package fish.payara.microprofile.config.extensions.aws.client;

import jakarta.ws.rs.client.ClientRequestContext;
import jakarta.ws.rs.client.ClientRequestFilter;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.MultivaluedMap;
import jakarta.ws.rs.ext.Provider;
import java.io.IOException;
import java.text.MessageFormat;
import java.util.logging.Level;
import java.util.logging.Logger;

@Provider
/* loaded from: input_file:fish/payara/microprofile/config/extensions/aws/client/AwsAuthFeature.class */
public class AwsAuthFeature implements ClientRequestFilter {
    private static final Logger LOGGER = Logger.getLogger(AwsAuthFeature.class.getName());
    private final String accessKey;
    private final String secretKey;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:fish/payara/microprofile/config/extensions/aws/client/AwsAuthFeature$Context.class */
    public static class Context {
        private String method;
        private String query;
        private String timestamp;
        private String date;
        private String host;
        private String region;
        private String serviceName;
        private String payload;
        private String xAmzContentSha256;
        private String xAmzTarget;
        private String contentType;

        private Context() {
        }
    }

    public AwsAuthFeature(String str, String str2) {
        this.accessKey = str;
        this.secretKey = str2;
    }

    @Override // jakarta.ws.rs.client.ClientRequestFilter
    public synchronized void filter(ClientRequestContext clientRequestContext) throws IOException {
        MultivaluedMap<String, String> stringHeaders = clientRequestContext.getStringHeaders();
        Context context = new Context();
        context.method = clientRequestContext.getMethod();
        context.query = clientRequestContext.getUri().getQuery();
        context.timestamp = stringHeaders.getFirst("X-Amz-Date");
        context.date = context.timestamp.split("T")[0];
        context.host = clientRequestContext.getUri().getHost();
        context.region = context.host.split("\\.")[1];
        context.serviceName = context.host.split("\\.")[0];
        context.payload = clientRequestContext.getEntity().toString().trim();
        context.xAmzContentSha256 = clientRequestContext.getHeaderString("X-Amz-Content-Sha256");
        context.xAmzTarget = clientRequestContext.getHeaderString("X-Amz-Target");
        context.contentType = clientRequestContext.getHeaderString(HttpHeaders.CONTENT_TYPE);
        try {
            clientRequestContext.getHeaders().putSingle("Authorization", generateAwsAuthSignature(context));
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, "Failed to create Authorization header", (Throwable) e);
        }
    }

    private String generateAwsAuthSignature(Context context) throws Exception {
        String str = (("AWS4-HMAC-SHA256\n" + context.timestamp + "\n") + context.date + "/" + context.region + "/" + context.serviceName + "/aws4_request\n") + AuthUtils.generateHex(prepareCanonicalUrl(context));
        if (LOGGER.isLoggable(Level.FINER)) {
            System.out.println("String to sign: " + str);
        }
        return MessageFormat.format("AWS4-HMAC-SHA256 Credential={0}/{1}/{2}/{3}/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date;x-amz-target, Signature={4}", this.accessKey, context.date, context.region, context.serviceName, AuthUtils.bytesToHex(AuthUtils.HmacSHA256(AuthUtils.getSignatureKey(this.secretKey, context.date, context.region, context.serviceName), str)));
    }

    private String prepareCanonicalUrl(Context context) {
        String str = (((((((((((("" + context.method) + "\n") + "/") + "\n") + context.query) + "\n") + MessageFormat.format("content-type:{0}\n", context.contentType)) + MessageFormat.format("host:{0}\n", context.host)) + MessageFormat.format("x-amz-content-sha256:{0}\n", context.xAmzContentSha256)) + MessageFormat.format("x-amz-date:{0}\n", context.timestamp)) + MessageFormat.format("x-amz-target:{0}\n", context.xAmzTarget)) + "\ncontent-type;host;x-amz-content-sha256;x-amz-date;x-amz-target\n") + AuthUtils.generateHex(context.payload);
        if (LOGGER.isLoggable(Level.FINER)) {
            LOGGER.finer("Canonical URL: " + str);
        }
        return str;
    }
}
