package amazon.fws.clicommando.security;

import amazon.fws.clicommando.Command;
import amazon.fws.clicommando.config.CommandConfig;
import amazon.fws.clicommando.exceptions.BadInputException;
import amazon.fws.clicommando.exceptions.ConfigurationErrorException;
import amazon.fws.clicommando.httpbinding.AwsHttpBindingSigner;
import amazon.fws.clicommando.messages.ErrorMessages;
import amazon.fws.clicommando.processors.LoadAWSCredentialFileCommandProcessor;
import amazon.fws.clicommando.util.AwsConventionsHelper;
import amazon.fws.clicommando.util.DateUtils;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.TreeMap;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:amazon/fws/clicommando/security/AwsSignatureHelper.class */
public class AwsSignatureHelper {
    public static final String SERVICE_SIGV4_NAME = "ServiceSignatureName";
    public static final String REGION_PARAM = "Region";
    private String serviceUrl;
    private String method;
    private Command command;

    public AwsSignatureHelper(String str, String str2, Command command) {
        this.serviceUrl = str;
        this.method = str2;
        this.command = command;
    }

    public SignatureInfo signParameters(Map<String, String> map, String str, String str2) {
        SignatureInfo signatureInfo = new SignatureInfo();
        signatureInfo.setQueryParameterName("Signature");
        String str3 = map.get("SignatureVersion");
        if ("1".equals(str3)) {
            map.put(LoadAWSCredentialFileCommandProcessor.AWSAccessKeyId, str);
            signatureInfo.setSignature(sign(calculateStringToSignV1(map, str), str2, "HmacSHA1"));
        } else if ("2".equals(str3)) {
            map.put(LoadAWSCredentialFileCommandProcessor.AWSAccessKeyId, str);
            signatureInfo.setSignature(sign(calculateStringToSignV2(map, str), str2, "HmacSHA256"));
        } else {
            if (!"4".equals(str3)) {
                throw new ConfigurationErrorException("Invalid Signature Version specified");
            }
            signatureInfo.setQueryParameterName("X-Amz-Signature");
            map.put("X-Amz-Algorithm", "AWS4-HMAC-SHA256");
            map.put(AwsHttpBindingSigner.HEADER_DATE, map.get("Timestamp"));
            map.put("X-Amz-SignedHeaders", "Host");
            map.put("X-Amz-Expires", map.get("Timestamp"));
            try {
                signatureInfo.setSignature(toHex(rawSignature(calculateStringToSignV4(map, str), rawSignature("aws4_request", rawSignature(determineServiceSignatureName(), rawSignature(determineRegion(), rawSignature(DateUtils.getToday(), ("AWS4" + str2).getBytes("UTF-8"), "HmacSHA256"), "HmacSHA256"), "HmacSHA256"), "HmacSHA256"), "HmacSHA256")));
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException(e);
            }
        }
        return signatureInfo;
    }

    private String calculateStringToSignV1(Map<String, String> map, String str) {
        StringBuilder sb = new StringBuilder();
        TreeMap treeMap = new TreeMap(String.CASE_INSENSITIVE_ORDER);
        treeMap.putAll(map);
        for (Map.Entry entry : treeMap.entrySet()) {
            sb.append(((String) entry.getKey()) + ((String) entry.getValue()));
        }
        return sb.toString();
    }

    private String calculateStringToSignV2(Map<String, String> map, String str) {
        StringBuilder sb = new StringBuilder();
        sb.append(this.method);
        sb.append("\n");
        try {
            URI uri = (this.serviceUrl.indexOf("://sqs") > 1 || this.serviceUrl.indexOf("queue.amazonaws") > 1) ? new URI(this.serviceUrl) : new URI(this.serviceUrl.toLowerCase());
            sb.append(uri.getHost());
            Integer valueOf = Integer.valueOf(uri.getPort());
            if (this.serviceUrl.contains(valueOf.toString()) && valueOf.intValue() != 80 && valueOf.intValue() != 443 && valueOf.intValue() != -1) {
                sb.append(":" + valueOf);
            }
            sb.append("\n");
            String path = uri.getPath();
            if (path == null || path.length() == 0) {
                path = "/";
            }
            sb.append(urlEncode(path, true) + "\n");
            TreeMap treeMap = new TreeMap();
            treeMap.putAll(map);
            sb.append(canonicalQueryString(treeMap));
            return sb.toString();
        } catch (URISyntaxException e) {
            throw new RuntimeException("URI Syntax Exception thrown while constructing string to sign", e);
        }
    }

    private String calculateStringToSignV4(Map<String, String> map, String str) {
        String str2 = DateUtils.getToday() + "/" + determineRegion() + "/" + determineServiceSignatureName() + "/aws4_request";
        map.put("X-Amz-Credential", str + "/" + str2);
        TreeMap treeMap = new TreeMap();
        treeMap.putAll(map);
        return (("AWS4-HMAC-SHA256\n" + treeMap.get("Timestamp") + "\n") + str2 + "\n") + sha256(canonicalRequestV4(treeMap));
    }

    private String determineRegion() {
        CommandConfig currentCommandConfig = this.command.getCurrentCommandConfig();
        if (currentCommandConfig.doesParameterExist("Region")) {
            String value = currentCommandConfig.getParameter("Region").getValue();
            if (value.length() > 0) {
                return value;
            }
        }
        try {
            URI uri = new URI(this.serviceUrl.toLowerCase());
            return AwsConventionsHelper.AMAZON_URL.matcher(uri.getHost()).find() ? uri.getHost().split("\\.")[1] : AwsConventionsHelper.DEFAULT_REGION;
        } catch (URISyntaxException e) {
            throw new RuntimeException("URI Syntax Exception thrown while constructing string to sign", e);
        }
    }

    private String determineServiceSignatureName() {
        CommandConfig currentCommandConfig = this.command.getCurrentCommandConfig();
        if (currentCommandConfig.doesParameterExist(SERVICE_SIGV4_NAME)) {
            String value = currentCommandConfig.getParameter(SERVICE_SIGV4_NAME).getValue();
            if (value.length() > 0) {
                return value;
            }
        }
        String str = currentCommandConfig.getProcessor().getConfigMap().get(SERVICE_SIGV4_NAME);
        if (str != null) {
            return str;
        }
        try {
            return new URI(this.serviceUrl.toLowerCase()).getHost().split("\\.")[0];
        } catch (URISyntaxException e) {
            throw new RuntimeException("URI Syntax Exception thrown while constructing string to sign", e);
        }
    }

    private String canonicalRequestV4(Map<String, String> map) {
        try {
            URI uri = new URI(this.serviceUrl.toLowerCase());
            String str = (((this.method + "\n") + (uri.getPath().length() == 0 ? "/" : uri.getPath()) + "\n") + canonicalQueryString(map) + "\n") + "host:" + uri.getHost();
            if (uri.getPort() > 0 && uri.getPort() != 80 && uri.getPort() != 443) {
                str = str + ":" + Integer.toString(uri.getPort());
            }
            return ((str + "\n\n") + "host\n") + sha256("");
        } catch (URISyntaxException e) {
            throw new RuntimeException("URI Syntax Exception thrown while constructing string to sign", e);
        }
    }

    private String canonicalQueryString(Map<String, String> map) {
        String str = "";
        for (Map.Entry<String, String> entry : map.entrySet()) {
            str = str + urlEncode(entry.getKey(), false) + "=" + urlEncode(entry.getValue(), false) + "&";
        }
        if (str.charAt(str.length() - 1) == '&') {
            str = str.substring(0, str.length() - 1);
        }
        return str;
    }

    private String sha256(String str) {
        try {
            return toHex(MessageDigest.getInstance("SHA-256").digest(str.getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("UTF-8 encoding not supported.", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("Unable to get SHA-256 digest algorithm", e2);
        }
    }

    public static String toHex(byte[] bArr) {
        String str = "";
        for (byte b : bArr) {
            String hexString = Integer.toHexString(255 & b);
            if (hexString.length() == 1) {
                str = str + "0";
            }
            str = str + hexString;
        }
        return str;
    }

    public static String urlEncode(String str, boolean z) {
        try {
            String replace = URLEncoder.encode(str, "UTF-8").replace("+", "%20").replace("*", "%2A").replace("%7E", "~");
            if (z) {
                replace = replace.replace("%2F", "/");
            }
            return replace;
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    public static String sign(String str, String str2, String str3) {
        try {
            return new String(Base64.encodeBase64(rawSignature(str, str2.getBytes("UTF-8"), str3)));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    public static byte[] rawSignature(String str, byte[] bArr, String str2) {
        try {
            Mac mac = Mac.getInstance(str2);
            mac.init(new SecretKeySpec(bArr, str2));
            return mac.doFinal(str.getBytes("UTF-8"));
        } catch (Exception e) {
            throw new BadInputException(ErrorMessages.ErrorCode.BAD_CREDENTIALS_CANNOT_SIGN, e.getMessage());
        }
    }
}
