package com.amazonaws.services.cloudfront.util;

import com.amazonaws.AmazonClientException;
import com.amazonaws.auth.PEM;
import com.amazonaws.auth.RSA;
import com.amazonaws.util.Base64;
import com.amazonaws.util.IOUtils;
import com.amazonaws.util.StringUtils;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import java.util.concurrent.TimeUnit;

/* loaded from: input_file:WEB-INF/lib/aws-java-sdk-cloudfront-1.11.388.jar:com/amazonaws/services/cloudfront/util/SignerUtils.class */
public class SignerUtils {
    private static final SecureRandom srand = new SecureRandom();

    /* loaded from: input_file:WEB-INF/lib/aws-java-sdk-cloudfront-1.11.388.jar:com/amazonaws/services/cloudfront/util/SignerUtils$Protocol.class */
    public enum Protocol {
        http,
        https,
        rtmp
    }

    public static String buildCannedPolicy(String str, Date date) {
        return "{\"Statement\":[{\"Resource\":\"" + str + "\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":" + TimeUnit.MILLISECONDS.toSeconds(date.getTime()) + "}}}]}";
    }

    public static String buildCustomPolicy(String str, Date date, Date date2, String str2) {
        return "{\"Statement\": [{\"Resource\":\"" + str + "\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":" + TimeUnit.MILLISECONDS.toSeconds(date.getTime()) + "}" + (str2 == null ? "" : ",\"IpAddress\":{\"AWS:SourceIp\":\"" + str2 + "\"}") + (date2 == null ? "" : ",\"DateGreaterThan\":{\"AWS:EpochTime\":" + TimeUnit.MILLISECONDS.toSeconds(date2.getTime()) + "}") + "}}]}";
    }

    public static String makeBytesUrlSafe(byte[] bArr) {
        byte[] encode = Base64.encode(bArr);
        for (int i = 0; i < encode.length; i++) {
            switch (encode[i]) {
                case 43:
                    encode[i] = 45;
                    break;
                case 47:
                    encode[i] = 126;
                    break;
                case 61:
                    encode[i] = 95;
                    break;
            }
        }
        return new String(encode, StringUtils.UTF8);
    }

    public static String makeStringUrlSafe(String str) {
        return makeBytesUrlSafe(str.getBytes(StringUtils.UTF8));
    }

    public static String generateResourcePath(Protocol protocol, String str, String str2) {
        return (protocol == Protocol.http || protocol == Protocol.https) ? protocol + "://" + str + "/" + str2 : str2;
    }

    public static byte[] signWithSha1RSA(byte[] bArr, PrivateKey privateKey) throws InvalidKeyException {
        try {
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initSign(privateKey, srand);
            signature.update(bArr);
            return signature.sign();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        } catch (SignatureException e2) {
            throw new IllegalStateException(e2);
        }
    }

    public static PrivateKey loadPrivateKey(File file) throws InvalidKeySpecException, IOException {
        FileInputStream fileInputStream;
        if (StringUtils.lowerCase(file.getAbsolutePath()).endsWith(".pem")) {
            fileInputStream = new FileInputStream(file);
            try {
                return PEM.readPrivateKey(fileInputStream);
            } finally {
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                }
            }
        }
        if (!StringUtils.lowerCase(file.getAbsolutePath()).endsWith(".der")) {
            throw new AmazonClientException("Unsupported file type for private key");
        }
        fileInputStream = new FileInputStream(file);
        try {
            PrivateKey privateKeyFromPKCS8 = RSA.privateKeyFromPKCS8(IOUtils.toByteArray(fileInputStream));
            try {
                fileInputStream.close();
            } catch (IOException e2) {
            }
            return privateKeyFromPKCS8;
        } finally {
            try {
                fileInputStream.close();
            } catch (IOException e3) {
            }
        }
    }

    public static PrivateKey loadPrivateKey(String str) throws InvalidKeySpecException, IOException {
        return loadPrivateKey(new File(str));
    }
}
