package software.amazon.msk.auth.iam.internals;

import aws_msk_iam_auth_shadow.com.amazonaws.DefaultRequest;
import aws_msk_iam_auth_shadow.com.amazonaws.auth.AWS4Signer;
import aws_msk_iam_auth_shadow.com.amazonaws.auth.internal.SignerConstants;
import aws_msk_iam_auth_shadow.com.amazonaws.http.HttpMethodName;
import aws_msk_iam_auth_shadow.com.fasterxml.jackson.databind.ObjectMapper;
import aws_msk_iam_auth_shadow.org.slf4j.Logger;
import aws_msk_iam_auth_shadow.org.slf4j.LoggerFactory;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.time.Instant;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringJoiner;
import java.util.concurrent.TimeUnit;
import java.util.stream.Stream;
import lombok.NonNull;

/* loaded from: input_file:software/amazon/msk/auth/iam/internals/AWS4SignedPayloadGenerator.class */
class AWS4SignedPayloadGenerator implements SignedPayloadGenerator {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AWS4SignedPayloadGenerator.class);
    private static final String ACTION_KEY = "Action";
    private static final String ACTION_VALUE = "kafka-cluster:Connect";
    private static final String VERSION_KEY = "version";
    private static final String USER_AGENT_KEY = "user-agent";
    private static final int EXPIRY_DURATION_MINUTES = 15;

    @Override // software.amazon.msk.auth.iam.internals.SignedPayloadGenerator
    public byte[] signedPayload(@NonNull AuthenticationRequestParams authenticationRequestParams) throws PayloadGenerationException {
        if (authenticationRequestParams == null) {
            throw new NullPointerException("params is marked non-null but is null");
        }
        AWS4Signer configuredSigner = getConfiguredSigner(authenticationRequestParams);
        DefaultRequest createRequestForSigning = createRequestForSigning(authenticationRequestParams);
        configuredSigner.presignRequest(createRequestForSigning, authenticationRequestParams.getAwsCredentials(), getExpiryDate());
        try {
            return toPayloadBytes(createRequestForSigning, authenticationRequestParams);
        } catch (IOException e) {
            throw new PayloadGenerationException("Failure to create authentication payload ", e);
        }
    }

    private DefaultRequest createRequestForSigning(AuthenticationRequestParams authenticationRequestParams) {
        DefaultRequest defaultRequest = new DefaultRequest(authenticationRequestParams.getServiceScope());
        defaultRequest.setHttpMethod(HttpMethodName.GET);
        try {
            defaultRequest.setEndpoint(new URI("kafka://" + authenticationRequestParams.getHost()));
            defaultRequest.addParameter("Action", ACTION_VALUE);
            return defaultRequest;
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException("Failed to parse host URI", e);
        }
    }

    private Date getExpiryDate() {
        return java.sql.Date.from(Instant.ofEpochMilli(Instant.now().toEpochMilli() + TimeUnit.MINUTES.toMillis(15L)));
    }

    private AWS4Signer getConfiguredSigner(AuthenticationRequestParams authenticationRequestParams) {
        AWS4Signer aWS4Signer = new AWS4Signer();
        aWS4Signer.setServiceName(authenticationRequestParams.getServiceScope());
        aWS4Signer.setRegionName(authenticationRequestParams.getRegion().getName());
        if (log.isDebugEnabled()) {
            log.debug("Signer configured for {} service and {} region", aWS4Signer.getServiceName(), aWS4Signer.getRegionName());
        }
        return aWS4Signer;
    }

    private byte[] toPayloadBytes(DefaultRequest defaultRequest, AuthenticationRequestParams authenticationRequestParams) throws IOException {
        return new ObjectMapper().writeValueAsBytes(toKeyValueMap(defaultRequest, authenticationRequestParams));
    }

    private Map<String, String> toKeyValueMap(DefaultRequest defaultRequest, AuthenticationRequestParams authenticationRequestParams) {
        HashMap hashMap = new HashMap();
        defaultRequest.getParameters().entrySet().stream().forEach(entry -> {
        });
        hashMap.put("version", authenticationRequestParams.getVersion());
        hashMap.put(USER_AGENT_KEY, authenticationRequestParams.getUserAgent());
        defaultRequest.getHeaders().entrySet().stream().forEach(entry2 -> {
        });
        return hashMap;
    }

    private String generateParameterValue(String str, List<String> list) {
        if (list.isEmpty()) {
            return "";
        }
        if (list.size() <= 1) {
            return list.get(0);
        }
        if (!SignerConstants.X_AMZ_SIGNED_HEADER.equals(str)) {
            throw new IllegalArgumentException("Unexpected number of arguments " + list.size() + " for query parameter " + str);
        }
        StringJoiner stringJoiner = new StringJoiner(";");
        Stream<String> stream = list.stream();
        stringJoiner.getClass();
        stream.forEach((v1) -> {
            r1.add(v1);
        });
        return stringJoiner.toString();
    }
}
