package org.nuxeo.ecm.core.storage.sql;

import com.amazonaws.AmazonClientException;
import com.amazonaws.auth.PEM;
import com.amazonaws.auth.RSA;
import com.amazonaws.services.cloudfront.CloudFrontUrlSigner;
import com.amazonaws.services.cloudfront.util.SignerUtils;
import com.amazonaws.util.IOUtils;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import org.apache.http.client.utils.URIBuilder;
import org.nuxeo.ecm.core.blob.ManagedBlob;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/ecm/core/storage/sql/CloudFrontBinaryManager.class */
public class CloudFrontBinaryManager extends S3BinaryManager {
    private static final String BASE_PROP = "cloudfront.";
    public static final String PRIVATE_KEY_PROPERTY = "cloudfront.privKey";
    public static final String PRIVATE_KEY_ID_PROPERTY = "cloudfront.privKeyId";
    public static final String DISTRIB_DOMAIN_PROPERTY = "cloudfront.distribDomain";
    public static final String PROTOCOL_PROPERTY = "cloudfront.protocol";
    public static final String ENABLE_CF_ENCODING_FIX = "nuxeo.s3storage.cloudfront.fix.encoding";
    protected String distributionDomain;
    protected SignerUtils.Protocol protocol;
    protected PrivateKey privKey;
    protected String privKeyId;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.nuxeo.ecm.core.storage.sql.S3BinaryManager
    public void setupCloudClient() throws IOException {
        super.setupCloudClient();
        this.protocol = SignerUtils.Protocol.valueOf(getProperty(PROTOCOL_PROPERTY, "https"));
        this.distributionDomain = getProperty(DISTRIB_DOMAIN_PROPERTY);
        this.directDownload = Boolean.parseBoolean(getProperty("directdownload", Boolean.TRUE.toString()));
        try {
            this.privKey = loadPrivateKey(getProperty(PRIVATE_KEY_PROPERTY));
            this.privKeyId = getProperty(PRIVATE_KEY_ID_PROPERTY);
        } catch (InvalidKeySpecException e) {
            throw new IOException(e);
        }
    }

    @Override // org.nuxeo.ecm.core.storage.sql.S3BinaryManager
    protected URI getRemoteUri(String str, ManagedBlob managedBlob, HttpServletRequest httpServletRequest) throws IOException {
        try {
            URIBuilder uRIBuilder = new URIBuilder(buildResourcePath(this.bucketNamePrefix + str));
            if (managedBlob != null) {
                uRIBuilder.addParameter("response-content-type", getContentTypeHeader(managedBlob));
                uRIBuilder.addParameter("response-content-disposition", getContentDispositionHeader(managedBlob, httpServletRequest));
            }
            if (Framework.isBooleanPropertyTrue(ENABLE_CF_ENCODING_FIX)) {
                String str2 = " ";
                uRIBuilder.getQueryParams().stream().filter(nameValuePair -> {
                    return nameValuePair.getValue().contains(str2);
                }).forEach(nameValuePair2 -> {
                    uRIBuilder.setParameter(nameValuePair2.getName(), nameValuePair2.getValue().replace(str2, ""));
                });
            }
            URI build = uRIBuilder.build();
            if (this.privKey == null) {
                return build;
            }
            Date date = new Date();
            date.setTime(date.getTime() + (this.directDownloadExpire * 1000));
            return new URI(CloudFrontUrlSigner.getSignedURLWithCannedPolicy(build.toString(), this.privKeyId, this.privKey, date));
        } catch (URISyntaxException e) {
            throw new IOException(e);
        }
    }

    private String buildResourcePath(String str) {
        return (this.protocol == SignerUtils.Protocol.http || this.protocol == SignerUtils.Protocol.https) ? this.protocol + "://" + this.distributionDomain + "/" + str : str;
    }

    private static PrivateKey loadPrivateKey(String str) throws InvalidKeySpecException, IOException {
        if (str == null) {
            return null;
        }
        FileInputStream fileInputStream = new FileInputStream(new File(str));
        Throwable th = null;
        try {
            if (str.toLowerCase().endsWith(".pem")) {
                PrivateKey readPrivateKey = PEM.readPrivateKey(fileInputStream);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return readPrivateKey;
            }
            if (!str.toLowerCase().endsWith(".der")) {
                throw new AmazonClientException("Unsupported file type for private key");
            }
            PrivateKey privateKeyFromPKCS8 = RSA.privateKeyFromPKCS8(IOUtils.toByteArray(fileInputStream));
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            return privateKeyFromPKCS8;
        } catch (Throwable th4) {
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th4;
        }
    }
}
