package com.emc.object.s3;

import com.emc.object.s3.jersey.BucketFilter;
import com.emc.object.s3.jersey.NamespaceFilter;
import com.emc.object.s3.request.PresignedUrlRequest;
import com.emc.object.s3.request.ResponseHeaderOverride;
import com.emc.object.util.RestUtil;
import com.sun.jersey.api.client.ClientRequest;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.time.DateTimeException;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.SortedMap;
import java.util.SortedSet;
import java.util.TreeMap;
import java.util.TreeSet;

/* loaded from: input_file:com/emc/object/s3/S3SignerV4.class */
public class S3SignerV4 extends S3Signer {
    private static final String HEADER_DATE_FORMAT = "EEE, dd MMM yyyy HH:mm:ss zzz";
    private static final String AMZ_DATE_FORMAT = "yyyyMMdd'T'HHmmss'Z'";
    private static final String AMZ_DATE_FORMAT_SHORT = "yyyyMMdd";
    private static final long PRESIGN_URL_MAX_EXPIRATION_SECONDS = 604800;
    private static final String HASHED_EMPTY_PAYLOAD = hexEncode(hash256(""));
    private static final SortedSet<String> excludedSignedHeaders = new TreeSet(Arrays.asList("authorization"));

    public S3SignerV4(S3Config s3Config) {
        super(s3Config);
    }

    @Override // com.emc.object.s3.S3Signer
    public void sign(ClientRequest clientRequest, String str, Map<String, String> map, Map<String, List<Object>> map2) {
        String serviceType = getServiceType();
        String date = getDate(map, map2);
        String shortDate = getShortDate(date);
        addHeadersForV4(clientRequest.getURI(), date, map2);
        String stringToSign = getStringToSign(clientRequest.getMethod(), str, map, map2, date, serviceType, getCanonicalRequest(clientRequest.getMethod(), clientRequest.getURI(), map, map2, false));
        log.debug("StringToSign: {}", stringToSign);
        SortedMap<String, String> canonicalizedHeaders = getCanonicalizedHeaders(map2, map);
        StringBuilder sb = new StringBuilder();
        for (String str2 : canonicalizedHeaders.keySet()) {
            if (sb.length() != 0) {
                sb.append(";");
            }
            sb.append(str2);
        }
        String signature = getSignature(stringToSign, getSigningKey(shortDate, serviceType));
        log.debug("Signature: {}", signature);
        RestUtil.putSingle(map2, "Authorization", "AWS4-HMAC-SHA256 Credential=" + this.s3Config.getIdentity() + "/" + shortDate + "/" + S3Constants.AWS_DEFAULT_REGION + "/" + serviceType + "/" + S3Constants.AWS_V4_TERMINATOR + ", SignedHeaders=" + ((Object) sb) + ", " + S3Constants.PARAM_SIGNATURE + "=" + signature);
    }

    protected void addHeadersForV4(URI uri, String str, Map<String, List<Object>> map) {
        StringBuilder sb = new StringBuilder(uri.getHost());
        if ((!this.s3Config.getProtocol().equals("https") || uri.getPort() != 443) && ((!this.s3Config.getProtocol().equals("http") || uri.getPort() != 80) && uri.getPort() != -1)) {
            sb.append(":").append(uri.getPort());
        }
        if (!map.containsKey(S3Constants.AMZ_DATE)) {
            RestUtil.putSingle(map, S3Constants.AMZ_DATE, str);
        }
        RestUtil.putSingle(map, RestUtil.HEADER_HOST, sb);
    }

    protected String getCanonicalRequest(String str, URI uri, Map<String, String> map, Map<String, List<Object>> map2, Boolean bool) {
        StringBuilder sb = new StringBuilder();
        sb.append(str).append("\n");
        if (uri != null) {
            try {
                uri = new URI(uri.toString().replaceAll("%2F", "/"));
            } catch (URISyntaxException e) {
                throw new RuntimeException("Invalid URI syntax", e);
            }
        }
        sb.append(RestUtil.getEncodedPath(uri)).append("\n");
        sb.append(getCanonicalizedQueryString(map));
        SortedMap<String, String> canonicalizedHeaders = getCanonicalizedHeaders(map2, map);
        StringBuilder sb2 = new StringBuilder();
        for (String str2 : canonicalizedHeaders.keySet()) {
            sb.append(str2).append(":").append(canonicalizedHeaders.get(str2).trim());
            sb.append("\n");
            if (sb2.length() != 0) {
                sb2.append(";");
            }
            sb2.append(str2);
        }
        sb.append("\n");
        sb2.append("\n");
        sb.append((CharSequence) sb2);
        if (bool.booleanValue()) {
            sb.append(S3Constants.AMZ_UNSIGNED_PAYLOAD);
        } else {
            sb.append(HASHED_EMPTY_PAYLOAD);
        }
        log.debug("CanonicalRequest: {}", sb);
        return sb.toString();
    }

    private String getCanonicalizedQueryString(Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        if ((map != null) && (map.size() != 0)) {
            TreeMap treeMap = new TreeMap();
            for (Map.Entry<String, String> entry : map.entrySet()) {
                treeMap.put(entry.getKey(), RestUtil.urlEncode(entry.getValue()));
            }
            StringBuilder sb2 = new StringBuilder();
            for (Map.Entry entry2 : treeMap.entrySet()) {
                if (sb2 != null && sb2.length() != 0) {
                    sb2.append("&");
                }
                sb2.append((String) entry2.getKey()).append("=");
                if (entry2.getValue() != null) {
                    sb2.append((String) entry2.getValue());
                }
            }
            sb.append((CharSequence) sb2).append("\n");
        } else {
            sb.append("\n");
        }
        return sb.toString();
    }

    @Override // com.emc.object.s3.S3Signer
    protected SortedMap<String, String> getCanonicalizedHeaders(Map<String, List<Object>> map, Map<String, String> map2) {
        TreeMap treeMap = new TreeMap();
        for (String str : map.keySet()) {
            String lowerCase = str.toLowerCase();
            if (!excludedSignedHeaders.contains(lowerCase)) {
                treeMap.put(lowerCase, trimAndJoin(map.get(str), ","));
            }
        }
        return treeMap;
    }

    protected String getStringToSign(String str, String str2, Map<String, String> map, Map<String, List<Object>> map2, String str3, String str4, String str5) {
        StringBuilder sb = new StringBuilder();
        sb.append(S3Constants.AWS_HMAC_SHA256_ALGORITHM).append("\n");
        sb.append(str3).append("\n");
        try {
            str3 = DateTimeFormatter.ofPattern(AMZ_DATE_FORMAT_SHORT).withLocale(Locale.US).format(LocalDateTime.parse(str3, DateTimeFormatter.ofPattern(AMZ_DATE_FORMAT).withLocale(Locale.US)));
            sb.append(getScope(str3, str4)).append("\n");
            sb.append(hexEncode(hash256(str5)));
            return sb.toString();
        } catch (DateTimeException e) {
            throw new RuntimeException("invalid date header: " + str3, e);
        }
    }

    protected byte[] getSigningKey(String str, String str2) {
        return hmac(S3Constants.HMAC_SHA_256, hmac(S3Constants.HMAC_SHA_256, hmac(S3Constants.HMAC_SHA_256, hmac(S3Constants.HMAC_SHA_256, (S3Constants.AWS_V4 + this.s3Config.getSecretKey()).getBytes(StandardCharsets.UTF_8), str), S3Constants.AWS_DEFAULT_REGION), str2), S3Constants.AWS_V4_TERMINATOR);
    }

    @Override // com.emc.object.s3.S3Signer
    protected String getDate(Map<String, String> map, Map<String, List<Object>> map2) {
        if (map2.containsKey(S3Constants.AMZ_DATE)) {
            return RestUtil.getFirstAsString(map2, S3Constants.AMZ_DATE);
        }
        String firstAsString = RestUtil.getFirstAsString(map2, RestUtil.HEADER_DATE);
        if (firstAsString == null) {
            firstAsString = RestUtil.getRequestDate(this.s3Config.getServerClockSkew());
        }
        try {
            return DateTimeFormatter.ofPattern(AMZ_DATE_FORMAT).withLocale(Locale.US).format(LocalDateTime.parse(firstAsString, DateTimeFormatter.ofPattern(HEADER_DATE_FORMAT).withLocale(Locale.US)));
        } catch (DateTimeException e) {
            throw new RuntimeException("invalid date header: " + firstAsString, e);
        }
    }

    protected String getShortDate(String str) {
        try {
            return DateTimeFormatter.ofPattern(AMZ_DATE_FORMAT_SHORT).withLocale(Locale.US).format(LocalDateTime.parse(str, DateTimeFormatter.ofPattern(AMZ_DATE_FORMAT).withLocale(Locale.US)));
        } catch (DateTimeException e) {
            throw new RuntimeException("invalid date: " + str, e);
        }
    }

    protected String getScope(String str, String str2) {
        return str + "/" + S3Constants.AWS_DEFAULT_REGION + "/" + str2 + "/" + S3Constants.AWS_V4_TERMINATOR;
    }

    @Override // com.emc.object.s3.S3Signer
    protected String getSignature(String str, byte[] bArr) {
        try {
            return hexEncode(hmac(S3Constants.HMAC_SHA_256, bArr, str));
        } catch (Exception e) {
            throw new RuntimeException("Failed to get getSignature");
        }
    }

    protected String getServiceType() {
        return S3Constants.AWS_SERVICE_S3;
    }

    @Override // com.emc.object.s3.S3Signer
    public URL generatePresignedUrl(PresignedUrlRequest presignedUrlRequest) {
        String namespace = presignedUrlRequest.getNamespace() != null ? presignedUrlRequest.getNamespace() : this.s3Config.getNamespace();
        URI resolvePath = this.s3Config.resolvePath(presignedUrlRequest.getPath(), null);
        String str = "/" + presignedUrlRequest.getBucketName() + RestUtil.getEncodedPath(resolvePath);
        if (namespace != null) {
            if (this.s3Config.isUseVHost()) {
                resolvePath = NamespaceFilter.insertNamespace(resolvePath, namespace);
                if (this.s3Config.isSignNamespace()) {
                    str = "/" + namespace + str;
                }
            } else {
                log.warn("vHost namespace is disabled, so there is no way to specify a namespace in a pre-signed URL");
            }
        }
        URI insertBucket = BucketFilter.insertBucket(resolvePath, presignedUrlRequest.getBucketName(), this.s3Config.isUseVHost());
        Map<String, String> treeMap = new TreeMap<>();
        if (presignedUrlRequest.getVersionId() != null) {
            treeMap.put(S3Constants.PARAM_VERSION_ID, presignedUrlRequest.getVersionId());
        }
        Map<ResponseHeaderOverride, String> headerOverrides = presignedUrlRequest.getHeaderOverrides();
        for (ResponseHeaderOverride responseHeaderOverride : headerOverrides.keySet()) {
            treeMap.put(responseHeaderOverride.getQueryParam(), headerOverrides.get(responseHeaderOverride));
        }
        Map<String, List<Object>> headers = presignedUrlRequest.getHeaders();
        String name = presignedUrlRequest.getMethod().name();
        String serviceType = getServiceType();
        String firstAsString = headers.containsKey(S3Constants.AMZ_DATE) ? RestUtil.getFirstAsString(headers, S3Constants.AMZ_DATE) : getDate(treeMap, headers);
        String shortDate = getShortDate(firstAsString);
        SortedMap<String, String> canonicalizedHeaders = getCanonicalizedHeaders(headers, treeMap);
        StringBuilder sb = new StringBuilder();
        for (String str2 : canonicalizedHeaders.keySet()) {
            if (sb.length() != 0) {
                sb.append(";");
            }
            sb.append(str2);
        }
        TreeMap treeMap2 = new TreeMap();
        for (Map.Entry<String, String> entry : treeMap.entrySet()) {
            treeMap2.put(entry.getKey(), entry.getValue());
        }
        treeMap2.put("Action", name);
        treeMap2.put("X-Amz-Algorithm", S3Constants.AWS_HMAC_SHA256_ALGORITHM);
        treeMap2.put("X-Amz-Credential", RestUtil.urlDecode(this.s3Config.getIdentity() + "/" + shortDate + "/" + S3Constants.AWS_DEFAULT_REGION + "/" + serviceType + "/" + S3Constants.AWS_V4_TERMINATOR));
        treeMap2.put("X-Amz-Date", firstAsString);
        treeMap2.put("X-Amz-Expires", Long.toString(generateExpiration(presignedUrlRequest.getExpirationTime())));
        treeMap2.put("X-Amz-SignedHeaders", RestUtil.urlDecode(sb.toString()));
        String canonicalRequest = getCanonicalRequest(name, insertBucket, treeMap2, headers, true);
        log.debug("CanonicalRequest: {}", canonicalRequest);
        String stringToSign = getStringToSign(name, str, treeMap, headers, firstAsString, serviceType, canonicalRequest);
        log.debug("StringToSign: {}", stringToSign);
        String signature = getSignature(stringToSign, getSigningKey(shortDate, serviceType));
        log.debug("Signature: {}", signature);
        treeMap2.put("X-Amz-Signature", signature);
        URI uri = null;
        try {
            uri = RestUtil.buildUri(insertBucket.getScheme(), insertBucket.getHost(), insertBucket.getPort(), insertBucket.getPath(), RestUtil.generateRawQueryString(treeMap2), insertBucket.getRawFragment());
        } catch (URISyntaxException e) {
            e.printStackTrace();
        }
        try {
            return new URL(uri.toString());
        } catch (MalformedURLException e2) {
            throw new RuntimeException("generated URL is not well-formed");
        } catch (Exception e3) {
            throw new RuntimeException("Failed to generated URL. ");
        }
    }

    private long generateExpiration(Date date) {
        long time = date != null ? (date.getTime() - System.currentTimeMillis()) / 1000 : PRESIGN_URL_MAX_EXPIRATION_SECONDS;
        if (time > PRESIGN_URL_MAX_EXPIRATION_SECONDS) {
            throw new IllegalArgumentException("A presigned URL can be valid for a maximum of seven days. The expiration date " + time + " set on the current request has exceeded this limit.");
        }
        return time;
    }
}
