package com.huaweicloud.sdk.core.auth;

import com.huaweicloud.sdk.core.auth.AKSKSigner;
import com.huaweicloud.sdk.core.exception.SdkException;
import com.huaweicloud.sdk.core.http.HttpRequest;
import com.huaweicloud.sdk.core.utils.BinaryUtils;
import com.huaweicloud.sdk.core.utils.StringUtils;
import com.obs.services.internal.Constants;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.URL;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/huaweicloud/sdk/core/auth/DerivedAKSKSigner.class */
public class DerivedAKSKSigner extends AKSKSigner {
    private static final String V_11_HMAC_SHA_256 = "V11-HMAC-SHA256";
    private static final DerivedAKSKSigner SINGLETON = new DerivedAKSKSigner();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/huaweicloud/sdk/core/auth/DerivedAKSKSigner$HKDF.class */
    public static class HKDF {
        private static final String HMAC_SHA1 = "hmacsha1";
        private static final String HMAC_SHA256 = "hmacsha256";
        private static final int DERIVATION_KEY_LENGTH = 32;
        private static final String HMAC_ALGORITHM = "hmacsha256";
        private static final int ALGORITHM_HASH_LENGTH = getHashLen("hmacsha256");
        private static final Charset UTF_8 = StandardCharsets.UTF_8;
        private static final int EXPAND_CEIL = (int) Math.ceil(32.0d / ALGORITHM_HASH_LENGTH);

        HKDF() {
        }

        public static String getDerKeySHA256(String str, String str2, String str3) {
            if (null == str || "".equals(str) || null == str2 || "".equals(str2)) {
                return null;
            }
            try {
                return toHex(expand(extract(str2.getBytes(UTF_8), str.getBytes(UTF_8), "hmacsha256"), str3.getBytes(UTF_8), "hmacsha256", 32, EXPAND_CEIL));
            } catch (IOException | InvalidKeyException | NoSuchAlgorithmException e) {
                throw new SdkException("Failed to derive AK " + str + " with info " + str3 + " .", e);
            }
        }

        public static String toHex(byte[] bArr) {
            StringBuilder sb = new StringBuilder(bArr.length * 2);
            for (byte b : bArr) {
                String hexString = Integer.toHexString(b);
                if (hexString.length() == 1) {
                    sb.append(Constants.RESULTCODE_SUCCESS);
                } else if (hexString.length() == 8) {
                    hexString = hexString.substring(6);
                }
                sb.append(hexString);
            }
            return sb.toString().toLowerCase(Locale.ROOT);
        }

        private static byte[] extract(byte[] bArr, byte[] bArr2, String str) throws NoSuchAlgorithmException, InvalidKeyException {
            if (bArr2 == null || bArr2.length == 0) {
                bArr2 = new byte[getHashLen(str)];
            }
            Mac mac = Mac.getInstance(str);
            mac.init(new SecretKeySpec(bArr2, str));
            return mac.doFinal(bArr);
        }

        private static byte[] expand(byte[] bArr, byte[] bArr2, String str, int i, int i2) throws NoSuchAlgorithmException, InvalidKeyException, IOException {
            byte[] bArr3;
            Mac mac = Mac.getInstance(str);
            mac.init(new SecretKeySpec(bArr, str));
            if (i2 == 1) {
                bArr3 = expandFirst(bArr2, mac);
            } else {
                bArr3 = new byte[0];
                byte[] bArr4 = new byte[0];
                for (int i3 = 1; i3 <= i2; i3++) {
                    bArr4 = expandOnce(bArr2, mac, bArr4, i3);
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    byteArrayOutputStream.write(bArr3);
                    byteArrayOutputStream.write(bArr4);
                    bArr3 = byteArrayOutputStream.toByteArray();
                }
            }
            if (32 == bArr3.length) {
                return bArr3;
            }
            if (32 < bArr3.length) {
                return Arrays.copyOf(bArr3, 32);
            }
            throw new IOException("Failed to expand with algorithm " + str);
        }

        private static byte[] expandFirst(byte[] bArr, Mac mac) {
            byte[] bArr2 = new byte[bArr.length + 1];
            System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
            bArr2[bArr.length] = 1;
            return mac.doFinal(bArr2);
        }

        private static byte[] expandOnce(byte[] bArr, Mac mac, byte[] bArr2, int i) throws IOException {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(bArr2);
            byteArrayOutputStream.write(bArr);
            byteArrayOutputStream.write(i);
            return mac.doFinal(byteArrayOutputStream.toByteArray());
        }

        private static int getHashLen(String str) {
            boolean z = -1;
            switch (str.hashCode()) {
                case -92809010:
                    if (str.equals("hmacsha256")) {
                        z = true;
                        break;
                    }
                    break;
                case 1689287020:
                    if (str.equals(HMAC_SHA1)) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return 20;
                case true:
                default:
                    return 32;
            }
        }
    }

    protected DerivedAKSKSigner() {
    }

    public static DerivedAKSKSigner getInstance() {
        return SINGLETON;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.huaweicloud.sdk.core.auth.AKSKSigner
    public <T extends AbstractCredentials<T>> void checkRequired(T t) {
        super.checkRequired(t);
        if (StringUtils.isEmpty(t.regionId)) {
            throw new SdkException("regionId is required in credentials when using derived auth");
        }
        if (StringUtils.isEmpty(t.derivedAuthServiceName)) {
            throw new SdkException("derivedAuthServiceName is required in credentials when using derived auth");
        }
    }

    @Override // com.huaweicloud.sdk.core.auth.AKSKSigner, com.huaweicloud.sdk.core.auth.IAKSKSigner
    public <T extends AbstractCredentials<T>> Map<String, String> sign(HttpRequest httpRequest, T t) {
        checkRequired(t);
        HashMap hashMap = new HashMap();
        URL url = httpRequest.getUrl();
        hashMap.put("Host", httpRequest.haveHeader("Host").booleanValue() ? httpRequest.getHeader("Host") : url.getAuthority());
        String extractTimeStamp = extractTimeStamp(httpRequest, hashMap);
        Map<String, String> combineAllHeaders = combineAllHeaders(httpRequest, hashMap);
        String buildCanonicalUri = buildCanonicalUri(url);
        String buildCanonicalQueryString = buildCanonicalQueryString(url.getQuery(), httpRequest.getQueryParams());
        String join = String.join(";", combineAllHeaders.keySet());
        String hex = BinaryUtils.toHex(this.hasher.hash(buildCanonicalRequest(httpRequest.getMethod().name(), buildCanonicalUri, buildCanonicalQueryString, buildCanonicalHeaders(combineAllHeaders), join, buildPayloadHash(httpRequest)).getBytes(StandardCharsets.UTF_8)));
        String format = String.format(Locale.ROOT, "%s/%s/%s", extractTimeStamp.substring(0, 8), t.regionId, t.derivedAuthServiceName);
        hashMap.put("Authorization", String.format(Locale.ROOT, "%s Credential=%s/%s, SignedHeaders=%s, Signature=%s", V_11_HMAC_SHA_256, t.getAk(), format, join, buildSignature(buildStringToSign(V_11_HMAC_SHA_256, extractTimeStamp, format, hex), new AKSKSigner.HmacSigningKey(this.hasher, HKDF.getDerKeySHA256(t.getAk(), t.getSk(), format).getBytes(StandardCharsets.UTF_8)))));
        return hashMap;
    }
}
