package com.mongodb.internal.connection;

import io.quarkus.vertx.http.runtime.attribute.ResponseCodeAttribute;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.stream.Collectors;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.sasl.SaslException;
import org.apache.commons.lang3.StringUtils;
import org.bson.internal.Base64;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.mac.MacUtil;
import software.amazon.awssdk.auth.signer.internal.SignerConstant;

/* loaded from: input_file:com/mongodb/internal/connection/AuthorizationHeader.class */
final class AuthorizationHeader {
    private static final String AWS4_HMAC_SHA256 = "AWS4-HMAC-SHA256";
    private static final String SERVICE = "sts";
    private final String host;
    private final String timestamp;
    private final String signature;
    private final String sessionToken;
    private final String authorizationHeader;
    private final byte[] nonce;
    private final Map<String, String> requestHeaders;
    private final String body;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/mongodb/internal/connection/AuthorizationHeader$Builder.class */
    public static final class Builder {
        private String accessKeyID;
        private String secretKey;
        private String sessionToken;
        private String host;
        private String timestamp;
        private byte[] nonce;

        private Builder() {
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder setAccessKeyID(String str) {
            this.accessKeyID = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder setSecretKey(String str) {
            this.secretKey = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder setSessionToken(String str) {
            this.sessionToken = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder setHost(String str) {
            this.host = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder setTimestamp(String str) {
            this.timestamp = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder setNonce(byte[] bArr) {
            this.nonce = bArr;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public AuthorizationHeader build() throws SaslException {
            return new AuthorizationHeader(this);
        }
    }

    private AuthorizationHeader(Builder builder) throws SaslException {
        this.sessionToken = builder.sessionToken;
        this.host = builder.host;
        this.timestamp = builder.timestamp;
        this.nonce = builder.nonce;
        this.body = "Action=GetCallerIdentity&Version=2011-06-15";
        this.requestHeaders = getRequestHeaders();
        this.signature = calculateSignature(createStringToSign(hash(createCanonicalRequest("POST", "", this.body, this.requestHeaders)), getTimestamp(), getCredentialScope()), builder.secretKey, getDate(), getRegion(this.host), SERVICE);
        this.authorizationHeader = String.format("%s Credential=%s/%s, SignedHeaders=%s, Signature=%s", "AWS4-HMAC-SHA256", builder.accessKeyID, getCredentialScope(), getSignedHeaders(this.requestHeaders), getSignature());
    }

    static String createCanonicalRequest(String str, String str2, String str3, Map<String, String> map) throws SaslException {
        return String.join(StringUtils.LF, Arrays.asList(str, "/", str2, getCanonicalHeaders(map), getSignedHeaders(map), hash(str3)));
    }

    static String createStringToSign(String str, String str2, String str3) {
        return String.join(StringUtils.LF, Arrays.asList("AWS4-HMAC-SHA256", str2, str3, str));
    }

    static String calculateSignature(String str, String str2, String str3, String str4, String str5) throws SaslException {
        return hexEncode(hmac(hmac(hmac(hmac(hmac(decodeUTF8("AWS4" + str2), decodeUTF8(str3)), decodeUTF8(str4)), decodeUTF8(str5)), decodeUTF8(SignerConstant.AWS4_TERMINATOR)), decodeUTF8(str)));
    }

    private Map<String, String> getRequestHeaders() {
        if (this.requestHeaders != null) {
            return this.requestHeaders;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("Content-Type", "application/x-www-form-urlencoded");
        hashMap.put("Content-Length", String.valueOf(this.body.length()));
        hashMap.put("Host", this.host);
        hashMap.put("X-Amz-Date", this.timestamp);
        hashMap.put("X-MongoDB-Server-Nonce", Base64.encode(this.nonce));
        hashMap.put("X-MongoDB-GS2-CB-Flag", RsaJsonWebKey.MODULUS_MEMBER_NAME);
        if (this.sessionToken != null) {
            hashMap.put("X-Amz-Security-Token", this.sessionToken);
        }
        return hashMap;
    }

    private String getCredentialScope() throws SaslException {
        return String.format("%s/%s/%s/aws4_request", getDate(), getRegion(this.host), SERVICE);
    }

    static String getSignedHeaders(Map<String, String> map) {
        return (String) map.keySet().stream().map((v0) -> {
            return v0.toLowerCase();
        }).sorted().collect(Collectors.joining(";"));
    }

    static String getCanonicalHeaders(Map<String, String> map) {
        return (String) map.entrySet().stream().map(entry -> {
            return String.format("%s:%s\n", ((String) entry.getKey()).toLowerCase(), ((String) entry.getValue()).trim().replaceAll(" +", " "));
        }).sorted().collect(Collectors.joining(""));
    }

    static String getRegion(String str) throws SaslException {
        if (str.equals("sts.amazonaws.com") || str.matches(String.format(ResponseCodeAttribute.RESPONSE_CODE_SHORT, "(\\w)+(-\\w)*"))) {
            return "us-east-1";
        }
        if (str.matches(String.format("%s(.%s)+", "(\\w)+(-\\w)*", "(\\w)+(-\\w)*"))) {
            return str.split("\\.")[1];
        }
        throw new SaslException("Invalid host");
    }

    String getSignature() {
        return this.signature;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getTimestamp() {
        return this.timestamp;
    }

    private String getDate() {
        return getTimestamp().substring(0, "YYYYMMDD".length());
    }

    static String hash(String str) throws SaslException {
        return hexEncode(sha256(str)).toLowerCase();
    }

    private static String hexEncode(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            sb.append(String.format("%02x", Byte.valueOf(b)));
        }
        return sb.toString();
    }

    private static byte[] decodeUTF8(String str) {
        return str.getBytes(StandardCharsets.UTF_8);
    }

    private static byte[] hmac(byte[] bArr, byte[] bArr2) throws SaslException {
        try {
            Mac mac = Mac.getInstance(MacUtil.HMAC_SHA256);
            mac.init(new SecretKeySpec(bArr, MacUtil.HMAC_SHA256));
            return mac.doFinal(bArr2);
        } catch (Exception e) {
            throw new SaslException(e.getMessage());
        }
    }

    private static byte[] sha256(String str) throws SaslException {
        try {
            return MessageDigest.getInstance("SHA-256").digest(str.getBytes(StandardCharsets.UTF_8));
        } catch (NoSuchAlgorithmException e) {
            throw new SaslException(e.getMessage());
        }
    }

    public String toString() {
        return this.authorizationHeader;
    }

    public static Builder builder() {
        return new Builder();
    }
}
