package com.github.davidmoten.aws.lw.client.internal.auth;

import com.github.davidmoten.aws.lw.client.internal.util.Util;
import com.github.davidmoten.xml.Preconditions;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Locale;
import java.util.Map;
import java.util.SimpleTimeZone;
import java.util.TreeMap;
import java.util.stream.Collectors;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/github/davidmoten/aws/lw/client/internal/auth/Aws4SignerBase.class */
public abstract class Aws4SignerBase {
    private static final String ALGORITHM_HMAC_SHA256 = "HmacSHA256";
    public static final String EMPTY_BODY_SHA256 = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
    public static final String UNSIGNED_PAYLOAD = "UNSIGNED-PAYLOAD";
    public static final String SCHEME = "AWS4";
    public static final String ALGORITHM = "HMAC-SHA256";
    public static final String TERMINATOR = "aws4_request";
    public static final String ISO8601BasicFormat = "yyyyMMdd'T'HHmmss'Z'";
    public static final String DateStringFormat = "yyyyMMdd";
    protected URL endpointUrl;
    protected String httpMethod;
    protected String serviceName;
    protected String regionName;
    protected final SimpleDateFormat dateTimeFormat = new SimpleDateFormat(ISO8601BasicFormat);
    protected final SimpleDateFormat dateStampFormat;

    public Aws4SignerBase(URL url, String str, String str2, String str3) {
        this.endpointUrl = url;
        this.httpMethod = str;
        this.serviceName = str2;
        this.regionName = str3;
        this.dateTimeFormat.setTimeZone(new SimpleTimeZone(0, "UTC"));
        this.dateStampFormat = new SimpleDateFormat(DateStringFormat);
        this.dateStampFormat.setTimeZone(new SimpleTimeZone(0, "UTC"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getCanonicalizeHeaderNames(Map<String, String> map) {
        ArrayList<String> arrayList = new ArrayList();
        arrayList.addAll(map.keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            if (sb.length() > 0) {
                sb.append(";");
            }
            sb.append(str.toLowerCase(Locale.ENGLISH));
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getCanonicalizedHeaderString(Map<String, String> map) {
        if (map == null || map.isEmpty()) {
            return "";
        }
        ArrayList<String> arrayList = new ArrayList();
        arrayList.addAll(map.keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            sb.append(str.toLowerCase(Locale.ENGLISH).replaceAll("\\s+", " ") + ":" + map.get(str).replaceAll("\\s+", " "));
            sb.append("\n");
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getCanonicalRequest(URL url, String str, String str2, String str3, String str4, String str5) {
        return str + "\n" + getCanonicalizedResourcePath(url) + "\n" + str2 + "\n" + str4 + "\n" + str3 + "\n" + str5;
    }

    protected static String getCanonicalizedResourcePath(URL url) {
        Preconditions.checkNotNull(url);
        String path = url.getPath();
        if (path.isEmpty()) {
            return "/";
        }
        String urlEncode = Util.urlEncode(path, true);
        return urlEncode.startsWith("/") ? urlEncode : "/".concat(urlEncode);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getCanonicalizedQueryString(Map<String, String> map) {
        if (map == null || map.isEmpty()) {
            return "";
        }
        TreeMap treeMap = new TreeMap();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            treeMap.put(Util.urlEncode(entry.getKey(), false), Util.urlEncode(entry.getValue(), false));
        }
        return (String) treeMap.entrySet().stream().map(entry2 -> {
            return ((String) entry2.getKey()) + "=" + ((String) entry2.getValue());
        }).collect(Collectors.joining("&"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getStringToSign(String str, String str2, String str3, String str4, String str5) {
        return str + "-" + str2 + "\n" + str3 + "\n" + str4 + "\n" + Util.toHex(sha256(str5));
    }

    public static byte[] sha256(String str) {
        return sha256(str.getBytes(StandardCharsets.UTF_8));
    }

    public static byte[] sha256(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Unable to compute sha256 hash: " + e.getMessage(), e);
        }
    }

    public static byte[] sign(String str, byte[] bArr) {
        try {
            byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
            Mac mac = Mac.getInstance(ALGORITHM_HMAC_SHA256);
            mac.init(new SecretKeySpec(bArr, ALGORITHM_HMAC_SHA256));
            return mac.doFinal(bytes);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new RuntimeException("Unable to calculate a request signature: " + e.getMessage(), e);
        }
    }
}
