package software.amazon.awssdk.authcrt.signer.internal;

import java.nio.charset.StandardCharsets;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.CredentialUtils;
import software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute;
import software.amazon.awssdk.auth.signer.S3SignerExecutionAttribute;
import software.amazon.awssdk.auth.signer.internal.Aws4SignerUtils;
import software.amazon.awssdk.auth.signer.internal.chunkedencoding.AwsSignedChunkedEncodingInputStream;
import software.amazon.awssdk.authcrt.signer.AwsCrtS3V4aSigner;
import software.amazon.awssdk.authcrt.signer.internal.chunkedencoding.AwsS3V4aChunkSigner;
import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
import software.amazon.awssdk.core.internal.chunked.AwsChunkedEncodingConfig;
import software.amazon.awssdk.crt.auth.signing.AwsSigningConfig;
import software.amazon.awssdk.http.ContentStreamProvider;
import software.amazon.awssdk.http.SdkHttpFullRequest;

@SdkInternalApi
/* loaded from: input_file:software/amazon/awssdk/authcrt/signer/internal/DefaultAwsCrtS3V4aSigner.class */
public final class DefaultAwsCrtS3V4aSigner implements AwsCrtS3V4aSigner {
    private final AwsCrt4aSigningAdapter signerAdapter;
    private final SigningConfigProvider configProvider;

    DefaultAwsCrtS3V4aSigner(AwsCrt4aSigningAdapter awsCrt4aSigningAdapter, SigningConfigProvider signingConfigProvider) {
        this.signerAdapter = awsCrt4aSigningAdapter;
        this.configProvider = signingConfigProvider;
    }

    public static AwsCrtS3V4aSigner create() {
        return new DefaultAwsCrtS3V4aSigner(new AwsCrt4aSigningAdapter(), new SigningConfigProvider());
    }

    public SdkHttpFullRequest sign(SdkHttpFullRequest sdkHttpFullRequest, ExecutionAttributes executionAttributes) {
        if (credentialsAreAnonymous(executionAttributes)) {
            return sdkHttpFullRequest;
        }
        AwsSigningConfig createS3CrtSigningConfig = this.configProvider.createS3CrtSigningConfig(executionAttributes);
        if (!shouldSignPayload(sdkHttpFullRequest, executionAttributes)) {
            createS3CrtSigningConfig.setSignedBodyValue("UNSIGNED-PAYLOAD");
            return this.signerAdapter.signRequest(sdkHttpFullRequest, createS3CrtSigningConfig);
        }
        createS3CrtSigningConfig.setSignedBodyValue("STREAMING-AWS4-ECDSA-P256-SHA256-PAYLOAD");
        SdkHttpFullRequest.Builder builder = sdkHttpFullRequest.toBuilder();
        setHeaderContentLength(builder);
        return enablePayloadSigning(this.signerAdapter.sign(builder.build(), createS3CrtSigningConfig), this.configProvider.createChunkedSigningConfig(executionAttributes));
    }

    public SdkHttpFullRequest presign(SdkHttpFullRequest sdkHttpFullRequest, ExecutionAttributes executionAttributes) {
        return credentialsAreAnonymous(executionAttributes) ? sdkHttpFullRequest : this.signerAdapter.signRequest(sdkHttpFullRequest, this.configProvider.createS3CrtPresigningConfig(executionAttributes));
    }

    private boolean credentialsAreAnonymous(ExecutionAttributes executionAttributes) {
        return CredentialUtils.isAnonymous((AwsCredentials) executionAttributes.getAttribute(AwsSignerExecutionAttribute.AWS_CREDENTIALS));
    }

    private boolean shouldSignPayload(SdkHttpFullRequest sdkHttpFullRequest, ExecutionAttributes executionAttributes) {
        if (sdkHttpFullRequest.protocol().equals("https") || !sdkHttpFullRequest.contentStreamProvider().isPresent()) {
            return booleanValue((Boolean) executionAttributes.getAttribute(S3SignerExecutionAttribute.ENABLE_PAYLOAD_SIGNING)) && booleanValue((Boolean) executionAttributes.getAttribute(S3SignerExecutionAttribute.ENABLE_CHUNKED_ENCODING));
        }
        return true;
    }

    private void setHeaderContentLength(SdkHttpFullRequest.Builder builder) {
        long calculateRequestContentLength = Aws4SignerUtils.calculateRequestContentLength(builder);
        builder.putHeader("x-amz-decoded-content-length", Long.toString(calculateRequestContentLength));
        builder.putHeader("Content-Length", Long.toString(AwsSignedChunkedEncodingInputStream.calculateStreamContentLength(calculateRequestContentLength, AwsS3V4aChunkSigner.getSignatureLength(), AwsChunkedEncodingConfig.create())));
    }

    private SdkHttpFullRequest enablePayloadSigning(SdkSigningResult sdkSigningResult, AwsSigningConfig awsSigningConfig) {
        SdkHttpFullRequest signedRequest = sdkSigningResult.getSignedRequest();
        byte[] signature = sdkSigningResult.getSignature();
        SdkHttpFullRequest.Builder builder = signedRequest.toBuilder();
        ContentStreamProvider contentStreamProvider = builder.contentStreamProvider();
        AwsS3V4aChunkSigner awsS3V4aChunkSigner = new AwsS3V4aChunkSigner(this.signerAdapter, awsSigningConfig);
        builder.contentStreamProvider(() -> {
            return AwsSignedChunkedEncodingInputStream.builder().inputStream(contentStreamProvider.newStream()).awsChunkSigner(awsS3V4aChunkSigner).headerSignature(new String(signature, StandardCharsets.UTF_8)).awsChunkedEncodingConfig(AwsChunkedEncodingConfig.create()).build();
        });
        return builder.build();
    }

    private boolean booleanValue(Boolean bool) {
        return Boolean.TRUE.equals(bool);
    }
}
