package org.jclouds.aws.s3.filters;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import java.util.TreeSet;
import javax.annotation.Resource;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Provider;
import javax.inject.Singleton;
import javax.ws.rs.core.HttpHeaders;
import org.apache.commons.io.IOUtils;
import org.apache.log4j.spi.LocationInfo;
import org.jclouds.Constants;
import org.jclouds.aws.util.RequestSigner;
import org.jclouds.blobstore.reference.BlobStoreConstants;
import org.jclouds.date.TimeStamp;
import org.jclouds.encryption.EncryptionService;
import org.jclouds.http.HttpException;
import org.jclouds.http.HttpRequest;
import org.jclouds.http.HttpRequestFilter;
import org.jclouds.http.HttpUtils;
import org.jclouds.http.internal.SignatureWire;
import org.jclouds.logging.Logger;
import org.jclouds.util.Patterns;
import org.jclouds.util.Utils;

@Singleton
/* loaded from: input_file:org/jclouds/aws/s3/filters/RequestAuthorizeSignature.class */
public class RequestAuthorizeSignature implements HttpRequestFilter, RequestSigner {
    public static Set<String> SPECIAL_QUERIES = ImmutableSet.of("acl", "torrent", "logging", "location", "requestPayment");
    private final SignatureWire signatureWire;
    private final String accessKey;
    private final String secretKey;
    private final Provider<String> timeStampProvider;
    private final EncryptionService encryptionService;
    private final String[] firstHeadersToSign = {"Content-MD5", HttpHeaders.CONTENT_TYPE, HttpHeaders.DATE};

    @Resource
    @Named(Constants.LOGGER_SIGNATURE)
    Logger signatureLog = Logger.NULL;

    @Inject
    public RequestAuthorizeSignature(SignatureWire signatureWire, @Named("jclouds.aws.accesskeyid") String str, @Named("jclouds.aws.secretaccesskey") String str2, @TimeStamp Provider<String> provider, EncryptionService encryptionService) {
        this.signatureWire = signatureWire;
        this.accessKey = str;
        this.secretKey = str2;
        this.timeStampProvider = provider;
        this.encryptionService = encryptionService;
    }

    @Override // org.jclouds.http.HttpRequestFilter
    public void filter(HttpRequest httpRequest) throws HttpException {
        replaceDateHeader(httpRequest);
        calculateAndReplaceAuthHeader(httpRequest, createStringToSign(httpRequest));
        HttpUtils.logRequest(this.signatureLog, httpRequest, "<<");
    }

    @Override // org.jclouds.aws.util.RequestSigner
    public String createStringToSign(HttpRequest httpRequest) {
        HttpUtils.logRequest(this.signatureLog, httpRequest, ">>");
        StringBuilder sb = new StringBuilder();
        appendMethod(httpRequest, sb);
        appendHttpHeaders(httpRequest, sb);
        appendAmzHeaders(httpRequest, sb);
        appendBucketName(httpRequest, sb);
        appendUriPath(httpRequest, sb);
        if (this.signatureWire.enabled()) {
            this.signatureWire.output((SignatureWire) sb.toString());
        }
        return sb.toString();
    }

    private void calculateAndReplaceAuthHeader(HttpRequest httpRequest, String str) throws HttpException {
        String signString = signString(str);
        if (this.signatureWire.enabled()) {
            this.signatureWire.input(Utils.toInputStream(signString));
        }
        httpRequest.getHeaders().replaceValues(HttpHeaders.AUTHORIZATION, Collections.singletonList("AWS " + this.accessKey + ":" + signString));
    }

    @Override // org.jclouds.aws.util.RequestSigner
    public String signString(String str) {
        try {
            return this.encryptionService.hmacSha1Base64(str, this.secretKey.getBytes());
        } catch (Exception e) {
            throw new HttpException("error signing request", e);
        }
    }

    private void appendMethod(HttpRequest httpRequest, StringBuilder sb) {
        sb.append(httpRequest.getMethod()).append(IOUtils.LINE_SEPARATOR_UNIX);
    }

    private void replaceDateHeader(HttpRequest httpRequest) {
        httpRequest.getHeaders().replaceValues(HttpHeaders.DATE, Collections.singletonList(this.timeStampProvider.get()));
    }

    private void appendAmzHeaders(HttpRequest httpRequest, StringBuilder sb) {
        for (String str : new TreeSet(httpRequest.getHeaders().keySet())) {
            if (str.startsWith("x-amz-")) {
                sb.append(str.toLowerCase()).append(":");
                Iterator<String> it = httpRequest.getHeaders().get(str).iterator();
                while (it.hasNext()) {
                    sb.append(Utils.replaceAll(it.next(), Patterns.NEWLINE_PATTERN, "")).append(",");
                }
                sb.deleteCharAt(sb.lastIndexOf(","));
                sb.append(IOUtils.LINE_SEPARATOR_UNIX);
            }
        }
    }

    private void appendHttpHeaders(HttpRequest httpRequest, StringBuilder sb) {
        for (String str : this.firstHeadersToSign) {
            sb.append(valueOrEmpty(httpRequest.getHeaders().get(str))).append(IOUtils.LINE_SEPARATOR_UNIX);
        }
    }

    @VisibleForTesting
    void appendBucketName(HttpRequest httpRequest, StringBuilder sb) {
        String firstHeaderOrNull = httpRequest.getFirstHeaderOrNull(HttpHeaders.HOST);
        if (firstHeaderOrNull == null) {
            firstHeaderOrNull = (String) Preconditions.checkNotNull(httpRequest.getEndpoint().getHost(), "request.getEndPoint().getHost()");
        }
        if (!firstHeaderOrNull.endsWith(".amazonaws.com") || firstHeaderOrNull.equals("s3.amazonaws.com")) {
            return;
        }
        sb.append(BlobStoreConstants.DIRECTORY_SUFFIX_ROOT).append(firstHeaderOrNull.substring(0, firstHeaderOrNull.lastIndexOf(".s3")));
    }

    @VisibleForTesting
    void appendUriPath(HttpRequest httpRequest, StringBuilder sb) {
        sb.append(httpRequest.getEndpoint().getRawPath());
        if (httpRequest.getEndpoint().getQuery() != null) {
            StringBuilder sb2 = new StringBuilder(LocationInfo.NA);
            for (String str : httpRequest.getEndpoint().getQuery().split("&")) {
                String[] split = str.split("=");
                if (SPECIAL_QUERIES.contains(split[0])) {
                    sb2.append(split[0]);
                }
            }
            if (sb2.length() > 1) {
                sb.append((CharSequence) sb2);
            }
        }
    }

    private String valueOrEmpty(Collection<String> collection) {
        return (collection == null || collection.size() < 1) ? "" : collection.iterator().next();
    }
}
