package net.osbee.pos.rksv;

import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.time.format.DateTimeFormatter;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import net.osbee.pos.rksv.common.constants.RKSVConstants;
import net.osbee.pos.rksv.common.constants.entities.RKSVMachineCodeType;
import net.osbee.pos.rksv.common.constants.entities.RKSVReceiptType;
import net.osbee.pos.rksv.common.constants.entities.RKSVTaxrates;
import net.osbee.pos.rksv.common.data.RKSVEnhancedData;
import net.osbee.pos.rksv.common.data.RKSVProcessedData;
import net.osbee.pos.rksv.common.data.RKSVRawData;
import net.osbee.pos.rksv.common.data.RKSVSalesPerTaxrate;
import net.osbee.pos.rksv.common.exceptions.RKSVServerException;
import org.apache.commons.codec.binary.Base32;
import org.apache.commons.math3.optimization.direct.CMAESOptimizer;
import org.apache.commons.math3.util.Precision;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/net.osbee.pos.rksv-1.0.0-SNAPSHOT.jar:net/osbee/pos/rksv/RKSVReceiptProcessor.class */
public class RKSVReceiptProcessor {
    private MessageDigest digest = null;
    private Map<String, IRKSVSmartcardCommunicator> smartcardCommunicators = new HashMap();
    protected static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) RKSVReceiptProcessor.class);

    public synchronized RKSVProcessedData processReceipt(RKSVReceiptType rKSVReceiptType, RKSVRawData rKSVRawData, String str, String str2, RKSVMachineCodeType rKSVMachineCodeType) throws RKSVServerException {
        String str3;
        RKSVProcessedData rKSVProcessedData = null;
        if (validateReceiptData(rKSVReceiptType, rKSVRawData)) {
            String computeChainingPart = computeChainingPart(rKSVReceiptType, rKSVRawData);
            long turnoverCounter = rKSVRawData.getTurnoverCounter();
            long updateTurnoverCounter = updateTurnoverCounter(rKSVReceiptType, rKSVRawData);
            String encryptTurnoverCounter = encryptTurnoverCounter(rKSVReceiptType, rKSVRawData, updateTurnoverCounter);
            int i = (int) (updateTurnoverCounter - turnoverCounter);
            boolean z = true;
            try {
                str3 = getSerialNumber(str);
            } catch (RKSVServerException e) {
                str3 = "";
            }
            if (str3.equals("")) {
                z = false;
                str3 = getPreviousSerialNumber(rKSVRawData.getPreviousSignedValue());
                LOGGER.error("smartcard {] not accessible!", str);
            }
            if (str3 != "") {
                RKSVEnhancedData rKSVEnhancedData = new RKSVEnhancedData();
                rKSVEnhancedData.setReceiptGenerationTime(getDateTimeString(rKSVRawData));
                rKSVEnhancedData.setEncryptedTurnoverCounter(encryptTurnoverCounter);
                rKSVEnhancedData.setChainingPartToPreviousSignature(computeChainingPart);
                rKSVEnhancedData.setCertificateSerialNumber(str3);
                rKSVEnhancedData.setCashRegisterId(rKSVRawData.getCashRegisterId());
                rKSVEnhancedData.setReceiptNumber(rKSVRawData.getReceiptNumber());
                rKSVEnhancedData.setPayments(rKSVRawData.getPayments());
                String buildStringToBeSigned = buildStringToBeSigned(rKSVEnhancedData, getSmartcardCommunicator(str).getVDA());
                String computeSignedData = computeSignedData(buildStringToBeSigned, str, str2, z);
                if (computeSignedData != null && !computeSignedData.equals("")) {
                    String computeMachineReadableCode = computeMachineReadableCode(buildStringToBeSigned, computeSignedData);
                    if (rKSVMachineCodeType == RKSVMachineCodeType.OCR) {
                        computeMachineReadableCode = convertQRCodeToOCRCode(computeMachineReadableCode);
                    } else if (rKSVMachineCodeType == RKSVMachineCodeType.Link) {
                        LOGGER.error("The function to submit the machine readable code via a link is currently not implemented!");
                    }
                    rKSVProcessedData = new RKSVProcessedData(updateTurnoverCounter, computeSignedData, computeMachineReadableCode, null, z, i, z ? null : str3);
                }
            }
        }
        return rKSVProcessedData;
    }

    private IRKSVSmartcardCommunicator getSmartcardCommunicator(String str) {
        IRKSVSmartcardCommunicator orDefault = this.smartcardCommunicators.getOrDefault(str, null);
        if (orDefault == null) {
            orDefault = (str == null || !str.equals(RKSVConstants.DAMAGED_SMARTCARD_NAME)) ? RKSVSmartcardCommunicatorPrimeSign.getInstance(str) : new RKSVSmartcardCommunicatorDamaged();
            if (orDefault != null) {
                this.smartcardCommunicators.put(orDefault.getName(), orDefault);
            }
        }
        return orDefault;
    }

    public List<String> getAvailableCardreaderNames() {
        return IRKSVSmartcardCommunicator.getAvailableCardreaderNames();
    }

    public String getSerialNumber(String str) throws RKSVServerException {
        X509Certificate certificate = getCertificate(str);
        if (certificate != null) {
            return certificate.getSerialNumber().toString(16);
        }
        throw new RKSVServerException(String.valueOf(str) + ": The signature certificate serial number could not be determined!");
    }

    public String getCertificatOwner(String str) throws RKSVServerException {
        X509Certificate certificate = getCertificate(str);
        if (certificate != null) {
            return certificate.getSubjectDN().getName();
        }
        throw new RKSVServerException(String.valueOf(str) + ": The signature certificate owner could not be determined!");
    }

    public X509Certificate getCertificate(String str) throws RKSVServerException {
        return getSmartcardCommunicator(str).getSignatureCertificate();
    }

    private boolean validateReceiptData(RKSVReceiptType rKSVReceiptType, RKSVRawData rKSVRawData) {
        if (rKSVRawData.getCashRegisterId() == null || rKSVRawData.getCashRegisterId().equals("")) {
            LOGGER.error("The cash register ID must not be empty! Input was {}.", rKSVRawData.getCashRegisterId());
            return false;
        }
        if (rKSVRawData.getReceiptNumber() == null || rKSVRawData.getReceiptNumber().equals("")) {
            LOGGER.error("The receipt number must not be empty! Input was {}.", rKSVRawData.getReceiptNumber());
            return false;
        }
        if (rKSVRawData.getReceiptGenerationTime() == null) {
            LOGGER.error("The receipt generation time must not be empty!");
            return false;
        }
        long hours = Duration.between(rKSVRawData.getReceiptGenerationTime(), Instant.now()).toHours();
        if (hours < 0) {
            LOGGER.error("The receipt generation time {} must not be in the future!");
            return false;
        }
        if (hours > 2160) {
            LOGGER.error("The receipt generation time {} must not be older than 90 days!");
            return false;
        }
        if (rKSVReceiptType != RKSVReceiptType.RKSV_CancellationReceipt && rKSVReceiptType != RKSVReceiptType.RKSV_TrainingsReceipt) {
            if (rKSVRawData.getEncryptionKey() == null) {
                LOGGER.error("The encryption key for encryption of the turnover value must not be empty!");
                return false;
            }
            try {
                if (Base64.getDecoder().decode(rKSVRawData.getEncryptionKey()).length != 32) {
                    LOGGER.error("The encryption key for encryption of the turnover value must have length {}! Input was {}.", (Object) 32, (Object) rKSVRawData.getEncryptionKey());
                    return false;
                }
            } catch (IllegalArgumentException e) {
                LOGGER.error("The encryption key {} could not be decoded. It must be submitted as a Base64 string.", rKSVRawData.getEncryptionKey());
                return false;
            }
        }
        if (rKSVReceiptType != RKSVReceiptType.RKSV_StartReceipt) {
            String previousSignedValue = rKSVRawData.getPreviousSignedValue();
            if (previousSignedValue == null || previousSignedValue.equals("")) {
                LOGGER.error("The previous signature value must not be empty! Input was {}.", previousSignedValue);
                return false;
            }
            if (previousSignedValue.split("\\.").length != 3) {
                LOGGER.error("The previous signature value does not look like a signature! Input was {}. Expected format: [header].[payload].[signature]", previousSignedValue);
                return false;
            }
        }
        if (rKSVRawData.getTurnoverCounter() > 10000000000000L || rKSVRawData.getTurnoverCounter() < -100000000) {
            LOGGER.error("The value {} of the turnover counter (in €-cent) is not in the expected range!", Long.valueOf(rKSVRawData.getTurnoverCounter()));
            return false;
        }
        RKSVSalesPerTaxrate payments = rKSVRawData.getPayments();
        if (rKSVReceiptType != RKSVReceiptType.RKSV_NullReceipt) {
            return true;
        }
        if (payments.getSales(RKSVTaxrates.Normal) == CMAESOptimizer.DEFAULT_STOPFITNESS && payments.getSales(RKSVTaxrates.NoTax) == CMAESOptimizer.DEFAULT_STOPFITNESS && payments.getSales(RKSVTaxrates.Reduced_1) == CMAESOptimizer.DEFAULT_STOPFITNESS && payments.getSales(RKSVTaxrates.Reduced_2) == CMAESOptimizer.DEFAULT_STOPFITNESS && payments.getSales(RKSVTaxrates.Special) == CMAESOptimizer.DEFAULT_STOPFITNESS) {
            return true;
        }
        LOGGER.error("For null-receipts the payments must be 0 for each taxrate!");
        return false;
    }

    private String computeChainingPart(RKSVReceiptType rKSVReceiptType, RKSVRawData rKSVRawData) {
        byte[] bArr = new byte[8];
        System.arraycopy(getHashingComputer().digest((rKSVReceiptType != RKSVReceiptType.RKSV_StartReceipt ? rKSVRawData.getPreviousSignedValue() : rKSVRawData.getCashRegisterId()).getBytes(StandardCharsets.UTF_8)), 0, bArr, 0, bArr.length);
        return Base64.getEncoder().encodeToString(bArr);
    }

    private MessageDigest getHashingComputer() {
        if (this.digest == null) {
            try {
                this.digest = MessageDigest.getInstance("SHA-256");
            } catch (NoSuchAlgorithmException e) {
                LOGGER.error("Algorithm {} could not be found!", "SHA-256");
            }
        }
        return this.digest;
    }

    private long updateTurnoverCounter(RKSVReceiptType rKSVReceiptType, RKSVRawData rKSVRawData) {
        long turnoverCounter = rKSVRawData.getTurnoverCounter();
        if (rKSVReceiptType == RKSVReceiptType.RKSV_StandardReceipt || rKSVReceiptType == RKSVReceiptType.RKSV_CancellationReceipt) {
            RKSVSalesPerTaxrate payments = rKSVRawData.getPayments();
            double sales = payments.getSales(RKSVTaxrates.Normal);
            double sales2 = payments.getSales(RKSVTaxrates.Reduced_1);
            double sales3 = payments.getSales(RKSVTaxrates.Reduced_2);
            double sales4 = payments.getSales(RKSVTaxrates.NoTax);
            turnoverCounter += (long) (((long) (((long) (((long) (((long) (0 + Precision.round(Precision.round(sales, 2) * 100.0d, 0))) + Precision.round(Precision.round(sales2, 2) * 100.0d, 0))) + Precision.round(Precision.round(sales3, 2) * 100.0d, 0))) + Precision.round(Precision.round(sales4, 2) * 100.0d, 0))) + Precision.round(Precision.round(payments.getSales(RKSVTaxrates.Special), 2) * 100.0d, 0));
        } else if (rKSVReceiptType == RKSVReceiptType.RKSV_StartReceipt) {
            turnoverCounter = 0;
        }
        return turnoverCounter;
    }

    private String encryptTurnoverCounter(RKSVReceiptType rKSVReceiptType, RKSVRawData rKSVRawData, long j) {
        byte[] bArr;
        if (rKSVReceiptType == RKSVReceiptType.RKSV_CancellationReceipt) {
            bArr = RKSVConstants.CANCELLATION_TURNOVER_CODE.getBytes(StandardCharsets.UTF_8);
        } else if (rKSVReceiptType == RKSVReceiptType.RKSV_TrainingsReceipt) {
            bArr = RKSVConstants.TRAINING_TURNOVER_CODE.getBytes(StandardCharsets.UTF_8);
        } else {
            byte[] bArr2 = get2ComplementRepForLong(j, 7);
            byte[] bArr3 = new byte[16];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            IvParameterSpec initialisationVectorForTurnoverEncryption = getInitialisationVectorForTurnoverEncryption(rKSVRawData);
            try {
                Cipher cipher = Cipher.getInstance(RKSVConstants.ALGORITHM_FOR_TURNOVER_ENCRYPTION);
                cipher.init(1, getEncryptionKey(rKSVRawData.getEncryptionKey()), initialisationVectorForTurnoverEncryption);
                bArr = new byte[7];
                System.arraycopy(cipher.doFinal(bArr3), 0, bArr, 0, bArr.length);
            } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
                LOGGER.error("Encryption of the turnover counter failed!", e);
                return null;
            }
        }
        return Base64.getEncoder().encodeToString(bArr);
    }

    private SecretKey getEncryptionKey(String str) {
        return new SecretKeySpec(Base64.getDecoder().decode(str), RKSVConstants.KEY_TYPE_FOR_TURNOVER_ENCRYPTION);
    }

    private IvParameterSpec getInitialisationVectorForTurnoverEncryption(RKSVRawData rKSVRawData) {
        byte[] bArr = new byte[16];
        System.arraycopy(getHashingComputer().digest((String.valueOf(rKSVRawData.getCashRegisterId()) + rKSVRawData.getReceiptNumber()).getBytes(StandardCharsets.UTF_8)), 0, bArr, 0, bArr.length);
        return new IvParameterSpec(bArr);
    }

    private static byte[] get2ComplementRepForLong(long j, int i) {
        if (i > 8) {
            throw new IllegalArgumentException();
        }
        ByteBuffer allocate = ByteBuffer.allocate(8);
        allocate.putLong(j);
        byte[] array = allocate.array();
        byte[] bArr = new byte[i];
        System.arraycopy(array, 8 - i, bArr, 0, i);
        return bArr;
    }

    private String getDateTimeString(RKSVRawData rKSVRawData) {
        return DateTimeFormatter.ISO_LOCAL_DATE_TIME.format(LocalDateTime.ofInstant(rKSVRawData.getReceiptGenerationTime(), ZoneId.of("Europe/Berlin")));
    }

    private String buildStringToBeSigned(RKSVEnhancedData rKSVEnhancedData, String str) {
        StringBuilder sb = new StringBuilder("");
        appendToString(sb, "R1-" + str);
        appendToString(sb, rKSVEnhancedData.getCashRegisterId());
        appendToString(sb, rKSVEnhancedData.getReceiptNumber());
        appendToString(sb, rKSVEnhancedData.getReceiptGenerationTime());
        appendToString(sb, formatDoubleForSigning(rKSVEnhancedData.getPayments().getSales(RKSVTaxrates.Normal)));
        appendToString(sb, formatDoubleForSigning(rKSVEnhancedData.getPayments().getSales(RKSVTaxrates.Reduced_1)));
        appendToString(sb, formatDoubleForSigning(rKSVEnhancedData.getPayments().getSales(RKSVTaxrates.Reduced_2)));
        appendToString(sb, formatDoubleForSigning(rKSVEnhancedData.getPayments().getSales(RKSVTaxrates.NoTax)));
        appendToString(sb, formatDoubleForSigning(rKSVEnhancedData.getPayments().getSales(RKSVTaxrates.Special)));
        appendToString(sb, rKSVEnhancedData.getEncryptedTurnoverCounter());
        appendToString(sb, rKSVEnhancedData.getCertificateSerialNumber());
        appendToString(sb, rKSVEnhancedData.getChainingPartToPreviousSignature());
        return sb.toString();
    }

    private void appendToString(StringBuilder sb, String str) {
        sb.append("_");
        sb.append(str);
    }

    private String formatDoubleForSigning(double d) {
        return String.format(Locale.GERMANY, "%.2f", Double.valueOf(d));
    }

    private String computeSignedData(String str, String str2, String str3, boolean z) {
        String str4 = String.valueOf(Base64.getUrlEncoder().withoutPadding().encodeToString(("{\"alg\":\"" + getSmartcardCommunicator(str2).getSignatureAlgorithm() + "\"}").getBytes(StandardCharsets.UTF_8))) + "." + Base64.getUrlEncoder().withoutPadding().encodeToString(str.getBytes(StandardCharsets.UTF_8));
        return String.valueOf(str4) + "." + Base64.getUrlEncoder().withoutPadding().encodeToString(z ? getSmartcardCommunicator(str2).getSignature(str4.getBytes(StandardCharsets.UTF_8), str3) : RKSVConstants.SMARTCARD_NOT_ACCESSIBLE.getBytes(StandardCharsets.UTF_8));
    }

    private String computeMachineReadableCode(String str, String str2) {
        return String.valueOf(str) + "_" + Base64.getEncoder().encodeToString(Base64.getUrlDecoder().decode(str2.split("\\.")[2]));
    }

    private String convertQRCodeToOCRCode(String str) {
        String[] split = str.split("_");
        if (split.length != 14) {
            LOGGER.error("Conversion error from QR to OCR code! The QR code {} does not have the format _algorithmMarker_cashRegisterID_receiptNumber_time_taxNormal_taxReduced1_taxReduced2_taxNull_taxSpecial_turnoverCounter_serialNumber_previousSignature_signature", str);
        }
        Base32 base32 = new Base32();
        for (int i : new int[]{10, 12, 13}) {
            split[i] = base32.encodeAsString(Base64.getDecoder().decode(split[i]));
        }
        return String.join("_", split);
    }

    private String getPreviousSerialNumber(String str) {
        if (!str.contains(".")) {
            return "";
        }
        String str2 = new String(Base64.getUrlDecoder().decode(str.split("\\.")[1]), StandardCharsets.UTF_8);
        String[] split = str2.split("_");
        if (split.length == 13) {
            return split[11];
        }
        LOGGER.error("Reconstruction of the previous serial number failed. Expected format of the signature payload: _algorithmMarker_cashRegisterID_receiptNumber_time_taxNormal_taxReduced1_taxReduced2_taxNull_taxSpecial_turnoverCounter_serialNumber_previousSignaturebut got {}.", str2);
        return "";
    }

    public synchronized boolean changePIN(String str, String str2, String str3) {
        boolean z = false;
        IRKSVSmartcardCommunicator smartcardCommunicator = getSmartcardCommunicator(str3);
        if (smartcardCommunicator != null) {
            z = smartcardCommunicator.changePin(str, str2);
        }
        return z;
    }
}
