package software.amazon.awssdk.http.auth.aws.eventstream.internal.io;

import java.nio.ByteBuffer;
import java.time.Clock;
import java.time.Instant;
import java.util.Arrays;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import java.util.function.Function;
import org.reactivestreams.Publisher;
import org.reactivestreams.Subscriber;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.auth.signer.internal.BaseEventStreamAsyncAws4Signer;
import software.amazon.awssdk.http.auth.aws.internal.signer.CredentialScope;
import software.amazon.awssdk.http.auth.aws.internal.signer.util.SignerConstant;
import software.amazon.awssdk.http.auth.aws.internal.signer.util.SignerUtils;
import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
import software.amazon.awssdk.utils.BinaryUtils;
import software.amazon.awssdk.utils.Logger;
import software.amazon.awssdk.utils.Validate;
import software.amazon.awssdk.utils.internal.MappingSubscriber;
import software.amazon.eventstream.HeaderValue;
import software.amazon.eventstream.Message;

@SdkInternalApi
/* loaded from: input_file:software/amazon/awssdk/http/auth/aws/eventstream/internal/io/SigV4DataFramePublisher.class */
public final class SigV4DataFramePublisher implements Publisher<ByteBuffer> {
    private static final Logger LOG = Logger.loggerFor((Class<?>) SigV4DataFramePublisher.class);
    private static final String CHUNK_SIGNATURE = ":chunk-signature";
    private static final int PAYLOAD_TRUNCATE_LENGTH = 32;
    private final Publisher<ByteBuffer> sigv4Publisher;

    /* loaded from: input_file:software/amazon/awssdk/http/auth/aws/eventstream/internal/io/SigV4DataFramePublisher$Builder.class */
    public static class Builder {
        private Publisher<ByteBuffer> publisher;
        private AwsCredentialsIdentity credentials;
        private CredentialScope credentialScope;
        private String signature;
        private Clock signingClock;

        public Builder publisher(Publisher<ByteBuffer> publisher) {
            this.publisher = publisher;
            return this;
        }

        public Builder credentials(AwsCredentialsIdentity awsCredentialsIdentity) {
            this.credentials = awsCredentialsIdentity;
            return this;
        }

        public Builder credentialScope(CredentialScope credentialScope) {
            this.credentialScope = credentialScope;
            return this;
        }

        public Builder signature(String str) {
            this.signature = str;
            return this;
        }

        public Builder signingClock(Clock clock) {
            this.signingClock = clock;
            return this;
        }

        public SigV4DataFramePublisher build() {
            return new SigV4DataFramePublisher(this);
        }
    }

    private SigV4DataFramePublisher(Builder builder) {
        Validate.paramNotNull(builder.publisher, "Publisher");
        Validate.paramNotNull(builder.credentials, "Credentials");
        Validate.paramNotNull(builder.credentialScope, "CredentialScope");
        Validate.paramNotNull(builder.signature, "Signature");
        Validate.paramNotNull(builder.signingClock, "SigningClock");
        TrailingDataFramePublisher trailingDataFramePublisher = new TrailingDataFramePublisher(builder.publisher);
        this.sigv4Publisher = subscriber -> {
            trailingDataFramePublisher.subscribe(MappingSubscriber.create(subscriber, getDataFrameSigner(builder.credentials, builder.credentialScope, builder.signature, builder.signingClock)));
        };
    }

    private static Function<ByteBuffer, ByteBuffer> getDataFrameSigner(final AwsCredentialsIdentity awsCredentialsIdentity, final CredentialScope credentialScope, final String str, final Clock clock) {
        return new Function<ByteBuffer, ByteBuffer>() { // from class: software.amazon.awssdk.http.auth.aws.eventstream.internal.io.SigV4DataFramePublisher.1
            String priorSignature;

            {
                this.priorSignature = str;
            }

            @Override // java.util.function.Function
            public ByteBuffer apply(ByteBuffer byteBuffer) {
                HashMap hashMap = new HashMap();
                Instant instant = clock.instant();
                hashMap.put(BaseEventStreamAsyncAws4Signer.EVENT_STREAM_DATE, HeaderValue.fromTimestamp(instant));
                CredentialScope credentialScope2 = new CredentialScope(credentialScope.getRegion(), credentialScope.getService(), instant);
                byte[] deriveSigningKey = SignerUtils.deriveSigningKey(awsCredentialsIdentity, credentialScope2);
                byte[] bArr = new byte[byteBuffer.remaining()];
                byteBuffer.get(bArr);
                byte[] signEvent = SigV4DataFramePublisher.signEvent(this.priorSignature, deriveSigningKey, credentialScope2, hashMap, bArr);
                this.priorSignature = BinaryUtils.toHex(signEvent);
                HashMap hashMap2 = new HashMap(hashMap);
                hashMap2.put(":chunk-signature", HeaderValue.fromByteArray(signEvent));
                Message message = new Message(SigV4DataFramePublisher.sortHeaders(hashMap2), bArr);
                if (SigV4DataFramePublisher.LOG.isLoggingLevelEnabled("trace")) {
                    SigV4DataFramePublisher.LOG.trace(() -> {
                        return "Signed message: " + SigV4DataFramePublisher.toDebugString(message, false);
                    });
                } else {
                    SigV4DataFramePublisher.LOG.debug(() -> {
                        return "Signed message: " + SigV4DataFramePublisher.toDebugString(message, true);
                    });
                }
                return message.toByteBuffer();
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] signEvent(String str, byte[] bArr, CredentialScope credentialScope, Map<String, HeaderValue> map, byte[] bArr2) {
        return SignerUtils.computeSignature("AWS4-HMAC-SHA256-PAYLOAD\n" + credentialScope.getDatetime() + SignerConstant.LINE_SEPARATOR + credentialScope.scope() + SignerConstant.LINE_SEPARATOR + str + SignerConstant.LINE_SEPARATOR + BinaryUtils.toHex(SignerUtils.hash(Message.encodeHeaders(sortHeaders(map).entrySet()))) + SignerConstant.LINE_SEPARATOR + BinaryUtils.toHex(SignerUtils.hash(bArr2)), bArr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static TreeMap<String, HeaderValue> sortHeaders(Map<String, HeaderValue> map) {
        TreeMap<String, HeaderValue> treeMap = new TreeMap<>((Comparator<? super String>) (str, str2) -> {
            if (str.equals(":chunk-signature")) {
                return 1;
            }
            if (str2.equals(":chunk-signature")) {
                return -1;
            }
            return str.compareTo(str2);
        });
        treeMap.putAll(map);
        return treeMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String toDebugString(Message message, boolean z) {
        StringBuilder sb = new StringBuilder("Message = {headers={");
        Iterator<Map.Entry<String, HeaderValue>> it = message.getHeaders().entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<String, HeaderValue> next = it.next();
            sb.append(next.getKey()).append("={").append(next.getValue().toString()).append("}");
            if (it.hasNext()) {
                sb.append(", ");
            }
        }
        sb.append("}, payload=");
        byte[] payload = message.getPayload();
        boolean z2 = z && payload.length > 32;
        sb.append(BinaryUtils.toHex(z2 ? Arrays.copyOf(payload, 32) : payload));
        if (z2) {
            sb.append("...");
        }
        sb.append("}");
        return sb.toString();
    }

    public static Builder builder() {
        return new Builder();
    }

    @Override // org.reactivestreams.Publisher
    public void subscribe(Subscriber<? super ByteBuffer> subscriber) {
        this.sigv4Publisher.subscribe(subscriber);
    }
}
