package com.bytedanceapi.auth.impl;

import com.bytedanceapi.auth.ISignerV4;
import com.bytedanceapi.auth.MedaData;
import com.bytedanceapi.helper.Const;
import com.bytedanceapi.helper.Utils;
import com.bytedanceapi.model.Credentials;
import com.bytedanceapi.service.SignableRequest;
import java.net.URLEncoder;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.TimeZone;
import org.apache.commons.codec.binary.Hex;
import org.apache.http.Consts;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.util.EntityUtils;

/* loaded from: input_file:com/bytedanceapi/auth/impl/SignerV4Impl.class */
public class SignerV4Impl implements ISignerV4 {
    private static final TimeZone tz = TimeZone.getTimeZone("UTC");
    private static final Set<String> H_INCLUDE = new HashSet();

    @Override // com.bytedanceapi.auth.ISignerV4
    public void sign(SignableRequest signableRequest, Credentials credentials) throws Exception {
        signV4(signableRequest, credentials);
        signableRequest.setURI(signableRequest.getUriBuilder().build());
    }

    @Override // com.bytedanceapi.auth.ISignerV4
    public String signUrl(SignableRequest signableRequest, Credentials credentials) throws Exception {
        String currentFormatDate = getCurrentFormatDate();
        String substring = currentFormatDate.substring(0, 8);
        MedaData medaData = new MedaData();
        medaData.setDate(substring);
        medaData.setService(credentials.getService());
        medaData.setRegion(credentials.getRegion());
        medaData.setSignedHeaders("");
        medaData.setAlgorithm("AWS4-HMAC-SHA256");
        medaData.setCredentialScope(String.join("/", medaData.getDate(), medaData.getRegion(), medaData.getService(), "aws4_request"));
        URIBuilder uriBuilder = signableRequest.getUriBuilder();
        uriBuilder.setParameter("X-Amz-Date", currentFormatDate);
        uriBuilder.setParameter("X-Amz-NotSignBody", "");
        uriBuilder.setParameter("X-Amz-Credential", credentials.getAccessKeyID() + "/" + medaData.getCredentialScope());
        uriBuilder.setParameter("X-Amz-Algorithm", medaData.getAlgorithm());
        uriBuilder.setParameter("X-Amz-SignedHeaders", medaData.getSignedHeaders());
        uriBuilder.setParameter("X-Amz-SignedQueries", "");
        ArrayList arrayList = new ArrayList();
        Iterator it = uriBuilder.getQueryParams().iterator();
        while (it.hasNext()) {
            arrayList.add(((NameValuePair) it.next()).getName());
        }
        arrayList.sort(Comparator.naturalOrder());
        uriBuilder.setParameter("X-Amz-SignedQueries", String.join(";", arrayList));
        uriBuilder.setParameter("X-Amz-Signature", signatureV4(genSigningSecretKeyV4(credentials.getSecretAccessKey(), medaData.getDate(), medaData.getRegion(), medaData.getService()), String.join("\n", medaData.getAlgorithm(), currentFormatDate, medaData.getCredentialScope(), hashedSimpleCanonicalRequestV4(signableRequest, medaData))));
        return uriBuilder.build().toURL().getQuery();
    }

    private void signV4(SignableRequest signableRequest, Credentials credentials) throws Exception {
        URIBuilder uriBuilder = signableRequest.getUriBuilder();
        if (uriBuilder.getPath().equals("")) {
            uriBuilder.setPath(uriBuilder.getPath() + "/");
        }
        signableRequest.setHeader(Const.Host, signableRequest.getUriBuilder().getHost());
        if (signableRequest.getHeaders("Content-Type") == null) {
            signableRequest.setHeader("Content-Type", "application/x-www-form-urlencoded; charset=utf-8");
        }
        String currentFormatDate = getCurrentFormatDate();
        signableRequest.setHeader("X-Amz-Date", currentFormatDate);
        MedaData medaData = new MedaData();
        medaData.setAlgorithm("AWS4-HMAC-SHA256");
        medaData.setService(credentials.getService());
        medaData.setRegion(credentials.getRegion());
        medaData.setDate(toDate(currentFormatDate));
        String hashedCanonicalRequestV4 = hashedCanonicalRequestV4(signableRequest, medaData);
        medaData.setCredentialScope(String.join("/", medaData.getDate(), medaData.getRegion(), medaData.getService(), "aws4_request"));
        signableRequest.setHeader("Authorization", buildAuthHeaderV4(Hex.encodeHexString(Utils.hmacSHA256(genSigningSecretKeyV4(credentials.getSecretAccessKey(), medaData.getDate(), medaData.getRegion(), medaData.getService()), String.join("\n", medaData.getAlgorithm(), currentFormatDate, medaData.getCredentialScope(), hashedCanonicalRequestV4))), medaData, credentials));
    }

    private String hashedSimpleCanonicalRequestV4(SignableRequest signableRequest, MedaData medaData) throws Exception {
        String hashSHA256 = Utils.hashSHA256(new byte[0]);
        URIBuilder uriBuilder = signableRequest.getUriBuilder();
        if (uriBuilder.getPath().equals("")) {
            uriBuilder.setPath("/");
        }
        return Utils.hashSHA256(String.join("\n", signableRequest.getMethod(), normUri(uriBuilder.getPath()), normQuery(uriBuilder.getQueryParams()), "\n", medaData.getSignedHeaders(), hashSHA256).getBytes());
    }

    private String hashedCanonicalRequestV4(SignableRequest signableRequest, MedaData medaData) throws Exception {
        HttpEntity entity = signableRequest.getEntity();
        String hashSHA256 = Utils.hashSHA256(entity == null ? new byte[0] : EntityUtils.toByteArray(entity));
        signableRequest.setHeader("X-Amz-Content-Sha256", hashSHA256);
        ArrayList<String> arrayList = new ArrayList();
        for (Header header : signableRequest.getAllHeaders()) {
            String name = header.getName();
            if (H_INCLUDE.contains(name) || name.startsWith("X-Amz-")) {
                arrayList.add(name.toLowerCase());
            }
        }
        arrayList.sort(Comparator.naturalOrder());
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            String trim = signableRequest.getFirstHeader(str).getValue().trim();
            if (str.equals("host") && trim.contains(":")) {
                String[] split = trim.split(":");
                String str2 = split[1];
                if (str2.equals("80") || str2.equals("443")) {
                    trim = split[0];
                }
            }
            sb.append(str).append(":").append(trim).append("\n");
        }
        medaData.setSignedHeaders(String.join(";", arrayList));
        return Utils.hashSHA256(String.join("\n", signableRequest.getMethod(), normUri(signableRequest.getUriBuilder().getPath()), normQuery(signableRequest.getUriBuilder().getQueryParams()), sb.toString(), medaData.getSignedHeaders(), hashSHA256).getBytes());
    }

    private String signatureV4(byte[] bArr, String str) throws Exception {
        return Hex.encodeHexString(Utils.hmacSHA256(bArr, str));
    }

    private byte[] genSigningSecretKeyV4(String str, String str2, String str3, String str4) throws Exception {
        return Utils.hmacSHA256(Utils.hmacSHA256(Utils.hmacSHA256(Utils.hmacSHA256(("AWS4" + str).getBytes(), str2), str3), str4), "aws4_request");
    }

    private String buildAuthHeaderV4(String str, MedaData medaData, Credentials credentials) {
        return medaData.getAlgorithm() + " Credential=" + (credentials.getAccessKeyID() + "/" + medaData.getCredentialScope()) + ", SignedHeaders=" + medaData.getSignedHeaders() + ", Signature=" + str;
    }

    private String getCurrentFormatDate() {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(Const.TIME_FORMAT_V4);
        simpleDateFormat.setTimeZone(tz);
        return simpleDateFormat.format(new Date());
    }

    private String toDate(String str) {
        return str.substring(0, 8);
    }

    private String normUri(String str) {
        return URLEncoder.encode(str).replace("%2F", "/").replace("+", "%20");
    }

    private String normQuery(List<NameValuePair> list) {
        list.sort(Comparator.comparing((v0) -> {
            return v0.getName();
        }));
        return URLEncodedUtils.format(list, Consts.UTF_8).replace("+", "%20");
    }

    static {
        H_INCLUDE.add("Content-Type");
        H_INCLUDE.add("Content-Md5");
        H_INCLUDE.add(Const.Host);
    }
}
