package com.amazon.mp3.net;

import android.net.Uri;
import android.text.TextUtils;
import com.amazon.mp3.account.credentials.AccountCredentialStorage;
import com.amazon.mp3.util.Base64;
import com.amazon.mp3.util.Log;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.GregorianCalendar;
import java.util.Locale;
import java.util.Map;

/* loaded from: classes2.dex */
public class RequestSigner {
    private static final String TAG = "RequestSigner";

    /* loaded from: classes2.dex */
    private static class CorpusBuilder {
        String mBody;
        StringBuilder mCorpus = new StringBuilder();
        String mCurrentTimestamp = getCurrentTimestamp();
        String mDeviceToken;
        int mMethod;
        Uri mUri;

        public CorpusBuilder(AccountCredentialStorage accountCredentialStorage, HttpRequestBuilder httpRequestBuilder) {
            this.mMethod = httpRequestBuilder.getMethod();
            this.mUri = httpRequestBuilder.getRequestUri();
            this.mBody = httpRequestBuilder.getBody();
            this.mDeviceToken = accountCredentialStorage.getDeviceToken();
        }

        private String getCurrentTimestamp() {
            return new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ", Locale.getDefault()).format(new GregorianCalendar().getTime());
        }

        public String getCorpus() {
            if (!isValid()) {
                return null;
            }
            this.mCorpus.append(this.mMethod == 1 ? "POST" : "GET");
            this.mCorpus.append("\n");
            this.mCorpus.append(this.mUri.getEncodedPath());
            if (this.mUri.getEncodedQuery() != null) {
                this.mCorpus.append("?");
                this.mCorpus.append(this.mUri.getEncodedQuery());
            }
            this.mCorpus.append("\n");
            this.mCorpus.append(this.mCurrentTimestamp);
            this.mCorpus.append("\n");
            this.mCorpus.append(this.mBody);
            this.mCorpus.append("\n");
            this.mCorpus.append(this.mDeviceToken);
            return this.mCorpus.toString();
        }

        public String getTimestamp() {
            return this.mCurrentTimestamp;
        }

        public boolean isValid() {
            return ((this.mMethod != 0 && this.mMethod != 1) || this.mUri == null || TextUtils.isEmpty(this.mCurrentTimestamp) || TextUtils.isEmpty(this.mBody) || TextUtils.isEmpty(this.mDeviceToken)) ? false : true;
        }
    }

    /* loaded from: classes2.dex */
    public static class InvalidCorpusException extends Exception {
        private static final long serialVersionUID = 5709822964473346972L;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public enum KeyFormat {
        PKCS8,
        PKCS1,
        INVALID
    }

    private static String convertPEMToBase64DER(String str) {
        return str.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----BEGIN RSA PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replace("-----END RSA PRIVATE KEY-----", "").trim();
    }

    private static KeyFormat getKeyFormat(String str) {
        return str.contains("-----BEGIN PRIVATE KEY-----") ? KeyFormat.PKCS8 : str.contains("-----BEGIN RSA PRIVATE KEY-----") ? KeyFormat.PKCS1 : KeyFormat.INVALID;
    }

    private static boolean isPEMEncoded(String str) {
        return str.charAt(0) == '-' && str.charAt(str.length() + (-1)) == '-';
    }

    private static PrivateKey parseKey(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        String str2;
        KeyFormat keyFormat;
        if (TextUtils.isEmpty(str)) {
            return null;
        }
        String trim = str.trim();
        if (isPEMEncoded(trim)) {
            str2 = convertPEMToBase64DER(trim);
            keyFormat = getKeyFormat(trim);
        } else {
            str2 = trim;
            keyFormat = KeyFormat.PKCS8;
        }
        if (keyFormat != KeyFormat.PKCS8) {
            throw new RuntimeException("Only PKCS8 Private key is supported");
        }
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(str2)));
    }

    public static boolean signRequest(AccountCredentialStorage accountCredentialStorage, HttpRequestBuilder httpRequestBuilder) throws InvalidCorpusException {
        CorpusBuilder corpusBuilder;
        try {
            corpusBuilder = new CorpusBuilder(accountCredentialStorage, httpRequestBuilder);
        } catch (UnsupportedEncodingException e) {
            Log.error(TAG, "Cannot sign the request: %s", e.getClass().getName());
        } catch (InvalidKeyException e2) {
            Log.error(TAG, "Cannot sign the request: %s", e2.getClass().getName());
        } catch (NoSuchAlgorithmException e3) {
            Log.error(TAG, "Cannot sign the request: %s", e3.getClass().getName());
        } catch (SignatureException e4) {
            Log.error(TAG, "Cannot sign the request: %s", e4.getClass().getName());
        } catch (InvalidKeySpecException e5) {
            Log.error(TAG, "Cannot sign the request: %s", e5.getClass().getName());
        }
        if (!corpusBuilder.isValid()) {
            throw new InvalidCorpusException();
        }
        byte[] bytes = corpusBuilder.getCorpus().getBytes("UTF-8");
        PrivateKey parseKey = parseKey(accountCredentialStorage.getPrivateKey());
        if (parseKey != null) {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(parseKey);
            signature.update(bytes);
            String encodeBytes = Base64.encodeBytes(signature.sign(), 8);
            Map<String, String> copyHeaders = httpRequestBuilder.copyHeaders();
            copyHeaders.put("x-adp-token", accountCredentialStorage.getDeviceToken());
            copyHeaders.put("x-adp-alg", "SHA256withRSA:1.0");
            copyHeaders.put("x-adp-signature", encodeBytes + ":" + corpusBuilder.getTimestamp());
            httpRequestBuilder.setHeaders(copyHeaders);
            return true;
        }
        return false;
    }
}
