package software.amazon.msk.auth.iam.internals;

import aws_msk_iam_auth_shadow.com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringJoiner;
import java.util.stream.Stream;
import lombok.NonNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.auth.signer.Aws4Signer;
import software.amazon.awssdk.auth.signer.params.Aws4PresignerParams;
import software.amazon.awssdk.http.SdkHttpFullRequest;
import software.amazon.awssdk.http.SdkHttpMethod;
import software.amazon.awssdk.http.auth.aws.internal.signer.util.SignerConstant;

/* loaded from: input_file:software/amazon/msk/auth/iam/internals/AWS4SignedPayloadGenerator.class */
public class AWS4SignedPayloadGenerator implements SignedPayloadGenerator {
    private static final Logger log = LoggerFactory.getLogger(AWS4SignedPayloadGenerator.class);
    private static final String ACTION_KEY = "Action";
    private static final String ACTION_VALUE = "kafka-cluster:Connect";
    private static final String VERSION_KEY = "version";
    private static final String USER_AGENT_KEY = "user-agent";
    private static final String PROTOCOL = "https";
    private static final int EXPIRY_DURATION_MINUTES = 15;

    @Override // software.amazon.msk.auth.iam.internals.SignedPayloadGenerator
    public byte[] signedPayload(@NonNull AuthenticationRequestParams authenticationRequestParams) throws PayloadGenerationException {
        if (authenticationRequestParams == null) {
            throw new NullPointerException("params is marked non-null but is null");
        }
        try {
            return toPayloadBytes(presignRequest(authenticationRequestParams), authenticationRequestParams);
        } catch (IOException e) {
            throw new PayloadGenerationException("Failure to create authentication payload ", e);
        }
    }

    public SdkHttpFullRequest presignRequest(@NonNull AuthenticationRequestParams authenticationRequestParams) {
        if (authenticationRequestParams == null) {
            throw new NullPointerException("params is marked non-null but is null");
        }
        return Aws4Signer.create().presign(createRequestForSigning(authenticationRequestParams), createSigningParams(authenticationRequestParams));
    }

    private SdkHttpFullRequest createRequestForSigning(AuthenticationRequestParams authenticationRequestParams) {
        return SdkHttpFullRequest.builder().method(SdkHttpMethod.GET).protocol("https").host(authenticationRequestParams.getHost()).appendRawQueryParameter(ACTION_KEY, ACTION_VALUE).mo1237build();
    }

    private Aws4PresignerParams createSigningParams(AuthenticationRequestParams authenticationRequestParams) {
        return Aws4PresignerParams.builder().awsCredentials(authenticationRequestParams.getAwsCredentials()).expirationTime(getExpiry()).signingRegion(authenticationRequestParams.getRegion()).signingName(authenticationRequestParams.getServiceScope()).mo1237build();
    }

    private Instant getExpiry() {
        return Instant.now().plus(15L, (TemporalUnit) ChronoUnit.MINUTES);
    }

    private byte[] toPayloadBytes(SdkHttpFullRequest sdkHttpFullRequest, AuthenticationRequestParams authenticationRequestParams) throws IOException {
        return new ObjectMapper().writeValueAsBytes(toKeyValueMap(sdkHttpFullRequest, authenticationRequestParams));
    }

    private Map<String, String> toKeyValueMap(SdkHttpFullRequest sdkHttpFullRequest, AuthenticationRequestParams authenticationRequestParams) {
        HashMap hashMap = new HashMap();
        sdkHttpFullRequest.rawQueryParameters().entrySet().stream().forEach(entry -> {
        });
        hashMap.put("version", authenticationRequestParams.getVersion());
        hashMap.put(USER_AGENT_KEY, authenticationRequestParams.getUserAgent());
        sdkHttpFullRequest.headers().entrySet().stream().forEach(entry2 -> {
        });
        return hashMap;
    }

    private String generateParameterValue(String str, List<String> list) {
        if (list.isEmpty()) {
            return "";
        }
        if (list.size() <= 1) {
            return list.get(0);
        }
        if (!SignerConstant.X_AMZ_SIGNED_HEADERS.equals(str)) {
            throw new IllegalArgumentException("Unexpected number of arguments " + list.size() + " for query parameter " + str);
        }
        StringJoiner stringJoiner = new StringJoiner(";");
        Stream<String> stream = list.stream();
        stringJoiner.getClass();
        stream.forEach((v1) -> {
            r1.add(v1);
        });
        return stringJoiner.toString();
    }
}
