package tel.schich.awss3postobjectpresigner;

import com.google.gson.Gson;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.Locale;
import java.util.Objects;
import java.util.function.Supplier;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.awscore.endpoint.DefaultServiceEndpointBuilder;
import software.amazon.awssdk.profiles.ProfileFile;
import software.amazon.awssdk.profiles.ProfileFileSystemSetting;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.regions.providers.DefaultAwsRegionProviderChain;
import software.amazon.awssdk.services.s3.S3Configuration;

/* loaded from: input_file:tel/schich/awss3postobjectpresigner/S3PostObjectPresigner.class */
public final class S3PostObjectPresigner {
    private static final String SIGNATURE_ALGORITHM = "HmacSHA256";
    private final Supplier<ProfileFile> profileFile = ProfileFile::defaultProfileFile;
    private final String profileName = ProfileFileSystemSetting.AWS_PROFILE.getStringValueOrThrow();
    private final AwsCredentialsProvider credentialsProvider;
    private final S3Configuration serviceConfiguration;
    private final URI endpoint;
    private final Region region;
    static final DateTimeFormatter DATESTAMP_FORMATTER = DateTimeFormatter.ofPattern("yyyyMMdd", Locale.ENGLISH).withZone(ZoneOffset.UTC);
    private static final char[] HEX_CHARS = "0123456789abcdef".toCharArray();
    private static final Gson GSON = new Gson();
    private static final DateTimeFormatter AMZ_DATE_FORMATTER = DateTimeFormatter.ofPattern("yyyyMMdd'T'HHmmss'Z'", Locale.ENGLISH).withZone(ZoneOffset.UTC);

    /* loaded from: input_file:tel/schich/awss3postobjectpresigner/S3PostObjectPresigner$Builder.class */
    public static final class Builder {
        private AwsCredentialsProvider credentialsProvider;
        private S3Configuration serviceConfiguration = (S3Configuration) S3Configuration.builder().build();
        private URI endpointOverride = null;
        private Region region = null;

        public Builder serviceConfiguration(S3Configuration s3Configuration) {
            Objects.requireNonNull(s3Configuration);
            this.serviceConfiguration = s3Configuration;
            return this;
        }

        public Builder credentialsProvider(AwsCredentialsProvider awsCredentialsProvider) {
            this.credentialsProvider = awsCredentialsProvider;
            return this;
        }

        public Builder endpointOverride(URI uri) {
            this.endpointOverride = uri;
            return this;
        }

        public Builder region(Region region) {
            this.region = region;
            return this;
        }

        public S3PostObjectPresigner build() {
            return new S3PostObjectPresigner(this);
        }
    }

    S3PostObjectPresigner(Builder builder) {
        this.serviceConfiguration = builder.serviceConfiguration;
        this.region = builder.region != null ? builder.region : DefaultAwsRegionProviderChain.builder().profileFile(this.profileFile).profileName(this.profileName).build().getRegion();
        this.credentialsProvider = builder.credentialsProvider != null ? builder.credentialsProvider : DefaultCredentialsProvider.builder().profileFile(this.profileFile).profileName(this.profileName).build();
        this.endpoint = builder.endpointOverride != null ? builder.endpointOverride : new DefaultServiceEndpointBuilder("s3", "https").withRegion(this.region).withProfileFile(this.profileFile).withProfileName(this.profileName).getServiceEndpoint();
    }

    public S3PresignedPostObjectRequest presignPost(S3PostObjectRequest s3PostObjectRequest) {
        AwsCredentials resolveCredentials = this.credentialsProvider.resolveCredentials();
        Instant now = Instant.now();
        String buildCredentialField = buildCredentialField(resolveCredentials, this.region);
        ArrayList<Condition> arrayList = new ArrayList(s3PostObjectRequest.conditions());
        arrayList.add(Conditions.algorithmEquals("AWS4-HMAC-SHA256"));
        arrayList.add(Conditions.credentialEquals(buildCredentialField));
        arrayList.add(Conditions.dateEquals(AMZ_DATE_FORMATTER.format(now)));
        arrayList.add(Conditions.bucketEquals(s3PostObjectRequest.bucket()));
        Policy create = Policy.create(s3PostObjectRequest.expiration(), arrayList);
        HashMap hashMap = new HashMap();
        for (Condition condition : arrayList) {
            if (condition instanceof EqualsCondition) {
                EqualsCondition equalsCondition = (EqualsCondition) condition;
                hashMap.put(equalsCondition.field(), equalsCondition.value());
            }
        }
        String encodeToString = Base64.getEncoder().encodeToString(GSON.toJson(create).getBytes(StandardCharsets.UTF_8));
        hashMap.put("x-amz-signature", hexDump(signMac(generateSigningKey(resolveCredentials.secretAccessKey(), now, this.region, "s3"), encodeToString.getBytes(StandardCharsets.UTF_8))));
        hashMap.put("Policy", encodeToString);
        try {
            return new S3PresignedPostObjectRequest(this.serviceConfiguration.pathStyleAccessEnabled() ? this.endpoint.resolve(URLEncoder.encode(s3PostObjectRequest.bucket(), StandardCharsets.UTF_8.name())) : new URI(this.endpoint.getScheme(), this.endpoint.getUserInfo(), s3PostObjectRequest.bucket() + "." + this.endpoint.getHost(), this.endpoint.getPort(), this.endpoint.getPath(), this.endpoint.getQuery(), this.endpoint.getFragment()), hashMap);
        } catch (UnsupportedEncodingException | URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }

    private static byte[] signMac(byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance(SIGNATURE_ALGORITHM);
            mac.init(new SecretKeySpec(bArr, SIGNATURE_ALGORITHM));
            return mac.doFinal(bArr2);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private static byte[] generateSigningKey(String str, Instant instant, Region region, String str2) {
        return signMac(signMac(signMac(signMac(("AWS4" + str).getBytes(StandardCharsets.UTF_8), DATESTAMP_FORMATTER.format(instant).getBytes(StandardCharsets.UTF_8)), region.id().getBytes(StandardCharsets.UTF_8)), str2.getBytes(StandardCharsets.UTF_8)), "aws4_request".getBytes(StandardCharsets.UTF_8));
    }

    private static String buildCredentialField(AwsCredentials awsCredentials, Region region) {
        return awsCredentials.accessKeyId() + "/" + DATESTAMP_FORMATTER.format(ZonedDateTime.now()) + "/" + region.id() + "/s3/aws4_request";
    }

    private static String hexDump(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            sb.append(HEX_CHARS[(b >> 4) & 15]);
            sb.append(HEX_CHARS[b & 15]);
        }
        return sb.toString();
    }

    public static Builder builder() {
        return new Builder();
    }
}
