package apoc.ml.bedrock;

import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.Locale;
import java.util.Map;
import java.util.stream.Collectors;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.tuple.Pair;

/* loaded from: input_file:apoc/ml/bedrock/AwsSignatureV4Generator.class */
public class AwsSignatureV4Generator {
    public static final String AWS_SERVICE_NAME = "bedrock";
    public static final String AUTHORIZATION_KEY = "Authorization";

    public static void calculateAuthorizationHeaders(BedrockConfig bedrockConfig, String str) throws MalformedURLException {
        Map<String, Object> headers = bedrockConfig.getHeaders();
        if (headers.containsKey(AUTHORIZATION_KEY)) {
            return;
        }
        byte[] bytes = getBytes(str);
        String format = DateTimeFormatter.ofPattern("yyyyMMdd'T'HHmmss'Z'").format(ZonedDateTime.now(ZoneOffset.UTC));
        URL url = new URL(bedrockConfig.getEndpoint());
        String host = url.getHost();
        String path = url.getPath();
        String query = url.getQuery();
        String hex = hex(toSha256(bytes));
        String substring = format.substring(0, 8);
        headers.put("Host", host);
        headers.put("X-Amz-Date", format);
        Pair<String, String> createCanonicalRequest = createCanonicalRequest(bedrockConfig.getMethod(), headers, path, query, hex);
        Pair<String, String> createStringToSign = createStringToSign(bedrockConfig.getRegion(), format, substring, createCanonicalRequest);
        createAuthorizationHeader(bedrockConfig, headers, createCanonicalRequest, createStringToSign, calculateSignature(bedrockConfig.getSecretKey(), bedrockConfig.getRegion(), substring, (String) createStringToSign.getRight()));
    }

    private static byte[] getBytes(String str) {
        if (str == null) {
            str = "";
        }
        return str.getBytes();
    }

    private static void createAuthorizationHeader(BedrockConfig bedrockConfig, Map<String, Object> map, Pair<String, String> pair, Pair<String, String> pair2, String str) {
        map.put(AUTHORIZATION_KEY, "AWS4-HMAC-SHA256 Credential=" + bedrockConfig.getKeyId() + "/" + ((String) pair2.getLeft()) + ", SignedHeaders=" + ((String) pair.getLeft()) + ", Signature=" + str);
    }

    private static Pair<String, String> createStringToSign(String str, String str2, String str3, Pair<String, String> pair) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("AWS4-HMAC-SHA256");
        arrayList.add(str2);
        String str4 = str3 + "/" + str + "/bedrock/aws4_request";
        arrayList.add(str4);
        arrayList.add((String) pair.getRight());
        return Pair.of(str4, String.join("\n", arrayList));
    }

    private static Pair<String, String> createCanonicalRequest(String str, Map<String, Object> map, String str2, String str3, String str4) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(str);
        arrayList.add(str2);
        arrayList.add(str3);
        ArrayList arrayList2 = new ArrayList();
        for (String str5 : map.keySet().stream().sorted(Comparator.comparing(str6 -> {
            return str6.toLowerCase(Locale.US);
        })).toList()) {
            arrayList2.add(str5.toLowerCase(Locale.US));
            arrayList.add(str5.toLowerCase(Locale.US) + ":" + normalizeSpaces((String) map.get(str5)));
        }
        arrayList.add(null);
        String join = String.join(";", arrayList2);
        arrayList.add(join);
        arrayList.add(str4);
        return Pair.of(join, hex(toSha256(((String) arrayList.stream().map(str7 -> {
            return str7 == null ? "" : str7;
        }).collect(Collectors.joining("\n"))).getBytes(StandardCharsets.UTF_8))));
    }

    private static String calculateSignature(String str, String str2, String str3, String str4) {
        return hex(toHmac(toHmac(toHmac(toHmac(toHmac(("AWS4" + str).getBytes(StandardCharsets.UTF_8), str3), str2), AWS_SERVICE_NAME), "aws4_request"), str4));
    }

    private static String normalizeSpaces(String str) {
        return str.replaceAll("\\s+", " ").trim();
    }

    public static String hex(byte[] bArr) {
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            sb.append(String.format("%02x", Byte.valueOf(b)));
        }
        return sb.toString();
    }

    private static byte[] toSha256(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static byte[] toHmac(byte[] bArr, String str) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
            return mac.doFinal(str.getBytes(StandardCharsets.UTF_8));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
