package zipkin.autoconfigure.storage.elasticsearch.aws;

import com.amazonaws.auth.internal.SignerConstants;
import com.amazonaws.util.StringUtils;
import com.squareup.moshi.JsonReader;
import java.io.IOException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.TimeZone;
import okhttp3.Interceptor;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;
import okio.Buffer;
import okio.ByteString;
import zipkin.autoconfigure.storage.elasticsearch.aws.AWSCredentials;
import zipkin2.elasticsearch.internal.JsonReaders;

/* loaded from: input_file:zipkin/autoconfigure/storage/elasticsearch/aws/AWSSignatureVersion4.class */
final class AWSSignatureVersion4 implements Interceptor {
    static final String EMPTY_STRING_HASH = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
    static final String HOST_DATE = "host;x-amz-date";
    static final String HOST_DATE_TOKEN = "host;x-amz-date;x-amz-security-token";
    final String region;
    final String service;
    final AWSCredentials.Provider credentials;
    static final String HOST = "host";
    static final String X_AMZ_DATE = "x-amz-date";
    static final String X_AMZ_SECURITY_TOKEN = "x-amz-security-token";
    static final String[] CANONICAL_HEADERS = {HOST, X_AMZ_DATE, X_AMZ_SECURITY_TOKEN};
    static final ThreadLocal<SimpleDateFormat> iso8601 = new ThreadLocal<SimpleDateFormat>() { // from class: zipkin.autoconfigure.storage.elasticsearch.aws.AWSSignatureVersion4.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public SimpleDateFormat initialValue() {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMdd'T'HHmmss'Z'");
            simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
            return simpleDateFormat;
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    public AWSSignatureVersion4(String str, String str2, AWSCredentials.Provider provider) {
        if (str == null) {
            throw new NullPointerException("region == null");
        }
        if (str2 == null) {
            throw new NullPointerException("service == null");
        }
        if (provider == null) {
            throw new NullPointerException("credentials == null");
        }
        this.region = str;
        this.service = str2;
        this.credentials = provider;
    }

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.Chain chain) throws IOException {
        Response proceed = chain.proceed(sign(chain.request()));
        if (proceed.code() != 403) {
            return proceed;
        }
        ResponseBody body = proceed.body();
        Throwable th = null;
        try {
            try {
                JsonReader enterPath = JsonReaders.enterPath(JsonReader.of(body.source()), "message");
                if (enterPath != null) {
                    throw new IllegalStateException(enterPath.nextString());
                }
                if (body != null) {
                    if (0 != 0) {
                        try {
                            body.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        body.close();
                    }
                }
                throw new IllegalStateException(proceed.toString());
            } finally {
            }
        } catch (Throwable th3) {
            if (body != null) {
                if (th != null) {
                    try {
                        body.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    body.close();
                }
            }
            throw th3;
        }
    }

    static Buffer canonicalString(Request request) throws IOException {
        Buffer buffer = new Buffer();
        buffer.writeUtf8(request.method()).writeByte(10);
        buffer.writeUtf8(request.url().encodedPath().replace("*", "%2A").replace(StringUtils.COMMA_SEPARATOR, "%2C").replace(":", "%3A")).writeByte(10);
        String encodedQuery = request.url().encodedQuery();
        buffer.writeUtf8(encodedQuery == null ? "" : encodedQuery).writeByte(10);
        Buffer buffer2 = new Buffer();
        for (String str : CANONICAL_HEADERS) {
            String header = request.header(str);
            if (header != null) {
                buffer.writeUtf8(str).writeByte(58).writeUtf8(header).writeByte(10);
                buffer2.writeByte(59).writeUtf8(str);
            }
        }
        buffer.writeByte(10);
        buffer2.readByte();
        buffer.writeAll(buffer2);
        buffer.writeByte(10);
        if (request.body() == null || request.body().contentLength() == 0) {
            buffer.writeUtf8(EMPTY_STRING_HASH);
        } else {
            Buffer buffer3 = new Buffer();
            request.body().writeTo(buffer3);
            buffer.writeUtf8(buffer3.sha256().hex());
        }
        return buffer;
    }

    static Buffer toSign(String str, String str2, Buffer buffer) {
        Buffer buffer2 = new Buffer();
        buffer2.writeUtf8("AWS4-HMAC-SHA256\n");
        buffer2.writeUtf8(str).writeByte(10);
        buffer2.writeUtf8(str2).writeByte(10);
        buffer2.writeUtf8(buffer.sha256().hex());
        return buffer2;
    }

    Request sign(Request request) throws IOException {
        AWSCredentials aWSCredentials = this.credentials.get();
        if (aWSCredentials == null) {
            throw new NullPointerException("credentials == null");
        }
        String format = iso8601.get().format(new Date());
        String substring = format.substring(0, 8);
        String format2 = String.format("%s/%s/%s/%s", substring, this.region, this.service, SignerConstants.AWS4_TERMINATOR);
        Request.Builder newBuilder = request.newBuilder();
        newBuilder.header(HOST, request.url().host());
        newBuilder.header(X_AMZ_DATE, format);
        if (aWSCredentials.sessionToken != null) {
            newBuilder.header(X_AMZ_SECURITY_TOKEN, aWSCredentials.sessionToken);
        }
        return newBuilder.header("authorization", "AWS4-HMAC-SHA256 Credential=" + aWSCredentials.accessKey + '/' + format2 + ", SignedHeaders=" + (aWSCredentials.sessionToken == null ? HOST_DATE : HOST_DATE_TOKEN) + ", Signature=" + toSign(format, format2, canonicalString(newBuilder.build())).readByteString().hmacSha256(signatureKey(aWSCredentials.secretKey, substring)).hex()).build();
    }

    ByteString signatureKey(String str, String str2) {
        return ByteString.encodeUtf8(SignerConstants.AWS4_TERMINATOR).hmacSha256(ByteString.encodeUtf8(this.service).hmacSha256(ByteString.encodeUtf8(this.region).hmacSha256(ByteString.encodeUtf8(str2).hmacSha256(ByteString.encodeUtf8("AWS4" + str)))));
    }
}
