package software.amazon.dax.utils;

import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.TimeZone;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
import software.amazon.dax.DaxMethodIds;
import software.amazon.dax.expr.CborSExprGenerator;

/* loaded from: input_file:software/amazon/dax/utils/SigV4Gen.class */
public final class SigV4Gen {
    private static final String HMAC_SHA256 = "HmacSHA256";
    private static final SimpleDateFormat DATE_TIME_STAMP;
    private static final SimpleDateFormat DATE_STAMP;
    private static final String HEADER_NAME_DATE = "x-amz-date";
    private static final String HEADER_NAME_SECURITY_TOKEN = "x-amz-security-token";
    private static final String HEADER_NAME_HOST = "host";
    private static final String[] SIGNED_HEADERS;

    /* loaded from: input_file:software/amazon/dax/utils/SigV4Gen$SigAndStringToSign.class */
    public static class SigAndStringToSign {
        public final String mSignature;
        public final String mStringToSign;
        public final String mSessionToken;

        public SigAndStringToSign(String str, String str2) {
            this(str, str2, null);
        }

        public SigAndStringToSign(String str, String str2, String str3) {
            this.mSignature = str;
            this.mStringToSign = str2;
            this.mSessionToken = str3;
        }
    }

    private SigV4Gen() {
    }

    static SigAndStringToSign generateSigAndStringToSign(AwsCredentials awsCredentials, String str, String str2, String str3, Date date) {
        return getAuthorizationHeader("POST", date, getHeaders(str, date, awsCredentials), str3, awsCredentials, str2);
    }

    public static SigAndStringToSign generateSigAndStringToSign(AwsCredentials awsCredentials, String str, String str2, String str3) {
        return generateSigAndStringToSign(awsCredentials, str, str2, str3, new Date());
    }

    public static SigAndStringToSign getAuthorizationHeader(String str, Date date, Map<String, String> map, String str2, AwsCredentials awsCredentials, String str3) {
        String str4 = "AWS4-HMAC-SHA256\n" + dateTimeAsISO(date, false) + '\n' + (dateTimeAsISO(date, true) + '/' + str3 + "/dax/aws4_request") + '\n' + sha256(str + "\n/\n\n" + getCanonicalHeaders(map) + '\n' + getSignedHeaders() + '\n' + sha256(str2));
        try {
            String str5 = new String(Hex.encodeHex(hmacSHA256(str4, getSignatureKey(awsCredentials.secretAccessKey(), dateTimeAsISO(date, true), str3, DaxMethodIds.SERVICE_NAME))));
            return awsCredentials instanceof AwsSessionCredentials ? new SigAndStringToSign(str5, str4, ((AwsSessionCredentials) awsCredentials).sessionToken()) : new SigAndStringToSign(str5, str4, null);
        } catch (Exception e) {
            throw new RuntimeException("Failed to generate signature", e);
        }
    }

    private static String getCanonicalHeaders(Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        for (String str : SIGNED_HEADERS) {
            sb.append(str).append(CborSExprGenerator.ATTRIBUTE_VALUE_PREFIX).append(map.get(str)).append('\n');
        }
        return sb.toString();
    }

    private static String getSignedHeaders() {
        return String.join(";", SIGNED_HEADERS);
    }

    private static Map<String, String> getHeaders(String str, Date date, AwsCredentials awsCredentials) {
        HashMap hashMap = new HashMap();
        if (str.startsWith("https://")) {
            str = str.substring(8);
        }
        hashMap.put(HEADER_NAME_HOST, str);
        hashMap.put(HEADER_NAME_DATE, dateTimeAsISO(date, false));
        if (awsCredentials instanceof AwsSessionCredentials) {
            hashMap.put(HEADER_NAME_SECURITY_TOKEN, ((AwsSessionCredentials) awsCredentials).sessionToken());
        }
        return hashMap;
    }

    private static String dateTimeAsISO(Date date, boolean z) {
        String format;
        String format2;
        if (z) {
            synchronized (DATE_STAMP) {
                format2 = DATE_STAMP.format(date);
            }
            return format2;
        }
        synchronized (DATE_TIME_STAMP) {
            format = DATE_TIME_STAMP.format(date);
        }
        return format;
    }

    private static String sha256(String str) {
        try {
            return Hex.encodeHexString(MessageDigest.getInstance("SHA-256").digest(str.getBytes("UTF-8")));
        } catch (Exception e) {
            throw new RuntimeException("Failed to compute SHA-256", e);
        }
    }

    static byte[] hmacSHA256(String str, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException {
        Mac mac = Mac.getInstance(HMAC_SHA256);
        mac.init(new SecretKeySpec(bArr, HMAC_SHA256));
        return mac.doFinal(str.getBytes("UTF8"));
    }

    static byte[] getSignatureKey(String str, String str2, String str3, String str4) {
        try {
            return hmacSHA256("aws4_request", hmacSHA256(str4, hmacSHA256(str3, hmacSHA256(str2, ("AWS4" + str).getBytes("UTF8")))));
        } catch (Exception e) {
            throw new RuntimeException("Failed to generate SignatureKey", e);
        }
    }

    static {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMdd'T'HHmmss'Z'");
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
        DATE_TIME_STAMP = simpleDateFormat;
        SimpleDateFormat simpleDateFormat2 = new SimpleDateFormat("yyyyMMdd");
        simpleDateFormat2.setTimeZone(TimeZone.getTimeZone("GMT"));
        DATE_STAMP = simpleDateFormat2;
        SIGNED_HEADERS = new String[]{HEADER_NAME_HOST, HEADER_NAME_DATE};
    }
}
