package com.amazonaws.auth;

import com.amazonaws.AmazonClientException;
import com.amazonaws.Request;
import com.amazonaws.services.s3.Headers;
import com.amazonaws.services.s3.S3ClientOptions;
import com.amazonaws.util.AwsHostNameUtils;
import com.amazonaws.util.BinaryUtils;
import com.amazonaws.util.DateUtils;
import com.amazonaws.util.HttpUtils;
import com.amazonaws.util.OosHostNameUtils;
import com.taobao.weex.el.parse.Operators;
import io.dcloud.common.adapter.util.Logger;
import io.dcloud.common.util.JSUtil;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.SimpleTimeZone;
import java.util.TimeZone;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: classes.dex */
public class AWS4Signer extends AbstractAWSSigner implements Presigner {
    protected static final String ALGORITHM = "AWS4-HMAC-SHA256";
    public static final long PRESIGN_URL_MAX_EXPIRATION_SECONDS = 604800;
    protected static final String TERMINATOR = "aws4_request";
    private static final String UNSIGNED_PAYLOAD = "UNSIGNED-PAYLOAD";
    public static final String X_AMZ_ALGORITHM = "X-Amz-Algorithm";
    public static final String X_AMZ_CREDENTIAL = "X-Amz-Credential";
    public static final String X_AMZ_DATE = "X-Amz-Date";
    public static final String X_AMZ_EXPIRES = "X-Amz-Expires";
    public static final String X_AMZ_SECURITY_TOKEN = "X-Amz-Security-Token";
    public static final String X_AMZ_SIGNATURE = "X-Amz-Signature";
    public static final String X_AMZ_SIGNED_HEADER = "X-Amz-SignedHeaders";
    protected Date overriddenDate;
    protected String regionName;
    protected String serviceName;
    protected static final Log log = LogFactory.getLog(AWS4Signer.class);
    private static final DateFormat timeFormatter = new SimpleDateFormat(DateUtils.COMPRESSED_DATE_PATTERN);
    private static final TimeZone UTC = TimeZone.getTimeZone("UTC");

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes.dex */
    public class HeaderSigningResult {
        private String dateTime;
        private byte[] kSigning;
        private String scope;
        private byte[] signature;

        public HeaderSigningResult(String str, String str2, byte[] bArr, byte[] bArr2) {
            this.dateTime = str;
            this.scope = str2;
            this.kSigning = bArr;
            this.signature = bArr2;
        }

        public String getDateTime() {
            return this.dateTime;
        }

        public byte[] getKSigning() {
            byte[] bArr = new byte[this.kSigning.length];
            System.arraycopy(this.kSigning, 0, bArr, 0, this.kSigning.length);
            return bArr;
        }

        public String getScope() {
            return this.scope;
        }

        public byte[] getSignature() {
            byte[] bArr = new byte[this.signature.length];
            System.arraycopy(this.signature, 0, bArr, 0, this.signature.length);
            return bArr;
        }
    }

    public static String formatTimestamp(long j) {
        timeFormatter.setTimeZone(UTC);
        return timeFormatter.format(new Date(j));
    }

    private long generateExpirationDate(Date date) {
        long time = date != null ? (date.getTime() - System.currentTimeMillis()) / 1000 : 604800L;
        if (time <= PRESIGN_URL_MAX_EXPIRATION_SECONDS) {
            return time;
        }
        throw new AmazonClientException("Requests that are pre-signed by SigV4 algorithm are valid for at most 7 days. The expiration date set on the current request [" + formatTimestamp(date.getTime()) + "] has exceeded this limit.");
    }

    private boolean isAnonymous(AWSCredentials aWSCredentials) {
        return aWSCredentials instanceof AnonymousAWSCredentials;
    }

    protected void addHostHeader(Request<?> request) {
        String host = request.getEndpoint().getHost();
        if (HttpUtils.isUsingNonDefaultPort(request.getEndpoint())) {
            host = host + ":" + request.getEndpoint().getPort();
        }
        request.addHeader("Host", host);
    }

    @Override // com.amazonaws.auth.AbstractAWSSigner
    protected void addSessionCredentials(Request<?> request, AWSSessionCredentials aWSSessionCredentials) {
        request.addHeader(Headers.SECURITY_TOKEN, aWSSessionCredentials.getSessionToken());
    }

    protected String calculateContentHash(Request<?> request) {
        if (!S3ClientOptions.payloadSigningEnabled) {
            return UNSIGNED_PAYLOAD;
        }
        InputStream binaryRequestPayloadStream = getBinaryRequestPayloadStream(request);
        binaryRequestPayloadStream.mark(-1);
        String hex = BinaryUtils.toHex(hash(binaryRequestPayloadStream));
        try {
            binaryRequestPayloadStream.reset();
            return hex;
        } catch (IOException e) {
            throw new AmazonClientException("Unable to reset stream after calculating AWS4 signature", e);
        }
    }

    protected HeaderSigningResult computeSignature(Request<?> request, Date date, String str, String str2, AWSCredentials aWSCredentials) {
        String extractRegionName = extractRegionName(request.getEndpoint());
        String extractServiceName = extractServiceName(request.getEndpoint());
        String dateTimeStamp = getDateTimeStamp(date);
        String dateStamp = getDateStamp(date);
        String str3 = dateStamp + Operators.DIV + extractRegionName + Operators.DIV + extractServiceName + Operators.DIV + TERMINATOR;
        String stringToSign = getStringToSign(str, dateTimeStamp, str3, getCanonicalRequest(request, str2));
        byte[] sign = sign(TERMINATOR, sign(extractServiceName, sign(extractRegionName, sign(dateStamp, ("AWS4" + aWSCredentials.getAWSSecretKey()).getBytes(), SigningAlgorithm.HmacSHA256), SigningAlgorithm.HmacSHA256), SigningAlgorithm.HmacSHA256), SigningAlgorithm.HmacSHA256);
        return new HeaderSigningResult(dateTimeStamp, str3, sign, sign(stringToSign.getBytes(), sign, SigningAlgorithm.HmacSHA256));
    }

    protected String extractRegionName(URI uri) {
        return uri.getHost().endsWith(".amazonaws.com") ? AwsHostNameUtils.parseRegionName(uri) : OosHostNameUtils.parseRegionName(uri);
    }

    protected String extractServiceName(URI uri) {
        return uri.getHost().endsWith(".amazonaws.com") ? AwsHostNameUtils.parseServiceName(uri) : OosHostNameUtils.parseServiceName(uri);
    }

    protected String getCanonicalRequest(Request<?> request, String str) {
        String str2 = request.getHttpMethod().toString() + "\n" + getCanonicalizedResourcePath(request.getResourcePath()) + "\n" + getCanonicalizedQueryString(request) + "\n" + getCanonicalizedHeaderString(request) + "\n" + getSignedHeadersString(request) + "\n" + str;
        System.out.println("===========AWS4Signer Calculated canonicalString: \n" + str2 + "\n==============");
        log.debug("AWS4 Canonical Request: '\"" + str2 + JSUtil.QUOTE);
        return str2;
    }

    protected String getCanonicalizedHeaderString(Request<?> request) {
        ArrayList<String> arrayList = new ArrayList();
        arrayList.addAll(request.getHeaders().keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            if (str.toLowerCase().indexOf(Headers.CTYUN_DATA_LOCATION) < 0) {
                sb.append(str.toLowerCase().replaceAll("\\s+", " ") + ":" + request.getHeaders().get(str).replaceAll("\\s+", " "));
                sb.append("\n");
            }
        }
        return sb.toString();
    }

    protected Date getDateFromRequest(Request<?> request) {
        return this.overriddenDate != null ? this.overriddenDate : getSignatureDate(request.getTimeOffset());
    }

    protected String getDateStamp(Date date) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(Logger.TIMESTAMP_YYYY_MM_DD);
        simpleDateFormat.setTimeZone(new SimpleTimeZone(0, "UTC"));
        return simpleDateFormat.format(date);
    }

    protected String getDateTimeStamp(Date date) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(DateUtils.COMPRESSED_DATE_PATTERN);
        simpleDateFormat.setTimeZone(new SimpleTimeZone(0, "UTC"));
        return simpleDateFormat.format(date);
    }

    protected String getScope(Request<?> request, Date date) {
        String extractRegionName = extractRegionName(request.getEndpoint());
        String extractServiceName = extractServiceName(request.getEndpoint());
        return getDateStamp(date) + Operators.DIV + extractRegionName + Operators.DIV + extractServiceName + Operators.DIV + TERMINATOR;
    }

    protected String getSignedHeadersString(Request<?> request) {
        ArrayList<String> arrayList = new ArrayList();
        arrayList.addAll(request.getHeaders().keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            if (str.toLowerCase().indexOf(Headers.CTYUN_DATA_LOCATION) < 0) {
                if (sb.length() > 0) {
                    sb.append(";");
                }
                sb.append(str.toLowerCase());
            }
        }
        return sb.toString();
    }

    protected String getStringToSign(String str, String str2, String str3, String str4) {
        String str5 = str + "\n" + str2 + "\n" + str3 + "\n" + BinaryUtils.toHex(hash(str4));
        log.debug("AWS4 String to Sign: '\"" + str5 + JSUtil.QUOTE);
        return str5;
    }

    void overrideDate(Date date) {
        this.overriddenDate = date;
    }

    @Override // com.amazonaws.auth.Presigner
    public void presignRequest(Request<?> request, AWSCredentials aWSCredentials, Date date) {
        if (isAnonymous(aWSCredentials)) {
            return;
        }
        long generateExpirationDate = generateExpirationDate(date);
        addHostHeader(request);
        AWSCredentials sanitizeCredentials = sanitizeCredentials(aWSCredentials);
        if (sanitizeCredentials instanceof AWSSessionCredentials) {
            request.addParameter(X_AMZ_SECURITY_TOKEN, ((AWSSessionCredentials) sanitizeCredentials).getSessionToken());
        }
        Date dateFromRequest = getDateFromRequest(request);
        String dateTimeStamp = getDateTimeStamp(dateFromRequest);
        String dateStamp = getDateStamp(dateFromRequest);
        String scope = getScope(request, dateFromRequest);
        String str = aWSCredentials.getAWSAccessKeyId() + Operators.DIV + scope;
        request.addParameter(X_AMZ_ALGORITHM, ALGORITHM);
        request.addParameter("X-Amz-Date", dateTimeStamp);
        request.addParameter(X_AMZ_SIGNED_HEADER, getSignedHeadersString(request));
        request.addParameter(X_AMZ_EXPIRES, Long.toString(generateExpirationDate));
        request.addParameter(X_AMZ_CREDENTIAL, str);
        String stringToSign = getStringToSign(ALGORITHM, dateTimeStamp, scope, getCanonicalRequest(request, UNSIGNED_PAYLOAD));
        String extractRegionName = extractRegionName(request.getEndpoint());
        request.addParameter(X_AMZ_SIGNATURE, BinaryUtils.toHex(sign(stringToSign.getBytes(), sign(TERMINATOR, sign(extractServiceName(request.getEndpoint()), sign(extractRegionName, sign(dateStamp, ("AWS4" + sanitizeCredentials.getAWSSecretKey()).getBytes(), SigningAlgorithm.HmacSHA256), SigningAlgorithm.HmacSHA256), SigningAlgorithm.HmacSHA256), SigningAlgorithm.HmacSHA256), SigningAlgorithm.HmacSHA256)));
    }

    protected void processRequestPayload(Request<?> request, HeaderSigningResult headerSigningResult) {
    }

    public void setRegionName(String str) {
        this.regionName = str;
    }

    public void setServiceName(String str) {
        this.serviceName = str;
    }

    @Override // com.amazonaws.auth.Signer
    public void sign(Request<?> request, AWSCredentials aWSCredentials) throws AmazonClientException {
        if (aWSCredentials instanceof AnonymousAWSCredentials) {
            return;
        }
        AWSCredentials sanitizeCredentials = sanitizeCredentials(aWSCredentials);
        if (sanitizeCredentials instanceof AWSSessionCredentials) {
            addSessionCredentials(request, (AWSSessionCredentials) sanitizeCredentials);
        }
        addHostHeader(request);
        Date dateFromRequest = getDateFromRequest(request);
        String scope = getScope(request, dateFromRequest);
        String calculateContentHash = calculateContentHash(request);
        request.addHeader("X-Amz-Date", getDateTimeStamp(dateFromRequest));
        if (request.getHeaders().get("x-amz-content-sha256") != null && request.getHeaders().get("x-amz-content-sha256").equals("required")) {
            request.addHeader("x-amz-content-sha256", calculateContentHash);
        }
        String str = sanitizeCredentials.getAWSAccessKeyId() + Operators.DIV + scope;
        HeaderSigningResult computeSignature = computeSignature(request, dateFromRequest, ALGORITHM, calculateContentHash, sanitizeCredentials);
        request.addHeader("Authorization", "AWS4-HMAC-SHA256 " + ("Credential=" + str) + ", " + ("SignedHeaders=" + getSignedHeadersString(request)) + ", " + ("Signature=" + BinaryUtils.toHex(computeSignature.getSignature())));
        processRequestPayload(request, computeSignature);
    }
}
