package com.joyent.manta.client.crypto;

import com.google.api.client.http.HttpRequest;
import com.joyent.manta.exception.MantaCryptoException;
import java.io.BufferedReader;
import java.io.FileReader;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.TimeZone;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMReader;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:com/joyent/manta/client/crypto/HttpSigner.class */
public class HttpSigner {
    private static final Log LOG = LogFactory.getLog(HttpSigner.class);
    private static final DateFormat DATE_FORMAT = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy zzz");
    private static final String AUTHZ_HEADER = "Signature keyId=\"/%s/keys/%s\",algorithm=\"rsa-sha256\",signature=\"%s\"";
    private static final String AUTHZ_SIGNING_STRING = "date: %s";
    private static final String AUTHZ_PATTERN = "signature=\"";
    static final String SIGNING_ALGORITHM = "SHA256WithRSAEncryption";
    final KeyPair keyPair_;
    private final String login_;
    private final String fingerPrint_;

    public static final HttpSigner newInstance(String str, String str2, String str3) throws IOException {
        return new HttpSigner(str, str2, str3);
    }

    private HttpSigner(String str, String str2, String str3) throws IOException {
        LOG.debug(String.format("initializing HttpSigner with keypath: %s, fingerprint: %s, login: %s", str, str2, str3));
        this.fingerPrint_ = str2;
        this.login_ = str3;
        this.keyPair_ = getKeyPair(str);
    }

    private final KeyPair getKeyPair(String str) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new FileReader(str));
        Security.addProvider(new BouncyCastleProvider());
        PEMReader pEMReader = new PEMReader(bufferedReader);
        KeyPair keyPair = (KeyPair) pEMReader.readObject();
        pEMReader.close();
        return keyPair;
    }

    public final void signRequest(HttpRequest httpRequest) throws MantaCryptoException {
        LOG.debug("signing request: " + httpRequest.getHeaders());
        String date = httpRequest.getHeaders().getDate();
        if (date == null) {
            date = DATE_FORMAT.format(Calendar.getInstance(TimeZone.getTimeZone("UTC")).getTime());
            LOG.debug("setting date header: " + date);
            httpRequest.getHeaders().setDate(date);
        }
        try {
            Signature signature = Signature.getInstance(SIGNING_ALGORITHM);
            signature.initSign(this.keyPair_.getPrivate());
            signature.update(String.format(AUTHZ_SIGNING_STRING, date).getBytes("UTF-8"));
            httpRequest.getHeaders().setAuthorization(String.format(AUTHZ_HEADER, this.login_, this.fingerPrint_, new String(Base64.encode(signature.sign()))));
        } catch (UnsupportedEncodingException e) {
            throw new MantaCryptoException("invalid encoding", e);
        } catch (InvalidKeyException e2) {
            throw new MantaCryptoException("invalid key", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new MantaCryptoException("invalid algorithm", e3);
        } catch (SignatureException e4) {
            throw new MantaCryptoException("invalid signature", e4);
        }
    }

    public final boolean verifyRequest(HttpRequest httpRequest) throws MantaCryptoException {
        LOG.debug("verifying request: " + httpRequest.getHeaders());
        String date = httpRequest.getHeaders().getDate();
        if (date == null) {
            throw new MantaCryptoException("no date header in request");
        }
        String format = String.format(AUTHZ_SIGNING_STRING, date);
        try {
            Signature signature = Signature.getInstance(SIGNING_ALGORITHM);
            signature.initVerify(this.keyPair_.getPublic());
            String authorization = httpRequest.getHeaders().getAuthorization();
            int indexOf = authorization.indexOf(AUTHZ_PATTERN);
            if (indexOf == -1) {
                throw new MantaCryptoException("invalid authorization header " + authorization);
            }
            byte[] decode = Base64.decode(authorization.substring(indexOf + AUTHZ_PATTERN.length(), authorization.length() - 1).getBytes("UTF-8"));
            signature.update(format.getBytes("UTF-8"));
            return signature.verify(decode);
        } catch (UnsupportedEncodingException e) {
            throw new MantaCryptoException("invalid encoding", e);
        } catch (InvalidKeyException e2) {
            throw new MantaCryptoException("invalid key", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new MantaCryptoException("invalid algorithm", e3);
        } catch (SignatureException e4) {
            throw new MantaCryptoException("invalid signature", e4);
        }
    }
}
