package software.amazon.awssdk.authcrt.signer.internal;

import java.time.Duration;
import java.util.Optional;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute;
import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
import software.amazon.awssdk.crt.auth.signing.AwsSigningConfig;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.regions.RegionScope;

@SdkInternalApi
/* loaded from: input_file:software/amazon/awssdk/authcrt/signer/internal/SigningConfigProvider.class */
public class SigningConfigProvider {
    private static final Boolean DEFAULT_DOUBLE_URL_ENCODE = Boolean.TRUE;

    public AwsSigningConfig createCrtSigningConfig(ExecutionAttributes executionAttributes) {
        AwsSigningConfig createDefaultRequestConfig = createDefaultRequestConfig(executionAttributes);
        createDefaultRequestConfig.setSignatureType(AwsSigningConfig.AwsSignatureType.HTTP_REQUEST_VIA_HEADERS);
        return createDefaultRequestConfig;
    }

    public AwsSigningConfig createCrtPresigningConfig(ExecutionAttributes executionAttributes) {
        AwsSigningConfig createPresigningConfig = createPresigningConfig(executionAttributes);
        createPresigningConfig.setSignatureType(AwsSigningConfig.AwsSignatureType.HTTP_REQUEST_VIA_QUERY_PARAMS);
        return createPresigningConfig;
    }

    public AwsSigningConfig createS3CrtSigningConfig(ExecutionAttributes executionAttributes) {
        AwsSigningConfig createDefaultRequestConfig = createDefaultRequestConfig(executionAttributes);
        createDefaultRequestConfig.setSignedBodyHeader(AwsSigningConfig.AwsSignedBodyHeaderType.X_AMZ_CONTENT_SHA256);
        createDefaultRequestConfig.setSignatureType(AwsSigningConfig.AwsSignatureType.HTTP_REQUEST_VIA_HEADERS);
        return createDefaultRequestConfig;
    }

    public AwsSigningConfig createS3CrtPresigningConfig(ExecutionAttributes executionAttributes) {
        AwsSigningConfig createPresigningConfig = createPresigningConfig(executionAttributes);
        createPresigningConfig.setSignedBodyHeader(AwsSigningConfig.AwsSignedBodyHeaderType.NONE);
        createPresigningConfig.setSignedBodyValue("UNSIGNED-PAYLOAD");
        createPresigningConfig.setSignatureType(AwsSigningConfig.AwsSignatureType.HTTP_REQUEST_VIA_QUERY_PARAMS);
        return createPresigningConfig;
    }

    public AwsSigningConfig createChunkedSigningConfig(ExecutionAttributes executionAttributes) {
        AwsSigningConfig createStringToSignConfig = createStringToSignConfig(executionAttributes);
        createStringToSignConfig.setSignatureType(AwsSigningConfig.AwsSignatureType.HTTP_REQUEST_CHUNK);
        createStringToSignConfig.setSignedBodyHeader(AwsSigningConfig.AwsSignedBodyHeaderType.NONE);
        return createStringToSignConfig;
    }

    private AwsSigningConfig createPresigningConfig(ExecutionAttributes executionAttributes) {
        long longValue = ((Long) Optional.ofNullable(executionAttributes.getAttribute(AwsSignerExecutionAttribute.PRESIGNER_EXPIRATION)).map(instant -> {
            return Long.valueOf(Math.max(0L, Duration.between(SigningUtils.getSigningClock(executionAttributes).instant(), instant).getSeconds()));
        }).orElse(604800L)).longValue();
        AwsSigningConfig createDefaultRequestConfig = createDefaultRequestConfig(executionAttributes);
        createDefaultRequestConfig.setExpirationInSeconds(longValue);
        return createDefaultRequestConfig;
    }

    private AwsSigningConfig createDefaultRequestConfig(ExecutionAttributes executionAttributes) {
        AwsSigningConfig createStringToSignConfig = createStringToSignConfig(executionAttributes);
        createStringToSignConfig.setShouldNormalizeUriPath(true);
        if (executionAttributes.getAttribute(AwsSignerExecutionAttribute.SIGNER_DOUBLE_URL_ENCODE) != null) {
            createStringToSignConfig.setUseDoubleUriEncode(((Boolean) executionAttributes.getAttribute(AwsSignerExecutionAttribute.SIGNER_DOUBLE_URL_ENCODE)).booleanValue());
        } else {
            createStringToSignConfig.setUseDoubleUriEncode(DEFAULT_DOUBLE_URL_ENCODE.booleanValue());
        }
        return createStringToSignConfig;
    }

    private AwsSigningConfig createStringToSignConfig(ExecutionAttributes executionAttributes) {
        AwsSigningConfig awsSigningConfig = new AwsSigningConfig();
        awsSigningConfig.setCredentials(SigningUtils.buildCredentials(executionAttributes));
        awsSigningConfig.setService((String) executionAttributes.getAttribute(AwsSignerExecutionAttribute.SERVICE_SIGNING_NAME));
        awsSigningConfig.setRegion(getRegion(executionAttributes));
        awsSigningConfig.setAlgorithm(AwsSigningConfig.AwsSigningAlgorithm.SIGV4_ASYMMETRIC);
        awsSigningConfig.setTime(SigningUtils.getSigningClock(executionAttributes).instant().toEpochMilli());
        return awsSigningConfig;
    }

    private String getRegion(ExecutionAttributes executionAttributes) {
        RegionScope regionScope = (RegionScope) executionAttributes.getAttribute(AwsSignerExecutionAttribute.SIGNING_REGION_SCOPE);
        return regionScope == null ? ((Region) executionAttributes.getAttribute(AwsSignerExecutionAttribute.SIGNING_REGION)).id() : regionScope.id();
    }
}
