package software.amazon.awssdk.auth.signer.internal;

import java.io.InputStream;
import java.util.Objects;
import java.util.Optional;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.auth.credentials.CredentialUtils;
import software.amazon.awssdk.auth.signer.S3SignerExecutionAttribute;
import software.amazon.awssdk.auth.signer.internal.chunkedencoding.AwsS3V4ChunkSigner;
import software.amazon.awssdk.auth.signer.internal.chunkedencoding.AwsSignedChunkedEncodingInputStream;
import software.amazon.awssdk.auth.signer.params.Aws4PresignerParams;
import software.amazon.awssdk.auth.signer.params.AwsS3V4SignerParams;
import software.amazon.awssdk.core.checksums.ChecksumSpecs;
import software.amazon.awssdk.core.checksums.SdkChecksum;
import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
import software.amazon.awssdk.core.internal.chunked.AwsChunkedEncodingConfig;
import software.amazon.awssdk.core.internal.util.HttpChecksumUtils;
import software.amazon.awssdk.http.ContentStreamProvider;
import software.amazon.awssdk.http.SdkHttpFullRequest;
import software.amazon.awssdk.utils.BinaryUtils;
import software.amazon.awssdk.utils.ProxyConfigProvider;
import software.amazon.awssdk.utils.StringUtils;

@SdkInternalApi
/* loaded from: input_file:software/amazon/awssdk/auth/signer/internal/AbstractAwsS3V4Signer.class */
public abstract class AbstractAwsS3V4Signer extends AbstractAws4Signer<AwsS3V4SignerParams, Aws4PresignerParams> {
    public static final String CONTENT_SHA_256_WITH_CHECKSUM = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER";
    public static final String STREAMING_UNSIGNED_PAYLOAD_TRAILER = "STREAMING-UNSIGNED-PAYLOAD-TRAILER";
    private static final String CONTENT_SHA_256 = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD";
    private static final String UNSIGNED_PAYLOAD = "UNSIGNED-PAYLOAD";
    private static final String CONTENT_LENGTH = "Content-Length";

    @Override // software.amazon.awssdk.core.signer.Signer
    public SdkHttpFullRequest sign(SdkHttpFullRequest sdkHttpFullRequest, ExecutionAttributes executionAttributes) {
        return sign(sdkHttpFullRequest, constructAwsS3SignerParams(executionAttributes));
    }

    public SdkHttpFullRequest sign(SdkHttpFullRequest sdkHttpFullRequest, AwsS3V4SignerParams awsS3V4SignerParams) {
        return CredentialUtils.isAnonymous(awsS3V4SignerParams.awsCredentials()) ? sdkHttpFullRequest : doSign(sdkHttpFullRequest, new Aws4SignerRequestParams(awsS3V4SignerParams), awsS3V4SignerParams).mo938build();
    }

    private AwsS3V4SignerParams constructAwsS3SignerParams(ExecutionAttributes executionAttributes) {
        AwsS3V4SignerParams.Builder builder = (AwsS3V4SignerParams.Builder) extractSignerParams(AwsS3V4SignerParams.builder(), executionAttributes);
        Optional ofNullable = Optional.ofNullable((Boolean) executionAttributes.getAttribute(S3SignerExecutionAttribute.ENABLE_CHUNKED_ENCODING));
        Objects.requireNonNull(builder);
        ofNullable.ifPresent(builder::enableChunkedEncoding);
        Optional ofNullable2 = Optional.ofNullable((Boolean) executionAttributes.getAttribute(S3SignerExecutionAttribute.ENABLE_PAYLOAD_SIGNING));
        Objects.requireNonNull(builder);
        ofNullable2.ifPresent(builder::enablePayloadSigning);
        return builder.mo938build();
    }

    @Override // software.amazon.awssdk.core.signer.Presigner
    public SdkHttpFullRequest presign(SdkHttpFullRequest sdkHttpFullRequest, ExecutionAttributes executionAttributes) {
        return presign(sdkHttpFullRequest, extractPresignerParams(Aws4PresignerParams.builder(), executionAttributes).mo938build());
    }

    public SdkHttpFullRequest presign(SdkHttpFullRequest sdkHttpFullRequest, Aws4PresignerParams aws4PresignerParams) {
        if (CredentialUtils.isAnonymous(aws4PresignerParams.awsCredentials())) {
            return sdkHttpFullRequest;
        }
        Aws4PresignerParams copy = aws4PresignerParams.copy(builder -> {
            builder.normalizePath(false);
        });
        return doPresign(sdkHttpFullRequest, new Aws4SignerRequestParams(copy), copy).mo938build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // software.amazon.awssdk.auth.signer.internal.AbstractAws4Signer
    public void processRequestPayload(SdkHttpFullRequest.Builder builder, byte[] bArr, byte[] bArr2, Aws4SignerRequestParams aws4SignerRequestParams, AwsS3V4SignerParams awsS3V4SignerParams) {
        processRequestPayload(builder, bArr, bArr2, aws4SignerRequestParams, awsS3V4SignerParams, (SdkChecksum) null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // software.amazon.awssdk.auth.signer.internal.AbstractAws4Signer
    public void processRequestPayload(SdkHttpFullRequest.Builder builder, byte[] bArr, byte[] bArr2, Aws4SignerRequestParams aws4SignerRequestParams, AwsS3V4SignerParams awsS3V4SignerParams, SdkChecksum sdkChecksum) {
        if (!useChunkEncoding(builder, awsS3V4SignerParams) || builder.contentStreamProvider() == null) {
            return;
        }
        ContentStreamProvider contentStreamProvider = builder.contentStreamProvider();
        String checksumHeaderName = awsS3V4SignerParams.checksumParams() != null ? awsS3V4SignerParams.checksumParams().checksumHeaderName() : null;
        builder.contentStreamProvider(() -> {
            return asChunkEncodedStream(contentStreamProvider.newStream(), bArr, bArr2, aws4SignerRequestParams, sdkChecksum, checksumHeaderName);
        });
    }

    @Override // software.amazon.awssdk.auth.signer.internal.AbstractAws4Signer
    protected String calculateContentHashPresign(SdkHttpFullRequest.Builder builder, Aws4PresignerParams aws4PresignerParams) {
        return "UNSIGNED-PAYLOAD";
    }

    private AwsSignedChunkedEncodingInputStream asChunkEncodedStream(InputStream inputStream, byte[] bArr, byte[] bArr2, Aws4SignerRequestParams aws4SignerRequestParams, SdkChecksum sdkChecksum, String str) {
        return ((AwsSignedChunkedEncodingInputStream.Builder) ((AwsSignedChunkedEncodingInputStream.Builder) ((AwsSignedChunkedEncodingInputStream.Builder) ((AwsSignedChunkedEncodingInputStream.Builder) AwsSignedChunkedEncodingInputStream.builder().inputStream(inputStream)).sdkChecksum(sdkChecksum)).checksumHeaderForTrailer(str)).awsChunkSigner(new AwsS3V4ChunkSigner(bArr2, aws4SignerRequestParams.getFormattedRequestSigningDateTime(), aws4SignerRequestParams.getScope())).headerSignature(BinaryUtils.toHex(bArr)).awsChunkedEncodingConfig(AwsChunkedEncodingConfig.create())).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // software.amazon.awssdk.auth.signer.internal.AbstractAws4Signer
    public String calculateContentHash(SdkHttpFullRequest.Builder builder, AwsS3V4SignerParams awsS3V4SignerParams) {
        return calculateContentHash(builder, awsS3V4SignerParams, (SdkChecksum) null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // software.amazon.awssdk.auth.signer.internal.AbstractAws4Signer
    public String calculateContentHash(SdkHttpFullRequest.Builder builder, AwsS3V4SignerParams awsS3V4SignerParams, SdkChecksum sdkChecksum) {
        String str = "STREAMING-UNSIGNED-PAYLOAD-TRAILER";
        boolean booleanValue = ((Boolean) builder.firstMatchingHeader("x-amz-content-sha256").map((v1) -> {
            return r1.equals(v1);
        }).orElse(false)).booleanValue();
        if (!booleanValue) {
            builder.putHeader("x-amz-content-sha256", "required");
        }
        if (!isPayloadSigningEnabled(builder, awsS3V4SignerParams)) {
            return booleanValue ? "STREAMING-UNSIGNED-PAYLOAD-TRAILER" : "UNSIGNED-PAYLOAD";
        }
        if (!useChunkEncoding(builder, awsS3V4SignerParams)) {
            return super.calculateContentHash(builder, (SdkHttpFullRequest.Builder) awsS3V4SignerParams, sdkChecksum);
        }
        long calculateRequestContentLength = Aws4SignerUtils.calculateRequestContentLength(builder);
        builder.putHeader(software.amazon.awssdk.http.auth.aws.internal.signer.util.SignerConstant.X_AMZ_DECODED_CONTENT_LENGTH, Long.toString(calculateRequestContentLength));
        boolean z = false;
        if (awsS3V4SignerParams.checksumParams() != null) {
            String checksumHeaderName = awsS3V4SignerParams.checksumParams().checksumHeaderName();
            if (StringUtils.isNotBlank(checksumHeaderName) && !HttpChecksumUtils.isHttpChecksumPresent(builder.mo938build(), ChecksumSpecs.builder().headerName(awsS3V4SignerParams.checksumParams().checksumHeaderName()).build())) {
                z = true;
                builder.putHeader("x-amz-trailer", checksumHeaderName);
                builder.appendHeader("Content-Encoding", "aws-chunked");
            }
        }
        builder.putHeader("Content-Length", Long.toString(AwsSignedChunkedEncodingInputStream.calculateStreamContentLength(calculateRequestContentLength, AwsS3V4ChunkSigner.getSignatureLength(), AwsChunkedEncodingConfig.create(), z) + (z ? getChecksumTrailerLength(awsS3V4SignerParams) : 0L)));
        return z ? "STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER" : "STREAMING-AWS4-HMAC-SHA256-PAYLOAD";
    }

    private boolean useChunkEncoding(SdkHttpFullRequest.Builder builder, AwsS3V4SignerParams awsS3V4SignerParams) {
        return isPayloadSigningEnabled(builder, awsS3V4SignerParams) && isChunkedEncodingEnabled(awsS3V4SignerParams);
    }

    private boolean isChunkedEncodingEnabled(AwsS3V4SignerParams awsS3V4SignerParams) {
        Boolean enableChunkedEncoding = awsS3V4SignerParams.enableChunkedEncoding();
        return enableChunkedEncoding != null && enableChunkedEncoding.booleanValue();
    }

    private boolean isPayloadSigningEnabled(SdkHttpFullRequest.Builder builder, AwsS3V4SignerParams awsS3V4SignerParams) {
        if (!builder.protocol().equals(ProxyConfigProvider.HTTPS) && builder.contentStreamProvider() != null) {
            return true;
        }
        Boolean enablePayloadSigning = awsS3V4SignerParams.enablePayloadSigning();
        return enablePayloadSigning != null && enablePayloadSigning.booleanValue();
    }

    public static long getChecksumTrailerLength(AwsS3V4SignerParams awsS3V4SignerParams) {
        if (awsS3V4SignerParams.checksumParams() == null) {
            return 0L;
        }
        return AwsSignedChunkedEncodingInputStream.calculateChecksumContentLength(awsS3V4SignerParams.checksumParams().algorithm(), awsS3V4SignerParams.checksumParams().checksumHeaderName(), 64);
    }
}
