package org.jclouds.s3.filters;

import java.util.Collection;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.apache.commons.configuration.FileOptionsProvider;
import org.apache.pulsar.jcloud.shade.com.google.common.annotations.VisibleForTesting;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Charsets;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Strings;
import org.apache.pulsar.jcloud.shade.com.google.common.base.Supplier;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.ImmutableList;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.ImmutableSet;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.Iterables;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.Multimap;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.Ordering;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.SortedSetMultimap;
import org.apache.pulsar.jcloud.shade.com.google.common.collect.TreeMultimap;
import org.apache.pulsar.jcloud.shade.com.google.common.io.BaseEncoding;
import org.apache.pulsar.jcloud.shade.com.google.common.io.ByteStreams;
import org.apache.pulsar.jcloud.shade.jakarta.annotation.Resource;
import org.apache.pulsar.jcloud.shade.jakarta.inject.Inject;
import org.apache.pulsar.jcloud.shade.jakarta.inject.Named;
import org.apache.pulsar.jcloud.shade.jakarta.inject.Provider;
import org.apache.pulsar.jcloud.shade.jakarta.inject.Singleton;
import org.apache.zookeeper.audit.AuditConstants;
import org.jclouds.Constants;
import org.jclouds.aws.domain.SessionCredentials;
import org.jclouds.aws.reference.FormParameters;
import org.jclouds.crypto.Crypto;
import org.jclouds.crypto.Macs;
import org.jclouds.date.DateService;
import org.jclouds.date.TimeStamp;
import org.jclouds.domain.Credentials;
import org.jclouds.http.HttpException;
import org.jclouds.http.HttpRequest;
import org.jclouds.http.HttpUtils;
import org.jclouds.http.internal.SignatureWire;
import org.jclouds.http.utils.Queries;
import org.jclouds.logging.Logger;
import org.jclouds.rest.RequestSigner;
import org.jclouds.s3.reference.S3Headers;
import org.jclouds.s3.util.S3Utils;
import org.jclouds.util.Strings2;

@Singleton
/* loaded from: input_file:META-INF/bundled-dependencies/jclouds-shaded-3.3.3.jar:org/jclouds/s3/filters/RequestAuthorizeSignatureV2.class */
public class RequestAuthorizeSignatureV2 implements RequestAuthorizeSignature, RequestSigner {
    private static final Collection<String> FIRST_HEADERS_TO_SIGN = ImmutableList.of("Date");
    private static final Set<String> SIGNED_PARAMETERS = ImmutableSet.of("acl", "torrent", "logging", "location", "policy", "requestPayment", FileOptionsProvider.VERSIONING, "versions", "versionId", "notification", "uploadId", "uploads", "partNumber", "website", "response-content-type", "response-content-language", "response-expires", "response-cache-control", "response-content-disposition", "response-content-encoding", AuditConstants.OP_DELETE);
    private final SignatureWire signatureWire;
    private final Supplier<Credentials> creds;
    private final Provider<String> timeStampProvider;
    private final Crypto crypto;
    private final HttpUtils utils;

    @Resource
    @Named(Constants.LOGGER_SIGNATURE)
    Logger signatureLog = Logger.NULL;
    private final String authTag;
    private final String headerTag;
    private final String servicePath;
    private final boolean isVhostStyle;
    private final DateService dateService;

    @Inject
    public RequestAuthorizeSignatureV2(SignatureWire signatureWire, @Named("jclouds.aws.auth.tag") String str, @Named("jclouds.s3.virtual-host-buckets") boolean z, @Named("jclouds.s3.service-path") String str2, @Named("jclouds.aws.header.tag") String str3, @org.jclouds.location.Provider Supplier<Credentials> supplier, @TimeStamp Provider<String> provider, Crypto crypto, HttpUtils httpUtils, DateService dateService) {
        this.isVhostStyle = z;
        this.servicePath = str2;
        this.headerTag = str3;
        this.authTag = str;
        this.signatureWire = signatureWire;
        this.creds = supplier;
        this.timeStampProvider = provider;
        this.crypto = crypto;
        this.utils = httpUtils;
        this.dateService = dateService;
    }

    @Override // org.jclouds.http.HttpRequestFilter
    public HttpRequest filter(HttpRequest httpRequest) throws HttpException {
        HttpRequest replaceDateHeader = replaceDateHeader(httpRequest);
        Credentials credentials = this.creds.get();
        if (credentials instanceof SessionCredentials) {
            replaceDateHeader = replaceSecurityTokenHeader(replaceDateHeader, (SessionCredentials) SessionCredentials.class.cast(credentials));
        }
        HttpRequest replaceAuthorizationHeader = replaceAuthorizationHeader(replaceDateHeader, calculateSignature(createStringToSign(replaceDateHeader)));
        this.utils.logRequest(this.signatureLog, replaceAuthorizationHeader, "<<");
        return replaceAuthorizationHeader;
    }

    /* JADX WARN: Multi-variable type inference failed */
    HttpRequest replaceSecurityTokenHeader(HttpRequest httpRequest, SessionCredentials sessionCredentials) {
        return ((HttpRequest.Builder) httpRequest.toBuilder().replaceHeader(S3Headers.SECURITY_TOKEN, sessionCredentials.getSessionToken())).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    public HttpRequest replaceAuthorizationHeader(HttpRequest httpRequest, String str) {
        return ((HttpRequest.Builder) httpRequest.toBuilder().replaceHeader("Authorization", this.authTag + " " + this.creds.get().identity + ":" + str)).build();
    }

    /* JADX WARN: Multi-variable type inference failed */
    HttpRequest replaceDateHeader(HttpRequest httpRequest) {
        return ((HttpRequest.Builder) httpRequest.toBuilder().replaceHeader("Date", this.timeStampProvider.get())).build();
    }

    @Override // org.jclouds.rest.RequestSigner
    public String createStringToSign(HttpRequest httpRequest) {
        this.utils.logRequest(this.signatureLog, httpRequest, ">>");
        TreeMultimap create = TreeMultimap.create();
        StringBuilder sb = new StringBuilder();
        appendMethod(httpRequest, sb);
        appendPayloadMetadata(httpRequest, sb);
        appendHttpHeaders(httpRequest, create);
        if (create.containsKey("x-" + this.headerTag + "-date")) {
            create.removeAll((Object) "date");
        }
        appendAmzHeaders(create, sb);
        appendBucketName(httpRequest, sb);
        appendUriPath(httpRequest, sb);
        if (this.signatureWire.enabled()) {
            this.signatureWire.output((SignatureWire) sb.toString());
        }
        return sb.toString();
    }

    String calculateSignature(String str) throws HttpException {
        String sign = sign(str);
        if (this.signatureWire.enabled()) {
            this.signatureWire.input(Strings2.toInputStream(sign));
        }
        return sign;
    }

    @Override // org.jclouds.rest.RequestSigner
    public String sign(String str) {
        try {
            return BaseEncoding.base64().encode((byte[]) ByteStreams.readBytes(Strings2.toInputStream(str), Macs.asByteProcessor(this.crypto.hmacSHA1(this.creds.get().credential.getBytes(Charsets.UTF_8)))));
        } catch (Exception e) {
            throw new HttpException("error signing request", e);
        }
    }

    void appendMethod(HttpRequest httpRequest, StringBuilder sb) {
        sb.append(httpRequest.getMethod()).append("\n");
    }

    @VisibleForTesting
    void appendAmzHeaders(SortedSetMultimap<String, String> sortedSetMultimap, StringBuilder sb) {
        for (Map.Entry<String, String> entry : sortedSetMultimap.entries()) {
            String key = entry.getKey();
            if (key.startsWith("x-" + this.headerTag + "-")) {
                sb.append(String.format("%s:%s\n", key.toLowerCase(), entry.getValue()));
            }
        }
    }

    void appendPayloadMetadata(HttpRequest httpRequest, StringBuilder sb) {
        String nullToEmpty;
        if (httpRequest.getPayload() == null) {
            nullToEmpty = Strings.nullToEmpty(httpRequest.getFirstHeaderOrNull("Content-MD5"));
        } else {
            nullToEmpty = HttpUtils.nullToEmpty(httpRequest.getPayload() == null ? null : httpRequest.getPayload().getContentMetadata().getContentMD5());
        }
        sb.append(nullToEmpty).append("\n");
        sb.append(Strings.nullToEmpty(httpRequest.getPayload() == null ? httpRequest.getFirstHeaderOrNull("Content-Type") : httpRequest.getPayload().getContentMetadata().getContentType())).append("\n");
        Iterator<String> it = FIRST_HEADERS_TO_SIGN.iterator();
        while (it.hasNext()) {
            sb.append(HttpUtils.nullToEmpty(httpRequest.getHeaders().get(it.next()))).append("\n");
        }
    }

    @VisibleForTesting
    void appendHttpHeaders(HttpRequest httpRequest, SortedSetMultimap<String, String> sortedSetMultimap) {
        for (Map.Entry<String, String> entry : httpRequest.getHeaders().entries()) {
            if (entry.getKey() != null) {
                String lowerCase = entry.getKey().toString().toLowerCase(Locale.getDefault());
                if (lowerCase.equalsIgnoreCase("Content-Type") || lowerCase.equalsIgnoreCase("Content-MD5") || lowerCase.equalsIgnoreCase("Date") || lowerCase.startsWith("x-" + this.headerTag + "-")) {
                    sortedSetMultimap.put(lowerCase, entry.getValue());
                }
            }
        }
    }

    @VisibleForTesting
    void appendBucketName(HttpRequest httpRequest, StringBuilder sb) {
        String bucketName = S3Utils.getBucketName(httpRequest);
        if (this.isVhostStyle && bucketName != null && bucketName.equals(bucketName.toLowerCase())) {
            sb.append(this.servicePath).append(bucketName);
        }
    }

    @VisibleForTesting
    void appendUriPath(HttpRequest httpRequest, StringBuilder sb) {
        sb.append(httpRequest.getEndpoint().getRawPath());
        if (httpRequest.getEndpoint().getQuery() != null) {
            Multimap<String, String> apply = Queries.queryParser().apply(httpRequest.getEndpoint().getQuery());
            char c = '?';
            for (String str : Ordering.natural().sortedCopy(apply.keySet())) {
                if (SIGNED_PARAMETERS.contains(str)) {
                    sb.append(c).append(str);
                    String str2 = (String) Iterables.get(apply.get(str), 0);
                    if (str2 != null) {
                        sb.append("=").append(str2);
                    }
                    c = '&';
                }
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.jclouds.s3.filters.RequestAuthorizeSignature
    public HttpRequest signForTemporaryAccess(HttpRequest httpRequest, long j) {
        String firstHeaderOrNull = httpRequest.getFirstHeaderOrNull("Date");
        if (firstHeaderOrNull == null) {
            firstHeaderOrNull = this.timeStampProvider.get();
        }
        String valueOf = String.valueOf(TimeUnit.MILLISECONDS.toSeconds(this.dateService.rfc1123DateParse(firstHeaderOrNull).getTime()) + j);
        HttpRequest.Builder builder = (HttpRequest.Builder) ((HttpRequest.Builder) httpRequest.toBuilder().removeHeader("Authorization")).replaceHeader("Date", valueOf);
        return ((HttpRequest.Builder) builder.addQueryParam("Expires", valueOf).addQueryParam(FormParameters.AWS_ACCESS_KEY_ID, this.creds.get().identity).addQueryParam("Signature", sign(createStringToSign(builder.build()))).removeHeader("Date")).filters(ImmutableList.of()).build();
    }
}
