package de.svws_nrw.data.crypto;

import de.svws_nrw.base.crypto.AES;
import de.svws_nrw.base.crypto.AESException;
import de.svws_nrw.base.crypto.RSA;
import de.svws_nrw.base.crypto.RSAException;
import de.svws_nrw.db.Benutzer;
import de.svws_nrw.db.DBEntityManager;
import de.svws_nrw.db.dto.current.schild.schueler.DTOSchueler;
import de.svws_nrw.db.dto.current.svws.auth.DTOCredentials;
import de.svws_nrw.db.utils.ApiOperationException;
import jakarta.ws.rs.core.Response;
import java.security.KeyPair;
import java.security.SecureRandom;
import java.text.Normalizer;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Random;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;

/* loaded from: input_file:de/svws_nrw/data/crypto/DBUtilsCrypto.class */
public final class DBUtilsCrypto {
    private static final Random random = new SecureRandom();

    private DBUtilsCrypto() {
        throw new IllegalStateException("Instantiation of " + DBUtilsCrypto.class.getName() + " not allowed");
    }

    private static String generateRandomPassword(int i) {
        int nextInt;
        ArrayList arrayList = new ArrayList();
        arrayList.add(0);
        arrayList.add(1);
        arrayList.add(2);
        arrayList.add(6);
        for (int i2 = 4; i2 < i; i2++) {
            arrayList.add(Integer.valueOf(random.nextInt(10)));
        }
        Collections.shuffle(arrayList);
        char[] cArr = new char[i];
        for (int i3 = 0; i3 < i; i3++) {
            int i4 = i3;
            switch (((Integer) arrayList.get(i3)).intValue()) {
                case 0:
                    nextInt = random.nextInt(33, 45);
                    break;
                case 1:
                    nextInt = random.nextInt(48, 58);
                    break;
                case 2:
                case 3:
                case 4:
                case 5:
                    nextInt = random.nextInt(97, 123);
                    break;
                default:
                    nextInt = random.nextInt(65, 91);
                    break;
            }
            cArr[i4] = (char) nextInt;
        }
        return new String(cArr);
    }

    private static String nameToAscii(String str) {
        return Pattern.compile("\\p{InCombiningDiacriticalMarks}+").matcher(Normalizer.normalize(str.trim().replaceAll("Ä", "Ae").replaceAll("Ö", "Oe").replaceAll("Ü", "Ue").replaceAll("ä", "ae").replaceAll("ö", "oe").replaceAll("ü", "ue").replaceAll("ß", "ss"), Normalizer.Form.NFD).replace((char) 321, 'L').replace((char) 322, 'l')).replaceAll("").replaceAll("[^\\x20-\\x7E]", "").replaceAll("\\s+", "").replace("-", "").toLowerCase();
    }

    private static String determineUsername(String str, String str2, int i, Set<String> set) {
        String nameToAscii = nameToAscii(str2);
        String nameToAscii2 = nameToAscii(str);
        if (nameToAscii2.length() > i - 2) {
            nameToAscii2 = nameToAscii2.substring(0, i - 2);
        }
        String str3 = nameToAscii + "." + nameToAscii2;
        if (str3.length() <= i && !set.contains(str3)) {
            return str3;
        }
        String substring = nameToAscii.substring(0, 1);
        String str4 = substring + "." + nameToAscii2;
        if (str4.length() <= i && !set.contains(str4)) {
            return str4;
        }
        if (nameToAscii.length() > 1) {
            String str5 = nameToAscii.substring(0, 2) + "." + nameToAscii2;
            if (str5.length() <= i && !set.contains(str5)) {
                return str5;
            }
        }
        long j = 1;
        while (true) {
            long j2 = j;
            if (j2 <= 0) {
                throw new RuntimeException("Kann keinen Benutzernamen ermitteln.");
            }
            String str6 = j2;
            if (nameToAscii2.length() > i - (2 + str6.length())) {
                nameToAscii2 = nameToAscii2.substring(0, i - (2 + str6.length()));
            }
            String str7 = substring + str6 + "." + nameToAscii2;
            if (str7.length() <= i && !set.contains(str7)) {
                return str7;
            }
            j = j2 + 1;
        }
    }

    private static String determinePseudonym(String str, long j, Set<String> set) {
        String str2 = str + j;
        if (set.contains(str2)) {
            throw new RuntimeException("Kann kein Pseudonym für den Benutzer erstellen.");
        }
        return str2;
    }

    public static DTOCredentials getOrCreateSchuelerCredentials(DBEntityManager dBEntityManager, long j) throws ApiOperationException {
        DTOCredentials dTOCredentials;
        dBEntityManager.transactionFlush();
        DTOSchueler dTOSchueler = (DTOSchueler) dBEntityManager.queryByKey(DTOSchueler.class, new Object[]{Long.valueOf(j)});
        if (dTOSchueler == null) {
            throw new ApiOperationException(Response.Status.NOT_FOUND, "Der Schüler mit der ID %d konnte in der Datenbank nicht gefunden werden.".formatted(Long.valueOf(j)));
        }
        if (dTOSchueler.CredentialID == null) {
            long transactionGetNextID = dBEntityManager.transactionGetNextID(DTOCredentials.class);
            List queryAll = dBEntityManager.queryAll(DTOCredentials.class);
            Set set = (Set) queryAll.stream().map(dTOCredentials2 -> {
                return dTOCredentials2.Benutzername;
            }).collect(Collectors.toSet());
            Set set2 = (Set) queryAll.stream().map(dTOCredentials3 -> {
                return dTOCredentials3.BenutzernamePseudonym;
            }).collect(Collectors.toSet());
            dTOCredentials = new DTOCredentials(transactionGetNextID, determineUsername(dTOSchueler.Vorname, dTOSchueler.Nachname, 16, set));
            dTOCredentials.BenutzernamePseudonym = determinePseudonym("s", transactionGetNextID, set2);
            dTOCredentials.Initialkennwort = generateRandomPassword(12);
            dTOCredentials.PasswordHash = Benutzer.erstellePasswortHash(dTOCredentials.Initialkennwort);
            dTOCredentials.RSAPublicKey = null;
            dTOCredentials.RSAPrivateKey = null;
            dTOCredentials.AES = null;
            dBEntityManager.transactionPersist(dTOCredentials);
            dBEntityManager.transactionFlush();
            dTOSchueler.CredentialID = Long.valueOf(transactionGetNextID);
            dBEntityManager.transactionPersist(dTOSchueler);
        } else {
            dTOCredentials = (DTOCredentials) dBEntityManager.queryByKey(DTOCredentials.class, new Object[]{dTOSchueler.CredentialID});
        }
        dBEntityManager.transactionFlush();
        return dTOCredentials;
    }

    public static void addRSAKeyPair(DBEntityManager dBEntityManager, DTOCredentials dTOCredentials) throws ApiOperationException {
        if (dTOCredentials.RSAPrivateKey != null || dTOCredentials.RSAPublicKey != null) {
            throw new ApiOperationException(Response.Status.BAD_REQUEST, "Das Erstellen eines neuen RSA-Schlüsselpaares ist fehlgeschlagen, da bereits ein Schlüsselpaar vorhanden ist.");
        }
        dBEntityManager.transactionFlush();
        try {
            KeyPair createKey = RSA.createKey();
            dTOCredentials.RSAPublicKey = Base64.getEncoder().encodeToString(createKey.getPublic().getEncoded());
            dTOCredentials.RSAPrivateKey = Base64.getEncoder().encodeToString(createKey.getPrivate().getEncoded());
            dBEntityManager.transactionPersist(dTOCredentials);
            dBEntityManager.transactionFlush();
        } catch (RSAException e) {
            throw new ApiOperationException(Response.Status.INTERNAL_SERVER_ERROR, "Fehler beim erstellen des RSA-Schlüsselpaares für die Credentials mit der ID %d.".formatted(Long.valueOf(dTOCredentials.ID)));
        }
    }

    public static void addAESKey(DBEntityManager dBEntityManager, DTOCredentials dTOCredentials) throws ApiOperationException {
        if (dTOCredentials.AES != null) {
            throw new ApiOperationException(Response.Status.BAD_REQUEST, "Das Erstellen eines neuen AES-Schlüssel ist fehlgeschlagen, da bereits ein Schlüssel vorhanden ist.");
        }
        dBEntityManager.transactionFlush();
        try {
            dTOCredentials.AES = Base64.getEncoder().encodeToString(AES.getRandomKey256().getEncoded());
            dBEntityManager.transactionPersist(dTOCredentials);
            dBEntityManager.transactionFlush();
        } catch (AESException e) {
            throw new ApiOperationException(Response.Status.INTERNAL_SERVER_ERROR, "Fehler beim erstellen des AES-Schlüssels für die Credentials mit der ID %d.".formatted(Long.valueOf(dTOCredentials.ID)));
        }
    }
}
