package com.g42cloud.sdk.core.auth;

import com.g42cloud.sdk.core.Constants;
import com.g42cloud.sdk.core.exception.SdkException;
import com.g42cloud.sdk.core.http.HttpRequest;
import com.g42cloud.sdk.core.utils.BinaryUtils;
import com.g42cloud.sdk.core.utils.SignUtils;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.TimeZone;
import java.util.TreeMap;
import java.util.stream.Collectors;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.openeuler.BGMProvider;

/* loaded from: input_file:com/g42cloud/sdk/core/auth/SM3AKSKSigner.class */
public class SM3AKSKSigner {
    private static final String EMPTY_BODY_SM3 = "1ab21d8355cfa17f8e61194831e81a8f22bec8c728fefb747ed035eb5082aa2b";
    private static final String HMAC_SM3 = "HmacSM3";

    public static <T extends AbstractCredentials<T>> Map<String, String> sign(HttpRequest httpRequest, T t) {
        String header;
        HashMap hashMap = new HashMap();
        hashMap.put(Constants.HOST, httpRequest.getUrl().getAuthority());
        if (httpRequest.getHeader(Constants.X_SDK_DATE) == null) {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMdd'T'HHmmss'Z'");
            simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
            header = simpleDateFormat.format(new Date());
            hashMap.put(Constants.X_SDK_DATE, header);
        } else {
            header = httpRequest.getHeader(Constants.X_SDK_DATE);
        }
        TreeMap treeMap = new TreeMap(hashMap);
        for (String str : httpRequest.getHeaders().keySet()) {
            treeMap.put(str, httpRequest.getHeader(str));
        }
        String createCanonicalRequest = createCanonicalRequest(httpRequest, treeMap, calculateContentHash(httpRequest));
        hashMap.put(Constants.AUTHORIZATION, buildAuthorizationHeader(treeMap, computeSignature(createStringToSign(createCanonicalRequest, header), deriveSigningKey(t.getSk())), t.getAk()));
        return hashMap;
    }

    private static String getCanonicalizedResourcePath(String str) {
        if (str == null || str.isEmpty()) {
            return "/";
        }
        try {
            String urlEncode = SignUtils.urlEncode(new URI(str).getPath(), true);
            if (!urlEncode.startsWith("/")) {
                urlEncode = "/".concat(urlEncode);
            }
            if (!urlEncode.endsWith("/")) {
                urlEncode = urlEncode.concat("/");
            }
            return urlEncode;
        } catch (URISyntaxException e) {
            throw new SdkException("Unable to resolve resource path", e);
        }
    }

    private static String getCanonicalizedQueryString(Map<String, List<String>> map) {
        TreeMap treeMap = new TreeMap();
        for (Map.Entry<String, List<String>> entry : map.entrySet()) {
            treeMap.put(SignUtils.urlEncode(entry.getKey(), false), (List) entry.getValue().stream().map(str -> {
                return SignUtils.urlEncode(str, false);
            }).sorted().collect(Collectors.toList()));
        }
        return SignUtils.convertSortedMap2QueryString(treeMap);
    }

    private static String createCanonicalRequest(HttpRequest httpRequest, Map<String, String> map, String str) {
        return String.join(Constants.LINE_SEPARATOR, httpRequest.getMethod().toString(), getCanonicalizedResourcePath(httpRequest.getUrl().getPath()), getCanonicalizedQueryString(httpRequest.getQueryParams()), getCanonicalizedHeaderString(map), getSignedHeadersString(map), str);
    }

    private static String createStringToSign(String str, String str2) {
        return String.join(Constants.LINE_SEPARATOR, Constants.SM3_SIGNING_ALGORITHM, str2, BinaryUtils.toHex(hashSm3(str)));
    }

    private static byte[] deriveSigningKey(String str) {
        return str.getBytes(StandardCharsets.UTF_8);
    }

    private static byte[] signSM3(byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance(HMAC_SM3);
            mac.init(new SecretKeySpec(bArr2, HMAC_SM3));
            return mac.doFinal(bArr);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new SdkException("Unable to calculate a request signature", e);
        }
    }

    private static byte[] computeSignature(String str, byte[] bArr) {
        return signSM3(str.getBytes(StandardCharsets.UTF_8), bArr);
    }

    private static String buildAuthorizationHeader(Map<String, String> map, byte[] bArr, String str) {
        return "SDK-HMAC-SM3 " + ("Access=" + str) + ", " + ("SignedHeaders=" + getSignedHeadersString(map)) + ", " + ("Signature=" + BinaryUtils.toHex(bArr));
    }

    private static String[] getSignedHeaders(Map<String, String> map) {
        String[] strArr = (String[]) map.keySet().toArray(new String[0]);
        Arrays.sort(strArr, String.CASE_INSENSITIVE_ORDER);
        return strArr;
    }

    private static String getCanonicalizedHeaderString(Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        for (String str : getSignedHeaders(map)) {
            String str2 = map.get(str);
            sb.append(str.toLowerCase(Locale.ROOT)).append(":");
            if (str2 != null) {
                sb.append(str2.trim());
            }
            sb.append(Constants.LINE_SEPARATOR);
        }
        return sb.toString();
    }

    private static String getSignedHeadersString(Map<String, String> map) {
        String[] signedHeaders = getSignedHeaders(map);
        return signedHeaders.length == 0 ? "" : (String) Arrays.stream(signedHeaders).map(str -> {
            return str.toLowerCase(Locale.ROOT);
        }).collect(Collectors.joining(";"));
    }

    private static String calculateContentHash(HttpRequest httpRequest) {
        String bodyAsString = httpRequest.getBodyAsString();
        return (bodyAsString == null || bodyAsString.equals("")) ? EMPTY_BODY_SM3 : BinaryUtils.toHex(hashSm3(bodyAsString));
    }

    private static byte[] hashSm3(String str) {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        SM3Digest sM3Digest = new SM3Digest();
        sM3Digest.update(bytes, 0, bytes.length);
        byte[] bArr = new byte[sM3Digest.getDigestSize()];
        sM3Digest.doFinal(bArr, 0);
        return bArr;
    }

    static {
        if (Security.getProvider(Constants.SECURITY_PROVIDER_BGM) == null) {
            Security.addProvider(new BGMProvider());
        }
    }
}
