package com.adobe.cq.cdn.rewriter.impl;

import com.adobe.granite.keystore.KeyStoreService;
import com.amazonaws.services.cloudfront.CloudFrontUrlSigner;
import com.day.cq.rewriter.linkchecker.Link;
import com.day.cq.rewriter.linkchecker.LinkCheckerSettings;
import com.day.cq.rewriter.pipeline.OptingRequestRewriter;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.Dictionary;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.ConfigurationPolicy;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.ReferenceBinary;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceUtil;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.Attributes;

@Service({OptingRequestRewriter.class})
@Component(metatype = true, immediate = true, label = "AWSCloudFrontRewriter", description = "Rewriter for replacing internal URLs for assets to corresponding AWS cloud front URLs", policy = ConfigurationPolicy.REQUIRE)
@Properties({@Property(name = "service.ranking", intValue = {-1000}, description = "Service Ranking for this rewriter. A higher ranked rewriter is preferred over a lower ranked one", label = "Service Ranking", propertyPrivate = false), @Property(name = AWSCloudFrontRewriter.KEYPAIR_ID, label = "Keypair ID", description = "Provide AWS Cloudfront keypair ID"), @Property(name = AWSCloudFrontRewriter.KEYPAIR_ALIAS, label = "Keypair Alias", description = "Provide alias of the AWS Cloudfront keypair in the imported keystore", value = {AWSCloudFrontRewriter.DEFAULT_KEYPAIR_ALIAS})})
/* loaded from: input_file:com/adobe/cq/cdn/rewriter/impl/AWSCloudFrontRewriter.class */
public class AWSCloudFrontRewriter extends AbstractCDNRewriter implements OptingRequestRewriter {
    private static final Logger log = LoggerFactory.getLogger(AWSCloudFrontRewriter.class);
    static final String DEFAULT_KEYPAIR_ALIAS = "awscloudfront";
    static final String KEYPAIR_ID = "keypair.id";
    static final String KEYPAIR_ALIAS = "keypair.alias";

    @Reference
    private KeyStoreService keyStoreService = null;
    private String keyPairId;
    private String keyPairAlias;

    @Override // com.adobe.cq.cdn.rewriter.impl.AbstractCDNRewriter
    protected boolean acceptsInternal(String str, Attributes attributes, LinkCheckerSettings linkCheckerSettings) {
        return checkImageURL(str, attributes);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.adobe.cq.cdn.rewriter.impl.AbstractCDNRewriter
    public void activate(ComponentContext componentContext) throws RepositoryException {
        super.activate(componentContext);
        Dictionary properties = componentContext.getProperties();
        this.keyPairId = PropertiesUtil.toString(properties.get(KEYPAIR_ID), (String) null);
        this.keyPairAlias = PropertiesUtil.toString(properties.get(KEYPAIR_ALIAS), (String) null);
    }

    @Override // com.adobe.cq.cdn.rewriter.impl.AbstractCDNRewriter
    protected String rewriteLinkInternal(Link link, LinkCheckerSettings linkCheckerSettings) {
        Resource resource = null;
        try {
            Resource resolve = linkCheckerSettings.getResourceResolver().resolve(link.getUri().getPath().replace(linkCheckerSettings.getContextPath(), ""));
            if (resolve == null || ResourceUtil.isNonExistingResource(resolve)) {
                log.debug("Target resource {} not found. Skipping rewriting link.", resolve.getPath());
                return null;
            }
            log.debug("Rewriting URL");
            String signedURL = getSignedURL(resolve);
            if (signedURL == null) {
                log.warn("Unable to generate a signed url");
                return null;
            }
            log.debug("Rewritten URL:" + signedURL);
            return signedURL;
        } catch (InvalidKeySpecException e) {
            log.error("Invalid key for sigining the cloudfront url", e);
            return null;
        } catch (RepositoryException e2) {
            log.error("Error while rewriting url for {}", resource.getPath());
            return null;
        } catch (IOException e3) {
            log.error("Error while reading private key for sigining the cloudfront url", e3);
            return null;
        }
    }

    private String getBlobSourceURL(Resource resource) throws RepositoryException {
        ReferenceBinary binary;
        String reference;
        Node node = (Node) resource.adaptTo(Node.class);
        if (node == null || !node.hasNode("jcr:content")) {
            return null;
        }
        Node node2 = node.getNode("jcr:content");
        if (!node2.hasProperty("jcr:data")) {
            return null;
        }
        javax.jcr.Property property = node2.getProperty("jcr:data");
        if (property.getType() != 2 || (binary = property.getBinary()) == null || !(binary instanceof ReferenceBinary) || (reference = binary.getReference()) == null) {
            return null;
        }
        StringBuilder append = new StringBuilder("/").append(reference.substring(0, 4));
        append.append("-");
        append.append(reference.substring(4, reference.indexOf(58)));
        return append.toString();
    }

    private String getSignedURL(Resource resource) throws RepositoryException, InvalidKeySpecException, IOException {
        Date date = new Date(Calendar.getInstance().getTimeInMillis() + (this.cdnConfigService.getCDNTTL() * 1000));
        try {
            PrivateKey privateKey = getPrivateKey();
            if (privateKey == null) {
                log.warn("Unable to fetch private key");
                return null;
            }
            String blobSourceURL = getBlobSourceURL(resource);
            if (blobSourceURL != null) {
                return CloudFrontUrlSigner.getSignedURLWithCannedPolicy(new URI(this.protocol, this.distributionDomain, blobSourceURL, null, null).toASCIIString(), this.keyPairId, privateKey, date);
            }
            log.warn("Unable to generate blob source url for {}", resource.getPath());
            return null;
        } catch (URISyntaxException e) {
            log.error("Error while creating url for signinig", e);
            return null;
        }
    }

    private PrivateKey getPrivateKey() {
        ResourceResolver resourceResolver = null;
        try {
            try {
                resourceResolver = this.resolverFactory.getServiceResourceResolver(Collections.singletonMap("sling.service.subservice", "cdn-service"));
                PrivateKey privateKey = this.keyStoreService.getKeyStoreKeyPair(resourceResolver, "cdn-service", this.keyPairAlias).getPrivate();
                if (resourceResolver != null) {
                    resourceResolver.close();
                }
                return privateKey;
            } catch (LoginException e) {
                log.error("Error while fetching private key", e);
                if (resourceResolver != null) {
                    resourceResolver.close();
                }
                return null;
            }
        } catch (Throwable th) {
            if (resourceResolver != null) {
                resourceResolver.close();
            }
            throw th;
        }
    }

    protected void bindKeyStoreService(KeyStoreService keyStoreService) {
        this.keyStoreService = keyStoreService;
    }

    protected void unbindKeyStoreService(KeyStoreService keyStoreService) {
        if (this.keyStoreService == keyStoreService) {
            this.keyStoreService = null;
        }
    }
}
