package com.huawei.es.security.auth.signer;

import com.huawei.solr.security.auth.util.SignerException;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/huawei/es/security/auth/signer/Signer.class */
public class Signer extends com.huawei.solr.security.auth.util.Signer {
    public static final String SIGNATURE = "&s=";
    private SignerSecretProvider secretProvider;

    public Signer(SignerSecretProvider signerSecretProvider) {
        super(new com.huawei.solr.security.auth.util.ZKSignerSecretProvider());
        if (signerSecretProvider == null) {
            throw new IllegalArgumentException("secretProvider cannot be NULL");
        }
        this.secretProvider = signerSecretProvider;
    }

    public synchronized String sign(String str) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("NULL or empty string to sign");
        }
        return str + SIGNATURE + computeSignature(this.secretProvider.getCurrentSecret(), str);
    }

    public String verifyAndExtract(String str) throws SignerException {
        if (null == str) {
            throw new SignerException("Invalid signed text.");
        }
        int lastIndexOf = str.lastIndexOf(SIGNATURE);
        if (lastIndexOf == -1) {
            throw new SignerException("Invalid signed text: " + str);
        }
        String substring = str.substring(lastIndexOf + SIGNATURE.length());
        String substring2 = str.substring(0, lastIndexOf);
        checkSignatures(substring2, substring);
        return substring2;
    }

    protected String computeSignature(byte[] bArr, String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            try {
                messageDigest.update(str.getBytes("UTF-8"));
                messageDigest.update(bArr);
                return new Base64(0).encodeToString(messageDigest.digest());
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("It should not happen, " + e2.getMessage(), e2);
        }
    }

    protected void checkSignatures(String str, String str2) throws SignerException {
        if (null == str || null == str2) {
            throw new SignerException("Invalid signature.");
        }
        byte[][] allSecrets = this.secretProvider.getAllSecrets();
        byte[] theNextSecret = this.secretProvider.getTheNextSecret();
        for (byte[] bArr : allSecrets) {
            if (isCurrentSignatureValid(bArr, str, str2)) {
                return;
            }
        }
        if (!isCurrentSignatureValid(theNextSecret, str, str2)) {
            throw new SignerException("The signature is invalid,rawValue: " + str + "signature:" + str2);
        }
    }

    private boolean isCurrentSignatureValid(byte[] bArr, String str, String str2) {
        if (bArr == null) {
            return false;
        }
        return str2.equals(computeSignature(bArr, str));
    }
}
