package software.amazon.awssdk.http.auth.aws.internal.signer.util;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.time.Instant;
import java.time.ZoneId;
import java.time.format.DateTimeFormatter;
import java.util.Optional;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.checksums.SdkChecksum;
import software.amazon.awssdk.http.ContentStreamProvider;
import software.amazon.awssdk.http.SdkHttpRequest;
import software.amazon.awssdk.http.auth.aws.internal.signer.CredentialScope;
import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
import software.amazon.awssdk.utils.BinaryUtils;
import software.amazon.awssdk.utils.Logger;
import software.amazon.awssdk.utils.http.SdkHttpUtils;

@SdkInternalApi
/* loaded from: input_file:lib/software/amazon/awssdk/http-auth-aws/2.30.31/http-auth-aws-2.30.31.jar:software/amazon/awssdk/http/auth/aws/internal/signer/util/SignerUtils.class */
public final class SignerUtils {
    private static final Logger LOG = Logger.loggerFor((Class<?>) SignerUtils.class);
    private static final FifoCache<SignerKey> SIGNER_CACHE = new FifoCache<>(300);
    private static final DateTimeFormatter DATE_FORMATTER = DateTimeFormatter.ofPattern("yyyyMMdd").withZone(ZoneId.of("UTC"));
    private static final DateTimeFormatter TIME_FORMATTER = DateTimeFormatter.ofPattern("yyyyMMdd'T'HHmmss'Z'").withZone(ZoneId.of("UTC"));

    private SignerUtils() {
    }

    public static String formatDate(Instant instant) {
        return DATE_FORMATTER.format(instant);
    }

    public static String formatDateTime(Instant instant) {
        return TIME_FORMATTER.format(instant);
    }

    public static String hashCanonicalRequest(String str) {
        return BinaryUtils.toHex(hash(str));
    }

    public static byte[] deriveSigningKey(AwsCredentialsIdentity awsCredentialsIdentity, CredentialScope credentialScope) {
        String createSigningCacheKeyName = createSigningCacheKeyName(awsCredentialsIdentity, credentialScope.getRegion(), credentialScope.getService());
        SignerKey signerKey = SIGNER_CACHE.get(createSigningCacheKeyName);
        if (signerKey != null && signerKey.isValidForDate(credentialScope.getInstant())) {
            return signerKey.getSigningKey();
        }
        LOG.trace(() -> {
            return "Generating a new signing key as the signing key not available in the cache for the date: " + credentialScope.getInstant().toEpochMilli();
        });
        byte[] newSigningKey = newSigningKey(awsCredentialsIdentity, credentialScope.getDate(), credentialScope.getRegion(), credentialScope.getService());
        SIGNER_CACHE.add(createSigningCacheKeyName, new SignerKey(credentialScope.getInstant(), newSigningKey));
        return newSigningKey;
    }

    private static String createSigningCacheKeyName(AwsCredentialsIdentity awsCredentialsIdentity, String str, String str2) {
        return awsCredentialsIdentity.secretAccessKey() + "-" + str + "-" + str2;
    }

    private static byte[] newSigningKey(AwsCredentialsIdentity awsCredentialsIdentity, String str, String str2, String str3) {
        return sign("aws4_request", sign(str3, sign(str2, sign(str, ("AWS4" + awsCredentialsIdentity.secretAccessKey()).getBytes(StandardCharsets.UTF_8)))));
    }

    public static byte[] sign(String str, byte[] bArr) {
        try {
            return sign(str.getBytes(StandardCharsets.UTF_8), bArr, SigningAlgorithm.HMAC_SHA256);
        } catch (Exception e) {
            throw new RuntimeException("Unable to calculate a request signature: ", e);
        }
    }

    public static byte[] sign(byte[] bArr, byte[] bArr2, SigningAlgorithm signingAlgorithm) {
        try {
            Mac mac = signingAlgorithm.getMac();
            mac.init(new SecretKeySpec(bArr2, signingAlgorithm.toString()));
            return mac.doFinal(bArr);
        } catch (Exception e) {
            throw new RuntimeException("Unable to calculate a request signature: ", e);
        }
    }

    public static byte[] computeSignature(String str, byte[] bArr) {
        return sign(str.getBytes(StandardCharsets.UTF_8), bArr, SigningAlgorithm.HMAC_SHA256);
    }

    public static void addHostHeader(SdkHttpRequest.Builder builder) {
        if (builder.headers().get("Host") != null) {
            return;
        }
        String host = builder.host();
        if (SdkHttpUtils.isUsingStandardPort(builder.protocol(), builder.port())) {
            builder.putHeader("Host", host);
            return;
        }
        StringBuilder sb = new StringBuilder(host);
        sb.append(":").append(builder.port());
        builder.putHeader("Host", sb.toString());
    }

    public static void addDateHeader(SdkHttpRequest.Builder builder, String str) {
        builder.putHeader(SignerConstant.X_AMZ_DATE, str);
    }

    public static long moveContentLength(SdkHttpRequest.Builder builder, ContentStreamProvider contentStreamProvider) {
        long readAll;
        Optional<String> firstMatchingHeader = builder.firstMatchingHeader(SignerConstant.X_AMZ_DECODED_CONTENT_LENGTH);
        if (firstMatchingHeader.isPresent()) {
            builder.removeHeader("Content-Length");
            return Long.parseLong(firstMatchingHeader.get());
        }
        Optional<String> firstMatchingHeader2 = builder.firstMatchingHeader("Content-Length");
        if (firstMatchingHeader2.isPresent()) {
            readAll = Long.parseLong(firstMatchingHeader2.get());
        } else {
            readAll = contentStreamProvider.newStream() == null ? 0L : readAll(r0);
        }
        builder.putHeader(SignerConstant.X_AMZ_DECODED_CONTENT_LENGTH, String.valueOf(readAll)).removeHeader("Content-Length");
        return readAll;
    }

    public static InputStream getBinaryRequestPayloadStream(ContentStreamProvider contentStreamProvider) {
        try {
            return contentStreamProvider == null ? new ByteArrayInputStream(new byte[0]) : contentStreamProvider.newStream();
        } catch (Exception e) {
            throw new RuntimeException("Unable to read request payload to sign request: ", e);
        }
    }

    public static byte[] hash(InputStream inputStream) {
        try {
            SdkChecksum sha256Checksum = sha256Checksum();
            byte[] bArr = new byte[4096];
            int i = 0;
            while (i >= 0) {
                i = inputStream.read(bArr);
                sha256Checksum.update(bArr, 0, i);
            }
            return sha256Checksum.getChecksumBytes();
        } catch (Exception e) {
            throw new RuntimeException("Unable to compute hash while signing request: ", e);
        }
    }

    public static byte[] hash(ByteBuffer byteBuffer) {
        try {
            SdkChecksum sha256Checksum = sha256Checksum();
            sha256Checksum.update(byteBuffer);
            return sha256Checksum.getChecksumBytes();
        } catch (Exception e) {
            throw new RuntimeException("Unable to compute hash while signing request: ", e);
        }
    }

    public static byte[] hash(byte[] bArr) {
        try {
            SdkChecksum sha256Checksum = sha256Checksum();
            sha256Checksum.update(bArr);
            return sha256Checksum.getChecksumBytes();
        } catch (Exception e) {
            throw new RuntimeException("Unable to compute hash while signing request: ", e);
        }
    }

    public static byte[] hash(String str) {
        return hash(str.getBytes(StandardCharsets.UTF_8));
    }

    private static int readAll(InputStream inputStream) {
        try {
            byte[] bArr = new byte[4096];
            int i = 0;
            int i2 = 0;
            while (i >= 0) {
                i = inputStream.read(bArr);
                if (i >= 0) {
                    i2 += i;
                }
            }
            return i2;
        } catch (Exception e) {
            throw new RuntimeException("Could not finish reading stream: ", e);
        }
    }

    public static String getContentHash(SdkHttpRequest.Builder builder) {
        return builder.firstMatchingHeader("x-amz-content-sha256").orElseThrow(() -> {
            return new IllegalArgumentException("Content hash must be present in the 'x-amz-content-sha256' header!");
        });
    }

    private static SdkChecksum sha256Checksum() {
        return SdkChecksum.forAlgorithm(() -> {
            return "SHA256";
        });
    }
}
