package com.oracle.bmc.http.signing.internal;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.base.Supplier;
import com.google.common.collect.ImmutableList;
import com.google.common.hash.Hashing;
import com.google.common.io.ByteStreams;
import com.oracle.bmc.http.internal.RestClientFactory;
import com.oracle.bmc.http.signing.RequestSigner;
import com.oracle.bmc.http.signing.RequestSignerException;
import com.oracle.bmc.http.signing.SigningStrategy;
import com.oracle.bmc.http.signing.internal.Version;
import com.oracle.bmc.io.DuplicatableInputStream;
import java.beans.ConstructorProperties;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.interfaces.RSAPrivateKey;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.TimeZone;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.Immutable;
import javax.ws.rs.core.MediaType;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.TimeZones;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Immutable
/* loaded from: input_file:WEB-INF/lib/oci-java-sdk-common-1.5.11.jar:com/oracle/bmc/http/signing/internal/RequestSignerImpl.class */
public class RequestSignerImpl implements RequestSigner {
    private static final Logger LOG = LoggerFactory.getLogger(RequestSignerImpl.class);
    private static final SignatureSigner SIGNER = new SignatureSigner();
    private final KeySupplier<RSAPrivateKey> keySupplier;
    private final SigningConfiguration signingConfiguration;
    private final Supplier<String> keyIdSupplier;

    /* loaded from: input_file:WEB-INF/lib/oci-java-sdk-common-1.5.11.jar:com/oracle/bmc/http/signing/internal/RequestSignerImpl$SigningConfiguration.class */
    public static class SigningConfiguration {
        private final Map<String, List<String>> headersToSign;
        private final Map<String, List<String>> optionalHeadersToSign;
        private final boolean skipContentHeadersForStreamingPutRequests;

        @ConstructorProperties({"headersToSign", "optionalHeadersToSign", "skipContentHeadersForStreamingPutRequests"})
        public SigningConfiguration(Map<String, List<String>> map, Map<String, List<String>> map2, boolean z) {
            this.headersToSign = map;
            this.optionalHeadersToSign = map2;
            this.skipContentHeadersForStreamingPutRequests = z;
        }
    }

    public RequestSignerImpl(@Nonnull KeySupplier<RSAPrivateKey> keySupplier, @Nonnull SigningStrategy signingStrategy, @Nonnull Supplier<String> supplier) {
        this(keySupplier, toSigningConfiguration(signingStrategy), supplier);
    }

    public RequestSignerImpl(@Nonnull KeySupplier<RSAPrivateKey> keySupplier, @Nonnull SigningConfiguration signingConfiguration, @Nonnull Supplier<String> supplier) {
        this.keySupplier = (KeySupplier) Preconditions.checkNotNull(keySupplier);
        this.signingConfiguration = (SigningConfiguration) Preconditions.checkNotNull(signingConfiguration);
        this.keyIdSupplier = (Supplier) Preconditions.checkNotNull(supplier);
    }

    private static SigningConfiguration toSigningConfiguration(SigningStrategy signingStrategy) {
        return new SigningConfiguration(signingStrategy.getHeadersToSign(), signingStrategy.getOptionalHeadersToSign(), signingStrategy.isSkipContentHeadersForStreamingPutRequests());
    }

    @Override // com.oracle.bmc.http.signing.RequestSigner
    public Map<String, String> signRequest(@Nonnull URI uri, @Nonnull String str, @Nonnull Map<String, List<String>> map, @Nullable Object obj) {
        return signRequest(Algorithm.RSAPSS256, uri, str, map, obj, SignedRequestVersion.getLatestVersion().getVersionName());
    }

    private Map<String, String> signRequest(Algorithm algorithm, URI uri, String str, Map<String, List<String>> map, Object obj, String str2) {
        return signRequest(algorithm, uri, str, map, obj, str2, this.keyIdSupplier.get(), this.keySupplier, this.signingConfiguration);
    }

    public static Map<String, String> signRequest(Algorithm algorithm, URI uri, String str, Map<String, List<String>> map, Object obj, String str2, String str3, KeySupplier<RSAPrivateKey> keySupplier, SigningConfiguration signingConfiguration) {
        Preconditions.checkArgument(null != algorithm, "algorithm must not be null");
        Preconditions.checkArgument(null != uri, "uri must not be null");
        Preconditions.checkArgument(!StringUtils.isBlank(str), "httpMethod must not be null or empty");
        Preconditions.checkArgument(null != map, "headers must not be null");
        Preconditions.checkArgument(!StringUtils.isBlank(str2), "versionName must not be null or empty");
        try {
            Version validateVersion = validateVersion(str2, algorithm);
            RSAPrivateKey privateKey = getPrivateKey(str3, keySupplier);
            String lowerCase = str.toLowerCase();
            String extractPath = extractPath(uri);
            List<String> requiredSigningHeaders = getRequiredSigningHeaders(lowerCase, signingConfiguration);
            List<String> optionalSigningHeaders = getOptionalSigningHeaders(lowerCase, signingConfiguration);
            for (String str4 : optionalSigningHeaders) {
                if (map.get(str4) != null) {
                    requiredSigningHeaders.add(str4);
                }
            }
            Map<String, List<String>> ignoreCaseHeaders = ignoreCaseHeaders(map);
            Map<String, String> calculateMissingHeaders = calculateMissingHeaders(lowerCase, uri, ignoreCaseHeaders, obj, requiredSigningHeaders, signingConfiguration);
            HashMap hashMap = new HashMap();
            hashMap.putAll(ignoreCaseHeaders);
            for (Map.Entry<String, String> entry : calculateMissingHeaders.entrySet()) {
                hashMap.put(entry.getKey(), ImmutableList.of(entry.getValue()));
            }
            calculateMissingHeaders.put("authorization", calculateAuthorizationHeader(str3, lowerCase, sign(privateKey, algorithm, calculateStringToSign(lowerCase, extractPath, hashMap, requiredSigningHeaders, map)), algorithm, validateVersion.getVersionName(), requiredSigningHeaders, optionalSigningHeaders));
            for (String str5 : requiredSigningHeaders) {
                if (!calculateMissingHeaders.containsKey(str5) && ignoreCaseHeaders.containsKey(str5) && !ignoreCaseHeaders.get(str5).isEmpty()) {
                    calculateMissingHeaders.put(str5, ignoreCaseHeaders.get(str5).get(0));
                }
            }
            return calculateMissingHeaders;
        } catch (Exception e) {
            LOG.debug("Could not sign request", e);
            throw new SignedRequestException(e);
        }
    }

    private static Version validateVersion(String str, Algorithm algorithm) {
        Optional<SignedRequestVersion> version = SignedRequestVersion.getVersion(str);
        if (!version.isPresent()) {
            LOG.debug("Invalid version number '{}'", str);
            throw new RequestSignerException("Invalid version number");
        }
        SignedRequestVersion signedRequestVersion = version.get();
        Optional<Version.Error> validateAlgorithm = signedRequestVersion.validateAlgorithm(algorithm);
        if (!validateAlgorithm.isPresent()) {
            return signedRequestVersion;
        }
        LOG.debug("Signature version rule validation failed '{}'", validateAlgorithm.get());
        throw new RequestSignerException("Version validation fails " + validateAlgorithm.get());
    }

    private static RSAPrivateKey getPrivateKey(String str, KeySupplier<RSAPrivateKey> keySupplier) {
        Optional<RSAPrivateKey> key = keySupplier.getKey(str);
        if (key.isPresent()) {
            return key.get();
        }
        LOG.debug("Could not find private key associated with keyId '{}'", str);
        throw new RequestSignerException("Could not find private key");
    }

    @VisibleForTesting
    static Map<String, List<String>> ignoreCaseHeaders(Map<String, List<String>> map) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, List<String>> entry : map.entrySet()) {
            hashMap.put(entry.getKey().toLowerCase(), entry.getValue());
        }
        return hashMap;
    }

    private static String transformHeadersToJsonString(Map<String, List<String>> map) {
        try {
            return RestClientFactory.getObjectMapper().writeValueAsString(map);
        } catch (JsonProcessingException e) {
            LOG.debug("Unable to serialize headers to JSON string", e);
            return "UNABLE TO SERIALIZE";
        }
    }

    private static String extractPath(URI uri) {
        String rawPath = uri.getRawPath();
        String rawQuery = uri.getRawQuery();
        if (rawQuery != null && !rawQuery.trim().isEmpty()) {
            rawPath = rawPath + "?" + rawQuery;
        }
        return rawPath;
    }

    static Map<String, String> calculateMissingHeaders(String str, URI uri, Map<String, List<String>> map, Object obj, List<String> list, SigningConfiguration signingConfiguration) throws IOException {
        HashMap hashMap = new HashMap();
        if (isRequiredHeaderMissing("date", list, map)) {
            hashMap.put("date", createFormatter().format(new Date()));
        }
        if (isRequiredHeaderMissing(Constants.HOST, list, map)) {
            hashMap.put(Constants.HOST, uri.getHost());
        }
        boolean equals = str.equals("post");
        boolean equals2 = str.equals("put");
        boolean equals3 = str.equals("patch");
        if (!equals2 && !equals && !equals3) {
            if (obj != null) {
                throw new RequestSignerException("MUST NOT send body on non-POST/PUT request");
            }
            return hashMap;
        }
        if ((equals2 || equals3) && (obj instanceof InputStream)) {
            if (signingConfiguration.skipContentHeadersForStreamingPutRequests) {
                return hashMap;
            }
            throw new IllegalArgumentException("Streaming body not supported for signing strategy");
        }
        if (list.contains("content-type")) {
            if (map.containsKey("content-type")) {
                List<String> list2 = map.get("content-type");
                if (list2.size() != 1) {
                    throw new IllegalArgumentException("Expected exactly one 'content-type header (received " + list2.size() + ")");
                }
            } else {
                LOG.warn("Missing 'content-type' header, defaulting to 'application/json'");
                hashMap.put("content-type", MediaType.APPLICATION_JSON);
            }
        }
        byte[] readBodyBytes = readBodyBytes(obj);
        if (isRequiredHeaderMissing("content-length", list, map)) {
            hashMap.put("content-length", Integer.toString(readBodyBytes.length));
        }
        if (isRequiredHeaderMissing("x-content-sha256", list, map)) {
            hashMap.put("x-content-sha256", calculateBodySHA256(readBodyBytes));
        }
        return hashMap;
    }

    private static boolean isRequiredHeaderMissing(String str, List<String> list, Map<String, ?> map) {
        return list.contains(str) && !map.containsKey(str);
    }

    private static String calculateBodySHA256(byte[] bArr) {
        return base64Encode(Hashing.sha256().hashBytes(bArr).asBytes());
    }

    @VisibleForTesting
    static String calculateStringToSign(String str, String str2, Map<String, List<String>> map, List<String> list, Map<String, List<String>> map2) {
        ArrayList arrayList = new ArrayList();
        for (String str3 : list) {
            List<String> list2 = map.get(str3);
            if (list2 != null && list2.size() != 1) {
                RequestSignerException requestSignerException = new RequestSignerException("Expecting exactly one value for header " + str3);
                LOG.error("More than one value for header [{}] to be signed found.  All headers: {}", new Object[]{str3, transformHeadersToJsonString(map2), requestSignerException});
                throw requestSignerException;
            }
            String str4 = list2 != null ? list2.get(0) : null;
            if (str3.equals("(request-target)")) {
                str4 = str + StringUtils.SPACE + str2;
            }
            if (str4 == null) {
                RequestSignerException requestSignerException2 = new RequestSignerException("Expecting exactly one value for header " + str3);
                LOG.error("No header value for header [{}] to be signed found.  All headers: {}", new Object[]{str3, transformHeadersToJsonString(map2), requestSignerException2});
                throw requestSignerException2;
            }
            arrayList.add(String.format("%s: %s", str3, str4));
        }
        return StringUtils.join(arrayList, "\n");
    }

    private static String sign(RSAPrivateKey rSAPrivateKey, Algorithm algorithm, String str) {
        return base64Encode(SIGNER.sign(rSAPrivateKey, str.getBytes(StandardCharsets.UTF_8), algorithm.getJvmName()));
    }

    private static String calculateAuthorizationHeader(String str, String str2, String str3, Algorithm algorithm, String str4, List<String> list, List<String> list2) {
        return String.format("Signature headers=\"%s\",keyId=\"%s\",algorithm=\"%s\",signature=\"%s\",version=\"%s\"", StringUtils.join(list, StringUtils.SPACE), str, algorithm.getSpecName(), str3, str4);
    }

    private static List<String> getRequiredSigningHeaders(String str, SigningConfiguration signingConfiguration) {
        return getIgnoreCaseHeaders((List) signingConfiguration.headersToSign.get(str));
    }

    private static List<String> getIgnoreCaseHeaders(List<String> list) {
        if (list == null) {
            return new ArrayList(0);
        }
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().toLowerCase());
        }
        return arrayList;
    }

    private static List<String> getOptionalSigningHeaders(String str, SigningConfiguration signingConfiguration) {
        return getIgnoreCaseHeaders((List) signingConfiguration.optionalHeadersToSign.get(str));
    }

    private static byte[] readBodyBytes(Object obj) throws IOException {
        if (obj == null) {
            return "".getBytes(StandardCharsets.UTF_8);
        }
        if (obj instanceof String) {
            return ((String) obj).getBytes(StandardCharsets.UTF_8);
        }
        if (obj instanceof DuplicatableInputStream) {
            return ByteStreams.toByteArray(((DuplicatableInputStream) obj).duplicate());
        }
        if (obj instanceof InputStream) {
            throw new IllegalArgumentException("Only DuplicatableInputStream supported for body that needs signing.");
        }
        throw new IllegalArgumentException("Unexpected body type: " + obj.getClass().getName());
    }

    private static String base64Encode(byte[] bArr) {
        return new String(Base64.encodeBase64(bArr, false), StandardCharsets.UTF_8);
    }

    private static SimpleDateFormat createFormatter() {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss z", Locale.US);
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone(TimeZones.GMT_ID));
        return simpleDateFormat;
    }
}
