package com.google.auth.oauth2;

import com.google.auth.ServiceAccountSigner;
import com.google.auth.oauth2.AwsRequestSignature;
import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import com.google.common.base.Splitter;
import com.google.common.io.BaseEncoding;
import com.google.errorprone.annotations.CanIgnoreReturnValue;
import java.net.URI;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes3.dex */
class AwsRequestSigner {
    private static final String AWS_REQUEST_TYPE = "aws4_request";
    private static final String HASHING_ALGORITHM = "AWS4-HMAC-SHA256";
    private final Map<String, String> additionalHeaders;
    private final AwsSecurityCredentials awsSecurityCredentials;
    private final AwsDates dates;
    private final String httpMethod;
    private final String region;
    private final String requestPayload;
    private final URI uri;

    /* loaded from: classes3.dex */
    static class Builder {
        private Map<String, String> additionalHeaders;
        private final AwsSecurityCredentials awsSecurityCredentials;
        private AwsDates dates;
        private final String httpMethod;
        private final String region;
        private String requestPayload;
        private final String url;

        private Builder(AwsSecurityCredentials awsSecurityCredentials, String str, String str2, String str3) {
            this.awsSecurityCredentials = awsSecurityCredentials;
            this.httpMethod = str;
            this.url = str2;
            this.region = str3;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public AwsRequestSigner build() {
            return new AwsRequestSigner(this.awsSecurityCredentials, this.httpMethod, this.url, this.region, this.requestPayload, this.additionalHeaders, this.dates);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @CanIgnoreReturnValue
        public Builder setAdditionalHeaders(Map<String, String> map) {
            if (map.containsKey("date") && map.containsKey("x-amz-date")) {
                throw new IllegalArgumentException("One of {date, x-amz-date} can be specified, not both.");
            }
            try {
                if (map.containsKey("date")) {
                    this.dates = AwsDates.fromDateHeader(map.get("date"));
                }
                if (map.containsKey("x-amz-date")) {
                    this.dates = AwsDates.fromXAmzDate(map.get("x-amz-date"));
                }
                this.additionalHeaders = map;
                return this;
            } catch (ParseException e10) {
                throw new IllegalArgumentException("The provided date header value is invalid.", e10);
            }
        }

        @CanIgnoreReturnValue
        Builder setRequestPayload(String str) {
            this.requestPayload = str;
            return this;
        }
    }

    private AwsRequestSigner(AwsSecurityCredentials awsSecurityCredentials, String str, String str2, String str3, String str4, Map<String, String> map, AwsDates awsDates) {
        this.awsSecurityCredentials = (AwsSecurityCredentials) Preconditions.checkNotNull(awsSecurityCredentials);
        this.httpMethod = (String) Preconditions.checkNotNull(str);
        this.uri = URI.create(str2).normalize();
        this.region = (String) Preconditions.checkNotNull(str3);
        this.requestPayload = str4 == null ? "" : str4;
        this.additionalHeaders = map != null ? new HashMap(map) : new HashMap();
        this.dates = awsDates == null ? AwsDates.generateXAmzDate() : awsDates;
    }

    private String calculateAwsV4Signature(String str, String str2, String str3, String str4, String str5) {
        String str6 = "AWS4" + str2;
        Charset charset = StandardCharsets.UTF_8;
        return BaseEncoding.base16().lowerCase().encode(sign(sign(sign(sign(sign(str6.getBytes(charset), str3.getBytes(charset)), str4.getBytes(charset)), str.getBytes(charset)), AWS_REQUEST_TYPE.getBytes(charset)), str5.getBytes(charset)));
    }

    private String createCanonicalRequestHash(Map<String, String> map, List<String> list) {
        StringBuilder sb2 = new StringBuilder(this.httpMethod);
        sb2.append("\n");
        sb2.append(this.uri.getRawPath().isEmpty() ? "/" : this.uri.getRawPath());
        sb2.append("\n");
        sb2.append(this.uri.getRawQuery() != null ? this.uri.getRawQuery() : "");
        sb2.append("\n");
        StringBuilder sb3 = new StringBuilder();
        for (String str : list) {
            sb3.append(str);
            sb3.append(":");
            sb3.append(map.get(str));
            sb3.append("\n");
        }
        sb2.append((CharSequence) sb3);
        sb2.append("\n");
        sb2.append(Joiner.on(';').join(list));
        sb2.append("\n");
        String str2 = this.requestPayload;
        Charset charset = StandardCharsets.UTF_8;
        sb2.append(getHexEncodedSha256Hash(str2.getBytes(charset)));
        return getHexEncodedSha256Hash(sb2.toString().getBytes(charset));
    }

    private String createStringToSign(String str, String str2, String str3) {
        return "AWS4-HMAC-SHA256\n" + str2 + "\n" + str3 + "\n" + str;
    }

    private String generateAuthorizationHeader(List<String> list, String str, String str2, String str3) {
        return String.format("%s Credential=%s/%s, SignedHeaders=%s, Signature=%s", HASHING_ALGORITHM, str, str2, Joiner.on(';').join(list), str3);
    }

    private Map<String, String> getCanonicalHeaders(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put("host", this.uri.getHost());
        if (!this.additionalHeaders.containsKey("date")) {
            hashMap.put("x-amz-date", str);
        }
        if (this.awsSecurityCredentials.getSessionToken() != null && !this.awsSecurityCredentials.getSessionToken().isEmpty()) {
            hashMap.put("x-amz-security-token", this.awsSecurityCredentials.getSessionToken());
        }
        for (String str2 : this.additionalHeaders.keySet()) {
            hashMap.put(str2.toLowerCase(Locale.US), this.additionalHeaders.get(str2));
        }
        return hashMap;
    }

    private static String getHexEncodedSha256Hash(byte[] bArr) {
        try {
            return BaseEncoding.base16().lowerCase().encode(MessageDigest.getInstance("SHA-256").digest(bArr));
        } catch (NoSuchAlgorithmException e10) {
            throw new RuntimeException("Failed to compute SHA-256 hash.", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Builder newBuilder(AwsSecurityCredentials awsSecurityCredentials, String str, String str2, String str3) {
        return new Builder(awsSecurityCredentials, str, str2, str3);
    }

    private static byte[] sign(byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
            return mac.doFinal(bArr2);
        } catch (InvalidKeyException e10) {
            throw new ServiceAccountSigner.SigningException("Invalid key used when calculating the AWS V4 Signature", e10);
        } catch (NoSuchAlgorithmException e11) {
            throw new RuntimeException("HmacSHA256 must be supported by the JVM.", e11);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AwsRequestSignature sign() {
        String next = Splitter.on(".").split(this.uri.getHost()).iterator().next();
        Map<String, String> canonicalHeaders = getCanonicalHeaders(this.dates.getOriginalDate());
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = canonicalHeaders.keySet().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().toLowerCase(Locale.US));
        }
        Collections.sort(arrayList);
        String createCanonicalRequestHash = createCanonicalRequestHash(canonicalHeaders, arrayList);
        String str = this.dates.getFormattedDate() + "/" + this.region + "/" + next + "/" + AWS_REQUEST_TYPE;
        String calculateAwsV4Signature = calculateAwsV4Signature(next, this.awsSecurityCredentials.getSecretAccessKey(), this.dates.getFormattedDate(), this.region, createStringToSign(createCanonicalRequestHash, this.dates.getXAmzDate(), str));
        return new AwsRequestSignature.Builder().setSignature(calculateAwsV4Signature).setCanonicalHeaders(canonicalHeaders).setHttpMethod(this.httpMethod).setSecurityCredentials(this.awsSecurityCredentials).setCredentialScope(str).setUrl(this.uri.toString()).setDate(this.dates.getOriginalDate()).setRegion(this.region).setAuthorizationHeader(generateAuthorizationHeader(arrayList, this.awsSecurityCredentials.getAccessKeyId(), str, calculateAwsV4Signature)).build();
    }
}
