package com.unascribed.sup.lib.awsv4;

import com.unascribed.sup.agent.data.HashFunction;
import com.unascribed.sup.lib.awsv4.CanonicalHeaders;
import com.unascribed.sup.lib.okhttp3.Request;
import com.unascribed.sup.util.Bases;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/unascribed/sup/lib/awsv4/Signer.class */
public class Signer {
    private static final Charset UTF_8 = StandardCharsets.UTF_8;
    private final CanonicalRequest request;
    private final AwsCredentials awsCredentials;
    private final String date;
    private final CredentialScope scope;

    /* loaded from: input_file:com/unascribed/sup/lib/awsv4/Signer$AwsCredentials.class */
    public static final class AwsCredentials {
        private final String accessKey;
        private final String secretKey;

        public AwsCredentials(String str, String str2) {
            this.accessKey = str;
            this.secretKey = str2;
        }

        public String toString() {
            return "AwsCredentials[accessKey=" + this.accessKey + ",secretKey=" + this.secretKey + "]";
        }

        public int hashCode() {
            return (31 * ((31 * 0) + (this.accessKey != null ? this.accessKey.hashCode() : 0))) + (this.secretKey != null ? this.secretKey.hashCode() : 0);
        }

        public final boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            return obj != null && obj.getClass() == getClass() && Objects.equals(((AwsCredentials) obj).accessKey, this.accessKey) && Objects.equals(((AwsCredentials) obj).secretKey, this.secretKey);
        }

        public String accessKey() {
            return this.accessKey;
        }

        public String secretKey() {
            return this.secretKey;
        }
    }

    /* loaded from: input_file:com/unascribed/sup/lib/awsv4/Signer$Builder.class */
    public static class Builder {
        private AwsCredentials awsCredentials;
        private String region = "us-east-1";
        private List<Header> headersList = new ArrayList();

        public Builder awsCredentials(AwsCredentials awsCredentials) {
            this.awsCredentials = awsCredentials;
            return this;
        }

        public Builder region(String str) {
            this.region = str;
            return this;
        }

        public Builder header(String str, String str2) {
            this.headersList.add(new Header(str, str2));
            return this;
        }

        public Signer build(Request request, String str, String str2) {
            CanonicalHeaders canonicalHeaders = getCanonicalHeaders();
            String orElseThrow = canonicalHeaders.getFirstValue("X-Amz-Date").orElseThrow(() -> {
                return new RuntimeException("headers missing 'X-Amz-Date' header");
            });
            String formatDateWithoutTimestamp = Signer.formatDateWithoutTimestamp(orElseThrow);
            return new Signer(new CanonicalRequest(str, request, canonicalHeaders, str2), this.awsCredentials, orElseThrow, new CredentialScope(formatDateWithoutTimestamp, str, this.region));
        }

        private CanonicalHeaders getCanonicalHeaders() {
            CanonicalHeaders.Builder builder = CanonicalHeaders.builder();
            this.headersList.forEach(header -> {
                builder.add(header.name(), header.value());
            });
            return builder.build();
        }
    }

    private Signer(CanonicalRequest canonicalRequest, AwsCredentials awsCredentials, String str, CredentialScope credentialScope) {
        this.request = canonicalRequest;
        this.awsCredentials = awsCredentials;
        this.date = str;
        this.scope = credentialScope;
    }

    String getCanonicalRequest() {
        return this.request.get();
    }

    String getStringToSign() {
        return buildStringToSign(this.date, this.scope.get(), Bases.bytesToHex(HashFunction.SHA2_256.createMessageDigest().digest(getCanonicalRequest().getBytes(UTF_8))));
    }

    public String getSignature() {
        return buildAuthHeader(this.awsCredentials.accessKey(), this.scope.get(), this.request.getHeaders().getNames(), buildSignature(this.awsCredentials.secretKey(), this.scope, getStringToSign()));
    }

    public static Builder builder() {
        return new Builder();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String formatDateWithoutTimestamp(String str) {
        return str.substring(0, 8);
    }

    private static String buildStringToSign(String str, String str2, String str3) {
        return "AWS4-HMAC-SHA256\n" + str + "\n" + str2 + "\n" + str3;
    }

    private static String buildAuthHeader(String str, String str2, String str3, String str4) {
        return "AWS4-HMAC-SHA256 Credential=" + str + "/" + str2 + ", SignedHeaders=" + str3 + ", Signature=" + str4;
    }

    private static byte[] hmacSha256(byte[] bArr, String str) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
            return mac.doFinal(str.getBytes(UTF_8));
        } catch (Exception e) {
            throw new RuntimeException("Error signing request", e);
        }
    }

    private static String buildSignature(String str, CredentialScope credentialScope, String str2) {
        return Bases.bytesToHex(hmacSha256(hmacSha256(hmacSha256(hmacSha256(hmacSha256(("AWS4" + str).getBytes(UTF_8), credentialScope.dateWithoutTimestamp()), credentialScope.region()), credentialScope.service()), "aws4_request"), str2)).toLowerCase();
    }
}
