package com.amazon.whispersync.AmazonDevice.DCP.Authentication;

import com.amazon.whispercloak.KeyUtils;
import com.amazon.whispersync.AmazonDevice.Common.Log;
import com.amazon.whispersync.AmazonDevice.Common.WebRequest;
import com.amazon.whispersync.org.apache.commons.codec.binary.Base64;
import com.amazonaws.util.DateUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.Date;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes2.dex */
public class RequestSigner {
    private final ITokenAuthProvider mAuthProvider;
    private String mOverriddenTimestamp;
    private boolean mUseLegacyAuth = false;
    private boolean mUseBustedIdentityBehavior = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public class CorpusBuilder {
        private byte[] mBody;
        private long mBodyLen;
        private ByteArrayOutputStream mCorpus = new ByteArrayOutputStream();
        private boolean mIsValid;
        private String mPath;
        private String mTimestamp;
        private String mToken;
        private String mVerb;

        public CorpusBuilder(ITokenAuthProvider iTokenAuthProvider, WebRequest webRequest, String str) {
            String token;
            this.mPath = "";
            this.mBody = new byte[0];
            this.mBodyLen = 0L;
            this.mTimestamp = str;
            if (this.mTimestamp == null) {
                this.mTimestamp = new SimpleDateFormat(DateUtils.ALTERNATE_ISO8601_DATE_PATTERN).format(new Date());
            }
            if (iTokenAuthProvider != null && (token = iTokenAuthProvider.getToken()) != null) {
                this.mToken = token;
            }
            if (webRequest != null) {
                String verbAsString = webRequest.getVerbAsString();
                if (verbAsString != null) {
                    this.mVerb = verbAsString;
                }
                if (RequestSigner.this.mUseBustedIdentityBehavior) {
                    this.mPath = webRequest.getUrl();
                } else {
                    String pathAndQueryString = webRequest.getPathAndQueryString();
                    if (pathAndQueryString != null) {
                        this.mPath = pathAndQueryString;
                        if (!this.mPath.startsWith("/")) {
                            this.mPath += "/" + this.mPath;
                        }
                    }
                }
                if (RequestSigner.this.mUseBustedIdentityBehavior) {
                    this.mBody = new byte[0];
                    this.mBodyLen = 0L;
                } else {
                    byte[] bodyBytes = webRequest.getBodyBytes();
                    if (bodyBytes != null) {
                        this.mBody = bodyBytes;
                        this.mBodyLen = webRequest.getBodyLength();
                    }
                }
            }
            if (validateComponents()) {
                try {
                    this.mCorpus.write((this.mVerb + "\n").getBytes("UTF-8"));
                    this.mCorpus.write((this.mPath + "\n").getBytes("UTF-8"));
                    this.mCorpus.write((this.mTimestamp + "\n").getBytes("UTF-8"));
                    this.mCorpus.write(this.mBody, 0, (int) this.mBodyLen);
                    this.mCorpus.write("\n".getBytes("UTF-8"));
                    this.mCorpus.write(this.mToken.getBytes("UTF-8"));
                    this.mIsValid = true;
                } catch (UnsupportedEncodingException e) {
                    Log.error("corpusbuilder: UnsupportedEncodingException error: " + e.getMessage(), new Object[0]);
                } catch (IOException e2) {
                    Log.error("corpusbuilder: IOException error: " + e2.getMessage(), new Object[0]);
                }
            }
        }

        public byte[] getCorpus() {
            return this.mCorpus.toByteArray();
        }

        public String getTimestamp() {
            return this.mTimestamp;
        }

        public boolean isValid() {
            return this.mIsValid;
        }

        public boolean validateComponents() {
            return (this.mVerb == null || this.mTimestamp == null || this.mToken == null) ? false : true;
        }
    }

    public RequestSigner(ITokenAuthProvider iTokenAuthProvider) {
        this.mAuthProvider = iTokenAuthProvider;
    }

    private PrivateKey parseKey(String str) {
        KeyFactory keyFactory;
        if (str == null) {
            return null;
        }
        try {
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(str.replaceAll("-----BEGIN RSA PRIVATE KEY-----", "").replaceAll("-----END RSA PRIVATE KEY-----", "").replaceAll("-----BEGIN PRIVATE KEY-----", "").replaceAll("-----END PRIVATE KEY-----", "").trim().getBytes("UTF-8")));
            try {
                keyFactory = KeyFactory.getInstance(KeyUtils.ALGORITHM_RSA, BouncyCastleProvider.PROVIDER_NAME);
            } catch (NoSuchProviderException unused) {
                keyFactory = KeyFactory.getInstance(KeyUtils.ALGORITHM_RSA);
            }
            return keyFactory.generatePrivate(pKCS8EncodedKeySpec);
        } catch (UnsupportedEncodingException e) {
            Log.error("parseKey: failed because of an Unsupported Encoding UTF-8: " + e.getMessage(), new Object[0]);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            Log.error("parseKey: Could not parse private key because of no RSA algorithm. Error: " + e2.getMessage(), new Object[0]);
            return null;
        } catch (InvalidKeySpecException e3) {
            Log.error("parseKey: Could not parse private key because it was invalid. Error: " + e3.getMessage(), new Object[0]);
            return null;
        }
    }

    private byte[] signWithNewAuth(byte[] bArr, PrivateKey privateKey) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException e) {
            Log.error("signWithNewAuth: failed because of InvalidKeyException: " + e.getMessage(), new Object[0]);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            Log.error("signWithNewAuth: failed because of NoSuchAlgorithmException: " + e2.getMessage(), new Object[0]);
            return null;
        } catch (SignatureException e3) {
            Log.error("signWithNewAuth: failed because of SignatureException: " + e3.getMessage(), new Object[0]);
            return null;
        }
    }

    private byte[] signWithOldAuth(byte[] bArr, PrivateKey privateKey) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            byte[] digest = messageDigest.digest();
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, privateKey);
            cipher.update(digest);
            return cipher.doFinal();
        } catch (InvalidKeyException e) {
            Log.error("signWithOldAuth: failed because of InvalidKeyException: " + e.getMessage(), new Object[0]);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            Log.error("signWithOldAuth: failed because of NoSuchAlgorithmException: " + e2.getMessage(), new Object[0]);
            return null;
        } catch (BadPaddingException e3) {
            Log.error("signWithOldAuth: failed because of BadPaddingException: " + e3.getMessage(), new Object[0]);
            return null;
        } catch (IllegalBlockSizeException e4) {
            Log.error("signWithOldAuth: failed because of IllegalBlockSizeException: " + e4.getMessage(), new Object[0]);
            return null;
        } catch (NoSuchPaddingException e5) {
            Log.error("signWithOldAuth: failed because of NoSuchPaddingException: " + e5.getMessage(), new Object[0]);
            return null;
        }
    }

    public String getAdpAlgorithm() {
        if (this.mUseLegacyAuth) {
            return null;
        }
        return "SHA256WithRSA:1.0";
    }

    public String getAdpAlgorithmHeaderName() {
        if (this.mUseLegacyAuth) {
            return null;
        }
        return "x-adp-alg";
    }

    public String getAdpSignature(WebRequest webRequest) {
        String signBufferAsBase64;
        CorpusBuilder corpusBuilder = new CorpusBuilder(this.mAuthProvider, webRequest, this.mOverriddenTimestamp);
        if (!corpusBuilder.isValid()) {
            Log.error("RequestSigner: signRequest: unable to sign request, confirm that the ITokenAuthProvider implementation is providing correct token.", new Object[0]);
            return null;
        }
        byte[] corpus = corpusBuilder.getCorpus();
        String timestamp = corpusBuilder.getTimestamp();
        if (corpus == null || timestamp == null || (signBufferAsBase64 = signBufferAsBase64(corpus)) == null) {
            return null;
        }
        return String.format("%s:%s", signBufferAsBase64, timestamp);
    }

    public String getAdpSignatureHeaderName() {
        return this.mUseLegacyAuth ? "X-ADP-Request-Digest" : "x-adp-signature";
    }

    public String getAdpToken() {
        return this.mAuthProvider.getToken();
    }

    public String getAdpTokenHeaderName() {
        return this.mUseLegacyAuth ? "X-ADP-Authentication-Token" : "x-adp-token";
    }

    public boolean getUseLegacyAuthentication() {
        return this.mUseLegacyAuth;
    }

    public void setUseBustedIdentityBehavior(boolean z) {
        this.mUseBustedIdentityBehavior = z;
    }

    public void setUseLegacyAuthentication(boolean z) {
        this.mUseLegacyAuth = z;
    }

    public String signBufferAsBase64(byte[] bArr) {
        try {
            PrivateKey parseKey = parseKey(this.mAuthProvider.getPrivateKey());
            if (parseKey == null) {
                return null;
            }
            byte[] signWithOldAuth = this.mUseLegacyAuth ? signWithOldAuth(bArr, parseKey) : signWithNewAuth(bArr, parseKey);
            if (signWithOldAuth != null) {
                return new String(Base64.encodeBase64(signWithOldAuth), "UTF-8");
            }
            return null;
        } catch (UnsupportedEncodingException unused) {
            Log.error("signBufferAsBase64: Failed to sign because UTF-8 is an unsupported encoding", new Object[0]);
            return null;
        }
    }

    public boolean signRequest(WebRequest webRequest) {
        String adpSignature = getAdpSignature(webRequest);
        if (adpSignature == null) {
            return false;
        }
        webRequest.setHeader(getAdpSignatureHeaderName(), adpSignature);
        webRequest.setHeader(getAdpTokenHeaderName(), this.mAuthProvider.getToken());
        if (getAdpAlgorithmHeaderName() == null) {
            return true;
        }
        webRequest.setHeader(getAdpAlgorithmHeaderName(), getAdpAlgorithm());
        return true;
    }

    public void testOverrideTimestamp(String str) {
        this.mOverriddenTimestamp = str;
    }
}
