package io.minio;

import com.google.common.io.BaseEncoding;
import com.squareup.okhttp.Interceptor;
import com.squareup.okhttp.Request;
import com.squareup.okhttp.Response;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.io.Writer;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormat;
import org.joda.time.format.DateTimeFormatter;

/* loaded from: input_file:io/minio/RequestSigner.class */
class RequestSigner implements Interceptor {
    private static final DateTimeFormatter dateFormatyyyyMMddThhmmssZ = DateTimeFormat.forPattern("yyyyMMdd'T'HHmmss'Z'").withZoneUTC();
    private static final DateTimeFormatter dateFormatyyyyMMdd = DateTimeFormat.forPattern("yyyyMMdd").withZoneUTC();
    private static final DateTimeFormatter dateFormat = DateTimeFormat.forPattern("EEE, dd MMM yyyy HH:mm:ss zzz").withZoneUTC();
    private byte[] data;
    private DateTime date;
    private String accessKey;
    private String secretKey;
    private Set<String> ignoredHeaders = new HashSet();

    /* JADX INFO: Access modifiers changed from: package-private */
    public RequestSigner(byte[] bArr, String str, String str2, DateTime dateTime) {
        this.data = new byte[0];
        this.date = null;
        this.accessKey = null;
        this.secretKey = null;
        this.data = bArr == null ? new byte[0] : bArr;
        this.date = dateTime;
        this.accessKey = str;
        this.secretKey = str2;
        this.ignoredHeaders.add("authorization");
        this.ignoredHeaders.add("content-type");
        this.ignoredHeaders.add("content-length");
        this.ignoredHeaders.add("user-agent");
    }

    private static byte[] getSigningKey(DateTime dateTime, String str, String str2) throws NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeyException {
        return sumHmac(sumHmac(sumHmac(sumHmac(("AWS4" + str2).getBytes("UTF-8"), dateTime.toString(dateFormatyyyyMMdd).getBytes("UTF-8")), str.getBytes("UTF-8")), "s3".getBytes("UTF-8")), "aws4_request".getBytes("UTF-8"));
    }

    private static byte[] sumHmac(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HmacSHA256");
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(secretKeySpec);
        mac.update(bArr2);
        return mac.doFinal();
    }

    private Request signV4(Request request, byte[] bArr) throws NoSuchAlgorithmException, UnsupportedEncodingException, IOException, InvalidKeyException {
        if (this.accessKey == null || this.secretKey == null) {
            return request;
        }
        String region = getRegion(request);
        String lowerCase = BaseEncoding.base16().encode(computeSha256(bArr)).toLowerCase();
        String host = request.uri().getHost();
        int port = request.uri().getPort();
        if (port != -1) {
            String scheme = request.uri().getScheme();
            if ("http".equals(scheme) && port != 80) {
                host = host + ":" + request.uri().getPort();
            } else if ("https".equals(scheme) && port != 443) {
                host = host + ":" + request.uri().getPort();
            }
        }
        Request build = request.newBuilder().header("x-amz-content-sha256", lowerCase).header("Host", host).build();
        String signedHeaders = getSignedHeaders(build);
        return build.newBuilder().header("Authorization", getAuthorizationHeader(signedHeaders, BaseEncoding.base16().encode(getSignature(getSigningKey(this.date, region, this.secretKey), getStringToSign(region, BaseEncoding.base16().encode(computeSha256(getCanonicalRequest(build, lowerCase, signedHeaders).getBytes("UTF-8"))).toLowerCase(), this.date))).toLowerCase(), this.date, region)).build();
    }

    private String getRegion(Request request) throws IOException {
        return Regions.INSTANCE.getRegion(request.uri().getHost());
    }

    private byte[] computeSha256(byte[] bArr) throws NoSuchAlgorithmException {
        return MessageDigest.getInstance("SHA-256").digest(bArr);
    }

    private String getAuthorizationHeader(String str, String str2, DateTime dateTime, String str3) {
        return "AWS4-HMAC-SHA256 Credential=" + this.accessKey + "/" + getScope(str3, dateTime) + ", SignedHeaders=" + str + ", Signature=" + str2;
    }

    private byte[] getSignature(byte[] bArr, String str) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeyException {
        return sumHmac(bArr, str.getBytes("UTF-8"));
    }

    public String getScope(String str, DateTime dateTime) {
        return dateTime.toString(dateFormatyyyyMMdd) + "/" + str + "/s3/aws4_request";
    }

    private String getStringToSign(String str, String str2, DateTime dateTime) {
        return "AWS4-HMAC-SHA256\n" + dateTime.toString(dateFormatyyyyMMddThhmmssZ) + "\n" + getScope(str, dateTime) + "\n" + str2;
    }

    private String getCanonicalRequest(Request request, String str, String str2) throws IOException, InvalidKeyException {
        StringWriter stringWriter = new StringWriter();
        PrintWriter printWriter = new PrintWriter((Writer) stringWriter, true);
        String method = request.method();
        String rawPath = request.uri().getRawPath();
        String query = request.uri().getQuery();
        if (query == null || query.isEmpty()) {
            query = "";
        }
        String canonicalQuery = getCanonicalQuery(query);
        printWriter.print(method + "\n");
        printWriter.print(rawPath + "\n");
        printWriter.print(canonicalQuery + "\n");
        for (Map.Entry<String, String> entry : getCanonicalHeaders(request).entrySet()) {
            printWriter.write(entry.getKey() + ":" + entry.getValue() + '\n');
        }
        printWriter.print("\n");
        printWriter.print(str2 + "\n");
        printWriter.print(str);
        printWriter.flush();
        return stringWriter.toString();
    }

    private String getCanonicalQuery(String str) {
        StringBuilder sb = new StringBuilder();
        if (!str.equals("")) {
            String[] split = str.split("&");
            for (int i = 0; i < split.length; i++) {
                if (split[i].contains("=")) {
                    String[] split2 = split[i].split("=", 2);
                    try {
                        split2[1] = URLEncoder.encode(split2[1], "UTF-8");
                    } catch (UnsupportedEncodingException e) {
                        e.printStackTrace();
                    }
                    split[i] = split2[0] + "=" + split2[1];
                }
                split[i] = split[i].trim();
            }
            Arrays.sort(split);
            for (String str2 : split) {
                if (sb.length() != 0) {
                    sb.append("&");
                }
                sb.append(str2);
                if (!str2.contains("=")) {
                    sb.append('=');
                }
            }
        }
        return sb.toString();
    }

    private String getSignedHeaders(Request request) {
        StringBuilder sb = new StringBuilder();
        boolean z = false;
        for (String str : request.headers().names()) {
            if (!this.ignoredHeaders.contains(str.toLowerCase().trim())) {
                if (z) {
                    sb.append(';');
                } else {
                    z = true;
                }
                sb.append(str.toLowerCase().trim());
            }
        }
        return sb.toString();
    }

    private Map<String, String> getCanonicalHeaders(Request request) throws IOException {
        TreeMap treeMap = new TreeMap(String.CASE_INSENSITIVE_ORDER);
        for (String str : request.headers().names()) {
            String str2 = request.headers().get(str);
            if (str2 != null) {
                String trim = str.toLowerCase().trim();
                String trim2 = str2.trim();
                if (!this.ignoredHeaders.contains(trim)) {
                    treeMap.put(trim, trim2);
                }
            }
        }
        return treeMap;
    }

    private String getPresignCanonicalRequest(Request request, String str, String str2, DateTime dateTime) throws IOException, InvalidKeyException {
        StringWriter stringWriter = new StringWriter();
        PrintWriter printWriter = new PrintWriter((Writer) stringWriter, true);
        String method = request.method();
        String rawPath = request.uri().getRawPath();
        printWriter.print(method + "\n");
        printWriter.print(rawPath + "\n");
        printWriter.print(str + "\n");
        for (Map.Entry<String, String> entry : getCanonicalHeaders(request).entrySet()) {
            printWriter.write(entry.getKey() + ":" + entry.getValue() + '\n');
        }
        printWriter.print("\n");
        printWriter.print(getSignedHeaders(request) + "\n");
        printWriter.print("UNSIGNED-PAYLOAD");
        printWriter.flush();
        return stringWriter.toString();
    }

    public String preSignV4(Request request, Integer num) throws IOException, NoSuchAlgorithmException, InvalidKeyException {
        String host = request.uri().getHost();
        String rawPath = request.uri().getRawPath();
        String region = getRegion(request);
        String num2 = Integer.toString(num.intValue());
        Request build = request.newBuilder().header("Host", host).build();
        this.ignoredHeaders.add("x-amz-date");
        String str = ((("X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=" + this.accessKey + URLEncoder.encode("/" + getScope(region, this.date), "UTF-8") + "&") + "X-Amz-Date=" + this.date.toString(dateFormatyyyyMMddThhmmssZ) + "&") + "X-Amz-Expires=" + num2 + "&") + "X-Amz-SignedHeaders=" + getSignedHeaders(build);
        return build.uri().getScheme() + "://" + host + rawPath + "?" + str + "&X-Amz-Signature=" + BaseEncoding.base16().encode(getSignature(getSigningKey(this.date, region, this.secretKey), getStringToSign(region, BaseEncoding.base16().encode(computeSha256(getPresignCanonicalRequest(build, str, num2, this.date).getBytes("UTF-8"))).toLowerCase(), this.date))).toLowerCase();
    }

    public String postPreSignV4(String str, DateTime dateTime, String str2) throws NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeyException {
        return BaseEncoding.base16().encode(getSignature(getSigningKey(dateTime, str2, this.secretKey), str)).toLowerCase();
    }

    public Response intercept(Interceptor.Chain chain) throws IOException {
        try {
            return chain.proceed(signV4(chain.request(), this.data));
        } catch (IOException e) {
            e.printStackTrace();
            return new Response.Builder().build();
        } catch (InvalidKeyException e2) {
            e2.printStackTrace();
            return new Response.Builder().build();
        } catch (NoSuchAlgorithmException e3) {
            e3.printStackTrace();
            return new Response.Builder().build();
        }
    }
}
