package com.amazon.identity.kcpsdk.auth;

import android.util.Base64;
import com.amazon.identity.auth.device.utils.MAPLog;
import com.amazon.identity.kcpsdk.common.WebRequest;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes.dex */
public class RequestSigner {
    private static final String TAG = RequestSigner.class.getName();
    private final ITokenAuthProvider mAuthProvider;
    private String mOverriddenTimestamp;
    private String mADPAlgorithm = null;
    private boolean mUseLegacyAuth = false;
    private boolean mUseBustedIdentityBehavior = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class CorpusBuilder {
        private byte[] mBody;
        private ByteArrayOutputStream mCorpus = new ByteArrayOutputStream();
        private boolean mIsValid;
        private String mPath;
        private String mTimestamp;
        private String mToken;
        private String mVerb;

        public CorpusBuilder(ITokenAuthProvider iTokenAuthProvider, WebRequest webRequest, String str) {
            String token;
            this.mPath = "";
            this.mBody = new byte[0];
            this.mTimestamp = str;
            if (this.mTimestamp == null) {
                this.mTimestamp = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'", Locale.US).format(new Date());
            }
            if (iTokenAuthProvider != null && (token = iTokenAuthProvider.getToken()) != null) {
                this.mToken = token;
            }
            if (webRequest != null) {
                String verbAsString = webRequest.getVerbAsString();
                if (verbAsString != null) {
                    this.mVerb = verbAsString;
                }
                if (RequestSigner.this.mUseBustedIdentityBehavior) {
                    this.mPath = webRequest.getUrl();
                } else {
                    String pathAndQueryString = webRequest.getPathAndQueryString();
                    if (pathAndQueryString != null) {
                        this.mPath = pathAndQueryString;
                        if (!this.mPath.startsWith("/")) {
                            this.mPath += "/" + this.mPath;
                        }
                    }
                }
                if (RequestSigner.this.mUseBustedIdentityBehavior) {
                    this.mBody = new byte[0];
                } else {
                    byte[] bodyBytes = webRequest.getBodyBytes();
                    if (bodyBytes != null) {
                        this.mBody = bodyBytes;
                    }
                }
            }
            if (validateComponents()) {
                try {
                    this.mCorpus.write((this.mVerb + "\n").getBytes(com.amazon.device.ads.WebRequest.CHARSET_UTF_8));
                    this.mCorpus.write((this.mPath + "\n").getBytes(com.amazon.device.ads.WebRequest.CHARSET_UTF_8));
                    this.mCorpus.write((this.mTimestamp + "\n").getBytes(com.amazon.device.ads.WebRequest.CHARSET_UTF_8));
                    this.mCorpus.write(this.mBody);
                    this.mCorpus.write("\n".getBytes(com.amazon.device.ads.WebRequest.CHARSET_UTF_8));
                    this.mCorpus.write(this.mToken.getBytes(com.amazon.device.ads.WebRequest.CHARSET_UTF_8));
                    this.mIsValid = true;
                } catch (UnsupportedEncodingException e) {
                    MAPLog.e(RequestSigner.TAG, "corpusbuilder: UnsupportedEncodingException error: " + e.getMessage());
                } catch (IOException e2) {
                    MAPLog.e(RequestSigner.TAG, "corpusbuilder: IOException error: " + e2.getMessage());
                }
            }
        }

        public byte[] getCorpus() {
            return this.mCorpus.toByteArray();
        }

        public String getTimestamp() {
            return this.mTimestamp;
        }

        public boolean isValid() {
            return this.mIsValid;
        }

        public boolean validateComponents() {
            return (this.mVerb == null || this.mTimestamp == null || this.mToken == null) ? false : true;
        }
    }

    public RequestSigner(ITokenAuthProvider iTokenAuthProvider) {
        this.mAuthProvider = iTokenAuthProvider;
    }

    private void initADPAlgorithm() {
        if (this.mADPAlgorithm == null) {
            this.mADPAlgorithm = this.mAuthProvider.getSignAlgo();
        }
    }

    private byte[] signWithNewAuth(byte[] bArr, PrivateKey privateKey) {
        try {
            initADPAlgorithm();
            Signature signature = Signature.getInstance(this.mADPAlgorithm);
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException e) {
            MAPLog.e(TAG, "signWithNewAuth: failed because of InvalidKeyException: " + e.getMessage());
            return null;
        } catch (NoSuchAlgorithmException e2) {
            MAPLog.e(TAG, "signWithNewAuth: failed because of NoSuchAlgorithmException: " + e2.getMessage());
            return null;
        } catch (SignatureException e3) {
            MAPLog.e(TAG, "signWithNewAuth: failed because of SignatureException: " + e3.getMessage());
            return null;
        }
    }

    private byte[] signWithOldAuth(byte[] bArr, PrivateKey privateKey) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            byte[] digest = messageDigest.digest();
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, privateKey);
            cipher.update(digest);
            return cipher.doFinal();
        } catch (InvalidKeyException e) {
            MAPLog.e(TAG, "signWithOldAuth: failed because of InvalidKeyException: " + e.getMessage());
            return null;
        } catch (NoSuchAlgorithmException e2) {
            MAPLog.e(TAG, "signWithOldAuth: failed because of NoSuchAlgorithmException: " + e2.getMessage());
            return null;
        } catch (BadPaddingException e3) {
            MAPLog.e(TAG, "signWithOldAuth: failed because of BadPaddingException: " + e3.getMessage());
            return null;
        } catch (IllegalBlockSizeException e4) {
            MAPLog.e(TAG, "signWithOldAuth: failed because of IllegalBlockSizeException: " + e4.getMessage());
            return null;
        } catch (NoSuchPaddingException e5) {
            MAPLog.e(TAG, "signWithOldAuth: failed because of NoSuchPaddingException: " + e5.getMessage());
            return null;
        }
    }

    public String getAdpAlgorithm() {
        if (this.mUseLegacyAuth) {
            return null;
        }
        initADPAlgorithm();
        return this.mADPAlgorithm + ":1.0";
    }

    public String getAdpAlgorithmHeaderName() {
        if (this.mUseLegacyAuth) {
            return null;
        }
        return "x-adp-alg";
    }

    public String getAdpSignature(WebRequest webRequest) {
        String signBufferAsBase64;
        CorpusBuilder corpusBuilder = new CorpusBuilder(this.mAuthProvider, webRequest, this.mOverriddenTimestamp);
        if (!corpusBuilder.isValid()) {
            MAPLog.e(TAG, "RequestSigner: signRequest: unable to sign request, confirm that the ITokenAuthProvider implementation is providing correct token.");
            return null;
        }
        byte[] corpus = corpusBuilder.getCorpus();
        String timestamp = corpusBuilder.getTimestamp();
        if (corpus == null || timestamp == null || (signBufferAsBase64 = signBufferAsBase64(corpus)) == null) {
            return null;
        }
        return String.format("%s:%s", signBufferAsBase64, timestamp);
    }

    public String getAdpSignatureHeaderName() {
        return this.mUseLegacyAuth ? "X-ADP-Request-Digest" : "x-adp-signature";
    }

    public String getAdpTokenHeaderName() {
        return this.mUseLegacyAuth ? "X-ADP-Authentication-Token" : "x-adp-token";
    }

    public boolean getUseLegacyAuthentication() {
        return this.mUseLegacyAuth;
    }

    public void setUseLegacyAuthentication(boolean z) {
        this.mUseLegacyAuth = z;
        if (this.mUseLegacyAuth) {
            MAPLog.i(TAG, "Try to set useLegacyAuthentication to be true when algorithm is: " + this.mADPAlgorithm);
            if (this.mAuthProvider != null) {
                initADPAlgorithm();
                if (!this.mADPAlgorithm.equalsIgnoreCase("SHA256WithRSA")) {
                    throw new IllegalStateException("LegacyAuthentication is not compatible with algorithm:" + this.mADPAlgorithm);
                }
            }
        }
    }

    public String signBufferAsBase64(byte[] bArr) {
        byte[] signWithNewAuth;
        PrivateKey parsedPrivateKey = this.mAuthProvider.getParsedPrivateKey();
        if (parsedPrivateKey == null) {
            return null;
        }
        if (this.mUseLegacyAuth) {
            initADPAlgorithm();
            if (!this.mADPAlgorithm.equals("SHA256WithRSA")) {
                MAPLog.e(TAG, "Try to use legacy auth when the algorithm is " + this.mADPAlgorithm);
            }
            signWithNewAuth = signWithOldAuth(bArr, parsedPrivateKey);
        } else {
            signWithNewAuth = signWithNewAuth(bArr, parsedPrivateKey);
        }
        return signWithNewAuth != null ? Base64.encodeToString(signWithNewAuth, 2) : null;
    }

    public boolean signRequest(WebRequest webRequest) {
        String adpSignature = getAdpSignature(webRequest);
        if (adpSignature == null) {
            return false;
        }
        webRequest.setHeader(getAdpSignatureHeaderName(), adpSignature);
        webRequest.setHeader(getAdpTokenHeaderName(), this.mAuthProvider.getToken());
        if (getAdpAlgorithmHeaderName() != null) {
            webRequest.setHeader(getAdpAlgorithmHeaderName(), getAdpAlgorithm());
        }
        return true;
    }
}
