package jp.co.recruit.mtl.osharetenki.cloudfront;

import com.google.firebase.sessions.settings.RemoteSettings;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import java.util.concurrent.TimeUnit;

/* loaded from: classes4.dex */
public enum CloudFrontUrlSignerEx {
    ;

    private static final SecureRandom srand = new SecureRandom();

    /* loaded from: classes4.dex */
    public enum Protocol {
        http,
        https,
        rtmp
    }

    static String buildCannedPolicy(String str, Date date) {
        return "{\"Statement\":[{\"Resource\":\"" + str + "\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":" + TimeUnit.MILLISECONDS.toSeconds(date.getTime()) + "}}}]}";
    }

    static String buildCustomPolicy(String str, Date date, Date date2, String str2) {
        String str3;
        StringBuilder sb = new StringBuilder("{\"Statement\": [{\"Resource\":\"");
        sb.append(str);
        sb.append("\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":");
        sb.append(TimeUnit.MILLISECONDS.toSeconds(date.getTime()));
        sb.append("},\"IpAddress\":{\"AWS:SourceIp\":\"");
        sb.append(str2);
        sb.append("\"}");
        if (date2 == null) {
            str3 = "";
        } else {
            str3 = ",\"DateGreaterThan\":{\"AWS:EpochTime\":" + TimeUnit.MILLISECONDS.toSeconds(date2.getTime()) + "}";
        }
        sb.append(str3);
        sb.append("}}]}");
        return sb.toString();
    }

    public static String buildCustomPolicyForSignedUrl(String str, Date date, String str2, Date date2) {
        if (date == null) {
            throw new AmazonClientException("epochDateLessThan must be provided to sign CloudFront URLs");
        }
        if (str == null) {
            str = "*";
        }
        if (str2 == null) {
            str2 = "0.0.0.0/0";
        }
        return buildCustomPolicy(str, date, date2, str2);
    }

    private static String generateResourcePath(Protocol protocol, String str, String str2) {
        if (protocol != Protocol.http && protocol != Protocol.https) {
            return str2;
        }
        return protocol + "://" + str + RemoteSettings.FORWARD_SLASH_STRING + str2;
    }

    public static String getSignedURLWithCannedPolicy(String str, String str2, PrivateKey privateKey, Date date) {
        try {
            String makeBytesUrlSafe = makeBytesUrlSafe(signWithSha1RSA(buildCannedPolicy(str, date).getBytes(StringUtils.UTF8), privateKey));
            StringBuilder sb = new StringBuilder();
            sb.append(str);
            sb.append(str.indexOf(63) >= 0 ? "&" : "?");
            sb.append("Expires=");
            sb.append(TimeUnit.MILLISECONDS.toSeconds(date.getTime()));
            sb.append("&Signature=");
            sb.append(makeBytesUrlSafe);
            sb.append("&Key-Pair-Id=");
            sb.append(str2);
            return sb.toString();
        } catch (InvalidKeyException e) {
            throw new AmazonClientException("Couldn't sign url", e);
        }
    }

    public static String getSignedURLWithCannedPolicy(Protocol protocol, String str, File file, String str2, String str3, Date date) throws InvalidKeySpecException, IOException {
        return getSignedURLWithCannedPolicy(generateResourcePath(protocol, str, str2), str3, loadPrivateKey(file), date);
    }

    public static String getSignedURLWithCannedPolicy(Protocol protocol, String str, String str2, String str3, String str4, Date date) throws InvalidKeySpecException, IOException {
        return getSignedURLWithCannedPolicy(generateResourcePath(protocol, str, str3), str4, loadPrivateKey(str2), date);
    }

    public static String getSignedURLWithCustomPolicy(String str, String str2, PrivateKey privateKey, String str3) {
        try {
            byte[] signWithSha1RSA = signWithSha1RSA(str3.getBytes(StringUtils.UTF8), privateKey);
            String makeStringUrlSafe = makeStringUrlSafe(str3);
            String makeBytesUrlSafe = makeBytesUrlSafe(signWithSha1RSA);
            StringBuilder sb = new StringBuilder();
            sb.append(str);
            sb.append(str.indexOf(63) >= 0 ? "&" : "?");
            sb.append("Policy=");
            sb.append(makeStringUrlSafe);
            sb.append("&Signature=");
            sb.append(makeBytesUrlSafe);
            sb.append("&Key-Pair-Id=");
            sb.append(str2);
            return sb.toString();
        } catch (InvalidKeyException e) {
            throw new AmazonClientException("Coudln't sign url", e);
        }
    }

    public static String getSignedURLWithCustomPolicy(Protocol protocol, String str, File file, String str2, String str3, Date date, Date date2, String str4) throws InvalidKeySpecException, IOException {
        PrivateKey loadPrivateKey = loadPrivateKey(file);
        String generateResourcePath = generateResourcePath(protocol, str, str2);
        return getSignedURLWithCustomPolicy(generateResourcePath, str3, loadPrivateKey, buildCustomPolicyForSignedUrl(generateResourcePath, date, str4, date2));
    }

    private static PrivateKey loadPrivateKey(File file) throws InvalidKeySpecException, IOException {
        FileInputStream fileInputStream;
        if (file.getAbsolutePath().toLowerCase().endsWith(".pem")) {
            fileInputStream = new FileInputStream(file);
            try {
                return PEM.readPrivateKey(fileInputStream);
            } finally {
                try {
                    fileInputStream.close();
                } catch (IOException unused) {
                }
            }
        }
        if (!file.getAbsolutePath().toLowerCase().endsWith(".der")) {
            throw new AmazonClientException("Unsupported file type for private key");
        }
        fileInputStream = new FileInputStream(file);
        try {
            PrivateKey privateKeyFromPKCS8 = RSA.privateKeyFromPKCS8(IOUtils.toByteArray(fileInputStream));
            try {
                fileInputStream.close();
            } catch (IOException unused2) {
            }
            return privateKeyFromPKCS8;
        } finally {
            try {
                fileInputStream.close();
            } catch (IOException unused3) {
            }
        }
    }

    private static PrivateKey loadPrivateKey(String str) throws InvalidKeySpecException, IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
        try {
            return PEM.readPrivateKey(byteArrayInputStream);
        } finally {
            try {
                byteArrayInputStream.close();
            } catch (IOException unused) {
            }
        }
    }

    static String makeBytesUrlSafe(byte[] bArr) {
        byte[] encode = Base64.encode(bArr);
        for (int i = 0; i < encode.length; i++) {
            byte b = encode[i];
            if (b == 43) {
                encode[i] = 45;
            } else if (b == 47) {
                encode[i] = 126;
            } else if (b == 61) {
                encode[i] = 95;
            }
        }
        return new String(encode, StringUtils.UTF8);
    }

    private static String makeStringUrlSafe(String str) {
        return makeBytesUrlSafe(str.getBytes(StringUtils.UTF8));
    }

    private static byte[] signWithSha1RSA(byte[] bArr, PrivateKey privateKey) throws InvalidKeyException {
        try {
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initSign(privateKey, srand);
            signature.update(bArr);
            return signature.sign();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        } catch (SignatureException e2) {
            throw new IllegalStateException(e2);
        }
    }
}
