package com.emc.object.s3;

import com.emc.object.s3.jersey.BucketFilter;
import com.emc.object.s3.jersey.NamespaceFilter;
import com.emc.object.s3.request.PresignedUrlRequest;
import com.emc.object.util.RestUtil;
import com.sun.jersey.api.client.ClientRequest;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.SortedMap;
import java.util.SortedSet;
import java.util.TreeMap;
import java.util.TreeSet;
import javax.xml.bind.DatatypeConverter;

/* loaded from: input_file:com/emc/object/s3/S3SignerV2.class */
public final class S3SignerV2 extends S3Signer {
    private SortedSet<String> signedParameters;

    public S3SignerV2(S3Config s3Config) {
        super(s3Config);
        this.signedParameters = new TreeSet(Arrays.asList("acl", "torrent", "logging", "location", "policy", "requestPayment", "versioning", "versions", S3Constants.PARAM_VERSION_ID, "notification", S3Constants.PARAM_UPLOAD_ID, "uploads", S3Constants.PARAM_PART_NUMBER, "website", "delete", "lifecycle", "tagging", "cors", "restore", S3Constants.PARAM_RESPONSE_HEADER_CACHE_CONTROL, S3Constants.PARAM_RESPONSE_HEADER_CONTENT_DISPOSITION, S3Constants.PARAM_RESPONSE_HEADER_CONTENT_ENCODING, S3Constants.PARAM_RESPONSE_HEADER_CONTENT_LANGUAGE, S3Constants.PARAM_RESPONSE_HEADER_CONTENT_TYPE, S3Constants.PARAM_RESPONSE_HEADER_EXPIRES, S3Constants.PARAM_ENDPOINT, S3Constants.PARAM_IS_STALE_ALLOWED));
        if (s3Config.isSignMetadataSearch()) {
            this.signedParameters.add(S3Constants.PARAM_QUERY);
            this.signedParameters.add(S3Constants.PARAM_SEARCH_METADATA);
        }
    }

    @Override // com.emc.object.s3.S3Signer
    public void sign(ClientRequest clientRequest, String str, Map<String, String> map, Map<String, List<Object>> map2) {
        if (this.s3Config.getSessionToken() != null) {
            RestUtil.putSingle(map2, S3Constants.AMZ_SECURITY_TOKEN, this.s3Config.getSessionToken());
        }
        RestUtil.putSingle(map2, "Authorization", "AWS " + this.s3Config.getIdentity() + ":" + getSignature(getStringToSign(clientRequest.getMethod(), str, map, map2), null));
    }

    @Override // com.emc.object.s3.S3Signer
    protected String getSignature(String str, byte[] bArr) {
        return DatatypeConverter.printBase64Binary(hmac(S3Constants.HMAC_SHA_1, this.s3Config.getSecretKey().getBytes(StandardCharsets.UTF_8), str));
    }

    @Override // com.emc.object.s3.S3Signer
    protected String getDate(Map<String, String> map, Map<String, List<Object>> map2) {
        String firstAsString = RestUtil.getFirstAsString(map2, RestUtil.HEADER_DATE);
        if (firstAsString == null) {
            firstAsString = RestUtil.getRequestDate(this.s3Config.getServerClockSkew());
            RestUtil.putSingle(map2, RestUtil.HEADER_DATE, firstAsString);
        }
        if (map2.containsKey(S3Constants.AMZ_DATE)) {
            firstAsString = "";
        }
        if (map.containsKey("Expires")) {
            firstAsString = map.get("Expires");
        }
        return firstAsString;
    }

    @Override // com.emc.object.s3.S3Signer
    public URL generatePresignedUrl(PresignedUrlRequest presignedUrlRequest) {
        String namespace = presignedUrlRequest.getNamespace() != null ? presignedUrlRequest.getNamespace() : this.s3Config.getNamespace();
        URI resolvePath = this.s3Config.resolvePath(presignedUrlRequest.getPath(), null);
        String str = "/" + presignedUrlRequest.getBucketName() + RestUtil.getEncodedPath(resolvePath);
        if (namespace != null) {
            if (this.s3Config.isUseVHost()) {
                resolvePath = NamespaceFilter.insertNamespace(resolvePath, namespace);
                if (this.s3Config.isSignNamespace()) {
                    str = "/" + namespace + str;
                }
            } else {
                log.warn("vHost namespace is disabled, so there is no way to specify a namespace in a pre-signed URL");
            }
        }
        URI insertBucket = BucketFilter.insertBucket(resolvePath, presignedUrlRequest.getBucketName(), this.s3Config.isUseVHost());
        Map<String, String> queryParams = presignedUrlRequest.getQueryParams();
        queryParams.put(S3Constants.PARAM_ACCESS_KEY, this.s3Config.getIdentity());
        if (this.s3Config.getSessionToken() != null) {
            queryParams.put(S3Constants.AMZ_SECURITY_TOKEN, this.s3Config.getSessionToken());
        }
        queryParams.put(S3Constants.PARAM_SIGNATURE, getSignature(getStringToSign(presignedUrlRequest.getMethod().toString(), str, queryParams, presignedUrlRequest.getHeaders()), null));
        try {
            return new URL(insertBucket + getCanonicalizedQueryString(presignedUrlRequest, queryParams));
        } catch (MalformedURLException e) {
            throw new RuntimeException("generated URL is not well-formed");
        }
    }

    private String getCanonicalizedQueryString(PresignedUrlRequest presignedUrlRequest, Map<String, String> map) {
        return "?" + (presignedUrlRequest.getSubresource() != null ? presignedUrlRequest.getSubresource() + "&" : "") + RestUtil.generateRawQueryString(map);
    }

    String getStringToSign(String str, String str2, Map<String, String> map, Map<String, List<Object>> map2) {
        StringBuilder sb = new StringBuilder();
        sb.append(str).append("\n");
        String firstAsString = RestUtil.getFirstAsString(map2, RestUtil.HEADER_CONTENT_MD5);
        if (firstAsString != null) {
            sb.append(firstAsString);
        }
        sb.append("\n");
        String firstAsString2 = RestUtil.getFirstAsString(map2, RestUtil.HEADER_CONTENT_TYPE);
        if (firstAsString2 != null) {
            sb.append(firstAsString2);
        }
        sb.append("\n");
        sb.append(getDate(map, map2));
        sb.append("\n");
        SortedMap<String, String> canonicalizedHeaders = getCanonicalizedHeaders(map2, map);
        for (String str3 : canonicalizedHeaders.keySet()) {
            sb.append(str3).append(":").append(canonicalizedHeaders.get(str3).trim());
            sb.append("\n");
        }
        sb.append(str2);
        boolean z = true;
        for (String str4 : this.signedParameters) {
            if (map.containsKey(str4)) {
                sb.append(z ? "?" : "&").append(str4);
                String str5 = map.get(str4);
                if (str5 != null) {
                    sb.append("=").append(str5);
                }
                z = false;
            }
        }
        String sb2 = sb.toString();
        log.debug("stringToSign:\n" + sb2);
        return sb2;
    }

    @Override // com.emc.object.s3.S3Signer
    protected SortedMap<String, String> getCanonicalizedHeaders(Map<String, List<Object>> map, Map<String, String> map2) {
        TreeMap treeMap = new TreeMap();
        for (String str : map.keySet()) {
            String lowerCase = str.toLowerCase();
            if (lowerCase.startsWith(S3Constants.AMZ_PREFIX) || lowerCase.startsWith(RestUtil.EMC_PREFIX)) {
                treeMap.put(lowerCase, trimAndJoin(map.get(str), ","));
            }
        }
        for (String str2 : map2.keySet()) {
            String lowerCase2 = str2.toLowerCase();
            if (lowerCase2.startsWith(S3Constants.AMZ_PREFIX)) {
                treeMap.put(lowerCase2, map2.get(str2));
            }
        }
        return treeMap;
    }
}
