package org.eclipse.jkube.kit.build.service.docker.auth.ecr;

import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.List;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpRequest;
import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URLEncodedUtils;
import org.eclipse.jkube.kit.build.api.auth.AuthConfig;

/* loaded from: input_file:org/eclipse/jkube/kit/build/service/docker/auth/ecr/AwsSigner4.class */
class AwsSigner4 {
    private static final char[] HEXITS = "0123456789abcdef".toCharArray();
    private final String service;
    private final String region;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AwsSigner4(String str, String str2) {
        this.region = str;
        this.service = str2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void sign(HttpRequest httpRequest, AuthConfig authConfig, Date date) {
        AwsSigner4Request awsSigner4Request = new AwsSigner4Request(this.region, this.service, httpRequest, date);
        if (!httpRequest.containsHeader("X-Amz-Date")) {
            httpRequest.addHeader("X-Amz-Date", awsSigner4Request.getSigningDateTime());
        }
        httpRequest.addHeader("Authorization", task4(awsSigner4Request, authConfig));
        String auth = authConfig.getAuth();
        if (StringUtils.isNotEmpty(auth)) {
            httpRequest.addHeader("X-Amz-Security-Token", auth);
        }
    }

    String task1(AwsSigner4Request awsSigner4Request) {
        StringBuilder append = new StringBuilder(awsSigner4Request.getMethod()).append('\n').append(awsSigner4Request.getUri().getRawPath()).append('\n').append(getCanonicalQuery(awsSigner4Request.getUri())).append('\n').append(awsSigner4Request.getCanonicalHeaders()).append('\n').append(awsSigner4Request.getSignedHeaders()).append('\n');
        hexEncode(append, sha256(awsSigner4Request.getBytes()));
        return append.toString();
    }

    String task2(AwsSigner4Request awsSigner4Request) {
        StringBuilder append = new StringBuilder("AWS4-HMAC-SHA256\n").append(awsSigner4Request.getSigningDateTime()).append('\n').append(awsSigner4Request.getScope()).append('\n');
        hexEncode(append, sha256(task1(awsSigner4Request)));
        return append.toString();
    }

    final byte[] task3(AwsSigner4Request awsSigner4Request, AuthConfig authConfig) {
        return hmacSha256(getSigningKey(awsSigner4Request, authConfig), task2(awsSigner4Request));
    }

    private static byte[] getSigningKey(AwsSigner4Request awsSigner4Request, AuthConfig authConfig) {
        return hmacSha256(hmacSha256(hmacSha256(hmacSha256(("AWS4" + authConfig.getPassword()).getBytes(StandardCharsets.UTF_8), awsSigner4Request.getSigningDate()), awsSigner4Request.getRegion()), awsSigner4Request.getService()), "aws4_request");
    }

    String task4(AwsSigner4Request awsSigner4Request, AuthConfig authConfig) {
        StringBuilder append = new StringBuilder("AWS4-HMAC-SHA256 Credential=").append(authConfig.getUsername()).append('/').append(awsSigner4Request.getScope()).append(", SignedHeaders=").append(awsSigner4Request.getSignedHeaders()).append(", Signature=");
        hexEncode(append, task3(awsSigner4Request, authConfig));
        return append.toString();
    }

    private String getCanonicalQuery(URI uri) {
        String query = uri.getQuery();
        if (query == null || query.isEmpty()) {
            return "";
        }
        List parse = URLEncodedUtils.parse(query, StandardCharsets.UTF_8);
        Collections.sort(parse, new Comparator<NameValuePair>() { // from class: org.eclipse.jkube.kit.build.service.docker.auth.ecr.AwsSigner4.1
            @Override // java.util.Comparator
            public int compare(NameValuePair nameValuePair, NameValuePair nameValuePair2) {
                return nameValuePair.getName().compareToIgnoreCase(nameValuePair2.getName());
            }
        });
        return URLEncodedUtils.format(parse, StandardCharsets.UTF_8);
    }

    static void hexEncode(StringBuilder sb, byte[] bArr) {
        for (byte b : bArr) {
            int i = b & 255;
            sb.append(HEXITS[i >>> 4]);
            sb.append(HEXITS[i & 15]);
        }
    }

    private static byte[] hmacSha256(byte[] bArr, String str) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
            return mac.doFinal(str.getBytes(StandardCharsets.UTF_8));
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new UnsupportedOperationException(e.getMessage(), e);
        }
    }

    private static byte[] sha256(String str) {
        return sha256(str.getBytes(StandardCharsets.UTF_8));
    }

    private static byte[] sha256(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw new UnsupportedOperationException(e.getMessage(), e);
        }
    }
}
