package org.jclouds.s3.filters;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.security.InvalidKeyException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
import java.util.Map;
import java.util.TimeZone;
import java.util.TreeMap;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.lang3.time.TimeZones;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Charsets;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Joiner;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Preconditions;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Supplier;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.ImmutableMap;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.ImmutableSortedMap;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.Maps;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.Multimap;
import org.apache.pulsar.jcloud.shade.com.google.common.escape.Escaper;
import org.apache.pulsar.jcloud.shade.com.google.common.hash.Hashing;
import org.apache.pulsar.jcloud.shade.com.google.common.hash.HashingInputStream;
import org.apache.pulsar.jcloud.shade.com.google.common.io.BaseEncoding;
import org.apache.pulsar.jcloud.shade.com.google.common.io.ByteProcessor;
import org.apache.pulsar.jcloud.shade.com.google.common.io.ByteSource;
import org.apache.pulsar.jcloud.shade.com.google.common.io.ByteStreams;
import org.apache.pulsar.jcloud.shade.com.google.common.net.PercentEscaper;
import org.apache.pulsar.jcloud.shade.com.google.inject.ImplementedBy;
import org.apache.pulsar.jcloud.shade.javax.inject.Inject;
import org.eclipse.jetty.util.URIUtil;
import org.jclouds.crypto.Crypto;
import org.jclouds.crypto.Macs;
import org.jclouds.domain.Credentials;
import org.jclouds.glacier.util.AWSRequestSignerV4;
import org.jclouds.http.HttpException;
import org.jclouds.http.HttpRequest;
import org.jclouds.http.internal.SignatureWire;
import org.jclouds.http.utils.Queries;
import org.jclouds.io.Payload;
import org.jclouds.location.reference.LocationConstants;
import org.jclouds.providers.ProviderMetadata;
import org.jclouds.util.Strings2;

/* loaded from: input_file:META-INF/bundled-dependencies/jclouds-shaded-2.10.5.5.jar:org/jclouds/s3/filters/Aws4SignerBase.class */
public abstract class Aws4SignerBase {
    protected final DateFormat timestampFormat = new SimpleDateFormat("yyyyMMdd'T'HHmmss'Z'");
    protected final DateFormat dateFormat;
    protected final String headerTag;
    protected final ServiceAndRegion serviceAndRegion;
    protected final SignatureWire signatureWire;
    protected final Supplier<Credentials> creds;
    protected final Supplier<Date> timestampProvider;
    protected final Crypto crypto;
    private static final TimeZone GMT = TimeZone.getTimeZone(TimeZones.GMT_ID);
    private static final Escaper AWS_URL_PARAMETER_ESCAPER = new PercentEscaper("-_.~", false);
    private static final Escaper AWS_PATH_ESCAPER = new PercentEscaper("/-_.~", false);

    @ImplementedBy(AWSServiceAndRegion.class)
    /* loaded from: input_file:META-INF/bundled-dependencies/jclouds-shaded-2.10.5.5.jar:org/jclouds/s3/filters/Aws4SignerBase$ServiceAndRegion.class */
    public interface ServiceAndRegion {

        /* loaded from: input_file:META-INF/bundled-dependencies/jclouds-shaded-2.10.5.5.jar:org/jclouds/s3/filters/Aws4SignerBase$ServiceAndRegion$AWSServiceAndRegion.class */
        public static final class AWSServiceAndRegion implements ServiceAndRegion {
            private final String service;

            @Inject
            AWSServiceAndRegion(ProviderMetadata providerMetadata) {
                this(providerMetadata.getEndpoint());
            }

            AWSServiceAndRegion(String str) {
                this.service = AwsHostNameUtils.parseServiceName(URI.create((String) Preconditions.checkNotNull(str, LocationConstants.ENDPOINT)));
            }

            @Override // org.jclouds.s3.filters.Aws4SignerBase.ServiceAndRegion
            public String service() {
                return this.service;
            }

            @Override // org.jclouds.s3.filters.Aws4SignerBase.ServiceAndRegion
            public String region(String str) {
                return AwsHostNameUtils.parseRegionName(str, service());
            }
        }

        String service();

        String region(String str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Aws4SignerBase(SignatureWire signatureWire, String str, Supplier<Credentials> supplier, Supplier<Date> supplier2, ServiceAndRegion serviceAndRegion, Crypto crypto) {
        this.signatureWire = signatureWire;
        this.headerTag = str;
        this.creds = supplier;
        this.timestampProvider = supplier2;
        this.serviceAndRegion = serviceAndRegion;
        this.crypto = crypto;
        this.timestampFormat.setTimeZone(GMT);
        this.dateFormat = new SimpleDateFormat("yyyyMMdd");
        this.dateFormat.setTimeZone(GMT);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String hostHeaderFor(URI uri) {
        String scheme = uri.getScheme();
        String host = uri.getHost();
        int port = uri.getPort();
        if (port != -1 && (("http".equalsIgnoreCase(scheme) && port != 80) || (URIUtil.HTTPS.equalsIgnoreCase(scheme) && port != 443))) {
            host = host + ":" + port;
        }
        return host;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getContentType(HttpRequest httpRequest) {
        Payload payload = httpRequest.getPayload();
        String firstHeaderOrNull = httpRequest.getFirstHeaderOrNull("Content-Type");
        if (payload != null && payload.getContentMetadata() != null && payload.getContentMetadata().getContentType() != null) {
            firstHeaderOrNull = payload.getContentMetadata().getContentType();
        }
        return firstHeaderOrNull;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getContentLength(HttpRequest httpRequest) {
        Payload payload = httpRequest.getPayload();
        String firstHeaderOrNull = httpRequest.getFirstHeaderOrNull("Content-Length");
        if (payload != null && payload.getContentMetadata() != null && payload.getContentMetadata().getContentType() != null) {
            firstHeaderOrNull = payload.getContentMetadata().getContentLength() == null ? firstHeaderOrNull : String.valueOf(payload.getContentMetadata().getContentLength());
        }
        return firstHeaderOrNull;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void appendAmzHeaders(HttpRequest httpRequest, ImmutableMap.Builder<String, String> builder) {
        for (Map.Entry<String, String> entry : httpRequest.getHeaders().entries()) {
            String key = entry.getKey();
            if (key.startsWith("x-" + this.headerTag + HelpFormatter.DEFAULT_OPT_PREFIX)) {
                builder.put(key.toLowerCase(), entry.getValue());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] signatureKey(String str, String str2, String str3, String str4) {
        return hmacSHA256("aws4_request", hmacSHA256(str4, hmacSHA256(str3, hmacSHA256(str2, (AWSRequestSignerV4.AUTH_TAG + str).getBytes(Charsets.UTF_8)))));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] hmacSHA256(String str, byte[] bArr) {
        try {
            return (byte[]) ByteStreams.readBytes(Strings2.toInputStream(str), hmacSHA256(this.crypto, bArr));
        } catch (IOException e) {
            throw new HttpException("read sign error", e);
        } catch (InvalidKeyException e2) {
            throw new HttpException("invalid key", e2);
        }
    }

    public static ByteProcessor<byte[]> hmacSHA256(Crypto crypto, byte[] bArr) throws InvalidKeyException {
        return Macs.asByteProcessor(crypto.hmacSHA256(bArr));
    }

    public static byte[] hash(InputStream inputStream) throws HttpException {
        HashingInputStream hashingInputStream = new HashingInputStream(Hashing.sha256(), inputStream);
        try {
            ByteStreams.copy(hashingInputStream, ByteStreams.nullOutputStream());
            return hashingInputStream.hash().asBytes();
        } catch (IOException e) {
            throw new HttpException("Unable to compute hash while signing request: " + e.getMessage(), e);
        }
    }

    public static byte[] hash(byte[] bArr) throws HttpException {
        try {
            return ByteSource.wrap(bArr).hash(Hashing.sha256()).asBytes();
        } catch (IOException e) {
            throw new HttpException("Unable to compute hash while signing request: " + e.getMessage(), e);
        }
    }

    public static byte[] hash(String str) throws HttpException {
        return hash(new ByteArrayInputStream(str.getBytes(Charsets.UTF_8)));
    }

    protected String getCanonicalizedQueryString(String str) {
        Multimap<String, String> apply = Queries.queryParser().apply(str);
        TreeMap newTreeMap = Maps.newTreeMap();
        if (apply == null) {
            return "";
        }
        for (Map.Entry<String, String> entry : apply.entries()) {
            newTreeMap.put(urlEncode(entry.getKey()), urlEncode(entry.getValue()));
        }
        return Joiner.on("&").withKeyValueSeparator("=").join(newTreeMap);
    }

    public static String urlEncode(String str) {
        return str == null ? "" : AWS_URL_PARAMETER_ESCAPER.escape(str);
    }

    public static String hex(byte[] bArr) {
        return BaseEncoding.base16().lowerCase().encode(bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String createStringToSign(String str, URI uri, Map<String, String> map, String str2, String str3, String str4) {
        Map<String, String> lowerCaseNaturalOrderKeys = lowerCaseNaturalOrderKeys(map);
        StringBuilder sb = new StringBuilder();
        sb.append(str).append("\n");
        sb.append(AWS_PATH_ESCAPER.escape(uri.getPath())).append("\n");
        if (uri.getQuery() != null) {
            sb.append(getCanonicalizedQueryString(uri.getRawQuery()));
        }
        sb.append("\n");
        for (Map.Entry<String, String> entry : lowerCaseNaturalOrderKeys.entrySet()) {
            sb.append(entry.getKey()).append(':').append(entry.getValue()).append('\n');
        }
        sb.append("\n");
        sb.append(Joiner.on(';').join(lowerCaseNaturalOrderKeys.keySet())).append('\n');
        sb.append(str4);
        this.signatureWire.getWireLog().debug("<< " + ((Object) sb), new Object[0]);
        StringBuilder sb2 = new StringBuilder();
        sb2.append("AWS4-HMAC-SHA256").append('\n');
        sb2.append(str2).append('\n');
        sb2.append(str3).append('\n');
        sb2.append(hex(hash(sb.toString())));
        return sb2.toString();
    }

    protected static Map<String, String> lowerCaseNaturalOrderKeys(Map<String, String> map) {
        Preconditions.checkNotNull(map, "input map");
        ImmutableSortedMap.Builder naturalOrder = ImmutableSortedMap.naturalOrder();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            naturalOrder.put((ImmutableSortedMap.Builder) entry.getKey().toLowerCase(Locale.US), entry.getValue());
        }
        return naturalOrder.build();
    }
}
