package net.jolivier.s3api.auth;

import com.google.common.base.Strings;
import com.google.common.io.BaseEncoding;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.MessageDigest;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.TreeMap;
import java.util.stream.Collectors;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:net/jolivier/s3api/auth/SignatureGenerator.class */
public class SignatureGenerator {
    public static final String SCHEME = "AWS4";
    public static final String ALGORITHM = "HMAC-SHA256";
    public static final String TERMINATOR = "aws4_request";
    private final String _resourcePath;
    private final String _httpMethod;
    private final String _service;
    private final String _region;
    private final Map<String, String> _headers = new HashMap();
    private final Map<String, String> _queryParameters = new HashMap();
    private String _bodyHash = "";
    private String _accessKey = "";
    private String _secretAccessKey = "";
    private String _dateTimeStamp = "";

    public static SignatureGenerator s3(String str, String str2, String str3) {
        return new SignatureGenerator(str, str2, "s3", str3);
    }

    private SignatureGenerator(String str, String str2, String str3, String str4) {
        this._resourcePath = str;
        this._httpMethod = str2;
        this._service = str3;
        this._region = str4;
    }

    public SignatureGenerator header(String str, String str2) {
        this._headers.put(str, str2);
        return this;
    }

    public SignatureGenerator removeHeader(String str) {
        this._headers.remove(str);
        return this;
    }

    public SignatureGenerator queryParam(String str, String str2) {
        this._queryParameters.put(str, str2);
        return this;
    }

    public SignatureGenerator removeParam(String str) {
        this._queryParameters.remove(str);
        return this;
    }

    public SignatureGenerator accessKey(String str) {
        this._accessKey = str;
        return this;
    }

    public SignatureGenerator secretKey(String str) {
        this._secretAccessKey = str;
        return this;
    }

    public SignatureGenerator bodyHash(String str) {
        this._bodyHash = (String) Objects.requireNonNull(str, "bodyHash");
        return this;
    }

    public SignatureGenerator dateTimeStamp(String str) {
        this._dateTimeStamp = (String) Objects.requireNonNull(str, "dateTimeStamp");
        return this;
    }

    public String canonicalRequest() {
        return this._httpMethod + "\n" + canonicalizedResourcePath() + "\n" + canonicalizedQueryString() + "\n" + canonicalizedHeaderString() + "\n" + canonicalizeHeaderNames() + "\n" + this._bodyHash;
    }

    public String canonicalizeHeaderNames() {
        return String.join(";", (Iterable<? extends CharSequence>) this._headers.keySet().stream().sorted(String.CASE_INSENSITIVE_ORDER).map((v0) -> {
            return v0.toLowerCase();
        }).collect(Collectors.toList()));
    }

    public String canonicalizedHeaderString() {
        return this._headers.isEmpty() ? "" : String.join("", (Iterable<? extends CharSequence>) this._headers.keySet().stream().sorted(String.CASE_INSENSITIVE_ORDER).map(str -> {
            return str.toLowerCase().replaceAll("\\s+", " ") + ":" + this._headers.get(str).replaceAll("\\s+", " ") + "\n";
        }).collect(Collectors.toList()));
    }

    public String canonicalizedQueryString() {
        if (this._queryParameters.isEmpty()) {
            return "";
        }
        TreeMap treeMap = new TreeMap();
        for (Map.Entry<String, String> entry : this._queryParameters.entrySet()) {
            treeMap.put(urlEncode(entry.getKey(), false), urlEncode(entry.getValue(), false));
        }
        return String.join("&", (Iterable<? extends CharSequence>) treeMap.entrySet().stream().map(entry2 -> {
            return ((String) entry2.getKey()) + "=" + ((String) entry2.getValue());
        }).collect(Collectors.toList()));
    }

    public String canonicalizedResourcePath() {
        if (Strings.isNullOrEmpty(this._resourcePath)) {
            return "/";
        }
        String urlEncode = urlEncode(this._resourcePath, true);
        return urlEncode.startsWith("/") ? urlEncode : "/".concat(urlEncode);
    }

    public String urlEncode(String str, boolean z) {
        try {
            String encode = URLEncoder.encode(str, "UTF-8");
            if (z) {
                encode = encode.replace("%2F", "/");
            }
            return encode;
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("UTF-8 encoding is not supported.", e);
        }
    }

    public String stringToSign(String str, String str2, String str3) {
        return "AWS4-HMAC-SHA256\n" + str + "\n" + str2 + "\n" + toHex(hash(str3));
    }

    public byte[] hash(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(str.getBytes("UTF-8"));
            return messageDigest.digest();
        } catch (Exception e) {
            throw new RuntimeException("Unable to compute hash while signing request: " + e.getMessage(), e);
        }
    }

    public byte[] sign(String str, byte[] bArr) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
            return mac.doFinal(str.getBytes("UTF-8"));
        } catch (Exception e) {
            throw new RuntimeException("Unable to calculate a request signature: " + e.getMessage(), e);
        }
    }

    public String toHex(byte[] bArr) {
        return BaseEncoding.base16().encode(bArr).toLowerCase(Locale.getDefault());
    }

    public String computeSignature() {
        String substring = this._dateTimeStamp.substring(0, 8);
        String str = substring + "/" + this._region + "/" + this._service + "/aws4_request";
        return "AWS4-HMAC-SHA256 " + ("Credential=" + this._accessKey + "/" + str) + ", " + ("SignedHeaders=" + canonicalizeHeaderNames()) + ", " + ("Signature=" + toHex(sign(stringToSign(this._dateTimeStamp, str, canonicalRequest()), sign(TERMINATOR, sign(this._service, sign(this._region, sign(substring, ("AWS4" + this._secretAccessKey).getBytes())))))));
    }
}
