package com.amazonaws.auth;

import com.amazonaws.AmazonClientException;
import com.amazonaws.Request;
import com.amazonaws.logging.Log;
import com.amazonaws.logging.LogFactory;
import com.amazonaws.util.AwsHostNameUtils;
import com.amazonaws.util.BinaryUtils;
import com.amazonaws.util.DateUtils;
import com.amazonaws.util.HttpUtils;
import com.amazonaws.util.StringUtils;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import org.apache.commons.text.lookup.StringLookupFactory;

/* loaded from: classes.dex */
public class AWS4Signer extends AbstractAWSSigner {
    protected static final String ALGORITHM = "AWS4-HMAC-SHA256";
    private static final String DATE_PATTERN = "yyyyMMdd";
    private static final long MAX_EXPIRATION_TIME_IN_SECONDS = 604800;
    private static final long MILLISEC = 1000;
    protected static final String TERMINATOR = "aws4_request";
    private static final String TIME_PATTERN = "yyyyMMdd'T'HHmmss'Z'";
    protected static final Log log = LogFactory.b(AWS4Signer.class);
    protected boolean doubleUrlEncode;
    protected Date overriddenDate;
    protected String regionName;
    protected String serviceName;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes.dex */
    public static class HeaderSigningResult {

        /* renamed from: a, reason: collision with root package name */
        private final String f6523a;

        /* renamed from: b, reason: collision with root package name */
        private final String f6524b;

        /* renamed from: c, reason: collision with root package name */
        private final byte[] f6525c;

        /* renamed from: d, reason: collision with root package name */
        private final byte[] f6526d;

        public HeaderSigningResult(String str, String str2, byte[] bArr, byte[] bArr2) {
            this.f6523a = str;
            this.f6524b = str2;
            this.f6525c = bArr;
            this.f6526d = bArr2;
        }

        public byte[] a() {
            byte[] bArr = this.f6526d;
            byte[] bArr2 = new byte[bArr.length];
            System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
            return bArr2;
        }
    }

    public AWS4Signer() {
        this(true);
    }

    public AWS4Signer(boolean z8) {
        this.doubleUrlEncode = z8;
    }

    protected void addHostHeader(Request<?> request) {
        String host = request.h().getHost();
        if (HttpUtils.e(request.h())) {
            host = host + ":" + request.h().getPort();
        }
        request.g("Host", host);
    }

    protected void addSessionCredentials(Request<?> request, AWSSessionCredentials aWSSessionCredentials) {
        request.g("x-amz-security-token", aWSSessionCredentials.a());
    }

    protected String calculateContentHash(Request<?> request) {
        InputStream binaryRequestPayloadStream = getBinaryRequestPayloadStream(request);
        binaryRequestPayloadStream.mark(-1);
        String a9 = BinaryUtils.a(hash(binaryRequestPayloadStream));
        try {
            binaryRequestPayloadStream.reset();
            return a9;
        } catch (IOException e8) {
            throw new AmazonClientException("Unable to reset stream after calculating AWS4 signature", e8);
        }
    }

    protected String calculateContentHashPresign(Request<?> request) {
        return calculateContentHash(request);
    }

    protected final HeaderSigningResult computeSignature(Request<?> request, String str, String str2, String str3, String str4, AWSCredentials aWSCredentials) {
        String extractRegionName = extractRegionName(request.h());
        String extractServiceName = extractServiceName(request.h());
        String str5 = str + "/" + extractRegionName + "/" + extractServiceName + "/" + TERMINATOR;
        String stringToSign = getStringToSign(str3, str2, str5, getCanonicalRequest(request, str4));
        String str6 = "AWS4" + aWSCredentials.c();
        Charset charset = StringUtils.f6883a;
        byte[] bytes = str6.getBytes(charset);
        SigningAlgorithm signingAlgorithm = SigningAlgorithm.HmacSHA256;
        byte[] sign = sign(TERMINATOR, sign(extractServiceName, sign(extractRegionName, sign(str, bytes, signingAlgorithm), signingAlgorithm), signingAlgorithm), signingAlgorithm);
        return new HeaderSigningResult(str2, str5, sign, sign(stringToSign.getBytes(charset), sign, signingAlgorithm));
    }

    protected String extractRegionName(URI uri) {
        String str = this.regionName;
        return str != null ? str : AwsHostNameUtils.a(uri.getHost(), this.serviceName);
    }

    protected String extractServiceName(URI uri) {
        String str = this.serviceName;
        return str != null ? str : AwsHostNameUtils.c(uri);
    }

    protected String getCanonicalRequest(Request<?> request, String str) {
        String str2 = request.getHttpMethod().toString() + org.apache.commons.lang3.StringUtils.LF + getCanonicalizedResourcePath(request.a() != null ? HttpUtils.c(request.h().getPath(), request.a()) : HttpUtils.a(request.h().getPath(), request.f()), this.doubleUrlEncode) + org.apache.commons.lang3.StringUtils.LF + getCanonicalizedQueryString(request) + org.apache.commons.lang3.StringUtils.LF + getCanonicalizedHeaderString(request) + org.apache.commons.lang3.StringUtils.LF + getSignedHeadersString(request) + org.apache.commons.lang3.StringUtils.LF + str;
        log.a("AWS4 Canonical Request: '\"" + str2 + "\"");
        return str2;
    }

    protected String getCanonicalizedHeaderString(Request<?> request) {
        ArrayList<String> arrayList = new ArrayList();
        arrayList.addAll(request.b().keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            if (needsSign(str)) {
                String replaceAll = StringUtils.b(str).replaceAll("\\s+", org.apache.commons.lang3.StringUtils.SPACE);
                String str2 = (String) request.b().get(str);
                sb.append(replaceAll);
                sb.append(":");
                if (str2 != null) {
                    sb.append(str2.replaceAll("\\s+", org.apache.commons.lang3.StringUtils.SPACE));
                }
                sb.append(org.apache.commons.lang3.StringUtils.LF);
            }
        }
        return sb.toString();
    }

    protected final long getDateFromRequest(Request<?> request) {
        Date signatureDate = getSignatureDate(getTimeOffset(request));
        Date date = this.overriddenDate;
        if (date != null) {
            signatureDate = date;
        }
        return signatureDate.getTime();
    }

    protected final String getDateStamp(long j8) {
        return DateUtils.b(DATE_PATTERN, new Date(j8));
    }

    protected String getScope(Request<?> request, String str) {
        return str + "/" + extractRegionName(request.h()) + "/" + extractServiceName(request.h()) + "/" + TERMINATOR;
    }

    protected String getSignedHeadersString(Request<?> request) {
        ArrayList<String> arrayList = new ArrayList();
        arrayList.addAll(request.b().keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            if (needsSign(str)) {
                if (sb.length() > 0) {
                    sb.append(";");
                }
                sb.append(StringUtils.b(str));
            }
        }
        return sb.toString();
    }

    protected String getStringToSign(String str, String str2, String str3, String str4) {
        String str5 = str + org.apache.commons.lang3.StringUtils.LF + str2 + org.apache.commons.lang3.StringUtils.LF + str3 + org.apache.commons.lang3.StringUtils.LF + BinaryUtils.a(hash(str4));
        log.a("AWS4 String to Sign: '\"" + str5 + "\"");
        return str5;
    }

    protected final String getTimeStamp(long j8) {
        return DateUtils.b(TIME_PATTERN, new Date(j8));
    }

    boolean needsSign(String str) {
        return StringLookupFactory.KEY_DATE.equalsIgnoreCase(str) || "Content-MD5".equalsIgnoreCase(str) || "host".equalsIgnoreCase(str) || str.startsWith("x-amz") || str.startsWith("X-Amz");
    }

    void overrideDate(Date date) {
        this.overriddenDate = date;
    }

    public void presignRequest(Request<?> request, AWSCredentials aWSCredentials, Date date) {
        long time = date != null ? (date.getTime() - System.currentTimeMillis()) / 1000 : 604800L;
        if (time > MAX_EXPIRATION_TIME_IN_SECONDS) {
            throw new AmazonClientException("Requests that are pre-signed by SigV4 algorithm are valid for at most 7 days. The expiration date set on the current request [" + getTimeStamp(date.getTime()) + "] has exceeded this limit.");
        }
        addHostHeader(request);
        AWSCredentials sanitizeCredentials = sanitizeCredentials(aWSCredentials);
        if (sanitizeCredentials instanceof AWSSessionCredentials) {
            request.e("X-Amz-Security-Token", ((AWSSessionCredentials) sanitizeCredentials).a());
        }
        long dateFromRequest = getDateFromRequest(request);
        String dateStamp = getDateStamp(dateFromRequest);
        String str = sanitizeCredentials.b() + "/" + getScope(request, dateStamp);
        String timeStamp = getTimeStamp(dateFromRequest);
        request.e("X-Amz-Algorithm", ALGORITHM);
        request.e("X-Amz-Date", timeStamp);
        request.e("X-Amz-SignedHeaders", getSignedHeadersString(request));
        request.e("X-Amz-Expires", Long.toString(time));
        request.e("X-Amz-Credential", str);
        request.e("X-Amz-Signature", BinaryUtils.a(computeSignature(request, dateStamp, timeStamp, ALGORITHM, calculateContentHashPresign(request), sanitizeCredentials).a()));
    }

    protected void processRequestPayload(Request<?> request, HeaderSigningResult headerSigningResult) {
    }

    public void setRegionName(String str) {
        this.regionName = str;
    }

    public void setServiceName(String str) {
        this.serviceName = str;
    }

    public void sign(Request<?> request, AWSCredentials aWSCredentials) {
        AWSCredentials sanitizeCredentials = sanitizeCredentials(aWSCredentials);
        if (sanitizeCredentials instanceof AWSSessionCredentials) {
            addSessionCredentials(request, (AWSSessionCredentials) sanitizeCredentials);
        }
        addHostHeader(request);
        long dateFromRequest = getDateFromRequest(request);
        String dateStamp = getDateStamp(dateFromRequest);
        String scope = getScope(request, dateStamp);
        String calculateContentHash = calculateContentHash(request);
        String timeStamp = getTimeStamp(dateFromRequest);
        request.g("X-Amz-Date", timeStamp);
        if (request.b().get("x-amz-content-sha256") != null && "required".equals(request.b().get("x-amz-content-sha256"))) {
            request.g("x-amz-content-sha256", calculateContentHash);
        }
        String str = sanitizeCredentials.b() + "/" + scope;
        HeaderSigningResult computeSignature = computeSignature(request, dateStamp, timeStamp, ALGORITHM, calculateContentHash, sanitizeCredentials);
        request.g("Authorization", "AWS4-HMAC-SHA256 " + ("Credential=" + str) + ", " + ("SignedHeaders=" + getSignedHeadersString(request)) + ", " + ("Signature=" + BinaryUtils.a(computeSignature.a())));
        processRequestPayload(request, computeSignature);
    }
}
