package zipkin.module.aws.elasticsearch;

import com.amazonaws.auth.internal.SignerConstants;
import com.amazonaws.services.s3.Headers;
import com.amazonaws.util.StringUtils;
import com.linecorp.armeria.client.ClientRequestContext;
import com.linecorp.armeria.client.HttpClient;
import com.linecorp.armeria.client.SimpleDecoratingHttpClient;
import com.linecorp.armeria.common.AggregatedHttpRequest;
import com.linecorp.armeria.common.AggregationOptions;
import com.linecorp.armeria.common.HttpData;
import com.linecorp.armeria.common.HttpHeaderNames;
import com.linecorp.armeria.common.HttpRequest;
import com.linecorp.armeria.common.HttpResponse;
import com.linecorp.armeria.common.RequestHeaders;
import com.linecorp.armeria.common.RequestHeadersBuilder;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufHolder;
import io.netty.buffer.ByteBufUtil;
import io.netty.util.AsciiString;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.TimeZone;
import java.util.function.Function;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import zipkin.module.aws.elasticsearch.AWSCredentials;

/* loaded from: input_file:zipkin/module/aws/elasticsearch/AWSSignatureVersion4.class */
final class AWSSignatureVersion4 extends SimpleDecoratingHttpClient {
    static final String EMPTY_STRING_HASH = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
    static final String SERVICE = "es";
    final String region;
    final byte[] regionBytes;
    final AWSCredentials.Provider credentials;
    static final AsciiString X_AMZ_DATE = HttpHeaderNames.of(Headers.S3_ALTERNATE_DATE);
    static final AsciiString X_AMZ_SECURITY_TOKEN = HttpHeaderNames.of(Headers.SECURITY_TOKEN);
    static final AsciiString[] OTHER_CANONICAL_HEADERS = {X_AMZ_DATE, X_AMZ_SECURITY_TOKEN};
    static final String HOST_DATE = String.valueOf(HttpHeaderNames.HOST) + ";" + String.valueOf(X_AMZ_DATE);
    static final String HOST_DATE_TOKEN = HOST_DATE + ";" + String.valueOf(X_AMZ_SECURITY_TOKEN);
    static final byte[] SERVICE_BYTES = {101, 115};
    static final byte[] AWS4_REQUEST = SignerConstants.AWS4_TERMINATOR.getBytes(StandardCharsets.UTF_8);
    static final ThreadLocal<SimpleDateFormat> iso8601 = ThreadLocal.withInitial(() -> {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMdd'T'HHmmss'Z'");
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
        return simpleDateFormat;
    });

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Function<HttpClient, HttpClient> newDecorator(String str, AWSCredentials.Provider provider) {
        return httpClient -> {
            return new AWSSignatureVersion4(httpClient, str, provider);
        };
    }

    AWSSignatureVersion4(HttpClient httpClient, String str, AWSCredentials.Provider provider) {
        super(httpClient);
        if (str == null) {
            throw new NullPointerException("region == null");
        }
        if (provider == null) {
            throw new NullPointerException("credentials == null");
        }
        this.region = str;
        this.regionBytes = str.getBytes(StandardCharsets.UTF_8);
        this.credentials = provider;
    }

    public HttpResponse execute(ClientRequestContext clientRequestContext, HttpRequest httpRequest) {
        return HttpResponse.of(httpRequest.aggregate(AggregationOptions.usePooledObjects(clientRequestContext.alloc())).thenApply(aggregatedHttpRequest -> {
            try {
                HttpRequest httpRequest2 = sign(clientRequestContext, aggregatedHttpRequest).toHttpRequest();
                clientRequestContext.updateRequest(httpRequest2);
                return unwrap().execute(clientRequestContext, httpRequest2);
            } catch (Exception e) {
                return HttpResponse.ofFailure(e);
            }
        }));
    }

    static void writeCanonicalString(ClientRequestContext clientRequestContext, RequestHeaders requestHeaders, HttpData httpData, ByteBuf byteBuf) {
        ByteBufUtil.writeUtf8(byteBuf, clientRequestContext.method().name());
        byteBuf.writeByte(10);
        ByteBufUtil.writeUtf8(byteBuf, clientRequestContext.path().replace("*", "%2A").replace(StringUtils.COMMA_SEPARATOR, "%2C").replace(":", "%3A"));
        byteBuf.writeByte(10);
        String query = clientRequestContext.query();
        if (query != null) {
            ByteBufUtil.writeUtf8(byteBuf, query);
        }
        byteBuf.writeByte(10);
        ByteBuf buffer = clientRequestContext.alloc().buffer();
        writeCanonicalHeaderValue(HttpHeaderNames.HOST, host(requestHeaders, clientRequestContext), buffer, byteBuf);
        try {
            for (CharSequence charSequence : OTHER_CANONICAL_HEADERS) {
                String str = requestHeaders.get(charSequence);
                if (str != null) {
                    writeCanonicalHeaderValue(charSequence, str, buffer, byteBuf);
                }
            }
            byteBuf.writeByte(10);
            buffer.readByte();
            byteBuf.writeBytes(buffer);
            buffer.release();
            byteBuf.writeByte(10);
            if (httpData.isEmpty()) {
                ByteBufUtil.writeUtf8(byteBuf, EMPTY_STRING_HASH);
            } else {
                ByteBufUtil.writeUtf8(byteBuf, ByteBufUtil.hexDump(sha256(httpData)));
            }
        } catch (Throwable th) {
            buffer.release();
            throw th;
        }
    }

    static void writeCanonicalHeaderValue(AsciiString asciiString, String str, ByteBuf byteBuf, ByteBuf byteBuf2) {
        ByteBufUtil.writeUtf8(byteBuf2, asciiString);
        byteBuf2.writeByte(58);
        ByteBufUtil.writeUtf8(byteBuf2, str);
        byteBuf2.writeByte(10);
        byteBuf.writeByte(59);
        ByteBufUtil.writeUtf8(byteBuf, asciiString);
    }

    static void writeToSign(String str, String str2, ByteBuf byteBuf, ByteBuf byteBuf2) {
        ByteBufUtil.writeUtf8(byteBuf2, "AWS4-HMAC-SHA256\n");
        ByteBufUtil.writeUtf8(byteBuf2, str);
        byteBuf2.writeByte(10);
        ByteBufUtil.writeUtf8(byteBuf2, str2);
        byteBuf2.writeByte(10);
        ByteBufUtil.writeUtf8(byteBuf2, ByteBufUtil.hexDump(sha256(byteBuf.nioBuffer())));
    }

    static byte[] sha256(HttpData httpData) {
        return sha256(httpData instanceof ByteBufHolder ? ((ByteBufHolder) httpData).content().nioBuffer() : ByteBuffer.wrap(httpData.array()));
    }

    static byte[] sha256(ByteBuffer byteBuffer) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.SHA_256);
            messageDigest.update(byteBuffer);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError();
        }
    }

    AggregatedHttpRequest sign(ClientRequestContext clientRequestContext, AggregatedHttpRequest aggregatedHttpRequest) {
        AWSCredentials aWSCredentials = this.credentials.get();
        if (aWSCredentials == null) {
            throw new NullPointerException("credentials == null");
        }
        String format = iso8601.get().format(new Date());
        String substring = format.substring(0, 8);
        String credentialScope = credentialScope(substring, this.region);
        RequestHeadersBuilder requestHeadersBuilder = aggregatedHttpRequest.headers().toBuilder().set(X_AMZ_DATE, format);
        String authority = aggregatedHttpRequest.authority();
        int i = -1;
        if (authority != null) {
            i = authority.indexOf(58);
        }
        if (i != -1 && ((clientRequestContext.sessionProtocol().isTls() && authority.endsWith(":443")) || (!clientRequestContext.sessionProtocol().isTls() && authority.endsWith(":80")))) {
            requestHeadersBuilder.authority(authority.substring(0, i));
        }
        if (aWSCredentials.sessionToken != null) {
            requestHeadersBuilder.set(X_AMZ_SECURITY_TOKEN, aWSCredentials.sessionToken);
        }
        String str = aWSCredentials.sessionToken == null ? HOST_DATE : HOST_DATE_TOKEN;
        ByteBuf heapBuffer = clientRequestContext.alloc().heapBuffer();
        ByteBuf heapBuffer2 = clientRequestContext.alloc().heapBuffer();
        try {
            writeCanonicalString(clientRequestContext, requestHeadersBuilder.build(), aggregatedHttpRequest.content(), heapBuffer);
            writeToSign(format, credentialScope, heapBuffer, heapBuffer2);
            AggregatedHttpRequest of = AggregatedHttpRequest.of(requestHeadersBuilder.add(HttpHeaderNames.AUTHORIZATION, "AWS4-HMAC-SHA256 Credential=" + aWSCredentials.accessKey + "/" + credentialScope + ", SignedHeaders=" + str + ", Signature=" + ByteBufUtil.hexDump(hmacSha256(signatureKey(aWSCredentials.secretKey, substring), heapBuffer2.nioBuffer()))).build(), aggregatedHttpRequest.content(), aggregatedHttpRequest.trailers());
            heapBuffer.release();
            heapBuffer2.release();
            return of;
        } catch (Throwable th) {
            heapBuffer.release();
            heapBuffer2.release();
            throw th;
        }
    }

    static String credentialScope(String str, String str2) {
        return "%s/%s/%s/%s".formatted(str, str2, SERVICE, SignerConstants.AWS4_TERMINATOR);
    }

    byte[] signatureKey(String str, String str2) {
        return hmacSha256(hmacSha256(hmacSha256(hmacSha256(("AWS4" + str).getBytes(StandardCharsets.UTF_8), str2.getBytes(StandardCharsets.UTF_8)), this.regionBytes), SERVICE_BYTES), AWS4_REQUEST);
    }

    static byte[] hmacSha256(byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
            mac.update(bArr2);
            return mac.doFinal();
        } catch (InvalidKeyException e) {
            throw new IllegalArgumentException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AssertionError();
        }
    }

    static byte[] hmacSha256(byte[] bArr, ByteBuffer byteBuffer) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
            mac.update(byteBuffer);
            return mac.doFinal();
        } catch (InvalidKeyException e) {
            throw new IllegalArgumentException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AssertionError();
        }
    }

    static String host(RequestHeaders requestHeaders, ClientRequestContext clientRequestContext) {
        String str = requestHeaders.get(HttpHeaderNames.AUTHORITY);
        if (str == null) {
            str = clientRequestContext.additionalRequestHeaders().get(HttpHeaderNames.AUTHORITY);
        }
        if (str == null) {
            str = clientRequestContext.endpoint().host();
        }
        int indexOf = str.indexOf(58);
        if (indexOf >= 0) {
            str = str.substring(0, indexOf);
        }
        return str;
    }
}
