package vc.inreach.aws.request;

import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSSessionCredentials;
import com.amazonaws.util.SdkHttpUtils;
import com.google.common.base.Charsets;
import com.google.common.base.Joiner;
import com.google.common.base.Optional;
import com.google.common.base.Supplier;
import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Multimap;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.time.format.DateTimeFormatterBuilder;
import java.time.temporal.ChronoField;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;

/* loaded from: input_file:vc/inreach/aws/request/AWSSigner.class */
public class AWSSigner {
    private static final String HMAC_SHA256 = "HmacSHA256";
    private static final String SLASH = "/";
    private static final String X_AMZ_DATE = "x-amz-date";
    private static final String RETURN = "\n";
    private static final String AWS4_HMAC_SHA256 = "AWS4-HMAC-SHA256\n";
    private static final String AWS4_REQUEST = "/aws4_request";
    private static final String AWS4_HMAC_SHA256_CREDENTIAL = "AWS4-HMAC-SHA256 Credential=";
    private static final String SIGNED_HEADERS = ", SignedHeaders=";
    private static final String SIGNATURE = ", Signature=";
    private static final String SHA_256 = "SHA-256";
    private static final String AWS4 = "AWS4";
    private static final String AWS_4_REQUEST = "aws4_request";
    private static final String CONNECTION = "connection";
    private static final String EMPTY = "";
    private static final String ZERO = "0";
    private static final String HOST = "Host";
    private static final String CONTENT_LENGTH = "Content-Length";
    private static final String AUTHORIZATION = "Authorization";
    private static final String SESSION_TOKEN = "x-amz-security-token";
    private static final String DATE = "date";
    private static final String POST = "POST";
    private final AWSCredentialsProvider credentialsProvider;
    private final String region;
    private final String service;
    private final Supplier<LocalDateTime> clock;
    private static final char[] BASE16MAP = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
    private static final Joiner JOINER = Joiner.on(';');
    private static final DateTimeFormatter BASIC_TIME_FORMAT = new DateTimeFormatterBuilder().parseCaseInsensitive().appendValue(ChronoField.YEAR, 4).appendValue(ChronoField.MONTH_OF_YEAR, 2).appendValue(ChronoField.DAY_OF_MONTH, 2).appendLiteral('T').appendValue(ChronoField.HOUR_OF_DAY, 2).appendValue(ChronoField.MINUTE_OF_HOUR, 2).appendValue(ChronoField.SECOND_OF_MINUTE, 2).appendLiteral('Z').toFormatter();
    private static final Joiner AMPERSAND_JOINER = Joiner.on('&');
    private static final DateTimeFormatter BASIC_ISO_DATE = new DateTimeFormatterBuilder().parseCaseInsensitive().appendValue(ChronoField.YEAR, 4).appendValue(ChronoField.MONTH_OF_YEAR, 2).appendValue(ChronoField.DAY_OF_MONTH, 2).toFormatter();

    public AWSSigner(AWSCredentialsProvider aWSCredentialsProvider, String str, String str2, Supplier<LocalDateTime> supplier) {
        this.credentialsProvider = aWSCredentialsProvider;
        this.region = str;
        this.service = str2;
        this.clock = supplier;
    }

    public Map<String, Object> getSignedHeaders(String str, String str2, Multimap<String, String> multimap, Map<String, Object> map, Optional<byte[]> optional) {
        LocalDateTime localDateTime = this.clock.get();
        AWSCredentials credentials = this.credentialsProvider.getCredentials();
        TreeMap treeMap = new TreeMap(String.CASE_INSENSITIVE_ORDER);
        treeMap.putAll(map);
        Optional transform = Optional.fromNullable(treeMap.get("Host")).transform((v0) -> {
            return v0.toString();
        });
        int intValue = ((Integer) transform.transform(str3 -> {
            return Integer.valueOf(str3.indexOf(58));
        }).or((Optional) (-1))).intValue();
        if (intValue > -1) {
            treeMap.put("Host", ((String) transform.get()).substring(0, intValue));
        }
        if (!treeMap.containsKey("date")) {
            treeMap.put("x-amz-date", localDateTime.format(BASIC_TIME_FORMAT));
        }
        if (AWSSessionCredentials.class.isAssignableFrom(credentials.getClass())) {
            treeMap.put("x-amz-security-token", ((AWSSessionCredentials) credentials).getSessionToken());
        }
        StringBuilder sb = new StringBuilder();
        ImmutableList.Builder builder = ImmutableList.builder();
        for (Map.Entry<String, Object> entry : treeMap.entrySet()) {
            Optional<String> headerAsString = headerAsString(entry, str2);
            if (headerAsString.isPresent()) {
                sb.append(headerAsString.get()).append("\n");
                builder.add((ImmutableList.Builder) entry.getKey().toLowerCase());
            }
        }
        String join = JOINER.join(builder.build());
        treeMap.put("Authorization", AWS4_HMAC_SHA256_CREDENTIAL + credentials.getAWSAccessKeyId() + "/" + getCredentialScope(localDateTime) + SIGNED_HEADERS + join + SIGNATURE + sign(createStringToSign(str2 + "\n" + SdkHttpUtils.urlEncode(str, true) + "\n" + queryParamsString(multimap) + "\n" + sb.toString() + "\n" + join + "\n" + toBase16(hash(optional.or((Optional<byte[]>) "".getBytes(Charsets.UTF_8)))), localDateTime), localDateTime, credentials));
        return ImmutableMap.copyOf((Map) treeMap);
    }

    private String queryParamsString(Multimap<String, String> multimap) {
        ImmutableList.Builder builder = ImmutableList.builder();
        for (Map.Entry entry : new TreeMap(multimap.asMap()).entrySet()) {
            Iterator it = ((Collection) entry.getValue()).iterator();
            while (it.hasNext()) {
                builder.add((ImmutableList.Builder) (SdkHttpUtils.urlEncode((String) entry.getKey(), false) + '=' + SdkHttpUtils.urlEncode((String) it.next(), false)));
            }
        }
        return AMPERSAND_JOINER.join(builder.build());
    }

    private Optional<String> headerAsString(Map.Entry<String, Object> entry, String str) {
        return (entry.getKey().equalsIgnoreCase("connection") || entry.getKey().equalsIgnoreCase("Content-Length")) ? Optional.absent() : Optional.of(entry.getKey().toLowerCase() + ':' + entry.getValue());
    }

    private String sign(String str, LocalDateTime localDateTime, AWSCredentials aWSCredentials) {
        return Hex.encodeHexString(hmacSHA256(str, getSignatureKey(localDateTime, aWSCredentials)));
    }

    private String createStringToSign(String str, LocalDateTime localDateTime) {
        return AWS4_HMAC_SHA256 + localDateTime.format(BASIC_TIME_FORMAT) + "\n" + getCredentialScope(localDateTime) + "\n" + toBase16(hash(str.getBytes(Charsets.UTF_8)));
    }

    private String getCredentialScope(LocalDateTime localDateTime) {
        return localDateTime.format(BASIC_ISO_DATE) + "/" + this.region + "/" + this.service + AWS4_REQUEST;
    }

    private byte[] hash(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw Throwables.propagate(e);
        }
    }

    private String toBase16(byte[] bArr) {
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            sb.append(BASE16MAP[(b >> 4) & 15]);
            sb.append(BASE16MAP[b & 15]);
        }
        return sb.toString();
    }

    private byte[] getSignatureKey(LocalDateTime localDateTime, AWSCredentials aWSCredentials) {
        return hmacSHA256("aws4_request", hmacSHA256(this.service, hmacSHA256(this.region, hmacSHA256(localDateTime.format(BASIC_ISO_DATE), (AWS4 + aWSCredentials.getAWSSecretKey()).getBytes(Charsets.UTF_8)))));
    }

    private byte[] hmacSHA256(String str, byte[] bArr) {
        try {
            Mac mac = Mac.getInstance(HMAC_SHA256);
            mac.init(new SecretKeySpec(bArr, HMAC_SHA256));
            return mac.doFinal(str.getBytes(Charsets.UTF_8));
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw Throwables.propagate(e);
        }
    }
}
