package com.treasuredata.partition.io.auth;

import com.amazonaws.auth.internal.SignerConstants;
import com.treasuredata.partition.io.IORequest;
import com.treasuredata.partition.io.IORequestFilter;
import com.treasuredata.thirdparty.com.google.common.base.Strings;
import com.treasuredata.thirdparty.com.google.common.base.Throwables;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.stream.Collectors;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;

/* loaded from: input_file:com/treasuredata/partition/io/auth/AwsV4Authentication.class */
public class AwsV4Authentication implements IORequestFilter {
    private static final String HMAC_SHA256 = "HmacSHA256";
    private static final String X_AMZ_DATE = "X-Amz-Date";
    private static final String X_AMZ_CONTENT_SHA256 = "X-Amz-Content-Sha256";
    private static final String ALGORITHM = "AWS4-HMAC-SHA256";
    private static final String UNSIGNED_PAYLOAD = "UNSIGNED-PAYLOAD";
    private static final char NEWLINE = '\n';
    private final String endpoint;
    private final String region;
    private final String service;
    private final String accessKey;
    private final String secretKey;
    private static final char[] HEX_CHARS = "0123456789abcdef".toCharArray();

    public AwsV4Authentication(String str, String str2, String str3, String str4, String str5) {
        this.endpoint = (String) Objects.requireNonNull(Strings.emptyToNull(str), "endpoint is null");
        this.region = (String) Objects.requireNonNull(Strings.emptyToNull(str2), "region is null");
        this.service = (String) Objects.requireNonNull(Strings.emptyToNull(str3), "service is null");
        this.accessKey = (String) Objects.requireNonNull(Strings.emptyToNull(str4), "access Key is null");
        this.secretKey = (String) Objects.requireNonNull(Strings.emptyToNull(str5), "secret Key is null");
    }

    @Override // com.treasuredata.partition.io.IORequestFilter
    public IORequest filter(IORequest iORequest) {
        List asList = Arrays.asList("Host", X_AMZ_CONTENT_SHA256, "X-Amz-Date");
        String header = iORequest.getHeader("X-Amz-Date");
        if (header == null) {
            header = new DateTime(DateTimeZone.UTC).toString("YYYYMMdd'T'HHmmss'Z'");
            iORequest = iORequest.addHeader("X-Amz-Date", header);
        }
        if (iORequest.getHeader("Host") == null) {
            iORequest = iORequest.addHeader("Host", this.endpoint);
        }
        IORequest addHeader = iORequest.addHeader(X_AMZ_CONTENT_SHA256, UNSIGNED_PAYLOAD);
        String canonicalize = canonicalize(addHeader, asList, UNSIGNED_PAYLOAD);
        String scope = scope(header, this.region);
        return addHeader.addHeader("Authorization", String.format("AWS4-HMAC-SHA256 Credential=%s, SignedHeaders=%s, Signature=%s", credential(scope), signedHeader(asList), toHex(HmacSHA256(stringToSign(header, scope, canonicalize), getSignatureKey(this.secretKey, header, this.region, this.service)))));
    }

    private static byte[] HmacSHA256(String str, byte[] bArr) {
        try {
            Mac mac = Mac.getInstance(HMAC_SHA256);
            mac.init(new SecretKeySpec(bArr, HMAC_SHA256));
            return mac.doFinal(str.getBytes(StandardCharsets.UTF_8));
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw Throwables.propagate(e);
        }
    }

    private static byte[] hash(String str) {
        try {
            return MessageDigest.getInstance(MessageDigestAlgorithms.SHA_256).digest(str.getBytes(StandardCharsets.UTF_8));
        } catch (NoSuchAlgorithmException e) {
            throw Throwables.propagate(e);
        }
    }

    private String credential(String str) {
        return this.accessKey + "/" + str;
    }

    private static byte[] getSignatureKey(String str, String str2, String str3, String str4) {
        return HmacSHA256(SignerConstants.AWS4_TERMINATOR, HmacSHA256(str4, HmacSHA256(str3, HmacSHA256(str2.substring(0, 8), ("AWS4" + str).getBytes(StandardCharsets.UTF_8)))));
    }

    private static String scope(String str, String str2) {
        return str.substring(0, 8) + "/" + str2 + "/s3/aws4_request";
    }

    private static String stringToSign(String str, String str2, String str3) {
        StringBuilder sb = new StringBuilder(128);
        sb.append("AWS4-HMAC-SHA256").append('\n').append(str).append('\n').append(str2).append('\n').append(toHex(hash(str3)));
        return sb.toString();
    }

    private static String canonicalize(IORequest iORequest, List<String> list, String str) {
        StringBuilder sb = new StringBuilder(1024);
        sb.append(iORequest.getMethod()).append('\n').append(iORequest.getUri().getPath()).append('\n').append(iORequest.getUri().getQuery()).append('\n');
        for (String str2 : list) {
            sb.append(str2.toLowerCase(Locale.ENGLISH)).append(':').append(iORequest.getHeader(str2).trim().replaceAll("\\s+", " ")).append('\n');
        }
        sb.append('\n');
        sb.append(signedHeader(list)).append('\n');
        sb.append(str);
        return sb.toString();
    }

    private static String signedHeader(List<String> list) {
        return (String) list.stream().map(str -> {
            return str.toLowerCase(Locale.ENGLISH);
        }).collect(Collectors.joining(CommonConfigurationKeys.NFS_EXPORTS_ALLOWED_HOSTS_SEPARATOR));
    }

    private static String toHex(byte[] bArr) {
        char[] cArr = new char[2 * bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            cArr[2 * i] = HEX_CHARS[(bArr[i] & 240) >>> 4];
            cArr[(2 * i) + 1] = HEX_CHARS[bArr[i] & 15];
        }
        return new String(cArr);
    }
}
