package io.minio;

import com.google.common.base.Joiner;
import com.google.common.escape.Escaper;
import com.google.common.io.BaseEncoding;
import com.google.common.net.UrlEscapers;
import com.squareup.okhttp.Headers;
import com.squareup.okhttp.HttpUrl;
import com.squareup.okhttp.Request;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.joda.time.DateTime;

/* loaded from: input_file:io/minio/Signer.class */
public class Signer {
    public static final Escaper QUERY_ESCAPER = UrlEscapers.urlPathSegmentEscaper();
    private static final Set<String> IGNORED_HEADERS = new HashSet();
    private Request request;
    private String contentSha256;
    private DateTime date;
    private String region;
    private String accessKey;
    private String secretKey;
    private String scope;
    private Map<String, String> canonicalHeaders;
    private String signedHeaders;
    private HttpUrl url;
    private String canonicalQueryString;
    private String canonicalRequest;
    private String canonicalRequestHash;
    private String stringToSign;
    private byte[] signingKey;
    private String signature;
    private String authorization;

    public Signer(Request request, String str, DateTime dateTime, String str2, String str3, String str4) {
        this.request = request;
        this.contentSha256 = str;
        this.date = dateTime;
        this.region = str2;
        this.accessKey = str3;
        this.secretKey = str4;
    }

    private void setScope() {
        this.scope = this.date.toString(DateFormat.SIGNER_DATE_FORMAT) + "/" + this.region + "/s3/aws4_request";
    }

    private void setCanonicalHeaders() {
        this.canonicalHeaders = new TreeMap();
        Headers headers = this.request.headers();
        for (String str : headers.names()) {
            String lowerCase = str.toLowerCase();
            if (!IGNORED_HEADERS.contains(lowerCase)) {
                this.canonicalHeaders.put(lowerCase, headers.get(str));
            }
        }
        this.signedHeaders = Joiner.on(";").join(this.canonicalHeaders.keySet());
    }

    private void setCanonicalQueryString() {
        TreeMap treeMap = new TreeMap();
        String encodedQuery = this.url.encodedQuery();
        if (encodedQuery == null) {
            this.canonicalQueryString = "";
            return;
        }
        for (String str : encodedQuery.split("&")) {
            String[] split = str.split("=");
            if (split.length > 1) {
                treeMap.put(QUERY_ESCAPER.escape(split[0]), QUERY_ESCAPER.escape(split[1]));
            } else {
                treeMap.put(QUERY_ESCAPER.escape(split[0]), "");
            }
        }
        this.canonicalQueryString = Joiner.on("&").withKeyValueSeparator("=").join(treeMap);
    }

    private void setCanonicalRequest() throws NoSuchAlgorithmException {
        setCanonicalHeaders();
        this.url = this.request.httpUrl();
        setCanonicalQueryString();
        this.canonicalRequest = this.request.method() + "\n" + this.url.encodedPath() + "\n" + this.canonicalQueryString + "\n" + Joiner.on("\n").withKeyValueSeparator(":").join(this.canonicalHeaders) + "\n\n" + this.signedHeaders + "\n" + this.contentSha256;
        this.canonicalRequestHash = Digest.sha256Hash(this.canonicalRequest);
    }

    private void setStringToSign() {
        this.stringToSign = "AWS4-HMAC-SHA256\n" + this.date.toString(DateFormat.AMZ_DATE_FORMAT) + "\n" + this.scope + "\n" + this.canonicalRequestHash;
    }

    private void setSigningKey() throws NoSuchAlgorithmException, InvalidKeyException {
        this.signingKey = sumHmac(sumHmac(sumHmac(sumHmac(("AWS4" + this.secretKey).getBytes(StandardCharsets.UTF_8), this.date.toString(DateFormat.SIGNER_DATE_FORMAT).getBytes(StandardCharsets.UTF_8)), this.region.getBytes(StandardCharsets.UTF_8)), "s3".getBytes(StandardCharsets.UTF_8)), "aws4_request".getBytes(StandardCharsets.UTF_8));
    }

    private void setSignature() throws NoSuchAlgorithmException, InvalidKeyException {
        this.signature = BaseEncoding.base16().encode(sumHmac(this.signingKey, this.stringToSign.getBytes(StandardCharsets.UTF_8))).toLowerCase();
    }

    private void setAuthorization() {
        this.authorization = "AWS4-HMAC-SHA256 Credential=" + this.accessKey + "/" + this.scope + ", SignedHeaders=" + this.signedHeaders + ", Signature=" + this.signature;
    }

    public static Request signV4(Request request, String str, String str2, String str3) throws NoSuchAlgorithmException, InvalidKeyException {
        Signer signer = new Signer(request, request.header("x-amz-content-sha256"), DateFormat.AMZ_DATE_FORMAT.parseDateTime(request.header("x-amz-date")), str, str2, str3);
        signer.setScope();
        signer.setCanonicalRequest();
        signer.setStringToSign();
        signer.setSigningKey();
        signer.setSignature();
        signer.setAuthorization();
        return request.newBuilder().header("Authorization", signer.authorization).build();
    }

    private void setPresignCanonicalRequest(int i) throws NoSuchAlgorithmException {
        this.canonicalHeaders = new TreeMap();
        this.canonicalHeaders.put("host", this.request.headers().get("Host"));
        this.signedHeaders = "host";
        HttpUrl.Builder newBuilder = this.request.httpUrl().newBuilder();
        newBuilder.addQueryParameter("X-Amz-Algorithm", "AWS4-HMAC-SHA256");
        newBuilder.addQueryParameter("X-Amz-Credential", this.accessKey + "/" + this.scope);
        newBuilder.addQueryParameter("X-Amz-Date", this.date.toString(DateFormat.AMZ_DATE_FORMAT));
        newBuilder.addQueryParameter("X-Amz-Expires", Integer.toString(i));
        newBuilder.addQueryParameter("X-Amz-SignedHeaders", this.signedHeaders);
        this.url = newBuilder.build();
        setCanonicalQueryString();
        this.canonicalRequest = this.request.method() + "\n" + this.url.encodedPath() + "\n" + this.canonicalQueryString + "\n" + Joiner.on("\n").withKeyValueSeparator(":").join(this.canonicalHeaders) + "\n\n" + this.signedHeaders + "\n" + this.contentSha256;
        this.canonicalRequestHash = Digest.sha256Hash(this.canonicalRequest);
    }

    public static HttpUrl presignV4(Request request, String str, String str2, String str3, int i) throws NoSuchAlgorithmException, InvalidKeyException {
        Signer signer = new Signer(request, "UNSIGNED-PAYLOAD", DateFormat.AMZ_DATE_FORMAT.parseDateTime(request.header("x-amz-date")), str, str2, str3);
        signer.setScope();
        signer.setPresignCanonicalRequest(i);
        signer.setStringToSign();
        signer.setSigningKey();
        signer.setSignature();
        return signer.url.newBuilder().addQueryParameter("X-Amz-Signature", signer.signature).build();
    }

    public static String credential(String str, DateTime dateTime, String str2) {
        return str + "/" + dateTime.toString(DateFormat.SIGNER_DATE_FORMAT) + "/" + str2 + "/s3/aws4_request";
    }

    public static String postPresignV4(String str, String str2, DateTime dateTime, String str3) throws NoSuchAlgorithmException, InvalidKeyException {
        Signer signer = new Signer(null, null, dateTime, str3, null, str2);
        signer.stringToSign = str;
        signer.setSigningKey();
        signer.setSignature();
        return signer.signature;
    }

    public static byte[] sumHmac(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
        mac.update(bArr2);
        return mac.doFinal();
    }

    static {
        IGNORED_HEADERS.add("authorization");
        IGNORED_HEADERS.add("content-type");
        IGNORED_HEADERS.add("content-length");
        IGNORED_HEADERS.add("user-agent");
    }
}
