package com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.auth.aws.crt.internal.signer;

import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.annotations.SdkInternalApi;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.checksums.spi.ChecksumAlgorithm;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.crt.auth.signing.AwsSigner;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.crt.auth.signing.AwsSigningConfig;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.crt.auth.signing.AwsSigningResult;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.crt.http.HttpRequest;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.SdkHttpRequest;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.auth.aws.crt.internal.util.CrtHttpRequestConverter;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.auth.aws.crt.internal.util.CrtUtils;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.auth.aws.internal.signer.CredentialScope;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.auth.aws.internal.signer.util.ChecksumUtil;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.auth.aws.internal.signer.util.CredentialUtils;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.auth.aws.internal.signer.util.SignerConstant;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.auth.aws.signer.AwsV4FamilyHttpSigner;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.auth.aws.signer.AwsV4aHttpSigner;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.auth.aws.signer.RegionSet;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.auth.spi.signer.AsyncSignRequest;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.auth.spi.signer.AsyncSignedRequest;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.auth.spi.signer.BaseSignRequest;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.auth.spi.signer.SignRequest;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.auth.spi.signer.SignedRequest;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.utils.CompletableFutureUtils;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.utils.Logger;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.utils.ProxyConfigProvider;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.util.concurrent.CompletableFuture;

@SdkInternalApi
/* loaded from: input_file:com/dominicfeliton/worldwidechat/libs/software/amazon/awssdk/http/auth/aws/crt/internal/signer/DefaultAwsCrtV4aHttpSigner.class */
public final class DefaultAwsCrtV4aHttpSigner implements AwsV4aHttpSigner {
    private static final int DEFAULT_CHUNK_SIZE_IN_BYTES = 131072;
    private static final Logger LOG = Logger.loggerFor((Class<?>) DefaultAwsCrtV4aHttpSigner.class);

    private static V4aProperties v4aProperties(BaseSignRequest<?, ? extends AwsCredentialsIdentity> baseSignRequest) {
        Clock clock = (Clock) baseSignRequest.requireProperty(SIGNING_CLOCK, Clock.systemUTC());
        Instant instant = clock.instant();
        AwsCredentialsIdentity sanitizeCredentials = CredentialUtils.sanitizeCredentials(baseSignRequest.identity());
        RegionSet regionSet = (RegionSet) baseSignRequest.requireProperty(REGION_SET);
        return V4aProperties.builder().credentials(sanitizeCredentials).credentialScope(new CredentialScope(regionSet.asString(), (String) baseSignRequest.requireProperty(SERVICE_SIGNING_NAME), instant)).signingClock(clock).doubleUrlEncode(Boolean.valueOf(((Boolean) baseSignRequest.requireProperty(DOUBLE_URL_ENCODE, true)).booleanValue())).normalizePath(Boolean.valueOf(((Boolean) baseSignRequest.requireProperty(NORMALIZE_PATH, true)).booleanValue())).build();
    }

    private static V4aPayloadSigner v4aPayloadSigner(BaseSignRequest<?, ? extends AwsCredentialsIdentity> baseSignRequest, V4aProperties v4aProperties) {
        return useChunkEncoding(isPayloadSigning(baseSignRequest), ((Boolean) baseSignRequest.requireProperty(CHUNK_ENCODING_ENABLED, false)).booleanValue(), baseSignRequest.request().firstMatchingHeader("x-amz-trailer").isPresent() || baseSignRequest.hasProperty(CHECKSUM_ALGORITHM)) ? AwsChunkedV4aPayloadSigner.builder().credentialScope(v4aProperties.getCredentialScope()).chunkSize(131072).checksumAlgorithm((ChecksumAlgorithm) baseSignRequest.property(CHECKSUM_ALGORITHM)).build() : V4aPayloadSigner.create();
    }

    private static boolean useChunkEncoding(boolean z, boolean z2, boolean z3) {
        return (z && z2) || (z2 && z3);
    }

    private static Duration validateExpirationDuration(Duration duration) {
        if (duration.compareTo(SignerConstant.PRESIGN_URL_MAX_EXPIRATION_DURATION) > 0) {
            throw new IllegalArgumentException("Requests that are pre-signed by SigV4 algorithm are valid for at most 7 days. The expiration duration set on the current request [" + duration + "] has exceeded this limit.");
        }
        return duration;
    }

    private static AwsSigningConfig signingConfig(BaseSignRequest<?, ? extends AwsCredentialsIdentity> baseSignRequest, V4aProperties v4aProperties) {
        AwsV4FamilyHttpSigner.AuthLocation authLocation = (AwsV4FamilyHttpSigner.AuthLocation) baseSignRequest.requireProperty(AUTH_LOCATION, AwsV4FamilyHttpSigner.AuthLocation.HEADER);
        Duration duration = (Duration) baseSignRequest.property(EXPIRATION_DURATION);
        boolean isPayloadSigning = isPayloadSigning(baseSignRequest);
        boolean booleanValue = ((Boolean) baseSignRequest.requireProperty(CHUNK_ENCODING_ENABLED, false)).booleanValue();
        boolean isPresent = baseSignRequest.request().firstMatchingHeader("x-amz-trailer").isPresent();
        boolean z = baseSignRequest.hasProperty(CHECKSUM_ALGORITHM) && !hasChecksumHeader(baseSignRequest);
        AwsSigningConfig awsSigningConfig = new AwsSigningConfig();
        awsSigningConfig.setCredentials(CrtUtils.toCredentials(v4aProperties.getCredentials()));
        awsSigningConfig.setService(v4aProperties.getCredentialScope().getService());
        awsSigningConfig.setRegion(v4aProperties.getCredentialScope().getRegion());
        awsSigningConfig.setAlgorithm(AwsSigningConfig.AwsSigningAlgorithm.SIGV4_ASYMMETRIC);
        awsSigningConfig.setTime(v4aProperties.getCredentialScope().getInstant().toEpochMilli());
        awsSigningConfig.setUseDoubleUriEncode(v4aProperties.shouldDoubleUrlEncode());
        awsSigningConfig.setShouldNormalizeUriPath(v4aProperties.shouldNormalizePath());
        awsSigningConfig.setSignedBodyHeader(AwsSigningConfig.AwsSignedBodyHeaderType.X_AMZ_CONTENT_SHA256);
        switch (authLocation) {
            case HEADER:
                awsSigningConfig.setSignatureType(AwsSigningConfig.AwsSignatureType.HTTP_REQUEST_VIA_HEADERS);
                if (baseSignRequest.hasProperty(EXPIRATION_DURATION)) {
                    throw new UnsupportedOperationException(String.format("%s is not supported for %s.", EXPIRATION_DURATION, AwsV4FamilyHttpSigner.AuthLocation.HEADER));
                }
                break;
            case QUERY_STRING:
                awsSigningConfig.setSignatureType(AwsSigningConfig.AwsSignatureType.HTTP_REQUEST_VIA_QUERY_PARAMS);
                if (baseSignRequest.hasProperty(EXPIRATION_DURATION)) {
                    awsSigningConfig.setExpirationInSeconds(validateExpirationDuration(duration).getSeconds());
                    break;
                }
                break;
            default:
                throw new UnsupportedOperationException("Unknown auth-location: " + authLocation);
        }
        if (isPayloadSigning) {
            configurePayloadSigning(awsSigningConfig, booleanValue, isPresent || z);
        } else {
            configureUnsignedPayload(awsSigningConfig, booleanValue, isPresent || z);
        }
        return awsSigningConfig;
    }

    private static boolean isPayloadSigning(BaseSignRequest<?, ? extends AwsCredentialsIdentity> baseSignRequest) {
        boolean isAnonymous = CredentialUtils.isAnonymous(baseSignRequest.identity());
        boolean booleanValue = ((Boolean) baseSignRequest.requireProperty(PAYLOAD_SIGNING_ENABLED, true)).booleanValue();
        boolean equals = ProxyConfigProvider.HTTPS.equals(baseSignRequest.request().protocol());
        if (isAnonymous) {
            return false;
        }
        if (equals || !baseSignRequest.payload().isPresent()) {
            return booleanValue;
        }
        if (booleanValue) {
            return true;
        }
        LOG.debug(() -> {
            return "Payload signing was disabled for an HTTP request with a payload. Signing will be enabled. Use HTTPS for unsigned payloads.";
        });
        return true;
    }

    private static void configureUnsignedPayload(AwsSigningConfig awsSigningConfig, boolean z, boolean z2) {
        if (z && z2) {
            awsSigningConfig.setSignedBodyValue("STREAMING-UNSIGNED-PAYLOAD-TRAILER");
        } else {
            awsSigningConfig.setSignedBodyValue("UNSIGNED-PAYLOAD");
        }
    }

    private static void configurePayloadSigning(AwsSigningConfig awsSigningConfig, boolean z, boolean z2) {
        if (z) {
            if (z2) {
                awsSigningConfig.setSignedBodyValue(SignerConstant.STREAMING_ECDSA_SIGNED_PAYLOAD_TRAILER);
            } else {
                awsSigningConfig.setSignedBodyValue(SignerConstant.STREAMING_ECDSA_SIGNED_PAYLOAD);
            }
        }
    }

    private static boolean hasChecksumHeader(BaseSignRequest<?, ? extends AwsCredentialsIdentity> baseSignRequest) {
        ChecksumAlgorithm checksumAlgorithm = (ChecksumAlgorithm) baseSignRequest.property(CHECKSUM_ALGORITHM);
        if (checksumAlgorithm == null) {
            return false;
        }
        return baseSignRequest.request().firstMatchingHeader(ChecksumUtil.checksumHeaderName(checksumAlgorithm)).isPresent();
    }

    private static SignedRequest doSign(SignRequest<? extends AwsCredentialsIdentity> signRequest, AwsSigningConfig awsSigningConfig, V4aPayloadSigner v4aPayloadSigner) {
        if (CredentialUtils.isAnonymous(signRequest.identity())) {
            return (SignedRequest) SignedRequest.builder().request(signRequest.request()).payload(signRequest.payload().orElse(null)).mo2666build();
        }
        SdkHttpRequest.Builder builder = signRequest.request().mo2663toBuilder();
        v4aPayloadSigner.beforeSigning(builder, signRequest.payload().orElse(null), awsSigningConfig.getSignedBodyValue());
        V4aRequestSigningResult sign = sign((SdkHttpRequest) builder.mo2666build(), CrtHttpRequestConverter.toRequest(CrtUtils.sanitizeRequest((SdkHttpRequest) builder.mo2666build()), signRequest.payload().orElse(null)), awsSigningConfig);
        return (SignedRequest) SignedRequest.builder().request((SdkHttpRequest) sign.getSignedRequest().mo2666build()).payload(v4aPayloadSigner.sign(signRequest.payload().orElse(null), sign)).mo2666build();
    }

    private static V4aRequestSigningResult sign(SdkHttpRequest sdkHttpRequest, HttpRequest httpRequest, AwsSigningConfig awsSigningConfig) {
        AwsSigningResult awsSigningResult = (AwsSigningResult) CompletableFutureUtils.joinLikeSync(AwsSigner.sign(httpRequest, awsSigningConfig));
        return new V4aRequestSigningResult(CrtHttpRequestConverter.toRequest(sdkHttpRequest, awsSigningResult.getSignedRequest()).mo2663toBuilder(), awsSigningResult.getSignature(), awsSigningConfig);
    }

    @Override // com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.auth.spi.signer.HttpSigner
    public SignedRequest sign(SignRequest<? extends AwsCredentialsIdentity> signRequest) {
        V4aProperties v4aProperties = v4aProperties(signRequest);
        return doSign(signRequest, signingConfig(signRequest, v4aProperties), v4aPayloadSigner(signRequest, v4aProperties));
    }

    @Override // com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.http.auth.spi.signer.HttpSigner
    public CompletableFuture<AsyncSignedRequest> signAsync(AsyncSignRequest<? extends AwsCredentialsIdentity> asyncSignRequest) {
        throw new UnsupportedOperationException();
    }
}
