package com.amazonaws.auth; import com.amazonaws.AmazonClientException; import com.amazonaws.Request; import com.amazonaws.logging.Log; import com.amazonaws.logging.LogFactory; import com.amazonaws.util.AwsHostNameUtils; import com.amazonaws.util.BinaryUtils; import com.amazonaws.util.DateUtils; import com.amazonaws.util.HttpUtils; import com.amazonaws.util.StringUtils; import com.facebook.internal.security.CertificateUtil; import java.io.IOException; import java.io.InputStream; import java.net.URI; import java.nio.charset.Charset; import java.util.ArrayList; import java.util.Collections; import java.util.Date; import org.apache.http.protocol.HTTP; /* loaded from: classes.dex */ public class AWS4Signer extends AbstractAWSSigner implements ServiceAwareSigner, RegionAwareSigner { protected static final String ALGORITHM = "AWS4-HMAC-SHA256"; private static final String DATE_PATTERN = "yyyyMMdd"; private static final long MAX_EXPIRATION_TIME_IN_SECONDS = 604800; private static final long MILLISEC = 1000; protected static final String TERMINATOR = "aws4_request"; private static final String TIME_PATTERN = "yyyyMMdd'T'HHmmss'Z'"; protected static final Log log = LogFactory.getLog(AWS4Signer.class); protected boolean doubleUrlEncode; protected Date overriddenDate; protected String regionName; protected String serviceName; public void overrideDate(Date date) { this.overriddenDate = date; } public void processRequestPayload(Request request, HeaderSigningResult headerSigningResult) { } @Override // com.amazonaws.auth.RegionAwareSigner public void setRegionName(String str) { this.regionName = str; } @Override // com.amazonaws.auth.ServiceAwareSigner public void setServiceName(String str) { this.serviceName = str; } public AWS4Signer() { this(true); } public AWS4Signer(boolean z) { this.doubleUrlEncode = z; } @Override // com.amazonaws.auth.Signer public void sign(Request request, AWSCredentials aWSCredentials) { if (aWSCredentials instanceof AnonymousAWSCredentials) { return; } AWSCredentials sanitizeCredentials = sanitizeCredentials(aWSCredentials); if (sanitizeCredentials instanceof AWSSessionCredentials) { addSessionCredentials(request, (AWSSessionCredentials) sanitizeCredentials); } addHostHeader(request); long dateFromRequest = getDateFromRequest(request); String dateStamp = getDateStamp(dateFromRequest); String scope = getScope(request, dateStamp); String calculateContentHash = calculateContentHash(request); String timeStamp = getTimeStamp(dateFromRequest); request.addHeader("X-Amz-Date", timeStamp); if (request.getHeaders().get("x-amz-content-sha256") != null && "required".equals(request.getHeaders().get("x-amz-content-sha256"))) { request.addHeader("x-amz-content-sha256", calculateContentHash); } String str = sanitizeCredentials.getAWSAccessKeyId() + "/" + scope; HeaderSigningResult computeSignature = computeSignature(request, dateStamp, timeStamp, ALGORITHM, calculateContentHash, sanitizeCredentials); request.addHeader("Authorization", "AWS4-HMAC-SHA256 " + ("Credential=" + str) + ", " + ("SignedHeaders=" + getSignedHeadersString(request)) + ", " + ("Signature=" + BinaryUtils.toHex(computeSignature.getSignature()))); processRequestPayload(request, computeSignature); } public void addSessionCredentials(Request request, AWSSessionCredentials aWSSessionCredentials) { request.addHeader("x-amz-security-token", aWSSessionCredentials.getSessionToken()); } public String extractRegionName(URI uri) { String str = this.regionName; return str != null ? str : AwsHostNameUtils.parseRegionName(uri.getHost(), this.serviceName); } public String extractServiceName(URI uri) { String str = this.serviceName; return str != null ? str : AwsHostNameUtils.parseServiceName(uri); } public String getCanonicalizedHeaderString(Request request) { ArrayList arrayList = new ArrayList(); arrayList.addAll(request.getHeaders().keySet()); Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER); StringBuilder sb = new StringBuilder(); for (String str : arrayList) { if (needsSign(str)) { String replaceAll = StringUtils.lowerCase(str).replaceAll("\\s+", " "); String str2 = (String) request.getHeaders().get(str); sb.append(replaceAll); sb.append(CertificateUtil.DELIMITER); if (str2 != null) { sb.append(str2.replaceAll("\\s+", " ")); } sb.append("\n"); } } return sb.toString(); } public String getSignedHeadersString(Request request) { ArrayList arrayList = new ArrayList(); arrayList.addAll(request.getHeaders().keySet()); Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER); StringBuilder sb = new StringBuilder(); for (String str : arrayList) { if (needsSign(str)) { if (sb.length() > 0) { sb.append(";"); } sb.append(StringUtils.lowerCase(str)); } } return sb.toString(); } public String getCanonicalRequest(Request request, String str) { String appendUri; if (request.getEncodedUriResourcePath() != null) { appendUri = HttpUtils.appendUriEncoded(request.getEndpoint().getPath(), request.getEncodedUriResourcePath()); } else { appendUri = HttpUtils.appendUri(request.getEndpoint().getPath(), request.getResourcePath()); } String str2 = request.getHttpMethod().toString() + "\n" + getCanonicalizedResourcePath(appendUri, this.doubleUrlEncode) + "\n" + getCanonicalizedQueryString(request) + "\n" + getCanonicalizedHeaderString(request) + "\n" + getSignedHeadersString(request) + "\n" + str; log.debug("AWS4 Canonical Request: '\"" + str2 + "\""); return str2; } public String getStringToSign(String str, String str2, String str3, String str4) { String str5 = str + "\n" + str2 + "\n" + str3 + "\n" + BinaryUtils.toHex(hash(str4)); log.debug("AWS4 String to Sign: '\"" + str5 + "\""); return str5; } public final HeaderSigningResult computeSignature(Request request, String str, String str2, String str3, String str4, AWSCredentials aWSCredentials) { String extractRegionName = extractRegionName(request.getEndpoint()); String extractServiceName = extractServiceName(request.getEndpoint()); String str5 = str + "/" + extractRegionName + "/" + extractServiceName + "/" + TERMINATOR; String stringToSign = getStringToSign(str3, str2, str5, getCanonicalRequest(request, str4)); String str6 = "AWS4" + aWSCredentials.getAWSSecretKey(); Charset charset = StringUtils.UTF8; byte[] bytes = str6.getBytes(charset); SigningAlgorithm signingAlgorithm = SigningAlgorithm.HmacSHA256; byte[] sign = sign(TERMINATOR, sign(extractServiceName, sign(extractRegionName, sign(str, bytes, signingAlgorithm), signingAlgorithm), signingAlgorithm), signingAlgorithm); return new HeaderSigningResult(str2, str5, sign, sign(stringToSign.getBytes(charset), sign, signingAlgorithm)); } public final String getTimeStamp(long j) { return DateUtils.format(TIME_PATTERN, new Date(j)); } public final String getDateStamp(long j) { return DateUtils.format(DATE_PATTERN, new Date(j)); } public final long getDateFromRequest(Request request) { Date signatureDate = getSignatureDate(getTimeOffset(request)); Date date = this.overriddenDate; if (date != null) { signatureDate = date; } return signatureDate.getTime(); } public void addHostHeader(Request request) { String host = request.getEndpoint().getHost(); if (HttpUtils.isUsingNonDefaultPort(request.getEndpoint())) { host = host + CertificateUtil.DELIMITER + request.getEndpoint().getPort(); } request.addHeader(HTTP.TARGET_HOST, host); } public String getScope(Request request, String str) { return str + "/" + extractRegionName(request.getEndpoint()) + "/" + extractServiceName(request.getEndpoint()) + "/" + TERMINATOR; } public String calculateContentHash(Request request) { InputStream binaryRequestPayloadStream = getBinaryRequestPayloadStream(request); binaryRequestPayloadStream.mark(-1); String hex = BinaryUtils.toHex(hash(binaryRequestPayloadStream)); try { binaryRequestPayloadStream.reset(); return hex; } catch (IOException e) { throw new AmazonClientException("Unable to reset stream after calculating AWS4 signature", e); } } public static class HeaderSigningResult { public final String dateTime; public final byte[] kSigning; public final String scope; public final byte[] signature; public HeaderSigningResult(String str, String str2, byte[] bArr, byte[] bArr2) { this.dateTime = str; this.scope = str2; this.kSigning = bArr; this.signature = bArr2; } public byte[] getSignature() { byte[] bArr = this.signature; byte[] bArr2 = new byte[bArr.length]; System.arraycopy(bArr, 0, bArr2, 0, bArr.length); return bArr2; } } public void presignRequest(Request request, AWSCredentials aWSCredentials, Date date) { if (aWSCredentials instanceof AnonymousAWSCredentials) { return; } long time = date != null ? (date.getTime() - System.currentTimeMillis()) / 1000 : 604800L; if (time > MAX_EXPIRATION_TIME_IN_SECONDS) { throw new AmazonClientException("Requests that are pre-signed by SigV4 algorithm are valid for at most 7 days. The expiration date set on the current request [" + getTimeStamp(date.getTime()) + "] has exceeded this limit."); } addHostHeader(request); AWSCredentials sanitizeCredentials = sanitizeCredentials(aWSCredentials); if (sanitizeCredentials instanceof AWSSessionCredentials) { request.addParameter("X-Amz-Security-Token", ((AWSSessionCredentials) sanitizeCredentials).getSessionToken()); } long dateFromRequest = getDateFromRequest(request); String dateStamp = getDateStamp(dateFromRequest); String str = sanitizeCredentials.getAWSAccessKeyId() + "/" + getScope(request, dateStamp); String timeStamp = getTimeStamp(dateFromRequest); request.addParameter("X-Amz-Algorithm", ALGORITHM); request.addParameter("X-Amz-Date", timeStamp); request.addParameter("X-Amz-SignedHeaders", getSignedHeadersString(request)); request.addParameter("X-Amz-Expires", Long.toString(time)); request.addParameter("X-Amz-Credential", str); request.addParameter("X-Amz-Signature", BinaryUtils.toHex(computeSignature(request, dateStamp, timeStamp, ALGORITHM, calculateContentHashPresign(request), sanitizeCredentials).getSignature())); } public String calculateContentHashPresign(Request request) { return calculateContentHash(request); } public boolean needsSign(String str) { return "date".equalsIgnoreCase(str) || "Content-MD5".equalsIgnoreCase(str) || "host".equalsIgnoreCase(str) || str.startsWith("x-amz") || str.startsWith("X-Amz"); } }