package org.clazzes.http.aws.auth;

import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.net.http.HttpRequest;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.time.Instant;
import java.time.LocalDate;
import java.time.ZoneId;
import java.time.format.DateTimeFormatter;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HexFormat;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.clazzes.http.aws.AwsCredentials;

/* loaded from: input_file:org/clazzes/http/aws/auth/AmazonRequestSignatureV4Utils.class */
public abstract class AmazonRequestSignatureV4Utils {
    private static final Logger log = Logger.getLogger(AmazonRequestSignatureV4Utils.class.getName());
    private static final Pattern HOST_RX = Pattern.compile("^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9])$");
    private static final Pattern PATH_RX = Pattern.compile("^/[^#&?]*$");
    private static final ZoneId UTC_ID = ZoneId.of("UTC");
    private static final DateTimeFormatter AMZ_DATETIME_FMT = DateTimeFormatter.ofPattern("yyyyMMdd'T'HHmmss'Z'").withZone(UTC_ID);
    private static final Pattern ENCODED_CHARACTERS_PATTERN;

    public static String uriEncode(String str, boolean z) {
        if (str == null) {
            return "";
        }
        String encode = URLEncoder.encode(str, StandardCharsets.UTF_8);
        Matcher matcher = ENCODED_CHARACTERS_PATTERN.matcher(encode);
        StringBuffer stringBuffer = new StringBuffer(encode.length());
        while (matcher.find()) {
            String group = matcher.group(0);
            if ("+".equals(group)) {
                group = "%20";
            } else if ("*".equals(group)) {
                group = "%2A";
            } else if ("%7E".equals(group)) {
                group = "~";
            } else if (z && "%2F".equals(group)) {
                group = "/";
            }
            matcher.appendReplacement(stringBuffer, group);
        }
        matcher.appendTail(stringBuffer);
        return stringBuffer.toString();
    }

    public static String encodeQuery(Map<String, String> map) {
        if (map == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        Set<String> keySet = map.keySet();
        ArrayList<String> arrayList = new ArrayList(keySet.size());
        arrayList.addAll(keySet);
        Collections.sort(arrayList);
        for (String str : arrayList) {
            if (sb.length() > 0) {
                sb.append('&');
            }
            sb.append(uriEncode(str, false));
            sb.append('=');
            sb.append(uriEncode(map.get(str), false));
        }
        return sb.toString();
    }

    public static HttpRequest.Builder calculateAuthorizationHeaders(String str, String str2, String str3, Map<String, String> map, Map<String, String> map2, byte[] bArr, Instant instant, AwsCredentials awsCredentials, String str4) {
        if (awsCredentials == null) {
            throw new IllegalStateException("No AWS credentials found.");
        }
        if (awsCredentials.x_security_token_expires != null && awsCredentials.x_security_token_expires.isBefore(instant)) {
            log.warning("Credentials [" + awsCredentials + "] expired before [" + instant + "] creating AWS V4 signature.");
        }
        if (!HOST_RX.matcher(str2).matches()) {
            throw new IllegalArgumentException("Invalid hostname [" + str2 + "] specified.");
        }
        if (!PATH_RX.matcher(str3).matches()) {
            throw new IllegalArgumentException("Invalid path [" + str3 + "] specified.");
        }
        String encodeQuery = encodeQuery(map);
        String uriEncode = uriEncode(str3, true);
        String str5 = "https://" + str2 + uriEncode;
        if (encodeQuery != null && !encodeQuery.isEmpty()) {
            str5 = str5 + "?" + encodeQuery;
        }
        try {
            URI uri = new URI(str5);
            try {
                HttpRequest.Builder newBuilder = HttpRequest.newBuilder(uri);
                if ("GET".equals(str) && bArr != null) {
                    log.warning("Body given for GET request to [" + uri + "], this will most likely fail.");
                }
                newBuilder.method(str, bArr == null ? HttpRequest.BodyPublishers.noBody() : HttpRequest.BodyPublishers.ofByteArray(bArr));
                log.info("Signing AWS [" + str + "] request to [" + uri + "]");
                String hex = hex(sha256(bArr));
                String format = AMZ_DATETIME_FMT.format(instant);
                String format2 = DateTimeFormatter.BASIC_ISO_DATE.format(LocalDate.ofInstant(instant, UTC_ID));
                if (log.isLoggable(Level.FINE)) {
                    log.fine("amzDateTime=" + format + ",amzJustDate=" + format2);
                }
                HashMap hashMap = new HashMap(64);
                if (map2 != null) {
                    hashMap.putAll(map2);
                }
                hashMap.put("Host", str2);
                hashMap.put("X-Amz-Content-Sha256", hex);
                hashMap.put("X-Amz-Date", format);
                if (awsCredentials.aws_security_token != null) {
                    hashMap.put("X-Amz-Security-Token", awsCredentials.aws_security_token);
                }
                for (Map.Entry entry : hashMap.entrySet()) {
                    if (!"Host".equals(entry.getKey())) {
                        newBuilder.header((String) entry.getKey(), (String) entry.getValue());
                    }
                }
                ArrayList arrayList = new ArrayList();
                arrayList.add(str);
                arrayList.add(uriEncode);
                arrayList.add(encodeQuery);
                ArrayList arrayList2 = new ArrayList();
                for (String str6 : (List) hashMap.keySet().stream().sorted(Comparator.comparing(str7 -> {
                    return str7.toLowerCase(Locale.US);
                })).collect(Collectors.toList())) {
                    arrayList2.add(str6.toLowerCase(Locale.US));
                    arrayList.add(str6.toLowerCase(Locale.US) + ":" + normalizeSpaces((String) hashMap.get(str6)));
                }
                arrayList.add(null);
                String str8 = (String) arrayList2.stream().collect(Collectors.joining(";"));
                arrayList.add(str8);
                arrayList.add(hex);
                String hex2 = hex(sha256(((String) arrayList.stream().map(str9 -> {
                    return str9 == null ? "" : str9;
                }).collect(Collectors.joining("\n"))).getBytes(StandardCharsets.UTF_8)));
                ArrayList arrayList3 = new ArrayList();
                arrayList3.add("AWS4-HMAC-SHA256");
                arrayList3.add(format);
                String str10 = format2 + "/" + awsCredentials.region + "/" + str4 + "/aws4_request";
                arrayList3.add(str10);
                arrayList3.add(hex2);
                return newBuilder.header("Authorization", "AWS4-HMAC-SHA256 Credential=" + awsCredentials.aws_access_key_id + "/" + str10 + ", SignedHeaders=" + str8 + ", Signature=" + hex(hmac(hmac(hmac(hmac(hmac(("AWS4" + awsCredentials.aws_secret_access_key).getBytes(StandardCharsets.UTF_8), format2), awsCredentials.region), str4), "aws4_request"), (String) arrayList3.stream().collect(Collectors.joining("\n")))));
            } catch (Exception e) {
                log.log(Level.SEVERE, "Error signing AWS [" + str + "] request to [" + uri + "]", (Throwable) e);
                if (e instanceof RuntimeException) {
                    throw ((RuntimeException) e);
                }
                throw new IllegalStateException(e);
            }
        } catch (URISyntaxException e2) {
            throw new IllegalArgumentException("Error encoding URI [" + str5 + "]", e2);
        }
    }

    public static HttpRequest.Builder get(String str, String str2, Map<String, String> map, AwsCredentials awsCredentials, String str3) {
        return calculateAuthorizationHeaders("GET", str, str2, map, Map.of("Accept", "application/json"), null, Instant.now(), awsCredentials, str3);
    }

    public static HttpRequest.Builder post(String str, String str2, Map<String, String> map, byte[] bArr, AwsCredentials awsCredentials, String str3) {
        return calculateAuthorizationHeaders("POST", str, str2, null, map, bArr, Instant.now(), awsCredentials, str3);
    }

    public static HttpRequest.Builder postForm(String str, String str2, Map<String, String> map, AwsCredentials awsCredentials, String str3) {
        return calculateAuthorizationHeaders("POST", str, str2, null, Map.of("Content-Type", "application/x-www-form-urlencoded", "Accept", "application/json"), encodeQuery(map).getBytes(StandardCharsets.UTF_8), Instant.now(), awsCredentials, str3);
    }

    public static HttpRequest.Builder amzJsonCall(String str, String str2, String str3, String str4, AwsCredentials awsCredentials, String str5) {
        return post(str, str2, Map.of("Content-Type", "application/x-amz-json-1.1", "X-Amz-Target", str3), str4.getBytes(StandardCharsets.UTF_8), awsCredentials, str5);
    }

    private static String normalizeSpaces(String str) {
        return str.replaceAll("\\s+", " ").trim();
    }

    public static String hex(byte[] bArr) {
        return HexFormat.of().formatHex(bArr);
    }

    private static byte[] sha256(byte[] bArr) throws Exception {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        if (bArr != null) {
            messageDigest.update(bArr);
        }
        return messageDigest.digest();
    }

    public static byte[] hmac(byte[] bArr, String str) throws Exception {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
        return mac.doFinal(str.getBytes(StandardCharsets.UTF_8));
    }

    static {
        StringBuilder sb = new StringBuilder();
        sb.append(Pattern.quote("+")).append("|").append(Pattern.quote("*")).append("|").append(Pattern.quote("%7E")).append("|").append(Pattern.quote("%2F"));
        ENCODED_CHARACTERS_PATTERN = Pattern.compile(sb.toString());
    }
}
