package com.github.davidmoten.aws.lw.client.internal.auth;

import com.github.davidmoten.aws.lw.client.internal.Clock;
import com.github.davidmoten.aws.lw.client.internal.util.Preconditions;
import com.github.davidmoten.aws.lw.client.internal.util.Util;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Locale;
import java.util.Map;
import java.util.SimpleTimeZone;
import java.util.TreeMap;
import java.util.stream.Collectors;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/github/davidmoten/aws/lw/client/internal/auth/AwsSignatureVersion4.class */
public final class AwsSignatureVersion4 {
    static final String ALGORITHM_HMAC_SHA256 = "HmacSHA256";
    public static final String EMPTY_BODY_SHA256 = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
    public static final String UNSIGNED_PAYLOAD = "UNSIGNED-PAYLOAD";
    public static final String SCHEME = "AWS4";
    public static final String ALGORITHM = "HMAC-SHA256";
    public static final String TERMINATOR = "aws4_request";
    private static final String ISO8601BasicFormat = "yyyyMMdd'T'HHmmss'Z'";
    private static final String DateStringFormat = "yyyyMMdd";

    private AwsSignatureVersion4() {
    }

    public static String computeSignatureForQueryAuth(URL url, String str, String str2, String str3, Clock clock, Map<String, String> map, Map<String, String> map2, String str4, String str5, String str6) {
        Date date = new Date(clock.time());
        String format = dateTimeFormat().format(date);
        String host = url.getHost();
        int port = url.getPort();
        if (port > -1) {
            host = host.concat(":" + port);
        }
        map.put("Host", host);
        String canonicalizeHeaderNames = getCanonicalizeHeaderNames(map);
        String canonicalizedHeaderString = getCanonicalizedHeaderString(map);
        String format2 = dateStampFormat().format(date);
        String str7 = format2 + "/" + str3 + "/" + str2 + "/" + TERMINATOR;
        map2.put("X-Amz-Algorithm", "AWS4-HMAC-SHA256");
        map2.put("X-Amz-Credential", str5 + "/" + str7);
        map2.put("X-Amz-Date", format);
        map2.put("X-Amz-SignedHeaders", canonicalizeHeaderNames);
        byte[] sign = sign(getStringToSign(SCHEME, ALGORITHM, format, str7, getCanonicalRequest(url, str, getCanonicalizedQueryString(map2), canonicalizeHeaderNames, canonicalizedHeaderString, str4)), sign(TERMINATOR, sign(str2, sign(str3, sign(format2, (SCHEME + str6).getBytes(StandardCharsets.UTF_8))))));
        StringBuilder sb = new StringBuilder();
        sb.append("X-Amz-Algorithm=" + map2.get("X-Amz-Algorithm"));
        sb.append("&X-Amz-Credential=" + map2.get("X-Amz-Credential"));
        sb.append("&X-Amz-Date=" + map2.get("X-Amz-Date"));
        sb.append("&X-Amz-Expires=" + map2.get("X-Amz-Expires"));
        sb.append("&X-Amz-SignedHeaders=" + map2.get("X-Amz-SignedHeaders"));
        sb.append("&X-Amz-Signature=" + Util.toHex(sign));
        return sb.toString();
    }

    public static String computeSignatureForAuthorizationHeader(URL url, String str, String str2, String str3, Clock clock, Map<String, String> map, Map<String, String> map2, String str4, String str5, String str6) {
        Preconditions.checkNotNull(map);
        Preconditions.checkNotNull(map2);
        SimpleDateFormat dateTimeFormat = dateTimeFormat();
        SimpleDateFormat dateStampFormat = dateStampFormat();
        Date date = new Date(clock.time());
        String format = dateTimeFormat.format(date);
        map.put("x-amz-date", format);
        String host = url.getHost();
        int port = url.getPort();
        if (port > -1) {
            host = host.concat(":" + port);
        }
        map.put("Host", host);
        String canonicalizeHeaderNames = getCanonicalizeHeaderNames(map);
        String canonicalRequest = getCanonicalRequest(url, str, getCanonicalizedQueryString(map2), canonicalizeHeaderNames, getCanonicalizedHeaderString(map), str4);
        String format2 = dateStampFormat.format(date);
        String str7 = format2 + "/" + str3 + "/" + str2 + "/" + TERMINATOR;
        byte[] sign = sign(getStringToSign(SCHEME, ALGORITHM, format, str7, canonicalRequest), sign(TERMINATOR, sign(str2, sign(str3, sign(format2, (SCHEME + str6).getBytes(StandardCharsets.UTF_8))))));
        return "AWS4-HMAC-SHA256 " + ("Credential=" + str5 + "/" + str7) + ", " + ("SignedHeaders=" + canonicalizeHeaderNames) + ", " + ("Signature=" + Util.toHex(sign));
    }

    static SimpleDateFormat dateTimeFormat() {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(ISO8601BasicFormat);
        simpleDateFormat.setTimeZone(new SimpleTimeZone(0, "UTC"));
        return simpleDateFormat;
    }

    static SimpleDateFormat dateStampFormat() {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(DateStringFormat);
        simpleDateFormat.setTimeZone(new SimpleTimeZone(0, "UTC"));
        return simpleDateFormat;
    }

    static String getCanonicalizeHeaderNames(Map<String, String> map) {
        ArrayList<String> arrayList = new ArrayList();
        arrayList.addAll(map.keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            if (sb.length() > 0) {
                sb.append(";");
            }
            sb.append(str.toLowerCase(Locale.ENGLISH));
        }
        return sb.toString();
    }

    static String getCanonicalizedHeaderString(Map<String, String> map) {
        ArrayList<String> arrayList = new ArrayList();
        arrayList.addAll(map.keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            sb.append(str.toLowerCase(Locale.ENGLISH).replaceAll("\\s+", " ") + ":" + map.get(str).replaceAll("\\s+", " "));
            sb.append("\n");
        }
        return sb.toString();
    }

    static String getCanonicalRequest(URL url, String str, String str2, String str3, String str4, String str5) {
        return str + "\n" + getCanonicalizedResourcePath(url) + "\n" + str2 + "\n" + str4 + "\n" + str3 + "\n" + str5;
    }

    static String getCanonicalizedResourcePath(URL url) {
        Preconditions.checkNotNull(url);
        String path = url.getPath();
        return path.isEmpty() ? "/" : Util.urlEncode(path, true);
    }

    static String getCanonicalizedQueryString(Map<String, String> map) {
        TreeMap treeMap = new TreeMap();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            treeMap.put(Util.urlEncode(entry.getKey(), false), Util.urlEncode(entry.getValue(), false));
        }
        return (String) treeMap.entrySet().stream().map(entry2 -> {
            return ((String) entry2.getKey()) + "=" + ((String) entry2.getValue());
        }).collect(Collectors.joining("&"));
    }

    static String getStringToSign(String str, String str2, String str3, String str4, String str5) {
        return str + "-" + str2 + "\n" + str3 + "\n" + str4 + "\n" + Util.toHex(Util.sha256(str5));
    }

    static byte[] sign(String str, byte[] bArr) {
        return sign(str, bArr, ALGORITHM_HMAC_SHA256);
    }

    static byte[] sign(String str, byte[] bArr, String str2) {
        try {
            byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
            Mac mac = Mac.getInstance(str2);
            mac.init(new SecretKeySpec(bArr, str2));
            return mac.doFinal(bytes);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
}
