package software.amazon.awssdk.auth.signer.internal;

import java.io.InputStream;
import java.util.Optional;
import org.springframework.security.config.http.PortMappingsBeanDefinitionParser;
import org.springframework.validation.DefaultBindingErrorProcessor;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.auth.credentials.CredentialUtils;
import software.amazon.awssdk.auth.signer.S3SignerExecutionAttribute;
import software.amazon.awssdk.auth.signer.internal.chunkedencoding.AwsS3V4ChunkSigner;
import software.amazon.awssdk.auth.signer.internal.chunkedencoding.AwsSignedChunkedEncodingInputStream;
import software.amazon.awssdk.auth.signer.params.Aws4PresignerParams;
import software.amazon.awssdk.auth.signer.params.AwsS3V4SignerParams;
import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
import software.amazon.awssdk.core.internal.chunked.AwsChunkedEncodingConfig;
import software.amazon.awssdk.http.ContentStreamProvider;
import software.amazon.awssdk.http.SdkHttpFullRequest;
import software.amazon.awssdk.utils.BinaryUtils;

@SdkInternalApi
/* loaded from: input_file:BOOT-INF/lib/auth-2.17.100.jar:software/amazon/awssdk/auth/signer/internal/AbstractAwsS3V4Signer.class */
public abstract class AbstractAwsS3V4Signer extends AbstractAws4Signer<AwsS3V4SignerParams, Aws4PresignerParams> {
    private static final String CONTENT_SHA_256 = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD";
    private static final String UNSIGNED_PAYLOAD = "UNSIGNED-PAYLOAD";
    private static final String CONTENT_LENGTH = "Content-Length";

    @Override // software.amazon.awssdk.core.signer.Signer
    public SdkHttpFullRequest sign(SdkHttpFullRequest sdkHttpFullRequest, ExecutionAttributes executionAttributes) {
        return sign(sdkHttpFullRequest, constructAwsS3SignerParams(executionAttributes));
    }

    public SdkHttpFullRequest sign(SdkHttpFullRequest sdkHttpFullRequest, AwsS3V4SignerParams awsS3V4SignerParams) {
        return CredentialUtils.isAnonymous(awsS3V4SignerParams.awsCredentials()) ? sdkHttpFullRequest : doSign(sdkHttpFullRequest, new Aws4SignerRequestParams(awsS3V4SignerParams), awsS3V4SignerParams).mo12171build();
    }

    private AwsS3V4SignerParams constructAwsS3SignerParams(ExecutionAttributes executionAttributes) {
        AwsS3V4SignerParams.Builder builder = (AwsS3V4SignerParams.Builder) extractSignerParams(AwsS3V4SignerParams.builder(), executionAttributes);
        Optional ofNullable = Optional.ofNullable(executionAttributes.getAttribute(S3SignerExecutionAttribute.ENABLE_CHUNKED_ENCODING));
        builder.getClass();
        ofNullable.ifPresent(builder::enableChunkedEncoding);
        Optional ofNullable2 = Optional.ofNullable(executionAttributes.getAttribute(S3SignerExecutionAttribute.ENABLE_PAYLOAD_SIGNING));
        builder.getClass();
        ofNullable2.ifPresent(builder::enablePayloadSigning);
        return builder.build();
    }

    @Override // software.amazon.awssdk.core.signer.Presigner
    public SdkHttpFullRequest presign(SdkHttpFullRequest sdkHttpFullRequest, ExecutionAttributes executionAttributes) {
        return presign(sdkHttpFullRequest, extractPresignerParams(Aws4PresignerParams.builder(), executionAttributes).build());
    }

    public SdkHttpFullRequest presign(SdkHttpFullRequest sdkHttpFullRequest, Aws4PresignerParams aws4PresignerParams) {
        return CredentialUtils.isAnonymous(aws4PresignerParams.awsCredentials()) ? sdkHttpFullRequest : doPresign(sdkHttpFullRequest, new Aws4SignerRequestParams(aws4PresignerParams), aws4PresignerParams).mo12171build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // software.amazon.awssdk.auth.signer.internal.AbstractAws4Signer
    public void processRequestPayload(SdkHttpFullRequest.Builder builder, byte[] bArr, byte[] bArr2, Aws4SignerRequestParams aws4SignerRequestParams, AwsS3V4SignerParams awsS3V4SignerParams) {
        if (!useChunkEncoding(builder, awsS3V4SignerParams) || builder.contentStreamProvider() == null) {
            return;
        }
        ContentStreamProvider contentStreamProvider = builder.contentStreamProvider();
        builder.contentStreamProvider(() -> {
            return asChunkEncodedStream(contentStreamProvider.newStream(), bArr, bArr2, aws4SignerRequestParams);
        });
    }

    @Override // software.amazon.awssdk.auth.signer.internal.AbstractAws4Signer
    protected String calculateContentHashPresign(SdkHttpFullRequest.Builder builder, Aws4PresignerParams aws4PresignerParams) {
        return UNSIGNED_PAYLOAD;
    }

    private AwsSignedChunkedEncodingInputStream asChunkEncodedStream(InputStream inputStream, byte[] bArr, byte[] bArr2, Aws4SignerRequestParams aws4SignerRequestParams) {
        AwsS3V4ChunkSigner awsS3V4ChunkSigner = new AwsS3V4ChunkSigner(bArr2, aws4SignerRequestParams.getFormattedRequestSigningDateTime(), aws4SignerRequestParams.getScope());
        return AwsSignedChunkedEncodingInputStream.builder().inputStream(inputStream).awsChunkSigner(awsS3V4ChunkSigner).headerSignature(BinaryUtils.toHex(bArr)).awsChunkedEncodingConfig(AwsChunkedEncodingConfig.create()).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // software.amazon.awssdk.auth.signer.internal.AbstractAws4Signer
    public String calculateContentHash(SdkHttpFullRequest.Builder builder, AwsS3V4SignerParams awsS3V4SignerParams) {
        builder.putHeader(SignerConstant.X_AMZ_CONTENT_SHA256, DefaultBindingErrorProcessor.MISSING_FIELD_ERROR_CODE);
        if (!isPayloadSigningEnabled(builder, awsS3V4SignerParams)) {
            return UNSIGNED_PAYLOAD;
        }
        if (!useChunkEncoding(builder, awsS3V4SignerParams)) {
            return super.calculateContentHash(builder, (SdkHttpFullRequest.Builder) awsS3V4SignerParams);
        }
        long calculateRequestContentLength = Aws4SignerUtils.calculateRequestContentLength(builder);
        builder.putHeader("x-amz-decoded-content-length", Long.toString(calculateRequestContentLength));
        builder.putHeader("Content-Length", Long.toString(AwsSignedChunkedEncodingInputStream.calculateStreamContentLength(calculateRequestContentLength, AwsS3V4ChunkSigner.getSignatureLength(), AwsChunkedEncodingConfig.create())));
        return CONTENT_SHA_256;
    }

    private boolean useChunkEncoding(SdkHttpFullRequest.Builder builder, AwsS3V4SignerParams awsS3V4SignerParams) {
        return isPayloadSigningEnabled(builder, awsS3V4SignerParams) && isChunkedEncodingEnabled(awsS3V4SignerParams);
    }

    private boolean isChunkedEncodingEnabled(AwsS3V4SignerParams awsS3V4SignerParams) {
        Boolean enableChunkedEncoding = awsS3V4SignerParams.enableChunkedEncoding();
        return enableChunkedEncoding != null && enableChunkedEncoding.booleanValue();
    }

    private boolean isPayloadSigningEnabled(SdkHttpFullRequest.Builder builder, AwsS3V4SignerParams awsS3V4SignerParams) {
        if (!builder.protocol().equals(PortMappingsBeanDefinitionParser.ATT_HTTPS_PORT) && builder.contentStreamProvider() != null) {
            return true;
        }
        Boolean enablePayloadSigning = awsS3V4SignerParams.enablePayloadSigning();
        return enablePayloadSigning != null && enablePayloadSigning.booleanValue();
    }
}
