package org.jclouds.aws.filters;

import com.amazonaws.auth.internal.SignerConstants;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.util.List;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Charsets;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Joiner;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Optional;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Preconditions;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Splitter;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Supplier;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.ImmutableMap;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.Multimap;
import org.apache.pulsar.jcloud.shade.com.google.common.hash.Hashing;
import org.apache.pulsar.jcloud.shade.com.google.common.io.BaseEncoding;
import org.apache.pulsar.jcloud.shade.com.google.inject.ImplementedBy;
import org.apache.pulsar.jcloud.shade.javax.inject.Inject;
import org.apache.pulsar.jcloud.shade.javax.inject.Provider;
import org.jclouds.aws.domain.SessionCredentials;
import org.jclouds.date.TimeStamp;
import org.jclouds.domain.Credentials;
import org.jclouds.http.HttpException;
import org.jclouds.http.HttpRequest;
import org.jclouds.http.utils.Queries;
import org.jclouds.location.reference.LocationConstants;
import org.jclouds.providers.ProviderMetadata;
import org.jclouds.rest.annotations.ApiVersion;
import org.jclouds.s3.reference.S3Headers;

/* loaded from: input_file:META-INF/bundled-dependencies/jclouds-shaded-2.8.0.1.1.22.jar:org/jclouds/aws/filters/FormSignerV4.class */
public final class FormSignerV4 implements FormSigner {
    private final String apiVersion;
    private final Supplier<Credentials> creds;
    private final Provider<String> iso8601Timestamp;
    private final ServiceAndRegion serviceAndRegion;

    @ImplementedBy(AWSServiceAndRegion.class)
    /* loaded from: input_file:META-INF/bundled-dependencies/jclouds-shaded-2.8.0.1.1.22.jar:org/jclouds/aws/filters/FormSignerV4$ServiceAndRegion.class */
    public interface ServiceAndRegion {

        /* loaded from: input_file:META-INF/bundled-dependencies/jclouds-shaded-2.8.0.1.1.22.jar:org/jclouds/aws/filters/FormSignerV4$ServiceAndRegion$AWSServiceAndRegion.class */
        public static final class AWSServiceAndRegion implements ServiceAndRegion {
            private final String service;

            @Inject
            AWSServiceAndRegion(ProviderMetadata providerMetadata) {
                this(providerMetadata.getEndpoint());
            }

            AWSServiceAndRegion(String str) {
                this.service = parseServiceAndRegion(URI.create((String) Preconditions.checkNotNull(str, LocationConstants.ENDPOINT)).getHost()).get(0);
            }

            @Override // org.jclouds.aws.filters.FormSignerV4.ServiceAndRegion
            public String service() {
                return this.service;
            }

            @Override // org.jclouds.aws.filters.FormSignerV4.ServiceAndRegion
            public String region(String str) {
                return parseServiceAndRegion(str).get(1);
            }

            private static List<String> parseServiceAndRegion(String str) {
                return Splitter.on('.').splitToList(str);
            }
        }

        String service();

        String region(String str);
    }

    @Inject
    FormSignerV4(@ApiVersion String str, @org.jclouds.location.Provider Supplier<Credentials> supplier, @TimeStamp Provider<String> provider, ServiceAndRegion serviceAndRegion) {
        this.apiVersion = str;
        this.creds = supplier;
        this.iso8601Timestamp = provider;
        this.serviceAndRegion = serviceAndRegion;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.jclouds.http.HttpRequestFilter
    public HttpRequest filter(HttpRequest httpRequest) throws HttpException {
        Preconditions.checkArgument(httpRequest.getHeaders().containsKey("Host"), "request is not ready to sign; host not present");
        String firstHeaderOrNull = httpRequest.getFirstHeaderOrNull("Host");
        String obj = httpRequest.getPayload().getRawContent().toString();
        Multimap<String, String> apply = Queries.queryParser().apply(obj);
        Preconditions.checkArgument(apply.containsKey("Action"), "request is not ready to sign; Action not present %s", obj);
        String str = this.iso8601Timestamp.get();
        String substring = str.substring(0, 8);
        String service = this.serviceAndRegion.service();
        String region = this.serviceAndRegion.region(firstHeaderOrNull);
        String join = Joiner.on('/').join(substring, region, service, SignerConstants.AWS4_TERMINATOR);
        ImmutableMap.Builder put = ImmutableMap.builder().put("content-type", httpRequest.getPayload().getContentMetadata().getContentType()).put("host", firstHeaderOrNull).put(S3Headers.ALTERNATE_DATE, str);
        HttpRequest.Builder builder = (HttpRequest.Builder) ((HttpRequest.Builder) httpRequest.toBuilder().removeHeader("Authorization")).replaceHeader("X-Amz-Date", str);
        if (!apply.containsKey("Version")) {
            Optional<String> annotatedApiVersion = FormSignerUtils.getAnnotatedApiVersion(httpRequest);
            if (annotatedApiVersion.isPresent()) {
                String str2 = annotatedApiVersion.get();
                builder.addFormParam("Version", str2.compareTo(this.apiVersion) > 0 ? str2 : this.apiVersion);
            } else {
                builder.addFormParam("Version", this.apiVersion);
            }
        }
        Credentials credentials = this.creds.get();
        if (credentials instanceof SessionCredentials) {
            String sessionToken = ((SessionCredentials) SessionCredentials.class.cast(credentials)).getSessionToken();
            builder.replaceHeader("X-Amz-Security-Token", sessionToken);
            put.put(S3Headers.SECURITY_TOKEN, sessionToken);
        }
        ImmutableMap build = put.build();
        String encode = BaseEncoding.base16().lowerCase().encode(hmacSHA256(createStringToSign(builder.build(), build, join), signatureKey(credentials.credential, substring, region, service)));
        StringBuilder sb = new StringBuilder("AWS4-HMAC-SHA256 ");
        sb.append("Credential=").append(credentials.identity).append('/').append(join).append(", ");
        sb.append("SignedHeaders=").append(Joiner.on(';').join(build.keySet())).append(", ");
        sb.append("Signature=").append(encode);
        return ((HttpRequest.Builder) builder.addHeader("Authorization", sb.toString())).build();
    }

    static byte[] signatureKey(String str, String str2, String str3, String str4) {
        return hmacSHA256(SignerConstants.AWS4_TERMINATOR, hmacSHA256(str4, hmacSHA256(str3, hmacSHA256(str2, ("AWS4" + str).getBytes(Charsets.UTF_8)))));
    }

    static byte[] hmacSHA256(String str, byte[] bArr) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
            return mac.doFinal(str.getBytes(Charsets.UTF_8));
        } catch (GeneralSecurityException e) {
            throw new HttpException(e);
        }
    }

    static String createStringToSign(HttpRequest httpRequest, Map<String, String> map, String str) {
        StringBuilder sb = new StringBuilder();
        sb.append(httpRequest.getMethod()).append("\n");
        sb.append(httpRequest.getEndpoint().getPath()).append("\n");
        Preconditions.checkArgument(httpRequest.getEndpoint().getQuery() == null, "Query parameters not yet supported %s", httpRequest);
        sb.append("\n");
        for (Map.Entry<String, String> entry : map.entrySet()) {
            sb.append(entry.getKey()).append(':').append(entry.getValue()).append('\n');
        }
        sb.append("\n");
        sb.append(Joiner.on(';').join(map.keySet())).append('\n');
        sb.append(BaseEncoding.base16().lowerCase().encode(Hashing.sha256().hashString(httpRequest.getPayload().getRawContent().toString(), Charsets.UTF_8).asBytes()));
        StringBuilder sb2 = new StringBuilder();
        sb2.append("AWS4-HMAC-SHA256").append('\n');
        sb2.append(map.get(S3Headers.ALTERNATE_DATE)).append('\n');
        sb2.append(str).append('\n');
        sb2.append(BaseEncoding.base16().lowerCase().encode(Hashing.sha256().hashString(sb.toString(), Charsets.UTF_8).asBytes()));
        return sb2.toString();
    }
}
