package org.gaul.s3proxy;

import com.fasterxml.jackson.core.util.Separators;
import com.google.common.base.Joiner;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.TreeMultimap;
import com.google.common.io.BaseEncoding;
import com.google.common.net.HttpHeaders;
import com.google.common.net.PercentEscaper;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.HttpMethod;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import javax.annotation.Nullable;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.jclouds.glacier.util.AWSRequestSignerV4;
import org.jclouds.s3.filters.AwsSignatureV4Constants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gaul/s3proxy/AwsSignature.class */
final class AwsSignature {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AwsSignature.class);
    private static final PercentEscaper AWS_URL_PARAMETER_ESCAPER = new PercentEscaper("-_.~", false);
    private static final Set<String> SIGNED_SUBRESOURCES = ImmutableSet.of("acl", "delete", "lifecycle", "location", "logging", "notification", "partNumber", "policy", "requestPayment", "response-cache-control", "response-content-disposition", "response-content-encoding", "response-content-language", "response-content-type", "response-expires", "torrent", "uploadId", "uploads", "versionId", "versioning", "versions", "website");
    private static final Pattern REPEATING_WHITESPACE = Pattern.compile("\\s+");

    private AwsSignature() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String createAuthorizationSignature(HttpServletRequest httpServletRequest, String str, String str2, boolean z, boolean z2) {
        TreeMultimap create = TreeMultimap.create();
        Iterator it = Collections.list(httpServletRequest.getHeaderNames()).iterator();
        while (it.hasNext()) {
            String str3 = (String) it.next();
            ArrayList list = Collections.list(httpServletRequest.getHeaders(str3));
            String lowerCase = str3.toLowerCase();
            if (lowerCase.startsWith("x-amz-") && (!z2 || !lowerCase.equalsIgnoreCase("x-amz-date"))) {
                if (list.isEmpty()) {
                    create.put(lowerCase, "");
                }
                Iterator it2 = list.iterator();
                while (it2.hasNext()) {
                    create.put(lowerCase, Strings.nullToEmpty((String) it2.next()));
                }
            }
        }
        StringBuilder append = new StringBuilder().append(httpServletRequest.getMethod()).append('\n').append(Strings.nullToEmpty(httpServletRequest.getHeader(HttpHeaders.CONTENT_MD5))).append('\n').append(Strings.nullToEmpty(httpServletRequest.getHeader("Content-Type"))).append('\n');
        String parameter = httpServletRequest.getParameter("Expires");
        if (z) {
            append.append(Strings.nullToEmpty(parameter));
        } else if (z2) {
            if (!create.containsKey("x-amz-date")) {
                append.append(httpServletRequest.getHeader("x-amz-date"));
            }
        } else if (create.containsKey("x-amz-date")) {
            append.append("");
        } else {
            append.append(httpServletRequest.getHeader("Date"));
        }
        append.append('\n');
        Iterator it3 = create.entries().iterator();
        while (it3.hasNext()) {
            Map.Entry entry = (Map.Entry) it3.next();
            append.append((String) entry.getKey()).append(':').append((String) entry.getValue()).append('\n');
        }
        append.append(str);
        char c = '?';
        ArrayList<String> list2 = Collections.list(httpServletRequest.getParameterNames());
        Collections.sort(list2);
        for (String str4 : list2) {
            if (SIGNED_SUBRESOURCES.contains(str4)) {
                append.append(c).append(str4);
                String parameter2 = httpServletRequest.getParameter(str4);
                if (!"".equals(parameter2)) {
                    append.append('=').append(parameter2);
                }
                c = '&';
            }
        }
        String sb = append.toString();
        logger.trace("stringToSign: {}", sb);
        try {
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(new SecretKeySpec(str2.getBytes(StandardCharsets.UTF_8), "HmacSHA1"));
            return Base64.getEncoder().encodeToString(mac.doFinal(sb.getBytes(StandardCharsets.UTF_8)));
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private static byte[] signMessage(byte[] bArr, byte[] bArr2, String str) throws InvalidKeyException, NoSuchAlgorithmException {
        Mac mac = Mac.getInstance(str);
        mac.init(new SecretKeySpec(bArr2, str));
        return mac.doFinal(bArr);
    }

    private static String getMessageDigest(byte[] bArr, String str) throws NoSuchAlgorithmException {
        return BaseEncoding.base16().lowerCase().encode(MessageDigest.getInstance(str).digest(bArr));
    }

    @Nullable
    private static List<String> extractSignedHeaders(String str) {
        int indexOf;
        int indexOf2 = str.indexOf("SignedHeaders=");
        if (indexOf2 >= 0 && (indexOf = str.indexOf(44, indexOf2)) >= 0) {
            return Splitter.on(';').splitToList(str.substring(str.indexOf(61, indexOf2) + 1, indexOf));
        }
        return null;
    }

    private static String buildCanonicalHeaders(HttpServletRequest httpServletRequest, List<String> list) {
        ArrayList<String> arrayList = new ArrayList(list.size());
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().toLowerCase());
        }
        Collections.sort(arrayList);
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        for (String str : arrayList) {
            if (z) {
                z = false;
            } else {
                sb.append('\n');
            }
            sb.append(str);
            sb.append(':');
            boolean z2 = true;
            Iterator it2 = Collections.list(httpServletRequest.getHeaders(str)).iterator();
            while (it2.hasNext()) {
                String str2 = (String) it2.next();
                if (z2) {
                    z2 = false;
                } else {
                    sb.append(',');
                }
                String trim = str2.trim();
                if (!trim.startsWith("\"")) {
                    trim = REPEATING_WHITESPACE.matcher(trim).replaceAll(Separators.DEFAULT_ROOT_VALUE_SEPARATOR);
                }
                sb.append(trim);
            }
        }
        return sb.toString();
    }

    private static String buildCanonicalQueryString(HttpServletRequest httpServletRequest) {
        ArrayList<String> list = Collections.list(httpServletRequest.getParameterNames());
        Collections.sort(list);
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            if (!str.equals(AwsSignatureV4Constants.AMZ_SIGNATURE_PARAM)) {
                arrayList.add(AWS_URL_PARAMETER_ESCAPER.escape(str) + "=" + AWS_URL_PARAMETER_ESCAPER.escape(httpServletRequest.getParameter(str)));
            }
        }
        return Joiner.on("&").join(arrayList);
    }

    private static String createCanonicalRequest(HttpServletRequest httpServletRequest, String str, byte[] bArr, String str2) throws IOException, NoSuchAlgorithmException {
        String header;
        String header2 = httpServletRequest.getHeader("Authorization");
        String header3 = httpServletRequest.getHeader("x-amz-content-sha256");
        if (header3 == null) {
            header3 = httpServletRequest.getParameter(AwsSignatureV4Constants.AMZ_SIGNEDHEADERS_PARAM);
        }
        String messageDigest = header2 == null ? AwsSignatureV4Constants.UNSIGNED_PAYLOAD : AwsSignatureV4Constants.STREAMING_BODY_SHA256.equals(header3) ? AwsSignatureV4Constants.STREAMING_BODY_SHA256 : AwsSignatureV4Constants.UNSIGNED_PAYLOAD.equals(header3) ? AwsSignatureV4Constants.UNSIGNED_PAYLOAD : getMessageDigest(bArr, str2);
        List<String> extractSignedHeaders = header2 != null ? extractSignedHeaders(header2) : Splitter.on(';').splitToList(httpServletRequest.getParameter(AwsSignatureV4Constants.AMZ_SIGNEDHEADERS_PARAM));
        String method = httpServletRequest.getMethod();
        if (HttpMethod.OPTIONS.equals(method) && (header = httpServletRequest.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD)) != null) {
            method = header;
        }
        return getMessageDigest(Joiner.on("\n").join(method, str, buildCanonicalQueryString(httpServletRequest), buildCanonicalHeaders(httpServletRequest, extractSignedHeaders) + "\n", Joiner.on(';').join(extractSignedHeaders), messageDigest).getBytes(StandardCharsets.UTF_8), str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String createAuthorizationSignatureV4(HttpServletRequest httpServletRequest, S3AuthorizationHeader s3AuthorizationHeader, byte[] bArr, String str, String str2) throws InvalidKeyException, IOException, NoSuchAlgorithmException, S3Exception {
        String createCanonicalRequest = createCanonicalRequest(httpServletRequest, str, bArr, s3AuthorizationHeader.getHashAlgorithm());
        String hmacAlgorithm = s3AuthorizationHeader.getHmacAlgorithm();
        byte[] signMessage = signMessage(AWSRequestSignerV4.TERMINATION_STRING.getBytes(StandardCharsets.UTF_8), signMessage(s3AuthorizationHeader.getService().getBytes(StandardCharsets.UTF_8), signMessage(s3AuthorizationHeader.getRegion().getBytes(StandardCharsets.UTF_8), signMessage(s3AuthorizationHeader.getDate().getBytes(StandardCharsets.UTF_8), ("AWS4" + str2).getBytes(StandardCharsets.UTF_8), hmacAlgorithm), hmacAlgorithm), hmacAlgorithm), hmacAlgorithm);
        String header = httpServletRequest.getHeader("x-amz-date");
        if (header == null) {
            header = httpServletRequest.getParameter("X-Amz-Date");
        }
        return BaseEncoding.base16().lowerCase().encode(signMessage(("AWS4-HMAC-SHA256\n" + header + "\n" + s3AuthorizationHeader.getDate() + "/" + s3AuthorizationHeader.getRegion() + "/s3/aws4_request\n" + createCanonicalRequest).getBytes(StandardCharsets.UTF_8), signMessage, hmacAlgorithm));
    }
}
