package software.amazon.awssdk.authcrt.signer.internal;

import java.nio.charset.StandardCharsets;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.CredentialUtils;
import software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute;
import software.amazon.awssdk.auth.signer.S3SignerExecutionAttribute;
import software.amazon.awssdk.auth.signer.internal.Aws4SignerUtils;
import software.amazon.awssdk.auth.signer.internal.chunkedencoding.AwsSignedChunkedEncodingInputStream;
import software.amazon.awssdk.auth.signer.params.SignerChecksumParams;
import software.amazon.awssdk.authcrt.signer.AwsCrtS3V4aSigner;
import software.amazon.awssdk.authcrt.signer.internal.chunkedencoding.AwsS3V4aChunkSigner;
import software.amazon.awssdk.core.checksums.ChecksumSpecs;
import software.amazon.awssdk.core.checksums.SdkChecksum;
import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
import software.amazon.awssdk.core.internal.chunked.AwsChunkedEncodingConfig;
import software.amazon.awssdk.core.internal.util.HttpChecksumUtils;
import software.amazon.awssdk.crt.auth.signing.AwsSigningConfig;
import software.amazon.awssdk.http.ContentStreamProvider;
import software.amazon.awssdk.http.SdkHttpFullRequest;
import software.amazon.awssdk.regions.RegionScope;

@SdkInternalApi
/* loaded from: input_file:software/amazon/awssdk/authcrt/signer/internal/DefaultAwsCrtS3V4aSigner.class */
public final class DefaultAwsCrtS3V4aSigner implements AwsCrtS3V4aSigner {
    private final AwsCrt4aSigningAdapter signerAdapter;
    private final SigningConfigProvider configProvider;
    private final RegionScope defaultRegionScope;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:software/amazon/awssdk/authcrt/signer/internal/DefaultAwsCrtS3V4aSigner$BuilderImpl.class */
    public static class BuilderImpl implements AwsCrtS3V4aSigner.Builder {
        private RegionScope defaultRegionScope;

        private BuilderImpl() {
        }

        @Override // software.amazon.awssdk.authcrt.signer.AwsCrtS3V4aSigner.Builder
        public AwsCrtS3V4aSigner.Builder defaultRegionScope(RegionScope regionScope) {
            this.defaultRegionScope = regionScope;
            return this;
        }

        @Override // software.amazon.awssdk.authcrt.signer.AwsCrtS3V4aSigner.Builder
        public AwsCrtS3V4aSigner build() {
            return new DefaultAwsCrtS3V4aSigner(this);
        }
    }

    DefaultAwsCrtS3V4aSigner(AwsCrt4aSigningAdapter awsCrt4aSigningAdapter, SigningConfigProvider signingConfigProvider) {
        this(awsCrt4aSigningAdapter, signingConfigProvider, null);
    }

    DefaultAwsCrtS3V4aSigner(AwsCrt4aSigningAdapter awsCrt4aSigningAdapter, SigningConfigProvider signingConfigProvider, RegionScope regionScope) {
        this.signerAdapter = awsCrt4aSigningAdapter;
        this.configProvider = signingConfigProvider;
        this.defaultRegionScope = regionScope;
    }

    private DefaultAwsCrtS3V4aSigner(BuilderImpl builderImpl) {
        this(new AwsCrt4aSigningAdapter(), new SigningConfigProvider(), builderImpl.defaultRegionScope);
    }

    public static AwsCrtS3V4aSigner create() {
        return builder().build();
    }

    public static AwsCrtS3V4aSigner.Builder builder() {
        return new BuilderImpl();
    }

    public SdkHttpFullRequest sign(SdkHttpFullRequest sdkHttpFullRequest, ExecutionAttributes executionAttributes) {
        if (credentialsAreAnonymous(executionAttributes)) {
            return sdkHttpFullRequest;
        }
        ExecutionAttributes applyDefaults = applyDefaults(executionAttributes);
        AwsSigningConfig createS3CrtSigningConfig = this.configProvider.createS3CrtSigningConfig(applyDefaults);
        SignerChecksumParams signerChecksumParamsFromAttributes = signerChecksumParamsFromAttributes(applyDefaults);
        if (!shouldSignPayload(sdkHttpFullRequest, applyDefaults)) {
            createS3CrtSigningConfig.setSignedBodyValue(signerChecksumParamsFromAttributes != null ? "STREAMING-UNSIGNED-PAYLOAD-TRAILER" : "UNSIGNED-PAYLOAD");
            return this.signerAdapter.signRequest(sdkHttpFullRequest, createS3CrtSigningConfig);
        }
        SdkHttpFullRequest.Builder builder = sdkHttpFullRequest.toBuilder();
        if (signerChecksumParamsFromAttributes != null) {
            createS3CrtSigningConfig.setSignedBodyValue("STREAMING-AWS4-ECDSA-P256-SHA256-PAYLOAD-TRAILER");
            updateRequestWithTrailer(signerChecksumParamsFromAttributes, builder);
        } else {
            createS3CrtSigningConfig.setSignedBodyValue("STREAMING-AWS4-ECDSA-P256-SHA256-PAYLOAD");
        }
        setHeaderContentLength(builder, signerChecksumParamsFromAttributes);
        return enablePayloadSigning(this.signerAdapter.sign(builder.build(), createS3CrtSigningConfig), this.configProvider.createChunkedSigningConfig(applyDefaults), signerChecksumParamsFromAttributes);
    }

    private static SignerChecksumParams signerChecksumParamsFromAttributes(ExecutionAttributes executionAttributes) {
        ChecksumSpecs checksumSpecs = (ChecksumSpecs) HttpChecksumUtils.checksumSpecWithRequestAlgorithm(executionAttributes).orElse(null);
        if (checksumSpecs == null) {
            return null;
        }
        return SignerChecksumParams.builder().isStreamingRequest(checksumSpecs.isRequestStreaming()).algorithm(checksumSpecs.algorithm()).checksumHeaderName(checksumSpecs.headerName()).build();
    }

    public SdkHttpFullRequest presign(SdkHttpFullRequest sdkHttpFullRequest, ExecutionAttributes executionAttributes) {
        if (credentialsAreAnonymous(executionAttributes)) {
            return sdkHttpFullRequest;
        }
        return this.signerAdapter.signRequest(sdkHttpFullRequest, this.configProvider.createS3CrtPresigningConfig(applyDefaults(executionAttributes)));
    }

    private boolean credentialsAreAnonymous(ExecutionAttributes executionAttributes) {
        return CredentialUtils.isAnonymous((AwsCredentials) executionAttributes.getAttribute(AwsSignerExecutionAttribute.AWS_CREDENTIALS));
    }

    private boolean shouldSignPayload(SdkHttpFullRequest sdkHttpFullRequest, ExecutionAttributes executionAttributes) {
        if (sdkHttpFullRequest.protocol().equals("https") || !sdkHttpFullRequest.contentStreamProvider().isPresent()) {
            return booleanValue((Boolean) executionAttributes.getAttribute(S3SignerExecutionAttribute.ENABLE_PAYLOAD_SIGNING)) && booleanValue((Boolean) executionAttributes.getAttribute(S3SignerExecutionAttribute.ENABLE_CHUNKED_ENCODING));
        }
        return true;
    }

    private void setHeaderContentLength(SdkHttpFullRequest.Builder builder, SignerChecksumParams signerChecksumParams) {
        long calculateRequestContentLength = Aws4SignerUtils.calculateRequestContentLength(builder);
        builder.putHeader("x-amz-decoded-content-length", Long.toString(calculateRequestContentLength));
        builder.putHeader("Content-Length", Long.toString(AwsSignedChunkedEncodingInputStream.calculateStreamContentLength(calculateRequestContentLength, AwsS3V4aChunkSigner.getSignatureLength(), AwsChunkedEncodingConfig.create(), signerChecksumParams != null) + getChecksumTrailerLength(signerChecksumParams, AwsS3V4aChunkSigner.getSignatureLength())));
    }

    private SdkHttpFullRequest enablePayloadSigning(SdkSigningResult sdkSigningResult, AwsSigningConfig awsSigningConfig, SignerChecksumParams signerChecksumParams) {
        SdkHttpFullRequest signedRequest = sdkSigningResult.getSignedRequest();
        byte[] signature = sdkSigningResult.getSignature();
        SdkHttpFullRequest.Builder builder = signedRequest.toBuilder();
        ContentStreamProvider contentStreamProvider = builder.contentStreamProvider();
        AwsS3V4aChunkSigner awsS3V4aChunkSigner = new AwsS3V4aChunkSigner(this.signerAdapter, awsSigningConfig);
        String checksumHeaderName = signerChecksumParams != null ? signerChecksumParams.checksumHeaderName() : null;
        SdkChecksum forAlgorithm = signerChecksumParams != null ? SdkChecksum.forAlgorithm(signerChecksumParams.algorithm()) : null;
        builder.contentStreamProvider(() -> {
            return AwsSignedChunkedEncodingInputStream.builder().inputStream(contentStreamProvider.newStream()).awsChunkSigner(awsS3V4aChunkSigner).checksumHeaderForTrailer(checksumHeaderName).sdkChecksum(forAlgorithm).headerSignature(new String(signature, StandardCharsets.UTF_8)).awsChunkedEncodingConfig(AwsChunkedEncodingConfig.create()).build();
        });
        return builder.build();
    }

    private boolean booleanValue(Boolean bool) {
        return Boolean.TRUE.equals(bool);
    }

    private ExecutionAttributes applyDefaults(ExecutionAttributes executionAttributes) {
        return applyDefaultRegionScope(executionAttributes);
    }

    private ExecutionAttributes applyDefaultRegionScope(ExecutionAttributes executionAttributes) {
        if (executionAttributes.getAttribute(AwsSignerExecutionAttribute.SIGNING_REGION_SCOPE) == null && this.defaultRegionScope != null) {
            return executionAttributes.copy().putAttribute(AwsSignerExecutionAttribute.SIGNING_REGION_SCOPE, this.defaultRegionScope);
        }
        return executionAttributes;
    }

    private static long getChecksumTrailerLength(SignerChecksumParams signerChecksumParams, int i) {
        if (signerChecksumParams == null) {
            return 0L;
        }
        return AwsSignedChunkedEncodingInputStream.calculateChecksumContentLength(signerChecksumParams.algorithm(), signerChecksumParams.checksumHeaderName(), i);
    }

    private static void updateRequestWithTrailer(SignerChecksumParams signerChecksumParams, SdkHttpFullRequest.Builder builder) {
        builder.putHeader("x-amz-trailer", signerChecksumParams.checksumHeaderName());
        builder.putHeader("Content-Encoding", "aws-chunked");
    }
}
