package org.eclipse.jgit.lfs.server.s3;

import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.text.MessageFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import java.util.SimpleTimeZone;
import java.util.TreeMap;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.eclipse.jetty.util.URIUtil;
import org.eclipse.jgit.lfs.lib.Constants;
import org.eclipse.jgit.lfs.server.internal.LfsServerText;
import org.eclipse.jgit.transport.WalkEncryption;

/* loaded from: input_file:org/eclipse/jgit/lfs/server/s3/SignerV4.class */
class SignerV4 {
    static final String UNSIGNED_PAYLOAD = "UNSIGNED-PAYLOAD";
    private static final String ALGORITHM = "HMAC-SHA256";
    private static final String DATE_STRING_FORMAT = "yyyyMMdd";
    private static final String HEX = "0123456789abcdef";
    private static final String HMACSHA256 = "HmacSHA256";
    private static final String ISO8601_BASIC_FORMAT = "yyyyMMdd'T'HHmmss'Z'";
    private static final String S3 = "s3";
    private static final String SCHEME = "AWS4";
    private static final String TERMINATOR = "aws4_request";
    private static final String UTC = "UTC";
    private static final String X_AMZ_ALGORITHM = "X-Amz-Algorithm";
    private static final String X_AMZ_CREDENTIAL = "X-Amz-Credential";
    private static final String X_AMZ_DATE = "X-Amz-Date";
    private static final String X_AMZ_SIGNATURE = "X-Amz-Signature";
    private static final String X_AMZ_SIGNED_HEADERS = "X-Amz-SignedHeaders";
    static final String X_AMZ_CONTENT_SHA256 = "x-amz-content-sha256";
    static final String X_AMZ_EXPIRES = "X-Amz-Expires";
    static final String X_AMZ_STORAGE_CLASS = "x-amz-storage-class";

    SignerV4() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String createAuthorizationQuery(S3Config s3Config, URL url, String str, Map<String, String> map, Map<String, String> map2, String str2) {
        addHostHeader(url, map);
        map2.put(X_AMZ_ALGORITHM, "AWS4-HMAC-SHA256");
        Date date = new Date();
        String dateStamp = dateStamp(date);
        String scope = scope(s3Config.getRegion(), dateStamp);
        map2.put(X_AMZ_CREDENTIAL, s3Config.getAccessKey() + URIUtil.SLASH + scope);
        String dateTimeStampISO8601 = dateTimeStampISO8601(date);
        map2.put(X_AMZ_DATE, dateTimeStampISO8601);
        String canonicalizeHeaderNames = canonicalizeHeaderNames(map);
        map2.put(X_AMZ_SIGNED_HEADERS, canonicalizeHeaderNames);
        map2.put(X_AMZ_SIGNATURE, toHex(createSignature(s3Config, dateTimeStampISO8601, dateStamp, scope, canonicalRequest(url, str, canonicalizeQueryString(map2), canonicalizeHeaderNames, canonicalizeHeaderString(map), str2))));
        return formatAuthorizationQuery(map2);
    }

    private static String formatAuthorizationQuery(Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        for (String str : map.keySet()) {
            appendQuery(sb, str, map.get(str));
        }
        return sb.toString();
    }

    private static void appendQuery(StringBuilder sb, String str, String str2) {
        if (sb.length() != 0) {
            sb.append("&");
        }
        sb.append(str).append("=").append(str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Map<String, String> createHeaderAuthorization(S3Config s3Config, URL url, String str, Map<String, String> map, String str2) {
        addHostHeader(url, map);
        Date date = new Date();
        String dateTimeStampISO8601 = dateTimeStampISO8601(date);
        map.put(X_AMZ_DATE, dateTimeStampISO8601);
        String canonicalizeHeaderNames = canonicalizeHeaderNames(map);
        String canonicalRequest = canonicalRequest(url, str, "", canonicalizeHeaderNames, canonicalizeHeaderString(map), str2);
        String dateStamp = dateStamp(date);
        String scope = scope(s3Config.getRegion(), dateStamp);
        map.put("Authorization", formatAuthorizationHeader(s3Config, canonicalizeHeaderNames, scope, createSignature(s3Config, dateTimeStampISO8601, dateStamp, scope, canonicalRequest)));
        return map;
    }

    private static String formatAuthorizationHeader(S3Config s3Config, String str, String str2, byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        sb.append(SCHEME).append("-").append(ALGORITHM).append(" ");
        sb.append("Credential=").append(s3Config.getAccessKey()).append(URIUtil.SLASH).append(str2).append(",");
        sb.append("SignedHeaders=").append(str).append(",");
        sb.append("Signature=").append(toHex(bArr));
        return sb.toString();
    }

    private static void addHostHeader(URL url, Map<String, String> map) {
        String host = url.getHost();
        int port = url.getPort();
        if (port > -1) {
            host.concat(":" + Integer.toString(port));
        }
        map.put("Host", host);
    }

    private static String canonicalizeHeaderNames(Map<String, String> map) {
        ArrayList<String> arrayList = new ArrayList();
        arrayList.addAll(map.keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            if (sb.length() > 0) {
                sb.append(";");
            }
            sb.append(str.toLowerCase());
        }
        return sb.toString();
    }

    private static String canonicalizeHeaderString(Map<String, String> map) {
        if (map == null || map.isEmpty()) {
            return "";
        }
        ArrayList<String> arrayList = new ArrayList();
        arrayList.addAll(map.keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            sb.append(str.toLowerCase().replaceAll(WalkEncryption.Vals.REGEX_WS, " ") + ":" + map.get(str).replaceAll(WalkEncryption.Vals.REGEX_WS, " "));
            sb.append("\n");
        }
        return sb.toString();
    }

    private static String dateStamp(Date date) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(DATE_STRING_FORMAT);
        simpleDateFormat.setTimeZone(new SimpleTimeZone(0, UTC));
        return simpleDateFormat.format(date);
    }

    private static String dateTimeStampISO8601(Date date) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(ISO8601_BASIC_FORMAT);
        simpleDateFormat.setTimeZone(new SimpleTimeZone(0, UTC));
        return simpleDateFormat.format(date);
    }

    private static String scope(String str, String str2) {
        return String.format("%s/%s/%s/%s", str2, str, S3, TERMINATOR);
    }

    private static String canonicalizeQueryString(Map<String, String> map) {
        if (map == null || map.isEmpty()) {
            return "";
        }
        TreeMap treeMap = new TreeMap();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            treeMap.put(urlEncode(entry.getKey(), false), urlEncode(entry.getValue(), false));
        }
        StringBuilder sb = new StringBuilder();
        Iterator it = treeMap.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry entry2 = (Map.Entry) it.next();
            sb.append((String) entry2.getKey());
            sb.append("=");
            sb.append((String) entry2.getValue());
            if (it.hasNext()) {
                sb.append("&");
            }
        }
        return sb.toString();
    }

    private static String canonicalRequest(URL url, String str, String str2, String str3, String str4, String str5) {
        return String.format("%s\n%s\n%s\n%s\n%s\n%s", str, canonicalizeResourcePath(url), str2, str4, str3, str5);
    }

    private static String canonicalizeResourcePath(URL url) {
        String path;
        if (url == null || (path = url.getPath()) == null || path.isEmpty()) {
            return URIUtil.SLASH;
        }
        String urlEncode = urlEncode(path, true);
        return urlEncode.startsWith(URIUtil.SLASH) ? urlEncode : URIUtil.SLASH + urlEncode;
    }

    private static byte[] hash(String str) {
        MessageDigest newMessageDigest = Constants.newMessageDigest();
        newMessageDigest.update(str.getBytes(StandardCharsets.UTF_8));
        return newMessageDigest.digest();
    }

    private static byte[] sign(String str, byte[] bArr) {
        try {
            byte[] bytes = str.getBytes("UTF-8");
            Mac mac = Mac.getInstance(HMACSHA256);
            mac.init(new SecretKeySpec(bArr, HMACSHA256));
            return mac.doFinal(bytes);
        } catch (Exception e) {
            throw new RuntimeException(MessageFormat.format(LfsServerText.get().failedToCalcSignature, e.getMessage()), e);
        }
    }

    private static String stringToSign(String str, String str2, String str3, String str4, String str5) {
        return String.format("%s-%s\n%s\n%s\n%s", str, str2, str3, str4, toHex(hash(str5)));
    }

    private static String toHex(byte[] bArr) {
        StringBuilder sb = new StringBuilder(2 * bArr.length);
        for (byte b : bArr) {
            sb.append(HEX.charAt((b & 240) >> 4));
            sb.append(HEX.charAt(b & 15));
        }
        return sb.toString();
    }

    private static String urlEncode(String str, boolean z) {
        try {
            String encode = URLEncoder.encode(str, StandardCharsets.UTF_8.name());
            if (z) {
                encode = encode.replace("%2F", URIUtil.SLASH);
            }
            return encode;
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(LfsServerText.get().unsupportedUtf8, e);
        }
    }

    private static byte[] createSignature(S3Config s3Config, String str, String str2, String str3, String str4) {
        return sign(stringToSign(SCHEME, ALGORITHM, str, str3, str4), sign(TERMINATOR, sign(S3, sign(s3Config.getRegion(), sign(str2, (SCHEME + s3Config.getSecretKey()).getBytes())))));
    }
}
