package com.jdcloud.sdk.auth.sign;

import com.jdcloud.sdk.auth.Credentials;
import com.jdcloud.sdk.auth.SessionCredentials;
import com.jdcloud.sdk.client.SdkClientException;
import com.jdcloud.sdk.constant.ParameterConstant;
import com.jdcloud.sdk.http.SdkHttpFullRequest;
import com.jdcloud.sdk.http.SdkHttpRequest;
import com.jdcloud.sdk.utils.BinaryUtils;
import com.jdcloud.sdk.utils.SdkHttpUtils;
import com.jdcloud.sdk.utils.StringUtils;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import jd.wjlogin_sdk.common.communion.WJLoginUnionProvider;

/* loaded from: classes.dex */
public class JdCloudSigner extends AbstractSigner implements ServiceSigner, RegionSigner {
    private static final List<String> LIST_OF_HEADERS_TO_IGNORE_IN_LOWER_CASE = Arrays.asList("connection", "x-jdcloud-trace-id");
    private boolean doubleUrlEncode;
    private Date overriddenDate;
    protected String regionName;
    protected String serviceName;

    public JdCloudSigner() {
    }

    public JdCloudSigner(boolean z) {
        this.doubleUrlEncode = z;
    }

    private void addHostHeader(SdkHttpFullRequest.Builder builder) {
        URI endpoint = builder.getEndpoint();
        StringBuilder sb = new StringBuilder(endpoint.getHost());
        if (SdkHttpUtils.isUsingNonDefaultPort(endpoint)) {
            sb.append(":");
            sb.append(endpoint.getPort());
        }
        builder.header(ParameterConstant.HOST, sb.toString());
    }

    private String buildAuthorizationHeader(SdkHttpRequest sdkHttpRequest, byte[] bArr, Credentials credentials, SignerRequestParams signerRequestParams) {
        return ParameterConstant.JDCLOUD2_SIGNING_ALGORITHM + StringUtils.SPACE + ("Credential=" + (credentials.accessKeyId() + WJLoginUnionProvider.b + signerRequestParams.getScope())) + ", " + ("SignedHeaders=" + getSignedHeadersString(sdkHttpRequest)) + ", " + ("Signature=" + BinaryUtils.toHex(bArr));
    }

    private byte[] computeSignature(String str, byte[] bArr) {
        return sign(str.getBytes(Charset.forName("UTF-8")), bArr, SigningAlgorithm.HmacSHA256);
    }

    private String createCanonicalRequest(SdkHttpRequest sdkHttpRequest, String str) {
        return sdkHttpRequest.getHttpMethod().toString() + ParameterConstant.LINE_SEPARATOR + getCanonicalizedResourcePath(SdkHttpUtils.appendUri(sdkHttpRequest.getEndpoint().getPath(), sdkHttpRequest.getResourcePath()), this.doubleUrlEncode) + ParameterConstant.LINE_SEPARATOR + getCanonicalizedQueryString(sdkHttpRequest.getParameters()) + ParameterConstant.LINE_SEPARATOR + getCanonicalizedHeaderString(sdkHttpRequest) + ParameterConstant.LINE_SEPARATOR + getSignedHeadersString(sdkHttpRequest) + ParameterConstant.LINE_SEPARATOR + str;
    }

    private String createStringToSign(String str, SignerRequestParams signerRequestParams) {
        return signerRequestParams.getSigningAlgorithm() + ParameterConstant.LINE_SEPARATOR + signerRequestParams.getFormattedSigningDateTime() + ParameterConstant.LINE_SEPARATOR + signerRequestParams.getScope() + ParameterConstant.LINE_SEPARATOR + BinaryUtils.toHex(hash(str));
    }

    private byte[] deriveSigningKey(Credentials credentials, SignerRequestParams signerRequestParams) {
        return newSigningKey(credentials, signerRequestParams.getFormattedSigningDate(), signerRequestParams.getRegionName(), signerRequestParams.getServiceName());
    }

    private SdkHttpFullRequest.Builder doSign(SdkHttpFullRequest.Builder builder, Credentials credentials) {
        Credentials sanitizeCredentials = sanitizeCredentials(credentials);
        if (sanitizeCredentials instanceof SessionCredentials) {
            addSessionCredentials(builder, (SessionCredentials) sanitizeCredentials);
        }
        SignerRequestParams signerRequestParams = new SignerRequestParams(builder, this.overriddenDate, this.regionName, this.serviceName, ParameterConstant.JDCLOUD2_SIGNING_ALGORITHM);
        addHostHeader(builder);
        builder.header(ParameterConstant.X_JDCLOUD_DATE, signerRequestParams.getFormattedSigningDateTime());
        String createStringToSign = createStringToSign(createCanonicalRequest(builder, calculateContentHash(builder)), signerRequestParams);
        byte[] deriveSigningKey = deriveSigningKey(sanitizeCredentials, signerRequestParams);
        byte[] computeSignature = computeSignature(createStringToSign, deriveSigningKey);
        builder.header(ParameterConstant.AUTHORIZATION, buildAuthorizationHeader(builder, computeSignature, sanitizeCredentials, signerRequestParams));
        processRequestPayload(builder, computeSignature, deriveSigningKey, signerRequestParams);
        return builder;
    }

    private String getCanonicalizedHeaderString(SdkHttpRequest sdkHttpRequest) {
        ArrayList<String> arrayList = new ArrayList(sdkHttpRequest.getHeaders().keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        Map<String, List<String>> headers = sdkHttpRequest.getHeaders();
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            if (!shouldExcludeHeaderFromSigning(str)) {
                String lowerCase = StringUtils.lowerCase(str);
                for (String str2 : headers.get(str)) {
                    StringUtils.appendCompactedString(sb, lowerCase);
                    sb.append(":");
                    if (str2 != null) {
                        StringUtils.appendCompactedString(sb, str2);
                    }
                    sb.append(ParameterConstant.LINE_SEPARATOR);
                }
            }
        }
        return sb.toString();
    }

    private String getSignedHeadersString(SdkHttpRequest sdkHttpRequest) {
        ArrayList<String> arrayList = new ArrayList(sdkHttpRequest.getHeaders().keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            if (!shouldExcludeHeaderFromSigning(str)) {
                if (sb.length() > 0) {
                    sb.append(";");
                }
                sb.append(StringUtils.lowerCase(str));
            }
        }
        return sb.toString();
    }

    private byte[] newSigningKey(Credentials credentials, String str, String str2, String str3) {
        return sign(ParameterConstant.JDCLOUD_TERMINATOR, sign(str3, sign(str2, sign(str, ("JDCLOUD2" + credentials.secretAccessKey()).getBytes(Charset.forName("UTF-8")), SigningAlgorithm.HmacSHA256), SigningAlgorithm.HmacSHA256), SigningAlgorithm.HmacSHA256), SigningAlgorithm.HmacSHA256);
    }

    private boolean shouldExcludeHeaderFromSigning(String str) {
        return LIST_OF_HEADERS_TO_IGNORE_IN_LOWER_CASE.contains(StringUtils.lowerCase(str));
    }

    @Override // com.jdcloud.sdk.auth.sign.AbstractSigner
    protected void addSessionCredentials(SdkHttpFullRequest.Builder builder, SessionCredentials sessionCredentials) {
        builder.header(ParameterConstant.X_JDCLOUD_SECURITY_TOKEN, sessionCredentials.sessionToken());
    }

    protected String calculateContentHash(SdkHttpFullRequest.Builder builder) {
        InputStream binaryRequestPayloadStream = getBinaryRequestPayloadStream(builder.getContent());
        String hex = BinaryUtils.toHex(hash(binaryRequestPayloadStream));
        try {
            binaryRequestPayloadStream.reset();
            return hex;
        } catch (IOException e2) {
            throw new SdkClientException("Unable to reset stream after calculating signature", e2);
        }
    }

    public String getRegionName() {
        return this.regionName;
    }

    public String getServiceName() {
        return this.serviceName;
    }

    protected void processRequestPayload(SdkHttpFullRequest.Builder builder, byte[] bArr, byte[] bArr2, SignerRequestParams signerRequestParams) {
    }

    public void setOverrideDate(Date date) {
        if (date != null) {
            this.overriddenDate = new Date(date.getTime());
        } else {
            this.overriddenDate = null;
        }
    }

    @Override // com.jdcloud.sdk.auth.sign.RegionSigner
    public void setRegionName(String str) {
        this.regionName = str;
    }

    @Override // com.jdcloud.sdk.auth.sign.ServiceSigner
    public void setServiceName(String str) {
        this.serviceName = str;
    }

    @Override // com.jdcloud.sdk.auth.sign.Signer
    public SdkHttpFullRequest sign(SdkHttpFullRequest.Builder builder, Credentials credentials) {
        return doSign(builder, credentials).build2();
    }
}
