package io.jenkins.plugins.akeyless.cloudid;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.jenkins.plugins.akeyless.cloudid.AwsCredentialResolver;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:io/jenkins/plugins/akeyless/cloudid/AwsCloudIdProvider.class */
public class AwsCloudIdProvider implements CloudIdProvider {
    private static final String SERVICE = "sts";
    private static final String REGION = "us-east-1";
    private static final String ENDPOINT = "https://sts.amazonaws.com/";

    @Override // io.jenkins.plugins.akeyless.cloudid.CloudIdProvider
    public String getCloudId() throws Exception {
        AwsCredentialResolver.AwsCredentials resolve = AwsCredentialResolver.resolve();
        if (resolve.accessKeyId == null || resolve.secretAccessKey == null) {
            throw new IllegalStateException("Missing AWS credentials");
        }
        byte[] bytes = "Action=GetCallerIdentity&Version=2011-06-15".getBytes(StandardCharsets.UTF_8);
        ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
        String format = now.format(DateTimeFormatter.ofPattern("yyyyMMdd'T'HHmmss'Z'"));
        String format2 = now.format(DateTimeFormatter.ofPattern("yyyyMMdd"));
        String host = URI.create(ENDPOINT).getHost();
        String hex = toHex(hash(bytes));
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("Content-Type", Collections.singletonList("application/x-www-form-urlencoded; charset=utf-8"));
        linkedHashMap.put("Host", Collections.singletonList(host));
        linkedHashMap.put("X-Amz-Date", Collections.singletonList(format));
        if (resolve.sessionToken != null) {
            linkedHashMap.put("X-Amz-Security-Token", Collections.singletonList(resolve.sessionToken));
        }
        StringBuilder sb = new StringBuilder();
        ArrayList arrayList = new ArrayList();
        for (Map.Entry entry : linkedHashMap.entrySet()) {
            sb.append(((String) entry.getKey()).toLowerCase()).append(":").append(((String) ((List) entry.getValue()).get(0)).trim()).append("\n");
            arrayList.add(((String) entry.getKey()).toLowerCase());
        }
        String join = String.join(";", arrayList);
        String str = "POST\n/\n\n" + sb + "\n" + join + "\n" + hex;
        String str2 = format2 + "/us-east-1/sts/aws4_request";
        linkedHashMap.put("Authorization", Collections.singletonList("AWS4-HMAC-SHA256" + " Credential=" + resolve.accessKeyId + "/" + str2 + ", SignedHeaders=" + join + ", Signature=" + toHex(hmacSHA256(getSignatureKey(resolve.secretAccessKey, format2, REGION, SERVICE), "AWS4-HMAC-SHA256" + "\n" + format + "\n" + str2 + "\n" + toHex(hash(str.getBytes(StandardCharsets.UTF_8)))))));
        ObjectMapper objectMapper = new ObjectMapper();
        String writeValueAsString = objectMapper.writeValueAsString(linkedHashMap);
        LinkedHashMap linkedHashMap2 = new LinkedHashMap();
        linkedHashMap2.put("sts_request_method", "POST");
        linkedHashMap2.put("sts_request_url", Base64.getEncoder().encodeToString(ENDPOINT.getBytes(StandardCharsets.UTF_8)));
        linkedHashMap2.put("sts_request_body", Base64.getEncoder().encodeToString(bytes));
        linkedHashMap2.put("sts_request_headers", Base64.getEncoder().encodeToString(writeValueAsString.getBytes(StandardCharsets.UTF_8)));
        return Base64.getEncoder().encodeToString(objectMapper.writeValueAsString(linkedHashMap2).getBytes(StandardCharsets.UTF_8));
    }

    private static byte[] hmacSHA256(byte[] bArr, String str) throws Exception {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
        return mac.doFinal(str.getBytes(StandardCharsets.UTF_8));
    }

    private static byte[] getSignatureKey(String str, String str2, String str3, String str4) throws Exception {
        return hmacSHA256(hmacSHA256(hmacSHA256(hmacSHA256(("AWS4" + str).getBytes(StandardCharsets.UTF_8), str2), str3), str4), "aws4_request");
    }

    private static byte[] hash(byte[] bArr) throws Exception {
        return MessageDigest.getInstance("SHA-256").digest(bArr);
    }

    private static String toHex(byte[] bArr) {
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            sb.append(String.format("%02x", Byte.valueOf(b)));
        }
        return sb.toString();
    }
}
