package com.oracle.bmc.http.signing.internal;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.base.Supplier;
import com.google.common.hash.Hashing;
import com.oracle.bmc.http.signing.RequestSigner;
import com.oracle.bmc.http.signing.SigningStrategy;
import com.oracle.bmc.http.signing.internal.Version;
import java.beans.ConstructorProperties;
import java.io.InputStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.interfaces.RSAPrivateKey;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.TimeZone;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.Immutable;
import javax.ws.rs.core.MediaType;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Immutable
/* loaded from: input_file:WEB-INF/lib/oci-java-sdk-common-1.2.20.jar:com/oracle/bmc/http/signing/internal/RequestSignerImpl.class */
public class RequestSignerImpl implements RequestSigner {
    private static final Logger LOG = LoggerFactory.getLogger(RequestSignerImpl.class);
    private static final SignatureSigner SIGNER = new SignatureSigner();
    private final KeySupplier<RSAPrivateKey> keySupplier;
    private final SigningConfiguration signingConfiguration;
    private final Supplier<String> keyIdSupplier;

    /* loaded from: input_file:WEB-INF/lib/oci-java-sdk-common-1.2.20.jar:com/oracle/bmc/http/signing/internal/RequestSignerImpl$SigningConfiguration.class */
    public static class SigningConfiguration {
        private final Map<String, List<String>> headersToSign;
        private final boolean skipContentHeadersForStreamingPutRequests;

        @ConstructorProperties({"headersToSign", "skipContentHeadersForStreamingPutRequests"})
        public SigningConfiguration(Map<String, List<String>> map, boolean z) {
            this.headersToSign = map;
            this.skipContentHeadersForStreamingPutRequests = z;
        }
    }

    public RequestSignerImpl(@Nonnull KeySupplier<RSAPrivateKey> keySupplier, @Nonnull SigningStrategy signingStrategy, @Nonnull Supplier<String> supplier) {
        this(keySupplier, toSigningConfiguration(signingStrategy), supplier);
    }

    public RequestSignerImpl(@Nonnull KeySupplier<RSAPrivateKey> keySupplier, @Nonnull SigningConfiguration signingConfiguration, @Nonnull Supplier<String> supplier) {
        this.keySupplier = (KeySupplier) Preconditions.checkNotNull(keySupplier);
        this.signingConfiguration = (SigningConfiguration) Preconditions.checkNotNull(signingConfiguration);
        this.keyIdSupplier = (Supplier) Preconditions.checkNotNull(supplier);
    }

    private static SigningConfiguration toSigningConfiguration(SigningStrategy signingStrategy) {
        return new SigningConfiguration(signingStrategy.getHeadersToSign(), signingStrategy.isSkipContentHeadersForStreamingPutRequests());
    }

    @Override // com.oracle.bmc.http.signing.RequestSigner
    public Map<String, String> signRequest(@Nonnull URI uri, @Nonnull String str, @Nonnull Map<String, List<String>> map, @Nullable Object obj) {
        return signRequest(Algorithm.RSAPSS256, uri, str, map, obj, SignedRequestVersion.getLatestVersion().getVersionName());
    }

    private Map<String, String> signRequest(Algorithm algorithm, URI uri, String str, Map<String, List<String>> map, Object obj, String str2) {
        Preconditions.checkArgument(null != algorithm, "algorithm must not be null");
        Preconditions.checkArgument(null != uri, "uri must not be null");
        Preconditions.checkArgument(!StringUtils.isBlank(str), "httpMethod must not be null or empty");
        Preconditions.checkArgument(null != map, "headers must not be null");
        Preconditions.checkArgument(!StringUtils.isBlank(str2), "versionName must not be null or empty");
        try {
            String str3 = this.keyIdSupplier.get();
            Version validateVersion = validateVersion(str2, algorithm);
            RSAPrivateKey privateKey = getPrivateKey(str3);
            String lowerCase = str.toLowerCase(Locale.ENGLISH);
            String extractPath = extractPath(uri);
            List<String> requiredSigningHeaders = getRequiredSigningHeaders(lowerCase);
            Map<String, String> ignoreCaseHeaders = ignoreCaseHeaders(map);
            Map<String, String> calculateMissingHeaders = calculateMissingHeaders(lowerCase, uri, ignoreCaseHeaders, obj, requiredSigningHeaders);
            HashMap hashMap = new HashMap();
            hashMap.putAll(ignoreCaseHeaders);
            hashMap.putAll(calculateMissingHeaders);
            calculateMissingHeaders.put("authorization", calculateAuthorizationHeader(str3, lowerCase, sign(privateKey, algorithm, calculateStringToSign(lowerCase, extractPath, hashMap, requiredSigningHeaders)), algorithm, validateVersion.getVersionName(), requiredSigningHeaders));
            return calculateMissingHeaders;
        } catch (Exception e) {
            LOG.debug("Could not sign request", e);
            throw new SignedRequestException(e);
        }
    }

    private Version validateVersion(String str, Algorithm algorithm) {
        Optional<SignedRequestVersion> version = SignedRequestVersion.getVersion(str);
        if (!version.isPresent()) {
            LOG.debug("Invalid version number '{}'", str);
            throw new RuntimeException("Invalid version number");
        }
        SignedRequestVersion signedRequestVersion = version.get();
        Optional<Version.Error> validateAlgorithm = signedRequestVersion.validateAlgorithm(algorithm);
        if (!validateAlgorithm.isPresent()) {
            return signedRequestVersion;
        }
        LOG.debug("Signature version rule validation failed '{}'", validateAlgorithm.get());
        throw new RuntimeException("Version validation fails " + validateAlgorithm.get());
    }

    private RSAPrivateKey getPrivateKey(String str) {
        Optional<RSAPrivateKey> key = this.keySupplier.getKey(str);
        if (key.isPresent()) {
            return key.get();
        }
        LOG.debug("Could not find private key associated with keyId '{}'", str);
        throw new RuntimeException("Could not find private key");
    }

    private Map<String, String> ignoreCaseHeaders(Map<String, List<String>> map) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, List<String>> entry : map.entrySet()) {
            if (entry.getValue().size() != 1) {
                throw new RuntimeException("Expecting exactly one value for header " + entry.getKey());
            }
            hashMap.put(entry.getKey().toLowerCase(Locale.ROOT), entry.getValue().get(0));
        }
        return hashMap;
    }

    private static String extractPath(URI uri) {
        String rawPath = uri.getRawPath();
        String rawQuery = uri.getRawQuery();
        if (rawQuery != null && !rawQuery.trim().isEmpty()) {
            rawPath = rawPath + "?" + rawQuery;
        }
        return rawPath;
    }

    private Map<String, String> calculateMissingHeaders(String str, URI uri, Map<String, String> map, Object obj, List<String> list) {
        HashMap hashMap = new HashMap();
        if (isRequiredHeaderMissing("date", list, map)) {
            hashMap.put("date", createFormatter().format(new Date()));
        }
        if (isRequiredHeaderMissing(Constants.HOST, list, map)) {
            hashMap.put(Constants.HOST, uri.getHost());
        }
        boolean equals = str.equals("post");
        boolean equals2 = str.equals("put");
        if (!equals2 && !equals) {
            if (obj != null) {
                throw new RuntimeException("MUST NOT send body on non-POST/PUT request");
            }
            return hashMap;
        }
        if (equals2 && (obj instanceof InputStream)) {
            if (this.signingConfiguration.skipContentHeadersForStreamingPutRequests) {
                return hashMap;
            }
            throw new IllegalArgumentException("Streaming body not supported for signing strategy");
        }
        if (list.contains("content-type")) {
            if (!map.containsKey("content-type")) {
                LOG.warn("Missing 'content-type' header, defaulting to 'application/json'");
                hashMap.put("content-type", MediaType.APPLICATION_JSON);
            } else if (!map.get("content-type").toLowerCase(Locale.ROOT).equals(MediaType.APPLICATION_JSON)) {
                throw new IllegalArgumentException("Only 'application/json' supported for content type");
            }
        }
        try {
            byte[] jsonBody = getJsonBody(obj);
            if (isRequiredHeaderMissing("content-length", list, map)) {
                hashMap.put("content-length", Integer.toString(jsonBody.length));
            }
            if (isRequiredHeaderMissing("x-content-sha256", list, map)) {
                hashMap.put("x-content-sha256", calculateBodySHA256(jsonBody));
            }
            return hashMap;
        } catch (JsonProcessingException e) {
            throw new IllegalArgumentException("Unable to process JSON body", e);
        }
    }

    private static boolean isRequiredHeaderMissing(String str, List<String> list, Map<String, String> map) {
        return list.contains(str) && !map.containsKey(str);
    }

    private static String calculateBodySHA256(byte[] bArr) {
        return base64Encode(Hashing.sha256().hashBytes(bArr).asBytes());
    }

    private String calculateStringToSign(String str, String str2, Map<String, String> map, List<String> list) {
        ArrayList arrayList = new ArrayList();
        for (String str3 : list) {
            String str4 = map.get(str3);
            if (str3.equals("(request-target)")) {
                str4 = str + StringUtils.SPACE + str2;
            }
            arrayList.add(String.format("%s: %s", str3, str4));
        }
        return StringUtils.join(arrayList, StringUtils.LF);
    }

    private String sign(RSAPrivateKey rSAPrivateKey, Algorithm algorithm, String str) {
        return base64Encode(SIGNER.sign(rSAPrivateKey, str.getBytes(StandardCharsets.UTF_8), algorithm.getJvmName()));
    }

    private String calculateAuthorizationHeader(String str, String str2, String str3, Algorithm algorithm, String str4, List<String> list) {
        return String.format("Signature headers=\"%s\",keyId=\"%s\",algorithm=\"%s\",signature=\"%s\",version=\"%s\"", StringUtils.join(list, StringUtils.SPACE), str, algorithm.getSpecName(), str3, str4);
    }

    private List<String> getRequiredSigningHeaders(String str) {
        List<String> list = (List) this.signingConfiguration.headersToSign.get(str);
        return list == null ? new ArrayList(0) : list;
    }

    private static byte[] getJsonBody(Object obj) throws JsonProcessingException {
        if (obj == null) {
            return "".getBytes(StandardCharsets.UTF_8);
        }
        if (obj instanceof String) {
            return ((String) obj).getBytes(StandardCharsets.UTF_8);
        }
        throw new IllegalArgumentException("body must be a String");
    }

    private static String base64Encode(byte[] bArr) {
        return new String(Base64.encodeBase64(bArr, false), StandardCharsets.UTF_8);
    }

    private static SimpleDateFormat createFormatter() {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss z", Locale.US);
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
        return simpleDateFormat;
    }
}
