package com.cloud.sdk.auth.signer;

import com.cloud.sdk.ClientException;
import com.cloud.sdk.Request;
import com.cloud.sdk.WebServiceRequest;
import com.cloud.sdk.auth.credentials.Credentials;
import com.cloud.sdk.auth.signer.internal.SignerConstants;
import com.cloud.sdk.auth.signer.internal.SignerKey;
import com.cloud.sdk.auth.signer.internal.SignerRequestParams;
import com.cloud.sdk.auth.signer.internal.SignerUtils;
import com.cloud.sdk.internal.FIFOCache;
import com.cloud.sdk.util.BinaryUtils;
import com.cloud.sdk.util.DateUtils;
import com.cloud.sdk.util.HttpUtils;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes.dex */
public class DefaultSigner extends AbstractSigner implements ServiceSigner, RegionSigner, Presigner, VerifySigner {
    private static final String LINUX_NEW_LINE = "\n";
    private static final int SIGNER_CACHE_MAX_SIZE = 300;
    private static final FIFOCache<SignerKey> signerCache = new FIFOCache<>(SIGNER_CACHE_MAX_SIZE);
    protected boolean doubleUrlEncode;
    protected String regionName;
    protected String serviceName;

    public DefaultSigner() {
        this(true);
    }

    public DefaultSigner(boolean z) {
        this.doubleUrlEncode = z;
    }

    private void addPreSignInformationToRequest(Request<?> request, Credentials credentials, SignerRequestParams signerRequestParams, String str, long j) {
        String str2 = credentials.getAccessKeyId() + "/" + signerRequestParams.getScope();
        request.addParameter(SignerConstants.X_SDK_ALGORITHM, SignerConstants.SDK_SIGNING_ALGORITHM);
        request.addParameter("X-Sdk-Date", str);
        request.addParameter(SignerConstants.X_SDK_SIGNED_HEADER, getSignedHeadersString(request));
        request.addParameter(SignerConstants.X_SDK_EXPIRES, Long.toString(j));
        request.addParameter(SignerConstants.X_SDK_CREDENTIAL, str2);
    }

    private String buildAuthorizationHeader(Request<?> request, byte[] bArr, Credentials credentials, SignerRequestParams signerRequestParams) {
        String str = "Credential=" + (credentials.getAccessKeyId() + "/" + signerRequestParams.getScope());
        String str2 = "SignedHeaders=" + getSignedHeadersString(request);
        String str3 = "Signature=" + BinaryUtils.toHex(bArr);
        StringBuilder sb = new StringBuilder();
        sb.append(SignerConstants.SDK_SIGNING_ALGORITHM).append(StringUtils.SPACE).append(str).append(", ").append(str2).append(", ").append(str3);
        return sb.toString();
    }

    private final String computeSigningCacheKeyName(Credentials credentials, SignerRequestParams signerRequestParams) {
        return credentials.getSecretKey() + "-" + signerRequestParams.getRegionName() + "-" + signerRequestParams.getServiceName();
    }

    private final byte[] deriveSigningKey(Credentials credentials, SignerRequestParams signerRequestParams) {
        String computeSigningCacheKeyName = computeSigningCacheKeyName(credentials, signerRequestParams);
        long numberOfDaysSinceEpoch = DateUtils.numberOfDaysSinceEpoch(signerRequestParams.getSigningDateTimeMilli());
        SignerKey signerKey = signerCache.get(computeSigningCacheKeyName);
        if (signerKey != null && numberOfDaysSinceEpoch == signerKey.getNumberOfDaysSinceEpoch()) {
            return signerKey.getSigningKey();
        }
        byte[] newSigningKey = newSigningKey(credentials, signerRequestParams.getFormattedSigningDate(), signerRequestParams.getRegionName(), signerRequestParams.getServiceName());
        signerCache.add(computeSigningCacheKeyName, new SignerKey(numberOfDaysSinceEpoch, newSigningKey));
        return newSigningKey;
    }

    private long generateExpirationDate(Date date) {
        long time = date != null ? (date.getTime() - System.currentTimeMillis()) / 1000 : 604800L;
        if (time > SignerConstants.PRESIGN_URL_MAX_EXPIRATION_SECONDS) {
            throw new ClientException("Requests that are pre-signed by SigV4 algorithm are valid for at most 7 days. The expiration date set on the current request [" + SignerUtils.formatTimestamp(date.getTime()) + "] has exceeded this limit.");
        }
        return time;
    }

    private byte[] newSigningKey(Credentials credentials, String str, String str2, String str3) {
        return sign(SignerConstants.SDK_TERMINATOR, sign(str3, sign(str2, sign(str, (SignerConstants.SDK_NAME + credentials.getSecretKey()).getBytes(com.cloud.sdk.util.StringUtils.UTF8), SigningAlgorithm.HmacSHA256), SigningAlgorithm.HmacSHA256), SigningAlgorithm.HmacSHA256), SigningAlgorithm.HmacSHA256);
    }

    protected void addHostHeader(Request<?> request) {
        URI endpoint = request.getEndpoint();
        StringBuilder sb = new StringBuilder(endpoint.getHost());
        if (HttpUtils.isUsingNonDefaultPort(endpoint)) {
            sb.append(":").append(endpoint.getPort());
        }
        request.addHeader(SignerConstants.HOST, sb.toString());
    }

    protected String calculateContentHash(Request<?> request) {
        InputStream binaryRequestPayloadStream = getBinaryRequestPayloadStream(request);
        WebServiceRequest originalRequest = request.getOriginalRequest();
        binaryRequestPayloadStream.mark(originalRequest == null ? -1 : originalRequest.getReadLimit());
        String hex = BinaryUtils.toHex(hash(binaryRequestPayloadStream));
        try {
            binaryRequestPayloadStream.reset();
            return hex;
        } catch (IOException e) {
            throw new ClientException("Unable to reset stream after calculating signature", null);
        }
    }

    protected String calculateContentHashPresign(Request<?> request) {
        return calculateContentHash(request);
    }

    protected final byte[] computeSignature(String str, byte[] bArr, SignerRequestParams signerRequestParams) {
        return sign(str.getBytes(com.cloud.sdk.util.StringUtils.UTF8), bArr, SigningAlgorithm.HmacSHA256);
    }

    protected String createCanonicalRequest(Request<?> request, String str) {
        String appendUri = HttpUtils.appendUri(request.getEndpoint().getPath(), request.getResourcePath());
        StringBuilder sb = new StringBuilder(request.getHttpMethod().toString());
        sb.append("\n").append(getCanonicalizedResourcePath(appendUri, this.doubleUrlEncode)).append("\n").append(getCanonicalizedQueryString(request)).append("\n").append(getCanonicalizedHeaderString(request)).append("\n").append(getSignedHeadersString(request)).append("\n").append(str);
        return sb.toString();
    }

    protected String createStringToSign(String str, SignerRequestParams signerRequestParams) {
        StringBuilder sb = new StringBuilder(signerRequestParams.getSigningAlgorithm());
        sb.append("\n").append(signerRequestParams.getFormattedSigningDateTime()).append("\n").append(signerRequestParams.getScope()).append("\n").append(BinaryUtils.toHex(hash(str)));
        return sb.toString();
    }

    protected String getCanonicalizedHeaderString(Request<?> request) {
        ArrayList<String> arrayList = new ArrayList(request.getHeaders().keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        Map<String, String> headers = request.getHeaders();
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            String replaceAll = str.toLowerCase().replaceAll("\\s+", StringUtils.SPACE);
            String str2 = headers.get(str);
            sb.append(replaceAll).append(":");
            if (str2 != null) {
                sb.append(str2.replaceAll("\\s+", StringUtils.SPACE));
            }
            sb.append("\n");
        }
        return sb.toString();
    }

    public String getRegionName() {
        return this.regionName;
    }

    public String getServiceName() {
        return this.serviceName;
    }

    protected String getSignedHeadersString(Request<?> request) {
        ArrayList<String> arrayList = new ArrayList(request.getHeaders().keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            if (sb.length() > 0) {
                sb.append(";");
            }
            sb.append(str.toLowerCase());
        }
        return sb.toString();
    }

    @Override // com.cloud.sdk.auth.signer.Presigner
    public void presignRequest(Request<?> request, Credentials credentials, Date date) {
        long generateExpirationDate = generateExpirationDate(date);
        addHostHeader(request);
        Credentials sanitizeCredentials = sanitizeCredentials(credentials);
        SignerRequestParams signerRequestParams = new SignerRequestParams(request, this.regionName, this.serviceName, SignerConstants.SDK_SIGNING_ALGORITHM);
        addPreSignInformationToRequest(request, sanitizeCredentials, signerRequestParams, SignerUtils.formatTimestamp(System.currentTimeMillis()), generateExpirationDate);
        request.addParameter(SignerConstants.X_SDK_SIGNATURE, BinaryUtils.toHex(computeSignature(createStringToSign(createCanonicalRequest(request, calculateContentHashPresign(request)), signerRequestParams), deriveSigningKey(sanitizeCredentials, signerRequestParams), signerRequestParams)));
    }

    @Override // com.cloud.sdk.auth.signer.RegionSigner
    public void setRegionName(String str) {
        this.regionName = str;
    }

    @Override // com.cloud.sdk.auth.signer.ServiceSigner
    public void setServiceName(String str) {
        this.serviceName = str;
    }

    @Override // com.cloud.sdk.auth.signer.Signer
    public void sign(Request<?> request, Credentials credentials) {
        Credentials sanitizeCredentials = sanitizeCredentials(credentials);
        SignerRequestParams signerRequestParams = new SignerRequestParams(request, this.regionName, this.serviceName, SignerConstants.SDK_SIGNING_ALGORITHM);
        addHostHeader(request);
        request.addHeader("X-Sdk-Date", signerRequestParams.getFormattedSigningDateTime());
        String calculateContentHash = calculateContentHash(request);
        if ("required".equals(request.getHeaders().get(SignerConstants.X_SDK_CONTENT_SHA256))) {
            request.addHeader(SignerConstants.X_SDK_CONTENT_SHA256, calculateContentHash);
        }
        request.addHeader("Authorization", buildAuthorizationHeader(request, computeSignature(createStringToSign(createCanonicalRequest(request, calculateContentHash), signerRequestParams), deriveSigningKey(sanitizeCredentials, signerRequestParams), signerRequestParams), sanitizeCredentials, signerRequestParams));
    }

    @Override // com.cloud.sdk.auth.signer.VerifySigner
    public boolean verify(Request<?> request, Credentials credentials) {
        Credentials sanitizeCredentials = sanitizeCredentials(credentials);
        String str = request.getHeaders().get("X-Sdk-Date".toLowerCase());
        String remove = request.getHeaders().remove("Authorization".toLowerCase());
        SignerRequestParams signerRequestParams = new SignerRequestParams(request, this.regionName, this.serviceName, SignerConstants.SDK_SIGNING_ALGORITHM, str);
        String calculateContentHash = calculateContentHash(request);
        if ("required".equals(request.getHeaders().get(SignerConstants.X_SDK_CONTENT_SHA256))) {
            request.addHeader(SignerConstants.X_SDK_CONTENT_SHA256, calculateContentHash);
        }
        return buildAuthorizationHeader(request, computeSignature(createStringToSign(createCanonicalRequest(request, calculateContentHash), signerRequestParams), deriveSigningKey(sanitizeCredentials, signerRequestParams), signerRequestParams), sanitizeCredentials, signerRequestParams).equals(remove);
    }
}
