package com.mulesoft.connectors.awslambda.internal.amazon;

import com.mulesoft.connectors.awslambda.internal.amazon.utils.HttpUtils;
import com.mulesoft.connectors.awslambda.internal.error.exception.AwsClientException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.time.ZoneOffset;
import java.util.Comparator;
import java.util.Date;
import java.util.Map;
import java.util.stream.Collectors;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.mule.runtime.core.api.util.StringUtils;

/* loaded from: input_file:com/mulesoft/connectors/awslambda/internal/amazon/AwsSignature.class */
public class AwsSignature {
    private static final String SIGNING_ALGORITHM = "HmacSHA256";
    private static final String SIGNATURE_TYPE = "AWS4-HMAC-SHA256";
    static final String HASHING_ALGORITHM = "SHA-256";
    private final AwsHttpRequest request;
    private final String service;
    private final AwsCredentials credentials;
    private boolean doubleUrlEncode = false;
    private final Date signingDate = new Date();

    public AwsSignature(AwsHttpRequest awsHttpRequest, String str, AwsCredentials awsCredentials) {
        this.request = awsHttpRequest;
        this.service = str;
        this.credentials = awsCredentials;
    }

    public String getSignature() {
        return String.format("%s Credential=%s SignedHeaders=%s Signature=%s", SIGNATURE_TYPE, this.credentials.getAccessKey() + "/" + getScope(), canonicalSignedHeaderList(), StringUtils.toHexString(sign("AWS4-HMAC-SHA256\n" + getTimeStamp() + "\n" + getScope() + "\n" + StringUtils.toHexString(hash(canonicalRequest())), getSigningKey())));
    }

    protected String canonicalRequest() {
        return String.format("%s\n%s\n%s\n%s\n%s\n%s", this.request.getMethod(), canonicalPath(), canonicalQueryString(), canonicalHeaders(), canonicalSignedHeaderList(), this.request.getHash());
    }

    protected String canonicalPath() {
        String path = this.request.getUri().getPath();
        if (path == null || path.length() == 0) {
            return "/";
        }
        try {
            String encode = this.doubleUrlEncode ? URLEncoder.encode(path, "utf-8") : path;
            return encode.startsWith("/") ? encode : "/".concat(encode);
        } catch (UnsupportedEncodingException e) {
            throw new AwsClientException(e.getMessage());
        }
    }

    protected String canonicalQueryString() {
        return ("POST".equals(this.request.getMethod()) && this.request.getEntity() == null) ? "" : (String) this.request.getQueryParams().entrySet().stream().sorted(Comparator.comparing(entry -> {
            return ((String) entry.getKey()) + ((String) entry.getValue());
        })).map(entry2 -> {
            return String.format("%s=%s", HttpUtils.urlEncode((String) entry2.getKey(), false), HttpUtils.urlEncode((String) entry2.getValue(), false));
        }).collect(Collectors.joining("&"));
    }

    protected Map<String, String> signedHeaders() {
        return this.request.getHeaders().toImmutableMultiMap();
    }

    protected String canonicalHeaders() {
        return (String) signedHeaders().entrySet().stream().map(entry -> {
            return String.format("%s:%s\n", ((String) entry.getKey()).trim().toLowerCase(), ((String) entry.getValue()).trim().replaceAll("\\s+", " "));
        }).sorted(String.CASE_INSENSITIVE_ORDER).collect(Collectors.joining());
    }

    protected String canonicalSignedHeaderList() {
        return (String) signedHeaders().keySet().stream().map((v0) -> {
            return v0.toLowerCase();
        }).sorted().collect(Collectors.joining(";"));
    }

    protected String getScope() {
        return getDateStamp() + "/" + this.credentials.getRegion().toLowerCase() + "/" + this.service + "/aws4_request";
    }

    public final String getDateStamp() {
        return LocalDateTime.ofInstant(Instant.ofEpochMilli(this.signingDate.getTime()), ZoneId.of("UTC")).toLocalDate().toString().replace("-", "");
    }

    public final String getTimeStamp() {
        LocalDateTime ofInstant = LocalDateTime.ofInstant(Instant.ofEpochMilli(this.signingDate.getTime()), ZoneOffset.UTC);
        return String.format("%d%02d%02dT%02d%02d%02dZ", Integer.valueOf(ofInstant.getYear()), Integer.valueOf(ofInstant.getMonth().getValue()), Integer.valueOf(ofInstant.getDayOfMonth()), Integer.valueOf(ofInstant.getHour()), Integer.valueOf(ofInstant.getMinute()), Integer.valueOf(ofInstant.getSecond()));
    }

    protected byte[] getSigningKey() {
        return sign("aws4_request", sign(this.service, sign(this.credentials.getRegion(), sign(getDateStamp(), ("AWS4" + this.credentials.getSecretKey()).getBytes()))));
    }

    protected byte[] sign(byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance(SIGNING_ALGORITHM);
            mac.init(new SecretKeySpec(bArr2, SIGNING_ALGORITHM));
            return mac.doFinal(bArr);
        } catch (Exception e) {
            throw new AwsClientException("Error signing data", e);
        }
    }

    private byte[] sign(String str, byte[] bArr) {
        return sign(str.getBytes(StandardCharsets.UTF_8), bArr);
    }

    private byte[] hash(String str) {
        return hash(str.getBytes(StandardCharsets.UTF_8));
    }

    private byte[] hash(byte[] bArr) {
        try {
            return MessageDigest.getInstance(HASHING_ALGORITHM).digest(bArr);
        } catch (Exception e) {
            throw new AwsClientException("Failed to create payload hash for AWS request", e);
        }
    }
}
