package com.solutionappliance.support.aws.auth;

import com.solutionappliance.core.crypto.digest.CommonDigest;
import com.solutionappliance.core.data.int8.ByteArray;
import com.solutionappliance.core.data.int8.array.ByteArrayBuilder;
import com.solutionappliance.core.data.int8.array.ImmutableByteArray;
import com.solutionappliance.core.data.int8.codec.HexString;
import com.solutionappliance.core.io.StringPrintWriter;
import com.solutionappliance.core.util.CommonUtil;
import com.solutionappliance.support.aws.http.AwsClientSupport;
import com.solutionappliance.support.http.client.HttpClientRequest;
import com.solutionappliance.support.http.header.ImmutableHttpHeaderMap;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.checkerframework.dataflow.qual.SideEffectFree;

/* loaded from: input_file:com/solutionappliance/support/aws/auth/AwsSignatureHelper.class */
final class AwsSignatureHelper {
    private final Set<String> ignoredHeaders = new HashSet(Arrays.asList("authorization"));
    private final HttpClientRequest request;
    private final ImmutableHttpHeaderMap headers;
    private final AwsClientSupport awsRequest;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/solutionappliance/support/aws/auth/AwsSignatureHelper$HmacChain.class */
    public static class HmacChain {
        final Mac hmac;
        private byte[] key;

        private HmacChain(byte[] bArr) {
            try {
                this.hmac = Mac.getInstance("HMACSHA256");
                this.key = bArr;
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException(e);
            }
        }

        private HmacChain(String str) {
            this(str.getBytes(StandardCharsets.UTF_8));
        }

        public HmacChain update(String str) {
            try {
                this.hmac.reset();
                this.hmac.init(new SecretKeySpec(this.key, "HmacSHA256"));
                this.key = this.hmac.doFinal(str.getBytes(StandardCharsets.UTF_8));
                return this;
            } catch (InvalidKeyException e) {
                throw new IllegalStateException(e);
            }
        }

        public ImmutableByteArray toByteArray() {
            return new ImmutableByteArray(this.key);
        }

        @SideEffectFree
        public String toString() {
            return HexString.valueOf(toByteArray()).toString().toLowerCase();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AwsSignatureHelper(AwsClientSupport awsClientSupport, HttpClientRequest httpClientRequest) {
        this.awsRequest = awsClientSupport;
        this.request = httpClientRequest;
        this.headers = httpClientRequest.headers().toImutableHttpHeaderMap();
    }

    protected static final String hash(ByteArray byteArray) {
        return HexString.valueOf(CommonDigest.sha256.digest(byteArray)).toString().toLowerCase();
    }

    String signedHeaders() {
        if (!this.headers.hasHeaders()) {
            return "";
        }
        boolean z = true;
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, List<String>> entry : this.headers.rawHeaders()) {
            if (!z) {
                sb.append(';');
            }
            z = false;
            sb.append(entry.getKey().toLowerCase());
        }
        return sb.toString();
    }

    ByteArray canonicalRequest() {
        ByteArrayBuilder byteArrayBuilder = new ByteArrayBuilder(1024, 10240);
        try {
            byteArrayBuilder.write(this.request.method().methodName().toUpperCase().getBytes(StandardCharsets.UTF_8));
            byteArrayBuilder.write((byte) 10);
            byteArrayBuilder.write(this.request.getPath().getBytes(StandardCharsets.UTF_8));
            byteArrayBuilder.write((byte) 10);
            byteArrayBuilder.write(this.request.canonicalQueryString(true).getBytes(StandardCharsets.UTF_8));
            byteArrayBuilder.write((byte) 10);
            for (Map.Entry<String, List<String>> entry : this.headers.rawHeaders()) {
                String key = entry.getKey();
                if (!this.ignoredHeaders.contains(key)) {
                    List<String> value = entry.getValue();
                    if (value.isEmpty()) {
                        byteArrayBuilder.write(key.toLowerCase().getBytes(StandardCharsets.UTF_8));
                        byteArrayBuilder.write((byte) 58);
                        byteArrayBuilder.write((byte) 10);
                    } else {
                        for (String str : value) {
                            byteArrayBuilder.write(key.toLowerCase().getBytes(StandardCharsets.UTF_8));
                            byteArrayBuilder.write((byte) 58);
                            byteArrayBuilder.write(str.getBytes(StandardCharsets.UTF_8));
                            byteArrayBuilder.write((byte) 10);
                        }
                    }
                }
            }
            byteArrayBuilder.write((byte) 10);
            byteArrayBuilder.write(signedHeaders().getBytes(StandardCharsets.UTF_8));
            byteArrayBuilder.write((byte) 10);
            byteArrayBuilder.write(CommonUtil.firstNonNull(this.headers.tryGetRawHeader(AwsClientSupport.awsSha256Header), AwsClientSupport.emptySha256Hash).toString().getBytes(StandardCharsets.UTF_8));
            ImmutableByteArray done = byteArrayBuilder.done();
            byteArrayBuilder.close();
            return done;
        } catch (Throwable th) {
            try {
                byteArrayBuilder.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    HmacChain signingKey(String str) {
        return new HmacChain("AWS4" + str).update(this.awsRequest.awsDate()).update(this.awsRequest.awsRegion()).update(this.awsRequest.awsService()).update("aws4_request");
    }

    String signature(String str) {
        StringPrintWriter stringPrintWriter = new StringPrintWriter();
        try {
            stringPrintWriter.println("AWS4-HMAC-SHA256");
            stringPrintWriter.println(this.awsRequest.awsTimestamp());
            stringPrintWriter.println(this.awsRequest.awsDate() + "/" + this.awsRequest.awsRegion() + "/" + this.awsRequest.awsService() + "/aws4_request");
            stringPrintWriter.print(hash(canonicalRequest()));
            String stringPrintWriter2 = stringPrintWriter.toString();
            stringPrintWriter.close();
            return signingKey(str).update(stringPrintWriter2).toString();
        } catch (Throwable th) {
            try {
                stringPrintWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    String authorizationHeader(String str, String str2) {
        return "AWS4-HMAC-SHA256 Credential=" + str + '/' + this.awsRequest.awsDate() + '/' + this.awsRequest.awsRegion() + '/' + this.awsRequest.awsService() + "/aws4_request, SignedHeaders=" + signedHeaders() + ", Signature=" + signature(str2);
    }

    public void setSecurityToken(String str) {
        this.request.setHeader("x-amz-security-token", str);
    }

    public final HttpClientRequest sign(String str, String str2) {
        this.request.setHeader("Authorization", authorizationHeader(str, str2));
        return this.request;
    }
}
