package com.joyent.http.signature;

import com.joyent.http.signature.crypto.NativeRSAProvider;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Signature;
import java.security.SignatureException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.util.Arrays;
import java.util.Date;
import java.util.Locale;
import java.util.Objects;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:com/joyent/http/signature/Signer.class */
public class Signer {

    @Deprecated
    public static final DateFormat DATE_FORMAT = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy zzz", Locale.ENGLISH);
    private static final String AUTHZ_HEADER = "Signature keyId=\"/%s/keys/%s\",algorithm=\"%s\",signature=\"%s\"";
    private static final String AUTHZ_SIGNING_STRING = "date: %s";
    private static final String AUTHZ_PATTERN = "signature=\"";
    private final Signature signature;
    private final String httpHeaderAlgorithm;

    /* loaded from: input_file:com/joyent/http/signature/Signer$Builder.class */
    public static class Builder {
        private final SigningAlgorithmHelper algHelper;
        private String hash;
        private String providerCode;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:com/joyent/http/signature/Signer$Builder$DsaHelper.class */
        public static class DsaHelper extends SigningAlgorithmHelper {
            private static final String[] SUPPORTED_HASHES = {"SHA1", "SHA256"};
            private static final String[] SUPPORTED_PROVIDER_CODES = {"stdlib"};

            private DsaHelper() {
                super();
            }

            @Override // com.joyent.http.signature.Signer.Builder.SigningAlgorithmHelper
            public String getAlgorithm() {
                return "DSA";
            }

            @Override // com.joyent.http.signature.Signer.Builder.SigningAlgorithmHelper
            public String[] getSupportedHashes() {
                return SUPPORTED_HASHES;
            }

            @Override // com.joyent.http.signature.Signer.Builder.SigningAlgorithmHelper
            public String defaultHash() {
                return "SHA256";
            }

            @Override // com.joyent.http.signature.Signer.Builder.SigningAlgorithmHelper
            public String[] getSupportedProviderCodes() {
                return SUPPORTED_PROVIDER_CODES;
            }

            @Override // com.joyent.http.signature.Signer.Builder.SigningAlgorithmHelper
            public String defaultProviderCode() {
                return "stdlib";
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:com/joyent/http/signature/Signer$Builder$EcdsaHelper.class */
        public static class EcdsaHelper extends SigningAlgorithmHelper {
            private static final String[] SUPPORTED_HASHES = {"SHA256", "SHA384", "SHA512"};
            private static final String[] SUPPORTED_PROVIDER_CODES = {"stdlib"};

            private EcdsaHelper() {
                super();
            }

            @Override // com.joyent.http.signature.Signer.Builder.SigningAlgorithmHelper
            public String getAlgorithm() {
                return "ECDSA";
            }

            @Override // com.joyent.http.signature.Signer.Builder.SigningAlgorithmHelper
            public String[] getSupportedHashes() {
                return SUPPORTED_HASHES;
            }

            @Override // com.joyent.http.signature.Signer.Builder.SigningAlgorithmHelper
            public String defaultHash() {
                return "SHA256";
            }

            @Override // com.joyent.http.signature.Signer.Builder.SigningAlgorithmHelper
            public String[] getSupportedProviderCodes() {
                return SUPPORTED_PROVIDER_CODES;
            }

            @Override // com.joyent.http.signature.Signer.Builder.SigningAlgorithmHelper
            public String defaultProviderCode() {
                return "stdlib";
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:com/joyent/http/signature/Signer$Builder$RsaHelper.class */
        public static class RsaHelper extends SigningAlgorithmHelper {
            private static final String[] SUPPORTED_HASHES = {"SHA1", "SHA256", "SHA512"};
            private static final String[] SUPPORTED_PROVIDER_CODES = {"native.jnagmp", "stdlib"};
            private static final String[] SUPPORTED_NATIVE_OS = {"linux", "mac os x", "sunos"};
            private static final String[] SUPPORTED_NATIVE_ARCH = {"amd64", "x86_64"};
            private static final boolean JNAGMP_SUPPORTED;

            private RsaHelper() {
                super();
            }

            @Override // com.joyent.http.signature.Signer.Builder.SigningAlgorithmHelper
            public String getAlgorithm() {
                return "RSA";
            }

            @Override // com.joyent.http.signature.Signer.Builder.SigningAlgorithmHelper
            public String[] getSupportedHashes() {
                return SUPPORTED_HASHES;
            }

            @Override // com.joyent.http.signature.Signer.Builder.SigningAlgorithmHelper
            public String defaultHash() {
                return "SHA256";
            }

            @Override // com.joyent.http.signature.Signer.Builder.SigningAlgorithmHelper
            public String[] getSupportedProviderCodes() {
                return SUPPORTED_PROVIDER_CODES;
            }

            @Override // com.joyent.http.signature.Signer.Builder.SigningAlgorithmHelper
            public String defaultProviderCode() {
                return "native.jnagmp";
            }

            @Override // com.joyent.http.signature.Signer.Builder.SigningAlgorithmHelper
            public String providerPrefix(Provider provider) {
                return provider != null ? "Native" : "";
            }

            @Override // com.joyent.http.signature.Signer.Builder.SigningAlgorithmHelper
            public Provider makeProvider(String str) {
                if (!str.equals("native.jnagmp") || !JNAGMP_SUPPORTED) {
                    return null;
                }
                try {
                    return new NativeRSAProvider();
                } catch (Exception e) {
                    e.printStackTrace();
                    return null;
                }
            }

            static {
                JNAGMP_SUPPORTED = Arrays.binarySearch(SUPPORTED_NATIVE_OS, System.getProperty("os.name").toLowerCase()) >= 0 && Arrays.binarySearch(SUPPORTED_NATIVE_ARCH, System.getProperty("os.arch").toLowerCase()) >= 0;
                System.setProperty("native.jnagmp", Objects.toString(Boolean.valueOf(JNAGMP_SUPPORTED)));
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:com/joyent/http/signature/Signer$Builder$SigningAlgorithmHelper.class */
        public static abstract class SigningAlgorithmHelper {
            private SigningAlgorithmHelper() {
            }

            public static SigningAlgorithmHelper create(KeyPair keyPair) {
                return create(keyPair.getPrivate().getAlgorithm());
            }

            public static SigningAlgorithmHelper create(String str) {
                if (str.equals("RSA")) {
                    return new RsaHelper();
                }
                if (str.equals("DSA")) {
                    return new DsaHelper();
                }
                if (str.equals("ECDSA") || str.equals("EC")) {
                    return new EcdsaHelper();
                }
                throw new IllegalArgumentException("invalid signing algorithm: " + str);
            }

            public abstract String getAlgorithm();

            public abstract String[] getSupportedHashes();

            public abstract String defaultHash();

            public abstract String[] getSupportedProviderCodes();

            public abstract String defaultProviderCode();

            public void checkSupportedHash(String str) {
                if (Arrays.binarySearch(getSupportedHashes(), str) == -1) {
                    throw new IllegalArgumentException("invalid hash algorithm: " + str);
                }
            }

            public void checkSupportedProviderCode(String str) {
                if (Arrays.binarySearch(getSupportedProviderCodes(), str) == -1) {
                    throw new IllegalArgumentException("invalid providerCode algorithm: " + str);
                }
            }

            public String providerPrefix(Provider provider) {
                return "";
            }

            public Provider makeProvider(String str) {
                return null;
            }
        }

        public Builder(KeyPair keyPair) {
            this.algHelper = SigningAlgorithmHelper.create(keyPair);
            this.hash = this.algHelper.defaultHash();
            this.providerCode = this.algHelper.defaultProviderCode();
        }

        public Builder(String str) {
            this.algHelper = SigningAlgorithmHelper.create(str);
            this.hash = this.algHelper.defaultHash();
            this.providerCode = this.algHelper.defaultProviderCode();
        }

        public Builder hash(String str) {
            this.algHelper.checkSupportedHash(str);
            this.hash = str;
            return this;
        }

        public Builder providerCode(String str) {
            this.algHelper.checkSupportedProviderCode(str);
            this.providerCode = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String javaStandardName(Provider provider) {
            return this.hash + "with" + this.algHelper.providerPrefix(provider) + this.algHelper.getAlgorithm();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String httpHeaderAlgorithm() {
            return this.algHelper.getAlgorithm().toLowerCase() + "-" + this.hash.toLowerCase();
        }

        public Signer build() {
            return new Signer(this);
        }
    }

    @Deprecated
    public Signer() {
        this(true);
    }

    @Deprecated
    public Signer(boolean z) {
        this(new Builder("RSA").providerCode(z ? "native.jnagmp" : "stdlib"));
    }

    public Signer(Builder builder) {
        Provider makeProvider = builder.algHelper.makeProvider(builder.providerCode);
        this.httpHeaderAlgorithm = builder.httpHeaderAlgorithm();
        if (makeProvider == null) {
            try {
                this.signature = Signature.getInstance(builder.javaStandardName(makeProvider));
            } catch (NoSuchAlgorithmException e) {
                throw new CryptoException(e);
            }
        } else {
            try {
                this.signature = Signature.getInstance(builder.javaStandardName(makeProvider), makeProvider);
            } catch (NoSuchAlgorithmException e2) {
                throw new CryptoException(e2);
            }
        }
    }

    @Deprecated
    public KeyPair getKeyPair(Path path) throws IOException {
        return KeyPairLoader.getKeyPair(path);
    }

    @Deprecated
    public KeyPair getKeyPair(String str, char[] cArr) throws IOException {
        return KeyPairLoader.getKeyPair(str, cArr);
    }

    @Deprecated
    public KeyPair getKeyPair(byte[] bArr, char[] cArr) throws IOException {
        return KeyPairLoader.getKeyPair(bArr, cArr);
    }

    @Deprecated
    public KeyPair getKeyPair(InputStream inputStream, char[] cArr) throws IOException {
        return KeyPairLoader.getKeyPair(inputStream, cArr);
    }

    @Deprecated
    public String createAuthorizationHeader(String str, String str2, KeyPair keyPair) {
        return createAuthorizationHeader(str, keyPair, defaultSignDateAsString());
    }

    public String createAuthorizationHeader(String str, KeyPair keyPair) {
        return createAuthorizationHeader(str, keyPair, defaultSignDateAsString());
    }

    @Deprecated
    public String createAuthorizationHeader(String str, String str2, KeyPair keyPair, Date date) {
        return createAuthorizationHeader(str, keyPair, date);
    }

    @Deprecated
    public String createAuthorizationHeader(String str, KeyPair keyPair, Date date) {
        return createAuthorizationHeader(str, keyPair, date == null ? null : ZonedDateTime.ofInstant(date.toInstant(), ZoneOffset.UTC));
    }

    public String createAuthorizationHeader(String str, KeyPair keyPair, ZonedDateTime zonedDateTime) {
        return createAuthorizationHeader(str, keyPair, zonedDateTime == null ? defaultSignDateAsString() : DateTimeFormatter.RFC_1123_DATE_TIME.format(zonedDateTime));
    }

    @Deprecated
    public String createAuthorizationHeader(String str, String str2, KeyPair keyPair, String str3) {
        Objects.requireNonNull(str, "Login must be present");
        Objects.requireNonNull(keyPair, "Keypair must be present");
        return createAuthorizationHeader(str, keyPair, str3);
    }

    public String createAuthorizationHeader(String str, KeyPair keyPair, String str2) {
        Objects.requireNonNull(str, "Login must be present");
        Objects.requireNonNull(keyPair, "Keypair must be present");
        try {
            this.signature.initSign(keyPair.getPrivate());
            this.signature.update(String.format(AUTHZ_SIGNING_STRING, str2).getBytes("UTF-8"));
            return String.format(AUTHZ_HEADER, str, KeyFingerprinter.md5Fingerprint(keyPair), this.httpHeaderAlgorithm, new String(Base64.encode(this.signature.sign()), StandardCharsets.US_ASCII));
        } catch (UnsupportedEncodingException e) {
            throw new CryptoException("invalid encoding", e);
        } catch (InvalidKeyException e2) {
            throw new CryptoException("invalid key", e2);
        } catch (SignatureException e3) {
            throw new CryptoException("invalid signature", e3);
        }
    }

    @Deprecated
    public byte[] sign(String str, String str2, KeyPair keyPair, byte[] bArr) {
        return sign(str, keyPair, bArr);
    }

    public byte[] sign(String str, KeyPair keyPair, byte[] bArr) {
        Objects.requireNonNull(str, "Login must be present");
        Objects.requireNonNull(keyPair, "Keypair must be present");
        Objects.requireNonNull(bArr, "Data must be present");
        try {
            this.signature.initSign(keyPair.getPrivate());
            this.signature.update(bArr);
            return this.signature.sign();
        } catch (InvalidKeyException e) {
            throw new CryptoException("invalid key", e);
        } catch (SignatureException e2) {
            throw new CryptoException("invalid signature", e2);
        }
    }

    @Deprecated
    public boolean verify(String str, String str2, KeyPair keyPair, byte[] bArr, byte[] bArr2) {
        return verify(str, keyPair, bArr, bArr2);
    }

    public boolean verify(String str, KeyPair keyPair, byte[] bArr, byte[] bArr2) {
        Objects.requireNonNull(str, "Login must be present");
        Objects.requireNonNull(keyPair, "Keypair must be present");
        Objects.requireNonNull(bArr2, "Data must be present");
        try {
            this.signature.initVerify(keyPair.getPublic());
            this.signature.update(bArr);
            return this.signature.verify(bArr2);
        } catch (InvalidKeyException e) {
            throw new CryptoException("invalid key", e);
        } catch (SignatureException e2) {
            throw new CryptoException("invalid signature", e2);
        }
    }

    public String defaultSignDateAsString() {
        return DateTimeFormatter.RFC_1123_DATE_TIME.format(ZonedDateTime.now(ZoneOffset.UTC));
    }

    public boolean verifyAuthorizationHeader(KeyPair keyPair, String str, String str2) {
        Objects.requireNonNull(keyPair, "Keypair must be present");
        Objects.requireNonNull(str, "AuthzHeader must be present");
        Objects.requireNonNull(str2, "Date must be present");
        String format = String.format(AUTHZ_SIGNING_STRING, str2);
        try {
            this.signature.initVerify(keyPair.getPublic());
            int indexOf = str.indexOf(AUTHZ_PATTERN);
            if (indexOf == -1) {
                throw new CryptoException(String.format("invalid authorization header %s", str));
            }
            byte[] decode = Base64.decode(str.substring(indexOf + AUTHZ_PATTERN.length(), str.length() - 1).getBytes("UTF-8"));
            this.signature.update(format.getBytes("UTF-8"));
            return this.signature.verify(decode);
        } catch (UnsupportedEncodingException e) {
            throw new CryptoException("invalid encoding", e);
        } catch (InvalidKeyException e2) {
            throw new CryptoException("invalid key", e2);
        } catch (SignatureException e3) {
            throw new CryptoException("invalid signature", e3);
        }
    }

    public String getHttpHeaderAlgorithm() {
        return this.httpHeaderAlgorithm;
    }

    Signature getSignature() {
        return this.signature;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder("Signer{");
        sb.append("signature=").append(this.signature);
        sb.append(",provider=").append(this.signature.getProvider().getName());
        sb.append(",httpHeaderAlgorithm=").append(this.httpHeaderAlgorithm);
        sb.append('}');
        return sb.toString();
    }
}
