package com.amazonaws.auth;

import a4.f;
import android.support.v4.media.b;
import androidx.datastore.preferences.protobuf.s0;
import com.amazonaws.DefaultRequest;
import com.amazonaws.Request;
import com.amazonaws.logging.Log;
import com.amazonaws.logging.LogFactory;
import com.amazonaws.util.AwsHostNameUtils;
import com.amazonaws.util.BinaryUtils;
import com.amazonaws.util.DateUtils;
import com.amazonaws.util.HttpUtils;
import com.amazonaws.util.StringUtils;
import com.facebook.internal.security.CertificateUtil;
import com.google.android.gms.internal.atv_ads_framework.a;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.regex.Pattern;

/* loaded from: classes.dex */
public class AWS4Signer extends AbstractAWSSigner implements ServiceAwareSigner, RegionAwareSigner {
    protected static final String ALGORITHM = "AWS4-HMAC-SHA256";
    private static final String DATE_PATTERN = "yyyyMMdd";
    private static final long MAX_EXPIRATION_TIME_IN_SECONDS = 604800;
    private static final long MILLISEC = 1000;
    protected static final String TERMINATOR = "aws4_request";
    private static final String TIME_PATTERN = "yyyyMMdd'T'HHmmss'Z'";
    protected static final Log log = LogFactory.a(AWS4Signer.class);
    protected boolean doubleUrlEncode;
    protected Date overriddenDate;
    protected String regionName;
    protected String serviceName;

    /* loaded from: classes.dex */
    public static class HeaderSigningResult {

        /* renamed from: a, reason: collision with root package name */
        public final byte[] f8322a;

        public HeaderSigningResult(byte[] bArr) {
            this.f8322a = bArr;
        }
    }

    public AWS4Signer() {
        this(true);
    }

    public AWS4Signer(boolean z11) {
        this.doubleUrlEncode = z11;
    }

    public void addHostHeader(Request<?> request) {
        String host = ((DefaultRequest) request).f8311d.getHost();
        DefaultRequest defaultRequest = (DefaultRequest) request;
        if (HttpUtils.c(defaultRequest.f8311d)) {
            StringBuilder c11 = a.c(host, CertificateUtil.DELIMITER);
            c11.append(defaultRequest.f8311d.getPort());
            host = c11.toString();
        }
        defaultRequest.a("Host", host);
    }

    @Override // com.amazonaws.auth.AbstractAWSSigner
    public void addSessionCredentials(Request<?> request, AWSSessionCredentials aWSSessionCredentials) {
        ((DefaultRequest) request).a("x-amz-security-token", aWSSessionCredentials.b());
    }

    public String calculateContentHash(Request<?> request) {
        InputStream binaryRequestPayloadStream = getBinaryRequestPayloadStream(request);
        binaryRequestPayloadStream.mark(-1);
        String a11 = BinaryUtils.a(hash(binaryRequestPayloadStream));
        try {
            binaryRequestPayloadStream.reset();
            return a11;
        } catch (IOException e11) {
            throw new RuntimeException("Unable to reset stream after calculating AWS4 signature", e11);
        }
    }

    public String calculateContentHashPresign(Request<?> request) {
        return calculateContentHash(request);
    }

    public final HeaderSigningResult computeSignature(Request<?> request, String str, String str2, String str3, String str4, AWSCredentials aWSCredentials) {
        DefaultRequest defaultRequest = (DefaultRequest) request;
        String extractRegionName = extractRegionName(defaultRequest.f8311d);
        String extractServiceName = extractServiceName(defaultRequest.f8311d);
        String stringToSign = getStringToSign(str3, str2, str + "/" + extractRegionName + "/" + extractServiceName + "/aws4_request", getCanonicalRequest(request, str4));
        StringBuilder sb2 = new StringBuilder("AWS4");
        sb2.append(aWSCredentials.c());
        String sb3 = sb2.toString();
        Charset charset = StringUtils.f8580a;
        byte[] bytes = sb3.getBytes(charset);
        SigningAlgorithm signingAlgorithm = SigningAlgorithm.HmacSHA256;
        return new HeaderSigningResult(sign(stringToSign.getBytes(charset), sign(TERMINATOR, sign(extractServiceName, sign(extractRegionName, sign(str, bytes, signingAlgorithm), signingAlgorithm), signingAlgorithm), signingAlgorithm), signingAlgorithm));
    }

    public String extractRegionName(URI uri) {
        String str = this.regionName;
        return str != null ? str : AwsHostNameUtils.a(uri.getHost(), this.serviceName);
    }

    public String extractServiceName(URI uri) {
        String str = this.serviceName;
        if (str != null) {
            return str;
        }
        Pattern pattern = AwsHostNameUtils.f8569a;
        String host = uri.getHost();
        if (!host.endsWith(".amazonaws.com")) {
            throw new IllegalArgumentException(b.c("Cannot parse a service name from an unrecognized endpoint (", host, ")."));
        }
        String substring = host.substring(0, host.indexOf(".amazonaws.com"));
        return (substring.endsWith(".s3") || AwsHostNameUtils.f8569a.matcher(substring).matches()) ? "s3" : substring.indexOf(46) == -1 ? substring : substring.substring(0, substring.indexOf(46));
    }

    public String getCanonicalRequest(Request<?> request, String str) {
        request.getClass();
        DefaultRequest defaultRequest = (DefaultRequest) request;
        String str2 = ((DefaultRequest) request).f8314g.toString() + "\n" + getCanonicalizedResourcePath(HttpUtils.a(defaultRequest.f8311d.getPath(), defaultRequest.f8308a, false), this.doubleUrlEncode) + "\n" + getCanonicalizedQueryString(request) + "\n" + getCanonicalizedHeaderString(request) + "\n" + getSignedHeadersString(request) + "\n" + str;
        log.b("AWS4 Canonical Request: '\"" + str2 + "\"");
        return str2;
    }

    public String getCanonicalizedHeaderString(Request<?> request) {
        ArrayList arrayList = new ArrayList();
        DefaultRequest defaultRequest = (DefaultRequest) request;
        arrayList.addAll(defaultRequest.f8310c.keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb2 = new StringBuilder();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (needsSign(str)) {
                String replaceAll = StringUtils.a(str).replaceAll("\\s+", " ");
                String str2 = (String) defaultRequest.f8310c.get(str);
                sb2.append(replaceAll);
                sb2.append(CertificateUtil.DELIMITER);
                if (str2 != null) {
                    sb2.append(str2.replaceAll("\\s+", " "));
                }
                sb2.append("\n");
            }
        }
        return sb2.toString();
    }

    public final long getDateFromRequest(Request<?> request) {
        Date signatureDate = getSignatureDate(getTimeOffset(request));
        Date date = this.overriddenDate;
        if (date != null) {
            signatureDate = date;
        }
        return signatureDate.getTime();
    }

    public final String getDateStamp(long j11) {
        return DateUtils.a(DATE_PATTERN).get().format(new Date(j11));
    }

    public String getScope(Request<?> request, String str) {
        return str + "/" + extractRegionName(((DefaultRequest) request).f8311d) + "/" + extractServiceName(((DefaultRequest) request).f8311d) + "/aws4_request";
    }

    public String getSignedHeadersString(Request<?> request) {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(((DefaultRequest) request).f8310c.keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb2 = new StringBuilder();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (needsSign(str)) {
                if (sb2.length() > 0) {
                    sb2.append(";");
                }
                sb2.append(StringUtils.a(str));
            }
        }
        return sb2.toString();
    }

    public String getStringToSign(String str, String str2, String str3, String str4) {
        String str5 = str + "\n" + str2 + "\n" + str3 + "\n" + BinaryUtils.a(hash(str4));
        log.b("AWS4 String to Sign: '\"" + str5 + "\"");
        return str5;
    }

    public final String getTimeStamp(long j11) {
        return DateUtils.a(TIME_PATTERN).get().format(new Date(j11));
    }

    public boolean needsSign(String str) {
        return "date".equalsIgnoreCase(str) || "Content-MD5".equalsIgnoreCase(str) || "host".equalsIgnoreCase(str) || str.startsWith("x-amz") || str.startsWith("X-Amz");
    }

    public void overrideDate(Date date) {
        this.overriddenDate = date;
    }

    public void presignRequest(Request<?> request, AWSCredentials aWSCredentials, Date date) {
        if (aWSCredentials instanceof AnonymousAWSCredentials) {
            return;
        }
        long time = date != null ? (date.getTime() - System.currentTimeMillis()) / MILLISEC : 604800L;
        if (time > MAX_EXPIRATION_TIME_IN_SECONDS) {
            throw new RuntimeException("Requests that are pre-signed by SigV4 algorithm are valid for at most 7 days. The expiration date set on the current request [" + getTimeStamp(date.getTime()) + "] has exceeded this limit.");
        }
        addHostHeader(request);
        AWSCredentials sanitizeCredentials = sanitizeCredentials(aWSCredentials);
        if (sanitizeCredentials instanceof AWSSessionCredentials) {
            ((DefaultRequest) request).b("X-Amz-Security-Token", ((AWSSessionCredentials) sanitizeCredentials).b());
        }
        long dateFromRequest = getDateFromRequest(request);
        String dateStamp = getDateStamp(dateFromRequest);
        String str = sanitizeCredentials.a() + "/" + getScope(request, dateStamp);
        String timeStamp = getTimeStamp(dateFromRequest);
        DefaultRequest defaultRequest = (DefaultRequest) request;
        defaultRequest.b("X-Amz-Algorithm", ALGORITHM);
        defaultRequest.b("X-Amz-Date", timeStamp);
        defaultRequest.b("X-Amz-SignedHeaders", getSignedHeadersString(defaultRequest));
        defaultRequest.b("X-Amz-Expires", Long.toString(time));
        defaultRequest.b("X-Amz-Credential", str);
        byte[] bArr = computeSignature(defaultRequest, dateStamp, timeStamp, ALGORITHM, calculateContentHashPresign(defaultRequest), sanitizeCredentials).f8322a;
        byte[] bArr2 = new byte[bArr.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        defaultRequest.b("X-Amz-Signature", BinaryUtils.a(bArr2));
    }

    public void processRequestPayload(Request<?> request, HeaderSigningResult headerSigningResult) {
    }

    @Override // com.amazonaws.auth.RegionAwareSigner
    public void setRegionName(String str) {
        this.regionName = str;
    }

    @Override // com.amazonaws.auth.ServiceAwareSigner
    public void setServiceName(String str) {
        this.serviceName = str;
    }

    @Override // com.amazonaws.auth.Signer
    public void sign(Request<?> request, AWSCredentials aWSCredentials) {
        if (aWSCredentials instanceof AnonymousAWSCredentials) {
            return;
        }
        AWSCredentials sanitizeCredentials = sanitizeCredentials(aWSCredentials);
        if (sanitizeCredentials instanceof AWSSessionCredentials) {
            addSessionCredentials(request, (AWSSessionCredentials) sanitizeCredentials);
        }
        addHostHeader(request);
        long dateFromRequest = getDateFromRequest(request);
        String dateStamp = getDateStamp(dateFromRequest);
        String scope = getScope(request, dateStamp);
        String calculateContentHash = calculateContentHash(request);
        String timeStamp = getTimeStamp(dateFromRequest);
        DefaultRequest defaultRequest = (DefaultRequest) request;
        defaultRequest.a("X-Amz-Date", timeStamp);
        HashMap hashMap = defaultRequest.f8310c;
        if (hashMap.get("x-amz-content-sha256") != null && "required".equals(hashMap.get("x-amz-content-sha256"))) {
            defaultRequest.a("x-amz-content-sha256", calculateContentHash);
        }
        String str = sanitizeCredentials.a() + "/" + scope;
        HeaderSigningResult computeSignature = computeSignature(defaultRequest, dateStamp, timeStamp, ALGORITHM, calculateContentHash, sanitizeCredentials);
        String b11 = f.b("Credential=", str);
        String str2 = "SignedHeaders=" + getSignedHeadersString(defaultRequest);
        StringBuilder sb2 = new StringBuilder("Signature=");
        byte[] bArr = computeSignature.f8322a;
        byte[] bArr2 = new byte[bArr.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        sb2.append(BinaryUtils.a(bArr2));
        String sb3 = sb2.toString();
        StringBuilder f11 = s0.f("AWS4-HMAC-SHA256 ", b11, ", ", str2, ", ");
        f11.append(sb3);
        defaultRequest.a("Authorization", f11.toString());
        processRequestPayload(defaultRequest, computeSignature);
    }
}
