package com.yahoo.athenz.instance.provider.impl;

import com.yahoo.athenz.auth.util.Crypto;
import com.yahoo.athenz.auth.util.CryptoException;
import java.io.File;
import java.security.PublicKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yahoo/athenz/instance/provider/impl/InstanceAWSUtils.class */
public class InstanceAWSUtils {
    private static final Logger LOGGER = LoggerFactory.getLogger(InstanceAWSUtils.class);
    static final String AWS_PROP_PUBLIC_CERT = "athenz.zts.aws_public_cert";
    PublicKey awsPublicKey;

    public InstanceAWSUtils() {
        this.awsPublicKey = null;
        String property = System.getProperty(AWS_PROP_PUBLIC_CERT, "");
        if (!property.isEmpty()) {
            this.awsPublicKey = Crypto.loadX509Certificate(new File(property)).getPublicKey();
        }
        if (this.awsPublicKey == null) {
            LOGGER.error("AWS Public Key not specified - no instance requests will be authorized");
        }
    }

    public boolean validateAWSSignature(String str, String str2, StringBuilder sb) {
        if (str2 == null || str2.isEmpty()) {
            sb.append("AWS instance document signature is empty");
            return false;
        }
        if (this.awsPublicKey == null) {
            sb.append("AWS Public key is not available");
            return false;
        }
        boolean z = false;
        try {
            z = Crypto.validatePKCS7Signature(str, str2, this.awsPublicKey);
        } catch (CryptoException e) {
            sb.append("verifyInstanceDocument: unable to verify AWS instance document: ");
            sb.append(e.getMessage());
        }
        return z;
    }
}
