package com.cloud.sdk.auth.signer;

import com.alipay.sdk.util.i;
import com.cloud.sdk.ClientException;
import com.cloud.sdk.Request;
import com.cloud.sdk.WebServiceRequest;
import com.cloud.sdk.auth.credentials.Credentials;
import com.cloud.sdk.auth.signer.internal.SignerConstants;
import com.cloud.sdk.auth.signer.internal.SignerRequestParams;
import com.cloud.sdk.auth.signer.internal.SignerUtils;
import com.cloud.sdk.util.BinaryUtils;
import com.cloud.sdk.util.HttpUtils;
import com.cloud.sdk.util.StringUtils;
import com.money.mapleleaftrip.views.MyTextView;
import com.xiaomi.mipush.sdk.Constants;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;

/* loaded from: classes.dex */
public class DefaultSigner extends AbstractSigner implements Presigner, VerifySigner {
    private static final String LINUX_NEW_LINE = "\n";
    private static final int SIGNER_CACHE_MAX_SIZE = 300;
    protected boolean doubleUrlEncode;

    public DefaultSigner() {
        this(true);
    }

    public DefaultSigner(boolean z) {
        this.doubleUrlEncode = z;
    }

    private void addPreSignInformationToRequest(Request<?> request, Credentials credentials, SignerRequestParams signerRequestParams, String str, long j) {
        String accessKeyId = credentials.getAccessKeyId();
        request.addParameter(SignerConstants.X_SDK_ALGORITHM, SignerConstants.SDK_SIGNING_ALGORITHM);
        request.addParameter(SignerConstants.X_SDK_DATE, str);
        request.addParameter(SignerConstants.X_SDK_SIGNED_HEADER, getSignedHeadersString(request));
        request.addParameter(SignerConstants.X_SDK_EXPIRES, Long.toString(j));
        request.addParameter(SignerConstants.X_SDK_CREDENTIAL, accessKeyId);
    }

    private String buildAuthorizationHeader(Request<?> request, byte[] bArr, Credentials credentials, SignerRequestParams signerRequestParams) {
        return SignerConstants.SDK_SIGNING_ALGORITHM + MyTextView.TWO_CHINESE_BLANK + ("Access=" + credentials.getAccessKeyId()) + ", " + ("SignedHeaders=" + getSignedHeadersString(request)) + ", " + ("Signature=" + BinaryUtils.toHex(bArr));
    }

    private final byte[] deriveSigningKey(Credentials credentials) {
        return newSigningKey(credentials);
    }

    private long generateExpirationDate(Date date) {
        long time = date != null ? (date.getTime() - System.currentTimeMillis()) / 1000 : 604800L;
        if (date == null || time <= SignerConstants.PRESIGN_URL_MAX_EXPIRATION_SECONDS) {
            return time;
        }
        throw new ClientException("Requests that are pre-signed by SigV4 algorithm are valid for at most 7 days. The expiration date set on the current request [" + SignerUtils.formatTimestamp(date.getTime()) + "] has exceeded this limit.");
    }

    private byte[] newSigningKey(Credentials credentials) {
        return credentials.getSecretKey().getBytes(StringUtils.UTF8);
    }

    protected void addHostHeader(Request<?> request) {
        boolean z;
        Iterator<String> it = request.getHeaders().keySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                z = false;
                break;
            } else if ("Host".equalsIgnoreCase(it.next())) {
                z = true;
                break;
            }
        }
        if (z) {
            return;
        }
        URI endpoint = request.getEndpoint();
        StringBuilder sb = new StringBuilder(endpoint.getHost());
        if (HttpUtils.isUsingNonDefaultPort(endpoint)) {
            sb.append(Constants.COLON_SEPARATOR);
            sb.append(endpoint.getPort());
        }
        request.addHeader("Host", sb.toString());
    }

    protected String calculateContentHash(Request<?> request) {
        String header = getHeader(request, SignerConstants.X_SDK_CONTENT_SHA256);
        if (header != null) {
            return header;
        }
        InputStream binaryRequestPayloadStream = getBinaryRequestPayloadStream(request);
        WebServiceRequest originalRequest = request.getOriginalRequest();
        binaryRequestPayloadStream.mark(originalRequest == null ? -1 : originalRequest.getReadLimit());
        String hex = BinaryUtils.toHex(hash(binaryRequestPayloadStream));
        try {
            binaryRequestPayloadStream.reset();
            return hex;
        } catch (IOException unused) {
            throw new ClientException("Unable to reset stream after calculating signature", null);
        }
    }

    protected String calculateContentHashPresign(Request<?> request) {
        return calculateContentHash(request);
    }

    protected final byte[] computeSignature(String str, byte[] bArr, SignerRequestParams signerRequestParams) {
        return sign(str.getBytes(StringUtils.UTF8), bArr, SigningAlgorithm.HmacSHA256);
    }

    protected String createCanonicalRequest(Request<?> request, String str) {
        return request.getHttpMethod().toString() + "\n" + getCanonicalizedResourcePath(HttpUtils.appendUri(request.getEndpoint().getPath(), request.getResourcePath()), this.doubleUrlEncode) + "\n" + getCanonicalizedQueryString(request) + "\n" + getCanonicalizedHeaderString(request) + "\n" + getSignedHeadersString(request) + "\n" + str;
    }

    protected String createStringToSign(String str, SignerRequestParams signerRequestParams) {
        return signerRequestParams.getSigningAlgorithm() + "\n" + signerRequestParams.getFormattedSigningDateTime() + "\n" + BinaryUtils.toHex(hash(str));
    }

    protected String getCanonicalizedHeaderString(Request<?> request) {
        ArrayList<String> arrayList = new ArrayList(request.getHeaders().keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        Map<String, String> headers = request.getHeaders();
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            String lowerCase = str.toLowerCase();
            String str2 = headers.get(str);
            sb.append(lowerCase);
            sb.append(Constants.COLON_SEPARATOR);
            if (str2 != null) {
                sb.append(str2.trim());
            }
            sb.append("\n");
        }
        return sb.toString();
    }

    protected String getHeader(Request<?> request, String str) {
        if (str == null) {
            return null;
        }
        Map<String, String> headers = request.getHeaders();
        for (String str2 : headers.keySet()) {
            if (str.equalsIgnoreCase(str2)) {
                return headers.get(str2);
            }
        }
        return null;
    }

    protected String getSignedHeadersString(Request<?> request) {
        ArrayList<String> arrayList = new ArrayList(request.getHeaders().keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            if (sb.length() > 0) {
                sb.append(i.b);
            }
            sb.append(str.toLowerCase());
        }
        return sb.toString();
    }

    @Override // com.cloud.sdk.auth.signer.Presigner
    public void presignRequest(Request<?> request, Credentials credentials, Date date) {
        long generateExpirationDate = generateExpirationDate(date);
        addHostHeader(request);
        Credentials sanitizeCredentials = sanitizeCredentials(credentials);
        SignerRequestParams signerRequestParams = new SignerRequestParams(request, SignerConstants.SDK_SIGNING_ALGORITHM);
        addPreSignInformationToRequest(request, sanitizeCredentials, signerRequestParams, SignerUtils.formatTimestamp(System.currentTimeMillis()), generateExpirationDate);
        request.addParameter(SignerConstants.X_SDK_SIGNATURE, BinaryUtils.toHex(computeSignature(createStringToSign(createCanonicalRequest(request, calculateContentHashPresign(request)), signerRequestParams), deriveSigningKey(sanitizeCredentials), signerRequestParams)));
    }

    @Override // com.cloud.sdk.auth.signer.Signer
    public void sign(Request<?> request, Credentials credentials) {
        Credentials sanitizeCredentials = sanitizeCredentials(credentials);
        String header = getHeader(request, SignerConstants.X_SDK_DATE);
        SignerRequestParams signerRequestParams = new SignerRequestParams(request, SignerConstants.SDK_SIGNING_ALGORITHM, header);
        if (header == null) {
            request.addHeader(SignerConstants.X_SDK_DATE, signerRequestParams.getFormattedSigningDateTime());
        }
        addHostHeader(request);
        request.addHeader("Authorization", buildAuthorizationHeader(request, computeSignature(createStringToSign(createCanonicalRequest(request, calculateContentHash(request)), signerRequestParams), deriveSigningKey(sanitizeCredentials), signerRequestParams), sanitizeCredentials, signerRequestParams));
    }

    @Override // com.cloud.sdk.auth.signer.VerifySigner
    public boolean verify(Request<?> request, Credentials credentials) {
        Credentials sanitizeCredentials = sanitizeCredentials(credentials);
        String str = request.getHeaders().get(SignerConstants.X_SDK_DATE.toLowerCase());
        String remove = request.getHeaders().remove("Authorization".toLowerCase());
        SignerRequestParams signerRequestParams = new SignerRequestParams(request, SignerConstants.SDK_SIGNING_ALGORITHM, str);
        return buildAuthorizationHeader(request, computeSignature(createStringToSign(createCanonicalRequest(request, calculateContentHash(request)), signerRequestParams), deriveSigningKey(sanitizeCredentials), signerRequestParams), sanitizeCredentials, signerRequestParams).equals(remove);
    }
}
