package com.aliyun.dkms.gcs.openapi.credential.auth;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;

/* loaded from: input_file:com/aliyun/dkms/gcs/openapi/credential/auth/SHA256withRSASigner.class */
public class SHA256withRSASigner extends Signer {
    public static final String ENCODING = "UTF-8";
    private static final String ALGORITHM_NAME = "RSA_PKCS1_SHA_256";
    private static final String PEM_PRIVATE_KEY_PREFIX_PKCS1 = "-----BEGIN RSA PRIVATE KEY-----";
    private static final String PEM_PRIVATE_KEY_PREFIX_PKCS8 = "-----BEGIN PRIVATE KEY-----";
    private static final String PEM_PRIVATE_KEY_SUFFIX_PKCS1 = "-----END RSA PRIVATE KEY-----";
    private static final String PEM_PRIVATE_KEY_SUFFIX_PKCS8 = "-----END PRIVATE KEY-----";

    @Override // com.aliyun.dkms.gcs.openapi.credential.auth.Signer
    public String signString(String str, String str2) {
        byte[] decode;
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            if (str2.contains(PEM_PRIVATE_KEY_PREFIX_PKCS1) && str2.contains(PEM_PRIVATE_KEY_SUFFIX_PKCS1)) {
                decode = formatPkcs1ToPkcs8(Base64.getDecoder().decode(str2.replace(PEM_PRIVATE_KEY_PREFIX_PKCS1, "").replaceAll("\r\n", "").replaceAll("\n", "").replace(PEM_PRIVATE_KEY_SUFFIX_PKCS1, "")));
            } else {
                if (!str2.contains(PEM_PRIVATE_KEY_PREFIX_PKCS8) || !str2.contains(PEM_PRIVATE_KEY_SUFFIX_PKCS8)) {
                    throw new IllegalArgumentException("Illegal private key pem format");
                }
                decode = Base64.getDecoder().decode(str2.replace(PEM_PRIVATE_KEY_PREFIX_PKCS8, "").replaceAll("\r\n", "").replaceAll("\n", "").replace(PEM_PRIVATE_KEY_SUFFIX_PKCS8, ""));
            }
            signature.initSign(keyFactory.generatePrivate(new PKCS8EncodedKeySpec(decode)));
            signature.update(str.getBytes(ENCODING));
            return "Bearer " + Base64.getEncoder().encodeToString(signature.sign());
        } catch (UnsupportedEncodingException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | InvalidKeySpecException e) {
            throw new IllegalArgumentException(e.toString());
        } catch (IllegalArgumentException e2) {
            throw new IllegalArgumentException("Private key contains " + e2.getMessage());
        }
    }

    @Override // com.aliyun.dkms.gcs.openapi.credential.auth.Signer
    public String signString(String str, AlibabaCloudCredentials alibabaCloudCredentials) {
        return signString(str, alibabaCloudCredentials.getAccessKeySecret());
    }

    @Override // com.aliyun.dkms.gcs.openapi.credential.auth.Signer
    public String getSignerName() {
        return ALGORITHM_NAME;
    }

    @Override // com.aliyun.dkms.gcs.openapi.credential.auth.Signer
    public String getSignerVersion() {
        return "1.0";
    }

    @Override // com.aliyun.dkms.gcs.openapi.credential.auth.Signer
    public String getSignerType() {
        return "rsa_key_pair";
    }

    private byte[] formatPkcs1ToPkcs8(byte[] bArr) {
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
            Throwable th = null;
            try {
                try {
                    byte[] encoded = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption), aSN1InputStream.readObject()).getEncoded();
                    if (aSN1InputStream != null) {
                        if (0 != 0) {
                            try {
                                aSN1InputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            aSN1InputStream.close();
                        }
                    }
                    return encoded;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new IllegalArgumentException(e.toString());
        }
    }
}
