package be.wegenenverkeer.rxhttp.aws;

import be.wegenenverkeer.rxhttp.ClientRequest;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.stream.Collectors;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/wegenenverkeer/rxhttp/aws/AwsSignature4Signer.class */
public class AwsSignature4Signer {
    private final Logger logger;
    private final AwsServiceEndPoint endPoint;
    private final AwsCredentialsProvider credentialsProvider;
    private final DateTimeFormatter df;
    private final boolean doubleUrlEnocde;

    public AwsSignature4Signer(AwsServiceEndPoint awsServiceEndPoint, AwsCredentialsProvider awsCredentialsProvider, boolean z) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.df = DateTimeFormatter.ofPattern("yyyyMMdd'T'HHmmss'Z'");
        this.endPoint = awsServiceEndPoint;
        this.credentialsProvider = awsCredentialsProvider;
        this.doubleUrlEnocde = z;
    }

    public AwsSignature4Signer(AwsServiceEndPoint awsServiceEndPoint, AwsCredentialsProvider awsCredentialsProvider) {
        this(awsServiceEndPoint, awsCredentialsProvider, true);
    }

    public String canonicalRequest(ClientRequest clientRequest) {
        return canonicalRequest(clientRequest.getMethod(), clientRequest.getUrl(), clientRequest.getQueryParams(), clientRequest.getHeaders(), clientRequest.getStringData());
    }

    public String canonicalRequest(String str, String str2, Map<String, List<String>> map, Map<String, List<String>> map2, String str3) {
        return str.toUpperCase() + "\n" + canonicalUri(str2) + "\n" + canonicalQueryString(map) + "\n" + canonicalHeaders(map2) + "\n" + signedHeaders(map2) + "\n" + digest(str3 == null ? "" : str3);
    }

    public AwsCredentials getCredentials() {
        return this.credentialsProvider.getAwsCredentials();
    }

    public String awsHost() {
        return this.endPoint.getDomain();
    }

    public String authHeader(ClientRequest clientRequest, String str) {
        return authHeader(clientRequest, str, getCredentials());
    }

    public String authHeader(ClientRequest clientRequest, String str, AwsCredentials awsCredentials) {
        String canonicalRequest = canonicalRequest(clientRequest);
        this.logger.debug("Canonical Request: " + canonicalRequest);
        String stringToSign = stringToSign(canonicalRequest, str);
        this.logger.debug("String to sign: " + stringToSign);
        return formatAuthHeader(signature(stringToSign, str, awsCredentials), str, signedHeaders(clientRequest.getHeaders()), awsCredentials);
    }

    private String canonicalUri(String str) {
        if (str.isEmpty()) {
            return "/";
        }
        try {
            return this.doubleUrlEnocde ? UrlEncoder.urlEncode(new URI(str).normalize().getRawPath(), true) : new URI(str).normalize().getRawPath();
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException(e);
        }
    }

    private String signedHeaders(Map<String, List<String>> map) {
        List list = (List) map.keySet().stream().map(str -> {
            return str.toLowerCase(Locale.ENGLISH);
        }).collect(Collectors.toList());
        Collections.sort(list);
        return join(list, ";");
    }

    private String canonicalHeaders(Map<String, List<String>> map) {
        if (map == null || map.isEmpty()) {
            return "";
        }
        List<String> list = (List) map.keySet().stream().map(str -> {
            return str.toLowerCase(Locale.ENGLISH);
        }).collect(Collectors.toList());
        Collections.sort(list);
        ArrayList arrayList = new ArrayList();
        for (String str2 : list) {
            List list2 = (List) map.get(str2).stream().map(AwsSignature4Signer::trimAll).collect(Collectors.toList());
            Collections.sort(list2);
            arrayList.add(str2.trim() + ":" + join(list2, ","));
        }
        return join(arrayList, "\n") + "\n";
    }

    private String SignedHeaders(Map<String, List<String>> map) {
        if (map == null || map.isEmpty()) {
            return "";
        }
        List list = (List) map.keySet().stream().map(str -> {
            return str.toLowerCase(Locale.ENGLISH);
        }).collect(Collectors.toList());
        Collections.sort(list);
        return join(list, ";");
    }

    private String canonicalQueryString(Map<String, List<String>> map) {
        if (map == null || map.isEmpty()) {
            return "";
        }
        ArrayList<String> arrayList = new ArrayList();
        arrayList.addAll(map.keySet());
        Collections.sort(arrayList);
        ArrayList arrayList2 = new ArrayList();
        for (String str : arrayList) {
            List<String> list = map.get(str);
            Collections.sort(list);
            arrayList2.addAll((Collection) list.stream().map(str2 -> {
                return str + "=" + str2;
            }).collect(Collectors.toList()));
        }
        return join(arrayList2, "&");
    }

    public String stringToSign(String str, String str2) {
        String digest = digest(str);
        StringBuilder append = new StringBuilder("AWS4-HMAC-SHA256\n").append(str2).append("\n");
        appendCredentialScope(append, str2).append("\n").append(digest);
        return append.toString();
    }

    public String signature(String str, String str2, AwsCredentials awsCredentials) {
        try {
            return hexEncode(hmacSHA256(str, getSignatureKey(awsCredentials.getAWSSecretKey(), str2.substring(0, 8), this.endPoint.getRegion().toString(), this.endPoint.getService().prefix())));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public String formatAuthHeader(String str, String str2, String str3, AwsCredentials awsCredentials) {
        StringBuilder append = new StringBuilder("AWS4-HMAC-SHA256 ").append("Credential=").append(awsCredentials.getAWSAccessKeyId()).append("/");
        appendCredentialScope(append, str2).append(", SignedHeaders=").append(str3).append(", ").append("Signature=").append(str);
        return append.toString();
    }

    private StringBuilder appendCredentialScope(StringBuilder sb, String str) {
        sb.append(str.substring(0, 8)).append("/").append(this.endPoint.getRegion()).append("/").append(this.endPoint.getService()).append("/").append("aws4_request");
        return sb;
    }

    private static String digest(String str) {
        try {
            return hexEncode(MessageDigest.getInstance("SHA-256").digest(str.getBytes()));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public static String hexEncode(byte[] bArr) {
        return Hex.encodeHexString(bArr);
    }

    public static byte[] hmacSHA256(String str, byte[] bArr) throws Exception {
        Mac mac = Mac.getInstance("hmacSHA256");
        mac.init(new SecretKeySpec(bArr, "hmacSHA256"));
        return mac.doFinal(str.getBytes("UTF8"));
    }

    private static byte[] getSignatureKey(String str, String str2, String str3, String str4) throws Exception {
        return hmacSHA256("aws4_request", hmacSHA256(str4, hmacSHA256(str3, hmacSHA256(str2, ("AWS4" + str).getBytes("UTF8")))));
    }

    private String timeStamp() {
        return this.df.format(Instant.now().atOffset(ZoneOffset.UTC));
    }

    private static String join(Collection<String> collection, String str) {
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            if (sb.length() != 0) {
                sb.append(str);
            }
            sb.append((Object) it.next());
        }
        return sb.toString();
    }

    private static String trimAll(String str) {
        return str.trim().replaceAll(" +", " ");
    }
}
