package org.jclouds.aws.filters;

import java.util.Comparator;
import java.util.Set;
import org.apache.pulsar.jcloud.shade.com.google.common.annotations.VisibleForTesting;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Charsets;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Objects;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Optional;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Preconditions;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Supplier;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.ImmutableList;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.ImmutableSet;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.Multimap;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.Ordering;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.TreeMultimap;
import org.apache.pulsar.jcloud.shade.com.google.common.io.BaseEncoding;
import org.apache.pulsar.jcloud.shade.com.google.common.io.ByteStreams;
import org.apache.pulsar.jcloud.shade.com.google.inject.ImplementedBy;
import org.apache.pulsar.jcloud.shade.javax.annotation.Resource;
import org.apache.pulsar.jcloud.shade.javax.inject.Inject;
import org.apache.pulsar.jcloud.shade.javax.inject.Named;
import org.apache.pulsar.jcloud.shade.javax.inject.Provider;
import org.jclouds.Constants;
import org.jclouds.aws.domain.SessionCredentials;
import org.jclouds.aws.reference.FormParameters;
import org.jclouds.crypto.Crypto;
import org.jclouds.crypto.Macs;
import org.jclouds.date.TimeStamp;
import org.jclouds.domain.Credentials;
import org.jclouds.http.HttpException;
import org.jclouds.http.HttpRequest;
import org.jclouds.http.HttpRequestFilter;
import org.jclouds.http.HttpUtils;
import org.jclouds.http.internal.SignatureWire;
import org.jclouds.http.utils.Queries;
import org.jclouds.logging.Logger;
import org.jclouds.rest.RequestSigner;
import org.jclouds.rest.annotations.ApiVersion;
import org.jclouds.util.Strings2;

@ImplementedBy(FormSignerV2.class)
/* loaded from: input_file:META-INF/bundled-dependencies/jclouds-shaded-2.10.4.4.jar:org/jclouds/aws/filters/FormSigner.class */
public interface FormSigner extends HttpRequestFilter {

    /* loaded from: input_file:META-INF/bundled-dependencies/jclouds-shaded-2.10.4.4.jar:org/jclouds/aws/filters/FormSigner$FormSignerV2.class */
    public static final class FormSignerV2 implements FormSigner, RequestSigner {
        private final SignatureWire signatureWire;
        private final String apiVersion;
        private final Supplier<Credentials> creds;
        private final Provider<String> dateService;
        private final Crypto crypto;
        private final HttpUtils utils;

        @Resource
        @Named(Constants.LOGGER_SIGNATURE)
        private Logger signatureLog = Logger.NULL;
        public static final Set<String> mandatoryParametersForSignature = ImmutableSet.of("Action", FormParameters.SIGNATURE_METHOD, FormParameters.SIGNATURE_VERSION, "Version");
        private static final Comparator<String> actionFirstAccessKeyLast = new Comparator<String>() { // from class: org.jclouds.aws.filters.FormSigner.FormSignerV2.1
            static final int LEFT_IS_GREATER = 1;
            static final int RIGHT_IS_GREATER = -1;

            @Override // java.util.Comparator
            public int compare(String str, String str2) {
                if (Objects.equal(str, str2)) {
                    return 0;
                }
                if ("Action".equals(str2) || FormParameters.AWS_ACCESS_KEY_ID.equals(str)) {
                    return 1;
                }
                if ("Action".equals(str) || FormParameters.AWS_ACCESS_KEY_ID.equals(str2)) {
                    return -1;
                }
                return Ordering.natural().compare(str, str2);
            }
        };

        @Inject
        FormSignerV2(SignatureWire signatureWire, @ApiVersion String str, @org.jclouds.location.Provider Supplier<Credentials> supplier, @TimeStamp Provider<String> provider, Crypto crypto, HttpUtils httpUtils) {
            this.signatureWire = signatureWire;
            this.apiVersion = str;
            this.creds = supplier;
            this.dateService = provider;
            this.crypto = crypto;
            this.utils = httpUtils;
        }

        @Override // org.jclouds.http.HttpRequestFilter
        public HttpRequest filter(HttpRequest httpRequest) throws HttpException {
            String str;
            Preconditions.checkNotNull(httpRequest.getFirstHeaderOrNull("Host"), "request is not ready to sign; host not present");
            Multimap<String, String> apply = Queries.queryParser().apply(httpRequest.getPayload().getRawContent().toString());
            Optional<String> annotatedApiVersion = FormSignerUtils.getAnnotatedApiVersion(httpRequest);
            if (annotatedApiVersion.isPresent()) {
                String str2 = annotatedApiVersion.get();
                str = str2.compareTo(this.apiVersion) > 0 ? str2 : this.apiVersion;
            } else {
                str = this.apiVersion;
            }
            apply.replaceValues("Version", ImmutableSet.of(str));
            addSigningParams(apply);
            validateParams(apply);
            addSignature(apply, sign(createStringToSign(httpRequest, apply)));
            HttpRequest payload = setPayload(httpRequest, apply);
            this.utils.logRequest(this.signatureLog, payload, "<<");
            return payload;
        }

        HttpRequest setPayload(HttpRequest httpRequest, Multimap<String, String> multimap) {
            httpRequest.setPayload(buildQueryLine(multimap));
            httpRequest.getPayload().getContentMetadata().setContentType("application/x-www-form-urlencoded");
            return httpRequest;
        }

        private static String buildQueryLine(Multimap<String, String> multimap) {
            TreeMultimap create = TreeMultimap.create(actionFirstAccessKeyLast, Ordering.natural());
            create.putAll(multimap);
            return Queries.encodeQueryLine(create);
        }

        @VisibleForTesting
        void validateParams(Multimap<String, String> multimap) {
            for (String str : mandatoryParametersForSignature) {
                Preconditions.checkState(multimap.containsKey(str), "parameter " + str + " is required for signature");
            }
        }

        @VisibleForTesting
        void addSignature(Multimap<String, String> multimap, String str) {
            multimap.replaceValues("Signature", ImmutableList.of(str));
        }

        @Override // org.jclouds.rest.RequestSigner
        @VisibleForTesting
        public String sign(String str) {
            try {
                String encode = BaseEncoding.base64().encode((byte[]) ByteStreams.readBytes(Strings2.toInputStream(str), Macs.asByteProcessor(this.crypto.hmacSHA256(this.creds.get().credential.getBytes(Charsets.UTF_8)))));
                if (this.signatureWire.enabled()) {
                    this.signatureWire.input(Strings2.toInputStream(encode));
                }
                return encode;
            } catch (Exception e) {
                throw new HttpException("error signing request", e);
            }
        }

        @VisibleForTesting
        public String createStringToSign(HttpRequest httpRequest, Multimap<String, String> multimap) {
            this.utils.logRequest(this.signatureLog, httpRequest, ">>");
            StringBuilder sb = new StringBuilder();
            sb.append(httpRequest.getMethod()).append("\n");
            sb.append(httpRequest.getFirstHeaderOrNull("Host").toLowerCase()).append("\n");
            sb.append(httpRequest.getEndpoint().getPath()).append("\n");
            sb.append(buildCanonicalizedString(multimap));
            if (this.signatureWire.enabled()) {
                this.signatureWire.output((SignatureWire) sb.toString());
            }
            return sb.toString();
        }

        @VisibleForTesting
        String buildCanonicalizedString(Multimap<String, String> multimap) {
            return Queries.encodeQueryLine(TreeMultimap.create(multimap), ImmutableList.of());
        }

        @VisibleForTesting
        void addSigningParams(Multimap<String, String> multimap) {
            multimap.removeAll("Signature");
            multimap.removeAll(FormParameters.SECURITY_TOKEN);
            Credentials credentials = this.creds.get();
            if (credentials instanceof SessionCredentials) {
                multimap.put(FormParameters.SECURITY_TOKEN, ((SessionCredentials) SessionCredentials.class.cast(credentials)).getSessionToken());
            }
            multimap.replaceValues(FormParameters.SIGNATURE_METHOD, ImmutableList.of("HmacSHA256"));
            multimap.replaceValues(FormParameters.SIGNATURE_VERSION, ImmutableList.of("2"));
            multimap.replaceValues("Timestamp", ImmutableList.of(this.dateService.get()));
            multimap.replaceValues(FormParameters.AWS_ACCESS_KEY_ID, ImmutableList.of(this.creds.get().identity));
        }

        @Override // org.jclouds.rest.RequestSigner
        public String createStringToSign(HttpRequest httpRequest) {
            return createStringToSign(httpRequest, Queries.queryParser().apply(httpRequest.getPayload().getRawContent().toString()));
        }
    }
}
