package org.eclipse.jgit.transport;

import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.time.Instant;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.util.HashMap;
import java.util.Map;
import java.util.stream.Collectors;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.eclipse.jgit.internal.JGitText;
import org.eclipse.jgit.transport.WalkEncryption;
import org.eclipse.jgit.util.Hex;
import org.eclipse.jgit.util.HttpSupport;

/* loaded from: input_file:org/eclipse/jgit/transport/AwsRequestSignerV4.class */
public final class AwsRequestSignerV4 {
    private static final String ALGORITHM = "HMAC-SHA256";
    private static final String MAC_ALGORITHM = "HmacSHA256";
    private static final String SCHEME = "AWS4";
    private static final String TERMINATOR = "aws4_request";
    private static final String EMPTY_BODY_SHA256 = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
    private static final DateTimeFormatter AMZ_DATE_FORMAT = DateTimeFormatter.ofPattern("yyyyMMdd'T'HHmmss'Z'");
    private static final DateTimeFormatter SCOPE_DATE_FORMAT = DateTimeFormatter.ofPattern("yyyyMMdd");

    private AwsRequestSignerV4() {
    }

    public static void sign(HttpURLConnection httpURLConnection, Map<String, String> map, long j, String str, String str2, String str3, String str4, char[] cArr) {
        HashMap hashMap = new HashMap();
        httpURLConnection.getRequestProperties().forEach((str5, list) -> {
            hashMap.put(str5, String.join(",", list));
        });
        if (j > 0) {
            hashMap.put(HttpSupport.HDR_CONTENT_LENGTH, String.valueOf(j));
        } else {
            str = EMPTY_BODY_SHA256;
        }
        hashMap.put("x-amz-content-sha256", str);
        OffsetDateTime atOffset = Instant.now().atOffset(ZoneOffset.UTC);
        String format = atOffset.format(AMZ_DATE_FORMAT);
        hashMap.put("x-amz-date", format);
        URL url = httpURLConnection.getURL();
        int port = url.getPort();
        hashMap.put(SshConstants.HOST, port > -1 ? url.getHost().concat(":" + port) : url.getHost());
        String canonicalizeHeaderNames = getCanonicalizeHeaderNames(hashMap);
        String str6 = String.valueOf(httpURLConnection.getRequestMethod()) + '\n' + getCanonicalizedResourcePath(url) + '\n' + getCanonicalizedQueryString(map) + '\n' + getCanonicalizedHeaderString(hashMap) + '\n' + canonicalizeHeaderNames + '\n' + str;
        String format2 = atOffset.format(SCOPE_DATE_FORMAT);
        String str7 = String.valueOf(format2) + '/' + str3 + '/' + str2 + '/' + TERMINATOR;
        byte[] signStringWithKey = signStringWithKey("AWS4-HMAC-SHA256\n" + format + '\n' + str7 + '\n' + Hex.toHexString(hash(str6.getBytes(StandardCharsets.UTF_8))), signStringWithKey(TERMINATOR, signStringWithKey(str2, signStringWithKey(str3, signStringWithKey(format2, (SCHEME + new String(cArr)).getBytes(StandardCharsets.UTF_8))))));
        String str8 = "AWS4-HMAC-SHA256 " + ("Credential=" + str4 + '/' + str7) + ", " + ("SignedHeaders=" + canonicalizeHeaderNames) + ", " + ("Signature=" + Hex.toHexString(signStringWithKey));
        httpURLConnection.getClass();
        hashMap.forEach(httpURLConnection::setRequestProperty);
        httpURLConnection.setRequestProperty(HttpSupport.HDR_AUTHORIZATION, str8);
    }

    public static String calculateBodyHash(byte[] bArr) {
        return (bArr == null || bArr.length < 1) ? EMPTY_BODY_SHA256 : Hex.toHexString(hash(bArr));
    }

    private static String getCanonicalizeHeaderNames(Map<String, String> map) {
        return (String) map.keySet().stream().map((v0) -> {
            return v0.toLowerCase();
        }).sorted().collect(Collectors.joining(";"));
    }

    private static String getCanonicalizedHeaderString(Map<String, String> map) {
        if (map == null || map.isEmpty()) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        map.keySet().stream().sorted(String.CASE_INSENSITIVE_ORDER).forEach(str -> {
            String replaceAll = str.toLowerCase().replaceAll(WalkEncryption.Vals.REGEX_WS, " ");
            sb.append(replaceAll).append(':').append(((String) map.get(str)).replaceAll(WalkEncryption.Vals.REGEX_WS, " ")).append('\n');
        });
        return sb.toString();
    }

    private static String getCanonicalizedResourcePath(URL url) {
        String path;
        if (url == null || (path = url.getPath()) == null || path.isEmpty()) {
            return "/";
        }
        String urlEncode = HttpSupport.urlEncode(path, true);
        return urlEncode.startsWith("/") ? urlEncode : "/".concat(urlEncode);
    }

    public static String getCanonicalizedQueryString(Map<String, String> map) {
        return (map == null || map.isEmpty()) ? "" : (String) map.keySet().stream().sorted().map(str -> {
            return String.valueOf(HttpSupport.urlEncode(str, false)) + '=' + HttpSupport.urlEncode((String) map.get(str), false);
        }).collect(Collectors.joining("&"));
    }

    public static byte[] hash(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (Exception e) {
            throw new RuntimeException(JGitText.get().couldNotHashByteArrayWithSha256, e);
        }
    }

    private static byte[] signStringWithKey(String str, byte[] bArr) {
        try {
            byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
            Mac mac = Mac.getInstance(MAC_ALGORITHM);
            mac.init(new SecretKeySpec(bArr, MAC_ALGORITHM));
            return mac.doFinal(bytes);
        } catch (Exception e) {
            throw new RuntimeException(JGitText.get().couldNotSignStringWithKey, e);
        }
    }
}
