package com.baidubce.qianfan.core.auth;

import com.baidubce.qianfan.core.QianfanConfig;
import com.baidubce.qianfan.model.exception.AuthException;
import com.baidubce.qianfan.util.Pair;
import com.baidubce.qianfan.util.StringUtils;
import com.baidubce.qianfan.util.http.HttpRequest;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.TimeZone;
import java.util.stream.Collectors;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/baidubce/qianfan/core/auth/IAMAuth.class */
public class IAMAuth implements IAuth {
    private static final String HMAC_SHA256 = "HmacSHA256";
    private static final List<String> HEADER_TO_SIGN = Arrays.asList("host", "x-bce-date");
    private static final String SESSION_KEY_TEMPLATE = "bce-auth-v1/%s/%s/%s";
    private static final String SIGNATURE_TEMPLATE = "%s\n%s\n%s\n%s";
    private static final String AUTHORIZATION_TEMPLATE = "%s/%s/%s";
    private final String accessKey;
    private final String secretKey;

    public IAMAuth(String str, String str2) {
        this.accessKey = str;
        this.secretKey = str2;
    }

    @Override // com.baidubce.qianfan.core.auth.IAuth
    public HttpRequest signRequest(HttpRequest httpRequest) {
        try {
            return httpRequest.addHeader("Authorization", sign(httpRequest.getMethod(), httpRequest.getUrl())).addHeader("X-Bce-Date", getTimestamp());
        } catch (Exception e) {
            throw new AuthException("Failed to sign request", (Throwable) e);
        }
    }

    private String sign(String str, String str2) {
        String format = String.format(SESSION_KEY_TEMPLATE, this.accessKey, getTimestamp(), Integer.valueOf(QianfanConfig.getIamSignExpirationSec().intValue()));
        String hash = hash(format, this.secretKey);
        URI create = URI.create(str2);
        String queryStringCanonicalization = queryStringCanonicalization(create.getQuery());
        HashMap hashMap = new HashMap();
        hashMap.put("host", create.getHost());
        hashMap.put("x-bce-date", getTimestamp());
        Pair<String, String[]> headersCanonicalization = headersCanonicalization(hashMap);
        return String.format(AUTHORIZATION_TEMPLATE, format, String.join(";", headersCanonicalization.second), hash(String.format(SIGNATURE_TEMPLATE, str, create.getPath(), queryStringCanonicalization, headersCanonicalization.first), hash));
    }

    private String getTimestamp() {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'", Locale.US);
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
        return simpleDateFormat.format(new Date());
    }

    private String queryStringCanonicalization(String str) {
        if (StringUtils.isEmpty(str)) {
            return "";
        }
        HashMap hashMap = new HashMap();
        for (String str2 : str.split("&")) {
            String[] split = str2.split("=");
            hashMap.put(split[0], split[1]);
        }
        return (String) hashMap.entrySet().stream().sorted(Map.Entry.comparingByKey()).map(entry -> {
            return ((String) entry.getKey()) + "=" + normalize(entry.getValue().toString(), true);
        }).collect(Collectors.joining("&"));
    }

    private Pair<String, String[]> headersCanonicalization(Map<String, String> map) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        map.entrySet().stream().filter(entry -> {
            return StringUtils.isNotEmpty((String) entry.getValue());
        }).forEach(entry2 -> {
            String lowerCase = ((String) entry2.getKey()).toLowerCase();
            String trim = ((String) entry2.getValue()).trim();
            if (HEADER_TO_SIGN.contains(lowerCase)) {
                arrayList.add(normalize(lowerCase, false) + ":" + normalize(trim, false));
                arrayList2.add(lowerCase);
            }
        });
        Collections.sort(arrayList);
        Collections.sort(arrayList2);
        return new Pair<>(String.join("\n", arrayList), (String[]) arrayList2.toArray(new String[0]));
    }

    private String normalize(String str, boolean z) {
        try {
            String replace = URLEncoder.encode(str, StandardCharsets.UTF_8.name()).replace("+", "%20").replace("%21", "!").replace("%27", "'").replace("%28", "(").replace("%29", ")").replace("%2A", "*");
            if (!z) {
                replace = replace.replace("%2F", "/");
            }
            return replace;
        } catch (UnsupportedEncodingException e) {
            return "";
        }
    }

    private String hash(String str, String str2) {
        try {
            Mac mac = Mac.getInstance(HMAC_SHA256);
            mac.init(new SecretKeySpec(str2.getBytes(StandardCharsets.UTF_8), HMAC_SHA256));
            return StringUtils.bytesToHexString(mac.doFinal(str.getBytes(StandardCharsets.UTF_8)));
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            return "";
        }
    }
}
