package org.jclouds.aws.filters;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Multimap;
import java.util.Arrays;
import java.util.Comparator;
import java.util.Map;
import javax.annotation.Resource;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Provider;
import javax.inject.Singleton;
import org.apache.commons.io.IOUtils;
import org.jclouds.Constants;
import org.jclouds.aws.reference.FormParameters;
import org.jclouds.crypto.Crypto;
import org.jclouds.crypto.CryptoStreams;
import org.jclouds.date.TimeStamp;
import org.jclouds.encryption.internal.JCECrypto;
import org.jclouds.http.HttpException;
import org.jclouds.http.HttpRequest;
import org.jclouds.http.HttpRequestFilter;
import org.jclouds.http.HttpUtils;
import org.jclouds.http.internal.SignatureWire;
import org.jclouds.http.utils.ModifyRequest;
import org.jclouds.io.InputSuppliers;
import org.jclouds.logging.Logger;
import org.jclouds.rest.RequestSigner;
import org.jclouds.rest.annotations.ApiVersion;
import org.jclouds.rest.annotations.Credential;
import org.jclouds.rest.annotations.Identity;
import org.jclouds.util.Strings2;

@Singleton
/* loaded from: input_file:WEB-INF/lib/aws-common-1.5.0-alpha.5.jar:org/jclouds/aws/filters/FormSigner.class */
public class FormSigner implements HttpRequestFilter, RequestSigner {
    private final SignatureWire signatureWire;
    private final String apiVersion;
    private final String accessKey;
    private final String secretKey;
    private final Provider<String> dateService;
    private final Crypto crypto;
    private final HttpUtils utils;

    @Resource
    @Named(Constants.LOGGER_SIGNATURE)
    private Logger signatureLog = Logger.NULL;
    public static String[] mandatoryParametersForSignature = {FormParameters.ACTION, FormParameters.SIGNATURE_METHOD, FormParameters.SIGNATURE_VERSION, FormParameters.VERSION};
    public static final Comparator<Map.Entry<String, String>> sortAWSFirst = new Comparator<Map.Entry<String, String>>() { // from class: org.jclouds.aws.filters.FormSigner.3
        @Override // java.util.Comparator
        public int compare(Map.Entry<String, String> entry, Map.Entry<String, String> entry2) {
            if (entry.getKey().startsWith(FormParameters.AWS_ACCESS_KEY_ID)) {
                return -1;
            }
            return entry.getKey().compareTo(entry2.getKey());
        }
    };

    @Inject
    public FormSigner(SignatureWire signatureWire, @ApiVersion String str, @Identity String str2, @Credential String str3, @TimeStamp Provider<String> provider, Crypto crypto, HttpUtils httpUtils) {
        this.signatureWire = signatureWire;
        this.apiVersion = str;
        this.accessKey = str2;
        this.secretKey = str3;
        this.dateService = provider;
        this.crypto = crypto;
        this.utils = httpUtils;
    }

    @Override // org.jclouds.http.HttpRequestFilter
    public HttpRequest filter(HttpRequest httpRequest) throws HttpException {
        Preconditions.checkNotNull(httpRequest.getFirstHeaderOrNull("Host"), "request is not ready to sign; host not present");
        Multimap<String, String> parseQueryToMap = ModifyRequest.parseQueryToMap(httpRequest.getPayload().getRawContent().toString());
        parseQueryToMap.replaceValues(FormParameters.VERSION, ImmutableSet.of(this.apiVersion));
        addSigningParams(parseQueryToMap);
        validateParams(parseQueryToMap);
        addSignature(parseQueryToMap, sign(createStringToSign(httpRequest, parseQueryToMap)));
        HttpRequest payload = setPayload(httpRequest, parseQueryToMap);
        this.utils.logRequest(this.signatureLog, payload, "<<");
        return payload;
    }

    String[] sortForSigning(String str) {
        String[] split = str.split("&");
        Arrays.sort(split, new Comparator<String>() { // from class: org.jclouds.aws.filters.FormSigner.1
            @Override // java.util.Comparator
            public int compare(String str2, String str3) {
                if (str2.startsWith(FormParameters.AWS_ACCESS_KEY_ID)) {
                    return -1;
                }
                return str2.compareTo(str3);
            }
        });
        return split;
    }

    HttpRequest setPayload(HttpRequest httpRequest, Multimap<String, String> multimap) {
        httpRequest.setPayload(ModifyRequest.makeQueryLine(multimap, new Comparator<Map.Entry<String, String>>() { // from class: org.jclouds.aws.filters.FormSigner.2
            @Override // java.util.Comparator
            public int compare(Map.Entry<String, String> entry, Map.Entry<String, String> entry2) {
                if (entry.getKey().startsWith(FormParameters.ACTION) || entry2.getKey().startsWith(FormParameters.AWS_ACCESS_KEY_ID)) {
                    return -1;
                }
                if (entry.getKey().startsWith(FormParameters.AWS_ACCESS_KEY_ID) || entry2.getKey().startsWith(FormParameters.ACTION)) {
                    return 1;
                }
                return entry.getKey().compareTo(entry2.getKey());
            }
        }, new char[0]));
        httpRequest.getPayload().getContentMetadata().setContentType("application/x-www-form-urlencoded");
        return httpRequest;
    }

    @VisibleForTesting
    void validateParams(Multimap<String, String> multimap) {
        for (String str : mandatoryParametersForSignature) {
            Preconditions.checkState(multimap.containsKey(str), "parameter " + str + " is required for signature");
        }
    }

    @VisibleForTesting
    void addSignature(Multimap<String, String> multimap, String str) {
        multimap.replaceValues(FormParameters.SIGNATURE, ImmutableList.of(str));
    }

    @Override // org.jclouds.rest.RequestSigner
    @VisibleForTesting
    public String sign(String str) {
        try {
            String base64 = CryptoStreams.base64(CryptoStreams.mac(InputSuppliers.of(str), this.crypto.hmacSHA256(this.secretKey.getBytes())));
            if (this.signatureWire.enabled()) {
                this.signatureWire.input(Strings2.toInputStream(base64));
            }
            return base64;
        } catch (Exception e) {
            throw new HttpException("error signing request", e);
        }
    }

    @VisibleForTesting
    public String createStringToSign(HttpRequest httpRequest, Multimap<String, String> multimap) {
        this.utils.logRequest(this.signatureLog, httpRequest, ">>");
        StringBuilder sb = new StringBuilder();
        sb.append(httpRequest.getMethod()).append(IOUtils.LINE_SEPARATOR_UNIX);
        sb.append(httpRequest.getFirstHeaderOrNull("Host").toLowerCase()).append(IOUtils.LINE_SEPARATOR_UNIX);
        sb.append(httpRequest.getEndpoint().getPath()).append(IOUtils.LINE_SEPARATOR_UNIX);
        sb.append(buildCanonicalizedString(multimap));
        if (this.signatureWire.enabled()) {
            this.signatureWire.output((SignatureWire) sb.toString());
        }
        return sb.toString();
    }

    @VisibleForTesting
    String buildCanonicalizedString(Multimap<String, String> multimap) {
        return ModifyRequest.makeQueryLine(multimap, sortAWSFirst, new char[0]);
    }

    @VisibleForTesting
    void addSigningParams(Multimap<String, String> multimap) {
        multimap.replaceValues(FormParameters.SIGNATURE_METHOD, ImmutableList.of(JCECrypto.HmacSHA256));
        multimap.replaceValues(FormParameters.SIGNATURE_VERSION, ImmutableList.of("2"));
        multimap.replaceValues("Timestamp", ImmutableList.of(this.dateService.get()));
        multimap.replaceValues(FormParameters.AWS_ACCESS_KEY_ID, ImmutableList.of(this.accessKey));
        multimap.removeAll(FormParameters.SIGNATURE);
    }

    @Override // org.jclouds.rest.RequestSigner
    public String createStringToSign(HttpRequest httpRequest) {
        return createStringToSign(httpRequest, ModifyRequest.parseQueryToMap(httpRequest.getPayload().getRawContent().toString()));
    }
}
