package io.github.linktosriram.s3lite.core.auth;

import io.github.linktosriram.s3lite.api.auth.AwsCredentials;
import io.github.linktosriram.s3lite.api.region.Region;
import io.github.linktosriram.s3lite.http.spi.SdkHttpUtils;
import io.github.linktosriram.s3lite.http.spi.request.ImmutableRequest;
import io.github.linktosriram.s3lite.util.DigestUtils;
import io.github.linktosriram.s3lite.util.StringUtils;
import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.nio.charset.StandardCharsets;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.time.temporal.TemporalAccessor;
import java.util.Collection;
import java.util.Comparator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.TreeMap;
import java.util.function.BinaryOperator;
import java.util.logging.Logger;
import java.util.stream.Collectors;

/* loaded from: input_file:io/github/linktosriram/s3lite/core/auth/Aws4Signer.class */
final class Aws4Signer implements RegionAwareSigner {
    private static final String SERVICE_SIGNING_NAME = "s3";
    private Region region;
    private static final Logger log = Logger.getLogger(Aws4Signer.class.getName());
    private static final String NO_PAYLOAD_HASH = DigestUtils.sha256Hex("");
    private static final Locale LOCALE_ENGLISH = Locale.ENGLISH;
    private static final DateTimeFormatter DATE_ONLY = DateTimeFormatter.ofPattern("yyyyMMdd").withZone(ZoneOffset.UTC);
    private static final DateTimeFormatter ISO_8601 = DateTimeFormatter.ofPattern("yyyyMMdd'T'HHmmss'Z'").withZone(ZoneOffset.UTC);

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Aws4Signer create() {
        return new Aws4Signer();
    }

    private Aws4Signer() {
    }

    @Override // io.github.linktosriram.s3lite.core.auth.Signer
    public void sign(SignableRequest signableRequest, AwsCredentials awsCredentials) {
        Instant now = Instant.now();
        String calculatePayloadHash = calculatePayloadHash(signableRequest);
        signableRequest.addHeader("Host", signableRequest.getEndpoint().getHost());
        signableRequest.addHeader("X-Amz-Date", ISO_8601.format(now));
        signableRequest.addHeader("X-Amz-Content-Sha256", calculatePayloadHash);
        String signedHeadersString = getSignedHeadersString(signableRequest.getHeaders().keySet());
        String scope = getScope(now, this.region.getRegionName());
        signableRequest.addHeader("Authorization", buildAuthorizationHeaders(signedHeadersString, calculateSignature(createStringToSign(createCanonicalRequest(signableRequest, signedHeadersString, calculatePayloadHash), scope, now), awsCredentials, this.region.getRegionName(), now), awsCredentials, scope));
    }

    @Override // io.github.linktosriram.s3lite.core.auth.RegionAwareSigner
    public Region getRegion() {
        return this.region;
    }

    @Override // io.github.linktosriram.s3lite.core.auth.RegionAwareSigner
    public void setRegion(Region region) {
        this.region = region;
    }

    private static String calculatePayloadHash(ImmutableRequest immutableRequest) {
        return (String) immutableRequest.getRequestBody().map((v0) -> {
            return v0.getContentStreamProvider();
        }).map(supplier -> {
            try {
                InputStream inputStream = (InputStream) supplier.get();
                Throwable th = null;
                try {
                    String sha256Hex = DigestUtils.sha256Hex(inputStream);
                    if (inputStream != null) {
                        if (0 != 0) {
                            try {
                                inputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    return sha256Hex;
                } finally {
                }
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        }).orElse(NO_PAYLOAD_HASH);
    }

    private static String getScope(TemporalAccessor temporalAccessor, String str) {
        return DATE_ONLY.format(temporalAccessor) + "/" + str + "/" + SERVICE_SIGNING_NAME + "/aws4_request";
    }

    private static String createCanonicalRequest(ImmutableRequest immutableRequest, String str, String str2) {
        String str3 = immutableRequest.getHttpMethod().name() + "\n" + getCanonicalizedResourcePath(immutableRequest.getResourcePath()) + "\n" + getCanonicalizedQueryString(immutableRequest.getParameters()) + "\n" + getCanonicalizedHeaderString(immutableRequest.getHeaders()) + "\n" + str + "\n" + str2;
        log.config(() -> {
            return "AWS4 Canonical Request: " + str3;
        });
        return str3;
    }

    private static String createStringToSign(String str, String str2, TemporalAccessor temporalAccessor) {
        String str3 = "AWS4-HMAC-SHA256\n" + ISO_8601.format(temporalAccessor) + "\n" + str2 + "\n" + DigestUtils.sha256Hex(str);
        log.config(() -> {
            return "AWS4 String to Sign: " + str3;
        });
        return str3;
    }

    private static String calculateSignature(String str, AwsCredentials awsCredentials, String str2, TemporalAccessor temporalAccessor) {
        return DigestUtils.encodeHexString(DigestUtils.hmacSha256(DigestUtils.hmacSha256(DigestUtils.hmacSha256(DigestUtils.hmacSha256(DigestUtils.hmacSha256(("AWS4" + awsCredentials.getAWSSecretKey()).getBytes(StandardCharsets.UTF_8), DATE_ONLY.format(temporalAccessor)), str2), SERVICE_SIGNING_NAME), "aws4_request"), str));
    }

    private static String buildAuthorizationHeaders(String str, String str2, AwsCredentials awsCredentials, String str3) {
        return "AWS4-HMAC-SHA256 " + ("Credential=" + awsCredentials.getAWSAccessKeyId() + "/" + str3) + ", " + ("SignedHeaders=" + str) + ", " + ("Signature=" + str2);
    }

    private static String getCanonicalizedResourcePath(String str) {
        return SdkHttpUtils.urlEncodeIgnoreSlashes(str);
    }

    private static String getCanonicalizedQueryString(Map<String, List<String>> map) {
        return SdkHttpUtils.toQueryString((Map) map.entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return (List) ((List) entry.getValue()).stream().sorted().collect(Collectors.toList());
        }, throwingMerger(), TreeMap::new)));
    }

    private static String getCanonicalizedHeaderString(Map<String, List<String>> map) {
        return (String) map.entrySet().stream().sorted(Comparator.comparing(entry -> {
            return ((String) entry.getKey()).toLowerCase(LOCALE_ENGLISH);
        })).map(entry2 -> {
            return ((String) entry2.getKey()).toLowerCase(LOCALE_ENGLISH) + ":" + ((String) ((List) entry2.getValue()).stream().map(StringUtils::trimAll).collect(Collectors.joining(","))) + "\n";
        }).collect(Collectors.joining());
    }

    private static String getSignedHeadersString(Collection<String> collection) {
        return (String) collection.stream().sorted(String.CASE_INSENSITIVE_ORDER).map(str -> {
            return str.toLowerCase(LOCALE_ENGLISH);
        }).collect(Collectors.joining(";"));
    }

    private static <T> BinaryOperator<T> throwingMerger() {
        return (obj, obj2) -> {
            throw new IllegalStateException("Duplicate key " + obj);
        };
    }
}
