package com.mastercard.api.core.security.send;

import com.mastercard.api.core.exception.SdkException;
import com.mastercard.api.core.model.RequestMap;
import com.mastercard.api.core.security.HttpRequestCryptographyInterceptor;
import com.mastercard.api.core.security.fle.Config;
import com.mastercard.api.core.security.fle.FieldLevelEncryption;
import com.mastercard.api.core.security.oauth.OAuthConstants;
import com.mastercard.api.core.security.util.CryptUtil;
import com.mastercard.api.core.security.util.DataEncoding;
import java.io.InputStream;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.apache.http.Header;
import org.json.simple.JSONObject;
import org.json.simple.JSONValue;

/* loaded from: input_file:com/mastercard/api/core/security/send/DirectoryServicesCryptography.class */
public class DirectoryServicesCryptography extends FieldLevelEncryption implements HttpRequestCryptographyInterceptor {
    public static final String ENCRYPTED_PAYLOAD = "encrypted_payload";
    public static final String ENCRYPTED_PAYLOAD_DATA = "encrypted_payload.data";

    public DirectoryServicesCryptography(InputStream inputStream, InputStream inputStream2, String str, String str2, Config config, String str3) throws SdkException {
        super(inputStream, inputStream2, str, str2, config, str3);
    }

    public DirectoryServicesCryptography(InputStream inputStream, InputStream inputStream2, Config config, String str) throws SdkException {
        super(inputStream, inputStream2, config, str);
    }

    public DirectoryServicesCryptography(InputStream inputStream, InputStream inputStream2) throws SdkException {
        super(inputStream, inputStream2, config(), null);
    }

    public DirectoryServicesCryptography(InputStream inputStream, InputStream inputStream2, String str) throws SdkException {
        super(inputStream, inputStream2, config(), str);
    }

    public static final Config config() {
        Config config = new Config();
        config.triggeringEndPath = Arrays.asList("/send/.*/partners/.*/mappings", "/send/.*/partners/.*/mappings/.*", "/send/.*/partners/.*/mappings/.*/accounts", "/send/.*/partners/.*/mappings/.*/accounts/.*", "/send/.*/partners/.*/mappings/.*/accounts/.*/additional-data", "/send/.*/partners/.*/mappings/.*/accounts/.*/additional-data/.*", "/send/.*/partners/.*/mappings/search");
        config.fieldsToEncrypt = Arrays.asList("mapping", "search", "account", "additional_data");
        config.fieldsToDecrypt = Arrays.asList(ENCRYPTED_PAYLOAD_DATA);
        config.publicKeyFingerprintHashing = OAuthConstants.SHA256;
        config.publicKeyFingerprintFiledName = "x-public-key-fingerprint";
        config.symmetricAlgorithm = "AES/CBC/PKCS5Padding";
        config.symmetricCipher = "AES";
        config.symmetricKeysize = 128;
        config.asymmetricCipher = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
        config.ivFieldName = "x-iv";
        config.oaepHashingAlgorithm = "SHA256";
        config.oaepHashingAlgorithmFieldName = "x-oaep-hashing-algorithm";
        config.encryptedKeyFiledName = "x-encrypted-key";
        config.encryptedDataFieldName = ENCRYPTED_PAYLOAD_DATA;
        return config;
    }

    @Override // com.mastercard.api.core.security.HttpRequestCryptographyInterceptor
    public Map<String, Object> addCustomHeaders(Map<String, Object> map, Map<String, Object> map2) {
        for (String str : Arrays.asList(config().encryptedKeyFiledName, config().oaepHashingAlgorithmFieldName, config().publicKeyFingerprintFiledName, config().ivFieldName)) {
            map.put(str, map2.get(str));
            map2.remove(str);
        }
        return map;
    }

    @Override // com.mastercard.api.core.security.HttpRequestCryptographyInterceptor
    public Map<String, Object> removeCustomHeaders(Header[] headerArr, Map<String, Object> map) {
        if (!(map.get(ENCRYPTED_PAYLOAD) instanceof JSONObject)) {
            return map;
        }
        JSONObject jSONObject = (JSONObject) map.get(ENCRYPTED_PAYLOAD);
        for (Header header : headerArr) {
            if (header.getName().equals(this.config.encryptedKeyFiledName)) {
                jSONObject.put(this.config.encryptedKeyFiledName, header.getValue());
            } else if (header.getName().equals(this.config.ivFieldName)) {
                jSONObject.put(this.config.ivFieldName, header.getValue());
            } else if (header.getName().equals(this.config.publicKeyFingerprintFiledName)) {
                jSONObject.put(this.config.publicKeyFingerprintFiledName, header.getValue());
            } else if (header.getName().equals(this.config.oaepHashingAlgorithmFieldName)) {
                jSONObject.put(this.config.oaepHashingAlgorithmFieldName, header.getValue());
            }
        }
        map.put(ENCRYPTED_PAYLOAD, jSONObject);
        return map;
    }

    @Override // com.mastercard.api.core.security.fle.FieldLevelEncryption, com.mastercard.api.core.security.CryptographyInterceptor
    public Map<String, Object> encrypt(Map<String, Object> map) throws SdkException {
        try {
            RequestMap requestMap = new RequestMap(map);
            if (this.publicCertificate != null) {
                String sanitizeJson = CryptUtil.sanitizeJson(JSONValue.toJSONString(requestMap));
                IvParameterSpec generateIv = CryptUtil.generateIv();
                String byteArrayToString = CryptUtil.byteArrayToString(generateIv.getIV(), this.config.dataEncoding);
                SecretKey generateSecretKey = CryptUtil.generateSecretKey(this.config.symmetricCipher, this.config.symmetricKeysize, this.config.publicKeyFingerprintHashing);
                String byteArrayToString2 = CryptUtil.byteArrayToString(CryptUtil.crypt(1, this.config.symmetricAlgorithm, "SunJCE", generateSecretKey, generateIv, sanitizeJson.getBytes("UTF8")), this.config.dataEncoding);
                String byteArrayToString3 = CryptUtil.byteArrayToString(CryptUtil.wrap(this.config.asymmetricCipher, "SunJCE", this.publicCertificate.getPublicKey(), generateSecretKey), this.config.dataEncoding);
                String byteArrayToString4 = this.publicKeyFingerprint == null ? CryptUtil.byteArrayToString(CryptUtil.generateFingerprint(this.config.publicKeyFingerprintHashing, this.publicCertificate.getPublicKey()), DataEncoding.HEX) : this.publicKeyFingerprint;
                if (this.config.publicKeyFingerprintFiledName != null) {
                    requestMap.put(this.config.publicKeyFingerprintFiledName, (Object) byteArrayToString4);
                }
                if (this.config.oaepHashingAlgorithmFieldName != null) {
                    requestMap.put(this.config.oaepHashingAlgorithmFieldName, (Object) this.config.oaepHashingAlgorithm);
                }
                requestMap.put(this.config.ivFieldName, (Object) byteArrayToString);
                requestMap.put(this.config.encryptedKeyFiledName, (Object) byteArrayToString3);
                requestMap.put(this.config.encryptedDataFieldName, (Object) byteArrayToString2);
                Iterator<String> it = this.config.fieldsToEncrypt.iterator();
                while (it.hasNext()) {
                    requestMap.remove(it.next());
                }
            }
            return requestMap;
        } catch (Exception e) {
            throw new SdkException(e.getMessage(), e);
        }
    }

    @Override // com.mastercard.api.core.security.fle.FieldLevelEncryption, com.mastercard.api.core.security.CryptographyInterceptor
    public Map<String, Object> decrypt(Map<String, Object> map) throws SdkException {
        RequestMap requestMap = new RequestMap(super.decrypt(map));
        return (requestMap.containsKey(ENCRYPTED_PAYLOAD_DATA) && (requestMap.get(ENCRYPTED_PAYLOAD_DATA) instanceof Map)) ? (Map) requestMap.get(ENCRYPTED_PAYLOAD_DATA) : map;
    }
}
