package com.volcengine.auth.impl;

import com.volcengine.auth.ISignerV4;
import com.volcengine.auth.MetaData;
import com.volcengine.helper.Const;
import com.volcengine.helper.Utils;
import com.volcengine.model.Credentials;
import com.volcengine.model.RequestParam;
import com.volcengine.model.SignRequest;
import com.volcengine.service.SignableRequest;
import com.volcengine.util.NameValueComparator;
import java.nio.ByteBuffer;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.BitSet;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.Consts;
import org.apache.http.Header;
import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;

/* loaded from: input_file:com/volcengine/auth/impl/SignerV4Impl.class */
public class SignerV4Impl implements ISignerV4 {
    private static final TimeZone tz = TimeZone.getTimeZone("UTC");
    private static final Set<String> H_INCLUDE = new HashSet();
    private static final BitSet URLENCODER = new BitSet(256);
    private static final String CONST_ENCODE = "0123456789ABCDEF";

    @Override // com.volcengine.auth.ISignerV4
    public void sign(SignableRequest signableRequest, Credentials credentials) throws Exception {
        URIBuilder uriBuilder = signableRequest.getUriBuilder();
        if (StringUtils.isEmpty(uriBuilder.getPath())) {
            uriBuilder.setPath(uriBuilder.getPath() + "/");
        }
        SignRequest signRequest = getSignRequest(RequestParam.builder().isSignUrl(false).body(signableRequest.getEntity() == null ? new byte[0] : EntityUtils.toByteArray(signableRequest.getEntity())).host(signableRequest.getUriBuilder().getHost()).path(uriBuilder.getPath()).method(signableRequest.getMethod()).date(new Date()).queryList(signableRequest.getUriBuilder().getQueryParams()).headers(signableRequest.getAllHeaders()).build(), credentials);
        signableRequest.setHeader(Const.Host, signRequest.getHost());
        signableRequest.setHeader(Const.ContentType, signRequest.getContentType());
        signableRequest.setHeader(Const.XDate, signRequest.getXDate());
        signableRequest.setHeader(Const.XContentSha256, signRequest.getXContentSha256());
        signableRequest.setHeader(Const.Authorization, signRequest.getAuthorization());
        if (StringUtils.isNotEmpty(signRequest.getXSecurityToken())) {
            signableRequest.setHeader(Const.XSecurityToken, signRequest.getXSecurityToken());
        }
        signableRequest.setURI(signableRequest.getUriBuilder().build());
    }

    @Override // com.volcengine.auth.ISignerV4
    public String signUrl(SignableRequest signableRequest, Credentials credentials) throws Exception {
        URIBuilder uriBuilder = signableRequest.getUriBuilder();
        SignRequest signRequest = getSignRequest(RequestParam.builder().isSignUrl(true).body(signableRequest.getEntity() == null ? new byte[0] : EntityUtils.toByteArray(signableRequest.getEntity())).host(uriBuilder.getHost()).path(uriBuilder.getPath()).method(signableRequest.getMethod()).date(new Date()).queryList(signableRequest.getUriBuilder().getQueryParams()).build(), credentials);
        uriBuilder.setParameter(Const.XDate, signRequest.getXDate());
        uriBuilder.setParameter(Const.XNotSignBody, signRequest.getXNotSignBody());
        uriBuilder.setParameter(Const.XCredential, signRequest.getXCredential());
        uriBuilder.setParameter(Const.XAlgorithm, signRequest.getXAlgorithm());
        uriBuilder.setParameter(Const.XSignedHeaders, signRequest.getXSignedHeaders());
        uriBuilder.setParameter(Const.XSignedQueries, signRequest.getXSignedQueries());
        uriBuilder.setParameter(Const.XSignature, signRequest.getXSignature());
        if (StringUtils.isNotEmpty(signRequest.getXSecurityToken())) {
            uriBuilder.setParameter(Const.XSecurityToken, signRequest.getXSecurityToken());
        }
        return uriBuilder.build().toURL().getQuery();
    }

    @Override // com.volcengine.auth.ISignerV4
    public SignRequest getSignRequest(RequestParam requestParam, Credentials credentials) throws Exception {
        String hashSHA256;
        if (requestParam == null || credentials == null) {
            throw new Exception("requestParam and credentials is null");
        }
        if (requestParam.getIsSignUrl() == null || requestParam.getDate() == null || requestParam.getQueryList() == null) {
            throw new Exception("requestParam's isSignUrl or date or queryList is null");
        }
        String appointFormatDate = getAppointFormatDate(requestParam.getDate());
        MetaData metaDate = getMetaDate(credentials, toDate(appointFormatDate));
        HashMap hashMap = new HashMap();
        SignRequest build = SignRequest.builder().xDate(appointFormatDate).xSecurityToken(credentials.getSessionToken()).build();
        if (StringUtils.isNotEmpty(credentials.getSessionToken())) {
            hashMap.put(Const.XSecurityToken, credentials.getSessionToken());
        }
        if (requestParam.getIsSignUrl().booleanValue()) {
            requestParam.getQueryList().forEach(nameValuePair -> {
            });
            hashMap.put(Const.XDate, appointFormatDate);
            hashMap.put(Const.XNotSignBody, "");
            hashMap.put(Const.XCredential, credentials.getAccessKeyID() + "/" + metaDate.getCredentialScope());
            hashMap.put(Const.XAlgorithm, metaDate.getAlgorithm());
            hashMap.put(Const.XSignedHeaders, metaDate.getSignedHeaders());
            hashMap.put(Const.XSignedQueries, "");
            ArrayList arrayList = new ArrayList(hashMap.keySet());
            Collections.sort(arrayList);
            hashMap.put(Const.XSignedQueries, StringUtils.join(arrayList, ";"));
            build.setXNotSignBody("");
            build.setXCredential(credentials.getAccessKeyID() + "/" + metaDate.getCredentialScope());
            build.setXAlgorithm(metaDate.getAlgorithm());
            build.setXSignedHeaders(metaDate.getSignedHeaders());
            build.setXSignedQueries(StringUtils.join(arrayList, ";"));
            hashSHA256 = Utils.hashSHA256(new byte[0]);
        } else {
            for (Header header : requestParam.getHeaders()) {
                hashMap.put(header.getName(), header.getValue());
            }
            if (hashMap.get(Const.ContentType) == null) {
                build.setContentType(Const.ContentTypeValue);
            } else {
                build.setContentType(hashMap.get(Const.ContentType));
            }
            hashMap.put(Const.XDate, appointFormatDate);
            hashMap.put(Const.Host, requestParam.getHost());
            hashMap.putIfAbsent(Const.ContentType, Const.ContentTypeValue);
            hashSHA256 = Utils.hashSHA256(requestParam.getBody() == null ? new byte[0] : requestParam.getBody());
            hashMap.put(Const.XContentSha256, hashSHA256);
            build.setHost(requestParam.getHost());
            build.setXContentSha256(hashSHA256);
        }
        String signatureStr = getSignatureStr(requestParam, metaDate, credentials.getSecretAccessKey(), appointFormatDate, hashMap, hashSHA256);
        if (requestParam.getIsSignUrl().booleanValue()) {
            build.setXSignature(signatureStr);
        } else {
            build.setAuthorization(buildAuthHeaderV4(signatureStr, metaDate, credentials));
        }
        return build;
    }

    private String getSignatureStr(RequestParam requestParam, MetaData metaData, String str, String str2, Map<String, String> map, String str3) throws Exception {
        return signatureV4(genSigningSecretKeyV4(str, metaData.getDate(), metaData.getRegion(), metaData.getService()), StringUtils.join(new String[]{metaData.getAlgorithm(), str2, metaData.getCredentialScope(), hashedCanonicalRequestV4(requestParam, metaData, map, str3)}, "\n"));
    }

    private MetaData getMetaDate(Credentials credentials, String str) {
        MetaData metaData = new MetaData();
        metaData.setDate(str);
        metaData.setService(credentials.getService());
        metaData.setRegion(credentials.getRegion());
        metaData.setAlgorithm(com.volcengine.service.vod.Const.DSAHmacSha256);
        metaData.setSignedHeaders("");
        metaData.setCredentialScope(StringUtils.join(new String[]{metaData.getDate(), metaData.getRegion(), metaData.getService(), "request"}, "/"));
        return metaData;
    }

    private String hashedCanonicalRequestV4(RequestParam requestParam, MetaData metaData, Map<String, String> map, String str) throws Exception {
        String join;
        ArrayList arrayList = new ArrayList();
        if (requestParam.getIsSignUrl().booleanValue()) {
            for (String str2 : map.keySet()) {
                arrayList.add(new BasicNameValuePair(str2, map.get(str2)));
            }
            join = StringUtils.join(new String[]{requestParam.getMethod(), normUri(requestParam.getPath()), normQuery(arrayList), "\n", metaData.getSignedHeaders(), str}, "\n");
        } else {
            join = StringUtils.join(new String[]{requestParam.getMethod(), normUri(requestParam.getPath()), normQuery(requestParam.getQueryList()), getCanonicalHeaders(requestParam, metaData, map), metaData.getSignedHeaders(), str}, "\n");
        }
        return Utils.hashSHA256(join.getBytes());
    }

    private String getCanonicalHeaders(RequestParam requestParam, MetaData metaData, Map<String, String> map) {
        Map<String, String> hashMap = new HashMap<>();
        List<String> sortHeaders = sortHeaders(map, hashMap);
        if (!requestParam.getIsSignUrl().booleanValue()) {
            metaData.setSignedHeaders(StringUtils.join(sortHeaders, ";"));
        }
        if (StringUtils.isEmpty(requestParam.getPath())) {
            requestParam.setPath("/");
        }
        StringBuilder sb = new StringBuilder();
        for (String str : sortHeaders) {
            String trim = hashMap.get(str).trim();
            if (str.equals("host") && trim.contains(":")) {
                String[] split = trim.split(":");
                String str2 = split[1];
                if (str2.equals("80") || str2.equals("443")) {
                    trim = split[0];
                }
            }
            sb.append(str).append(":").append(trim).append("\n");
        }
        return sb.toString();
    }

    private List<String> sortHeaders(Map<String, String> map, Map<String, String> map2) {
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            map2.put(entry.getKey().toLowerCase(), entry.getValue());
            if (H_INCLUDE.contains(entry.getKey()) || entry.getKey().startsWith("X-")) {
                arrayList.add(entry.getKey().toLowerCase());
            }
        }
        Collections.sort(arrayList);
        return arrayList;
    }

    private String signatureV4(byte[] bArr, String str) throws Exception {
        return Hex.encodeHexString(Utils.hmacSHA256(bArr, str));
    }

    private byte[] genSigningSecretKeyV4(String str, String str2, String str3, String str4) throws Exception {
        return Utils.hmacSHA256(Utils.hmacSHA256(Utils.hmacSHA256(Utils.hmacSHA256(str.getBytes(), str2), str3), str4), "request");
    }

    private String buildAuthHeaderV4(String str, MetaData metaData, Credentials credentials) {
        return metaData.getAlgorithm() + " Credential=" + (credentials.getAccessKeyID() + "/" + metaData.getCredentialScope()) + ", SignedHeaders=" + metaData.getSignedHeaders() + ", Signature=" + str;
    }

    private String getCurrentFormatDate() {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(Const.TIME_FORMAT_V4);
        simpleDateFormat.setTimeZone(tz);
        return simpleDateFormat.format(new Date());
    }

    private String getAppointFormatDate(Date date) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(Const.TIME_FORMAT_V4);
        simpleDateFormat.setTimeZone(tz);
        return simpleDateFormat.format(date);
    }

    private String toDate(String str) {
        return str.substring(0, 8);
    }

    private String normUri(String str) {
        String[] split = str.split("/", -1);
        for (int i = 0; i < split.length; i++) {
            split[i] = signStringEncoder(split[i]);
        }
        return StringUtils.join(split, "/");
    }

    private String normQuery(List<NameValuePair> list) {
        list.sort(NameValueComparator.INSTANCE);
        return signQueryEncoder(list);
    }

    private String signQueryEncoder(List<NameValuePair> list) {
        StringBuilder sb = new StringBuilder();
        for (NameValuePair nameValuePair : list) {
            String signStringEncoder = signStringEncoder(nameValuePair.getName());
            String signStringEncoder2 = signStringEncoder(nameValuePair.getValue());
            if (sb.length() > 0) {
                sb.append("&");
            }
            sb.append(signStringEncoder);
            if (signStringEncoder2 != null) {
                sb.append("=");
                sb.append(signStringEncoder2);
            }
        }
        return sb.toString();
    }

    private String signStringEncoder(String str) {
        if (str == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder(str.length());
        ByteBuffer encode = Consts.UTF_8.encode(str);
        while (encode.hasRemaining()) {
            int i = encode.get() & 255;
            if (URLENCODER.get(i)) {
                sb.append((char) i);
            } else if (i == 32) {
                sb.append("%20");
            } else {
                sb.append("%");
                char charAt = CONST_ENCODE.charAt(i >> 4);
                char charAt2 = CONST_ENCODE.charAt(i & 15);
                sb.append(charAt);
                sb.append(charAt2);
            }
        }
        return sb.toString();
    }

    static {
        H_INCLUDE.add(Const.ContentType);
        H_INCLUDE.add(Const.ContentMd5);
        H_INCLUDE.add(Const.Host);
        for (int i = 97; i <= 122; i++) {
            URLENCODER.set(i);
        }
        for (int i2 = 65; i2 <= 90; i2++) {
            URLENCODER.set(i2);
        }
        for (int i3 = 48; i3 <= 57; i3++) {
            URLENCODER.set(i3);
        }
        URLENCODER.set(45);
        URLENCODER.set(95);
        URLENCODER.set(46);
        URLENCODER.set(126);
    }
}
