package software.amazon.awssdk.services.cloudfront.internal.utils;

import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.time.Instant;
import java.util.Base64;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.core.exception.SdkClientException;
import software.amazon.awssdk.services.cloudfront.internal.auth.Pem;
import software.amazon.awssdk.services.cloudfront.internal.auth.Rsa;
import software.amazon.awssdk.utils.IoUtils;
import software.amazon.awssdk.utils.StringUtils;
import software.amazon.awssdk.utils.Validate;

@SdkInternalApi
/* loaded from: input_file:software/amazon/awssdk/services/cloudfront/internal/utils/SigningUtils.class */
public final class SigningUtils {
    private SigningUtils() {
    }

    public static String buildCannedPolicy(String str, Instant instant) {
        return "{\"Statement\":[{\"Resource\":\"" + str + "\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":" + instant.getEpochSecond() + "}}}]}";
    }

    public static String buildCustomPolicy(String str, Instant instant, Instant instant2, String str2) {
        return "{\"Statement\": [{\"Resource\":\"" + str + "\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":" + instant2.getEpochSecond() + "}" + (str2 == null ? "" : ",\"IpAddress\":{\"AWS:SourceIp\":\"" + str2 + "\"}") + (instant == null ? "" : ",\"DateGreaterThan\":{\"AWS:EpochTime\":" + instant.getEpochSecond() + "}") + "}}]}";
    }

    public static String makeBytesUrlSafe(byte[] bArr) {
        byte[] encode = Base64.getEncoder().encode(bArr);
        for (int i = 0; i < encode.length; i++) {
            switch (encode[i]) {
                case 43:
                    encode[i] = 45;
                    break;
                case 47:
                    encode[i] = 126;
                    break;
                case 61:
                    encode[i] = 95;
                    break;
            }
        }
        return new String(encode, StandardCharsets.UTF_8);
    }

    public static String makeStringUrlSafe(String str) {
        return makeBytesUrlSafe(str.getBytes(StandardCharsets.UTF_8));
    }

    public static byte[] signWithSha1Rsa(byte[] bArr, PrivateKey privateKey) throws InvalidKeyException {
        try {
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initSign(privateKey, new SecureRandom());
            signature.update(bArr);
            return signature.sign();
        } catch (NoSuchAlgorithmException | SignatureException e) {
            throw new IllegalStateException(e);
        }
    }

    public static String buildCustomPolicyForSignedUrl(String str, Instant instant, Instant instant2, String str2) {
        Validate.notNull(instant2, "Expiration date must be provided to sign CloudFront URLs", new Object[0]);
        if (str == null) {
            str = "*";
        }
        return buildCustomPolicy(str, instant, instant2, str2);
    }

    public static PrivateKey loadPrivateKey(Path path) throws Exception {
        InputStream newInputStream;
        if (StringUtils.lowerCase(path.toString()).endsWith(".pem")) {
            newInputStream = Files.newInputStream(path, new OpenOption[0]);
            try {
                PrivateKey readPrivateKey = Pem.readPrivateKey(newInputStream);
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return readPrivateKey;
            } finally {
            }
        }
        if (!StringUtils.lowerCase(path.toString()).endsWith(".der")) {
            throw SdkClientException.create("Unsupported file type for private key");
        }
        newInputStream = Files.newInputStream(path, new OpenOption[0]);
        try {
            PrivateKey privateKeyFromPkcs8 = Rsa.privateKeyFromPkcs8(IoUtils.toByteArray(newInputStream));
            if (newInputStream != null) {
                newInputStream.close();
            }
            return privateKeyFromPkcs8;
        } finally {
        }
    }
}
