package org.jclouds.azure.storage.filters;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Function;
import com.google.common.base.Joiner;
import com.google.common.base.Strings;
import com.google.common.base.Supplier;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterables;
import com.google.common.collect.Maps;
import com.google.common.collect.Multimap;
import com.google.common.collect.Multimaps;
import com.google.common.collect.Multiset;
import com.google.common.collect.TreeMultiset;
import com.google.common.io.BaseEncoding;
import com.google.common.io.ByteStreams;
import jakarta.annotation.Resource;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.inject.Singleton;
import java.net.URI;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import javax.inject.Provider;
import org.jclouds.Constants;
import org.jclouds.azure.storage.config.AuthType;
import org.jclouds.azure.storage.util.storageurl.StorageUrlSupplier;
import org.jclouds.crypto.Crypto;
import org.jclouds.crypto.Macs;
import org.jclouds.date.TimeStamp;
import org.jclouds.domain.Credentials;
import org.jclouds.http.HttpException;
import org.jclouds.http.HttpRequest;
import org.jclouds.http.HttpRequestFilter;
import org.jclouds.http.HttpUtils;
import org.jclouds.http.Uris;
import org.jclouds.http.internal.SignatureWire;
import org.jclouds.io.MutableContentMetadata;
import org.jclouds.io.Payload;
import org.jclouds.logging.Logger;
import org.jclouds.oauth.v2.filters.OAuthFilter;
import org.jclouds.openstack.swift.v1.reference.SwiftHeaders;
import org.jclouds.s3.filters.AwsSignatureV4Constants;
import org.jclouds.util.Patterns;
import org.jclouds.util.Strings2;

@Singleton
/* loaded from: input_file:org/jclouds/azure/storage/filters/SharedKeyLiteAuthentication.class */
public class SharedKeyLiteAuthentication implements HttpRequestFilter {
    private static final Collection<String> FIRST_HEADERS_TO_SIGN = ImmutableList.of("Date");
    private static final Collection<String> FIRST_HEADERS_TO_SIGN_FOR_SHARED_KEY = ImmutableList.of("Date", "If-Modified-Since", "If-Match", "If-None-Match", "If-Unmodified-Since", "Range");
    private final SignatureWire signatureWire;
    private final Supplier<Credentials> creds;
    private final Provider<String> timeStampProvider;
    private final Crypto crypto;
    private final String credential;
    private final HttpUtils utils;
    private final URI storageUrl;
    private final boolean isSAS;
    private final AuthType authType;
    private final OAuthFilter oAuthFilter;

    @Named(Constants.LOGGER_SIGNATURE)
    @Resource
    Logger signatureLog = Logger.NULL;

    @Inject
    public SharedKeyLiteAuthentication(SignatureWire signatureWire, @org.jclouds.location.Provider Supplier<Credentials> supplier, @TimeStamp Provider<String> provider, Crypto crypto, HttpUtils httpUtils, @Named("sasAuth") boolean z, StorageUrlSupplier storageUrlSupplier, AuthType authType, OAuthFilter oAuthFilter) {
        this.crypto = crypto;
        this.utils = httpUtils;
        this.signatureWire = signatureWire;
        this.storageUrl = (URI) storageUrlSupplier.get();
        this.creds = supplier;
        this.credential = ((Credentials) supplier.get()).credential;
        this.timeStampProvider = provider;
        this.isSAS = z;
        this.authType = authType;
        this.oAuthFilter = oAuthFilter;
    }

    @Override // org.jclouds.http.HttpRequestFilter
    public HttpRequest filter(HttpRequest httpRequest) throws HttpException {
        HttpRequest filterSAS;
        if (this.authType == AuthType.AZURE_AD) {
            filterSAS = this.oAuthFilter.filter(httpRequest);
        } else if (this.authType == AuthType.AZURE_SHARED_KEY) {
            filterSAS = this.isSAS ? filterSAS(httpRequest, this.credential) : filterSharedKey(httpRequest);
        } else {
            filterSAS = this.isSAS ? filterSAS(httpRequest, this.credential) : filterKey(httpRequest);
        }
        this.utils.logRequest(this.signatureLog, filterSAS, "<<");
        return filterSAS;
    }

    /* JADX WARN: Type inference failed for: r2v2, types: [org.jclouds.http.HttpRequest$Builder] */
    public HttpRequest filterSAS(HttpRequest httpRequest, String str) throws HttpException, IllegalArgumentException {
        URI endpoint = httpRequest.getEndpoint();
        String substring = str.startsWith("?") ? str.substring(1) : str;
        String query = endpoint.getQuery();
        String str2 = query == null ? substring : query + "&" + substring;
        String[] cutUri = cutUri(endpoint);
        Uris.UriBuilder appendPath = Uris.uriBuilder(this.storageUrl).appendPath(cutUri[1]);
        if (cutUri.length >= 3) {
            appendPath.appendPath(Joiner.on("/").join((String[]) Arrays.copyOfRange(cutUri, 2, cutUri.length))).query(str2);
        } else {
            appendPath.query("restype=container&" + str2);
        }
        return removeAuthorizationHeader(replaceDateHeader(httpRequest.toBuilder().endpoint(appendPath.build()).build()));
    }

    public HttpRequest filterKey(HttpRequest httpRequest) throws HttpException {
        HttpRequest replaceDateHeader = replaceDateHeader(httpRequest);
        return replaceAuthorizationHeader(replaceDateHeader, calculateSignature(createStringToSign(replaceDateHeader)));
    }

    public HttpRequest filterSharedKey(HttpRequest httpRequest) throws HttpException {
        HttpRequest replaceDateHeader = replaceDateHeader(httpRequest);
        return replaceAuthorizationHeaderForSharedKey(replaceDateHeader, calculateSignature(createStringToSignForSharedKey(replaceDateHeader)));
    }

    /* JADX WARN: Multi-variable type inference failed */
    HttpRequest replaceAuthorizationHeaderForSharedKey(HttpRequest httpRequest, String str) {
        return ((HttpRequest.Builder) httpRequest.toBuilder().replaceHeader(AwsSignatureV4Constants.AUTHORIZATION_HEADER, "SharedKey " + ((Credentials) this.creds.get()).identity + ":" + str)).build();
    }

    /* JADX WARN: Multi-variable type inference failed */
    HttpRequest replaceAuthorizationHeader(HttpRequest httpRequest, String str) {
        return ((HttpRequest.Builder) httpRequest.toBuilder().replaceHeader(AwsSignatureV4Constants.AUTHORIZATION_HEADER, "SharedKeyLite " + ((Credentials) this.creds.get()).identity + ":" + str)).build();
    }

    /* JADX WARN: Multi-variable type inference failed */
    HttpRequest removeAuthorizationHeader(HttpRequest httpRequest) {
        return ((HttpRequest.Builder) httpRequest.toBuilder().removeHeader(AwsSignatureV4Constants.AUTHORIZATION_HEADER)).build();
    }

    /* JADX WARN: Multi-variable type inference failed */
    HttpRequest replaceDateHeader(HttpRequest httpRequest) {
        ImmutableMap.Builder builder = ImmutableMap.builder();
        builder.put("Date", (String) this.timeStampProvider.get());
        return ((HttpRequest.Builder) httpRequest.toBuilder().replaceHeaders(Multimaps.forMap(builder.build()))).build();
    }

    public String[] cutUri(URI uri) throws IllegalArgumentException {
        String[] split = uri.getPath().split("/");
        if (split.length < 2) {
            throw new IllegalArgumentException("there is neither ContainerName nor BlobName in the URI path");
        }
        return split;
    }

    public String createStringToSignForSharedKey(HttpRequest httpRequest) {
        this.utils.logRequest(this.signatureLog, httpRequest, ">>");
        StringBuilder sb = new StringBuilder();
        appendMethod(httpRequest, sb);
        appendPayloadMetadataForSharedKey(httpRequest, sb);
        appendHttpHeadersForSharedKey(httpRequest, sb);
        appendCanonicalizedHeaders(httpRequest, sb);
        appendCanonicalizedResourceForSharedKey(httpRequest, sb);
        if (this.signatureWire.enabled()) {
            this.signatureWire.output((SignatureWire) sb.toString());
        }
        return sb.toString();
    }

    public String createStringToSign(HttpRequest httpRequest) {
        this.utils.logRequest(this.signatureLog, httpRequest, ">>");
        StringBuilder sb = new StringBuilder();
        appendMethod(httpRequest, sb);
        appendPayloadMetadata(httpRequest, sb);
        appendHttpHeaders(httpRequest, sb);
        appendCanonicalizedHeaders(httpRequest, sb);
        appendCanonicalizedResource(httpRequest, sb);
        if (this.signatureWire.enabled()) {
            this.signatureWire.output((SignatureWire) sb.toString());
        }
        return sb.toString();
    }

    private void appendPayloadMetadataForSharedKey(HttpRequest httpRequest, StringBuilder sb) {
        Payload payload = httpRequest.getPayload();
        if (payload == null) {
            sb.append("\n\n\n\n\n");
            return;
        }
        MutableContentMetadata contentMetadata = payload.getContentMetadata();
        sb.append(Strings.nullToEmpty(contentMetadata.getContentEncoding())).append("\n");
        sb.append(Strings.nullToEmpty(contentMetadata.getContentLanguage())).append("\n");
        sb.append(HttpUtils.nullOrZeroToEmpty(contentMetadata.getContentLength())).append("\n");
        sb.append(HttpUtils.nullToEmpty(contentMetadata.getContentMD5())).append("\n");
        sb.append(Strings.nullToEmpty(contentMetadata.getContentType())).append("\n");
    }

    private void appendPayloadMetadata(HttpRequest httpRequest, StringBuilder sb) {
        sb.append(HttpUtils.nullToEmpty(httpRequest.getPayload() == null ? null : httpRequest.getPayload().getContentMetadata().getContentMD5())).append("\n");
        sb.append(Strings.nullToEmpty(httpRequest.getPayload() == null ? null : httpRequest.getPayload().getContentMetadata().getContentType())).append("\n");
    }

    public String calculateSignature(String str) throws HttpException {
        String signString = signString(str);
        if (this.signatureWire.enabled()) {
            this.signatureWire.input(Strings2.toInputStream(signString));
        }
        return signString;
    }

    public String signString(String str) {
        try {
            return BaseEncoding.base64().encode((byte[]) ByteStreams.readBytes(Strings2.toInputStream(str), Macs.asByteProcessor(this.crypto.hmacSHA256(BaseEncoding.base64().decode(((Credentials) this.creds.get()).credential)))));
        } catch (Exception e) {
            throw new HttpException("error signing request", e);
        }
    }

    private void appendMethod(HttpRequest httpRequest, StringBuilder sb) {
        sb.append(httpRequest.getMethod()).append("\n");
    }

    private void appendCanonicalizedHeaders(HttpRequest httpRequest, StringBuilder sb) {
        TreeMap newTreeMap = Maps.newTreeMap();
        Multimap<String, String> headers = httpRequest.getHeaders();
        for (String str : headers.keySet()) {
            if (str.startsWith("x-ms-")) {
                newTreeMap.put(str.toLowerCase(), Joiner.on(",").join(Iterables.transform(headers.get(str), new Function<String, Object>() { // from class: org.jclouds.azure.storage.filters.SharedKeyLiteAuthentication.1
                    public Object apply(String str2) {
                        return Patterns.NEWLINE_PATTERN.matcher(str2).replaceAll(SwiftHeaders.CONTAINER_ACL_PRIVATE);
                    }
                })));
            }
        }
        for (Map.Entry entry : newTreeMap.entrySet()) {
            sb.append((String) entry.getKey()).append(":").append((String) entry.getValue()).append("\n");
        }
    }

    private void appendHttpHeaders(HttpRequest httpRequest, StringBuilder sb) {
        Iterator<String> it = FIRST_HEADERS_TO_SIGN.iterator();
        while (it.hasNext()) {
            sb.append(HttpUtils.nullToEmpty((Collection<String>) httpRequest.getHeaders().get(it.next()))).append("\n");
        }
    }

    private void appendHttpHeadersForSharedKey(HttpRequest httpRequest, StringBuilder sb) {
        Iterator<String> it = FIRST_HEADERS_TO_SIGN_FOR_SHARED_KEY.iterator();
        while (it.hasNext()) {
            sb.append(HttpUtils.nullToEmpty((Collection<String>) httpRequest.getHeaders().get(it.next()))).append("\n");
        }
    }

    @VisibleForTesting
    void appendCanonicalizedResource(HttpRequest httpRequest, StringBuilder sb) {
        sb.append("/").append(((Credentials) this.creds.get()).identity);
        appendUriPath(httpRequest, sb);
    }

    void appendCanonicalizedResourceForSharedKey(HttpRequest httpRequest, StringBuilder sb) {
        sb.append("/").append(((Credentials) this.creds.get()).identity);
        sb.append(httpRequest.getEndpoint().getRawPath());
        appendQueryParametersForSharedKey(httpRequest, sb);
    }

    void appendQueryParametersForSharedKey(HttpRequest httpRequest, StringBuilder sb) {
        TreeMap newTreeMap = Maps.newTreeMap();
        if (httpRequest.getEndpoint().getQuery() != null) {
            for (String str : httpRequest.getEndpoint().getQuery().split("&")) {
                String[] split = str.split("=");
                String str2 = split[0];
                String str3 = split.length > 1 ? split[1] : SwiftHeaders.CONTAINER_ACL_PRIVATE;
                if (newTreeMap.containsKey(str2)) {
                    ((Multiset) newTreeMap.get(str2)).add(str3);
                } else {
                    TreeMultiset create = TreeMultiset.create();
                    create.add(str3);
                    newTreeMap.put(str2, create);
                }
            }
        }
        for (Map.Entry entry : newTreeMap.entrySet()) {
            String str4 = (String) entry.getKey();
            Multiset<String> multiset = (Multiset) entry.getValue();
            sb.append("\n");
            sb.append(str4);
            sb.append(":");
            boolean z = true;
            for (String str5 : multiset) {
                if (!z) {
                    sb.append(",");
                }
                sb.append(str5);
                z = false;
            }
        }
    }

    @VisibleForTesting
    void appendUriPath(HttpRequest httpRequest, StringBuilder sb) {
        sb.append(httpRequest.getEndpoint().getRawPath());
        if (httpRequest.getEndpoint().getQuery() != null) {
            StringBuilder sb2 = new StringBuilder("?");
            for (String str : httpRequest.getEndpoint().getQuery().split("&")) {
                if ("comp".equals(str.split("=")[0])) {
                    sb2.append(str);
                }
            }
            if (sb2.length() > 1) {
                sb.append((CharSequence) sb2);
            }
        }
    }
}
