package com.joyent.manta.http.signature.google.httpclient;

import com.joyent.manta.com.google.api.client.http.HttpRequest;
import com.joyent.manta.http.signature.CryptoException;
import com.joyent.manta.http.signature.Signer;
import com.joyent.manta.http.signature.ThreadLocalSigner;
import com.joyent.manta.org.apache.commons.lang3.StringUtils;
import com.joyent.manta.org.apache.http.protocol.HTTP;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:lib/java-manta-client-2.7.1.jar:com/joyent/manta/http/signature/google/httpclient/RequestHttpSigner.class */
public class RequestHttpSigner {
    private static final Logger LOG = Logger.getLogger(RequestHttpSigner.class.getName());
    private final KeyPair keyPair;
    private final String login;
    private final String fingerprint;
    private final ThreadLocalSigner signer;

    public RequestHttpSigner(KeyPair keyPair, String str, String str2, boolean z) {
        this(keyPair, str, str2, new ThreadLocalSigner(z));
    }

    public RequestHttpSigner(KeyPair keyPair, String str, String str2, ThreadLocalSigner threadLocalSigner) {
        if (keyPair == null) {
            throw new IllegalArgumentException("KeyPair must be present");
        }
        if (str == null) {
            throw new IllegalArgumentException("Login must be present");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("Fingerprint must be present");
        }
        this.keyPair = keyPair;
        this.login = str;
        this.fingerprint = str2;
        this.signer = threadLocalSigner;
    }

    public void signRequest(HttpRequest httpRequest) {
        String defaultSignDateAsString;
        if (LOG.getLevel() != null && LOG.getLevel().equals(Level.FINER)) {
            LOG.finer(String.format("Signing request: %s", httpRequest.getHeaders()));
        }
        String date = httpRequest.getHeaders().getDate();
        if (date == null || date.isEmpty()) {
            defaultSignDateAsString = this.signer.get().defaultSignDateAsString();
            httpRequest.getHeaders().setDate(defaultSignDateAsString);
        } else {
            defaultSignDateAsString = httpRequest.getHeaders().getDate();
        }
        httpRequest.getHeaders().setAuthorization(this.signer.get().createAuthorizationHeader(this.login, this.fingerprint, this.keyPair, defaultSignDateAsString));
    }

    public URI signURI(URI uri, String str, long j) throws IOException {
        Objects.requireNonNull(str, "Method must be present");
        Objects.requireNonNull(uri, "URI must be present");
        if (uri.getQuery() != null && !uri.getQuery().isEmpty()) {
            throw new IllegalArgumentException("Query must be empty");
        }
        String encode = URLEncoder.encode(String.format("/%s/keys/%s", getLogin(), getFingerprint()), HTTP.UTF_8);
        StringBuilder sb = new StringBuilder();
        sb.append(str).append(StringUtils.LF).append(uri.getHost()).append(StringUtils.LF).append(uri.getPath()).append(StringUtils.LF).append("algorithm=").append("RSA-SHA256").append("&").append("expires=").append(j).append("&").append("keyId=").append(encode);
        StringBuilder sb2 = new StringBuilder();
        sb2.append(uri).append("?").append("algorithm=").append("RSA-SHA256").append("&").append("expires=").append(j).append("&").append("keyId=").append(encode).append("&").append("signature=").append(URLEncoder.encode(new String(Base64.encode(this.signer.get().sign(getLogin(), getFingerprint(), getKeyPair(), sb.toString().getBytes())), HTTP.UTF_8), HTTP.UTF_8));
        return URI.create(sb2.toString());
    }

    public boolean verifyRequest(HttpRequest httpRequest) {
        if (LOG.getLevel() != null && LOG.getLevel().equals(Level.FINER)) {
            LOG.finer(String.format("Verifying request: %s", httpRequest.getHeaders()));
        }
        String date = httpRequest.getHeaders().getDate();
        if (date == null) {
            throw new CryptoException("No date header in request");
        }
        String format = String.format(Signer.AUTHZ_SIGNING_STRING, date);
        Signature signature = this.signer.get().getSignature();
        try {
            signature.initVerify(this.keyPair.getPublic());
            String authorization = httpRequest.getHeaders().getAuthorization();
            int indexOf = authorization.indexOf(Signer.AUTHZ_PATTERN);
            if (indexOf == -1) {
                throw new CryptoException("invalid authorization header " + authorization);
            }
            byte[] decode = Base64.decode(authorization.substring(indexOf + Signer.AUTHZ_PATTERN.length(), authorization.length() - 1).getBytes(HTTP.UTF_8));
            signature.update(format.getBytes(HTTP.UTF_8));
            return signature.verify(decode);
        } catch (UnsupportedEncodingException e) {
            throw new CryptoException("invalid encoding", e);
        } catch (InvalidKeyException e2) {
            throw new CryptoException("invalid key", e2);
        } catch (SignatureException e3) {
            throw new CryptoException("invalid signature", e3);
        }
    }

    public KeyPair getKeyPair() {
        return this.keyPair;
    }

    public String getLogin() {
        return this.login;
    }

    public String getFingerprint() {
        return this.fingerprint;
    }

    public ThreadLocalSigner getSignerThreadLocal() {
        return this.signer;
    }
}
