = false;
        }
        Iterator<MessageKeyPartDto> it2 = messagePrivateKeyDto.getPrivateParts().iterator();
        while (it2.hasNext()) {
            if (it2.next().getType() == KeyType.unknown) {
                if (z) {
                    constraintValidatorContext.disableDefaultConstraintViolation();
                }
                constraintValidatorContext.buildConstraintViolationWithTemplate("The key has private parts that use an unknown crypto algorithm.").addConstraintViolation();
                z = false;
            }
        }
        try {
            AteDelegate ateDelegate = AteDelegate.get();
            if (ateDelegate.bootstrapConfig.isExtraValidation()) {
                if (messagePrivateKeyDto.getPrivateParts().stream().anyMatch(messageKeyPartDto -> {
                    return messageKeyPartDto.getType().getUse() == KeyUse.encrypt;
                })) {
                    byte[] decodeBase64 = Base64.decodeBase64(ateDelegate.encryptor.generateSecret64());
                    if (!Arrays.equals(decodeBase64, ateDelegate.encryptor.decrypt(messagePrivateKeyDto, ateDelegate.encryptor.encrypt(messagePrivateKeyDto, decodeBase64)))) {
                        if (z) {
                            constraintValidatorContext.disableDefaultConstraintViolation();
                        }
                        constraintValidatorContext.buildConstraintViolationWithTemplate("The key did not pass the encrypt/decrypt test.").addConstraintViolation();
                        z = false;
                    }
                }
                if (messagePrivateKeyDto.getPrivateParts().stream().anyMatch(messageKeyPartDto2 -> {
                    return messageKeyPartDto2.getType().getUse() == KeyUse.sign;
                })) {
                    byte[] decodeBase642 = Base64.decodeBase64(ateDelegate.encryptor.generateSecret64());
                    if (!ateDelegate.encryptor.verify(messagePrivateKeyDto, decodeBase642, ateDelegate.encryptor.sign(messagePrivateKeyDto, decodeBase642))) {
                        if (z) {
                            constraintValidatorContext.disableDefaultConstraintViolation();
                        }
                        constraintValidatorContext.buildConstraintViolationWithTemplate("The key did not pass the sign/verify test.").addConstraintViolation();
                        z = false;
                    }
                }
            }
        } catch (IOException | InvalidCipherTextException e) {
            if (z) {
                constraintValidatorContext.disableDefaultConstraintViolation();
            }
            constraintValidatorContext.buildConstraintViolationWithTemplate("The key did not pass the testing phase - " + e.getMessage()).addConstraintViolation();
            z = false;
        }
        return z;
    }
}
