package com.cloud.sdk.auth.signer;

import com.cloud.apigateway.sdk.utils.Request;
import com.cloud.sdk.util.BinaryUtils;
import com.cloud.sdk.util.HttpUtils;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.TimeZone;
import java.util.TreeMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.StringUtils;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.openeuler.BGMJCEProvider;

/* loaded from: input_file:com/cloud/sdk/auth/signer/Signer.class */
public class Signer {
    public static final String LINE_SEPARATOR = "\n";
    public static final String SDK_SIGNING_ALGORITHM = "SDK-HMAC-SHA256";
    public static final String X_SDK_CONTENT_SHA256 = "x-sdk-content-sha256";
    public static final String X_SDK_DATE = "X-Sdk-Date";
    public static final String AUTHORIZATION = "Authorization";
    private static final Pattern AUTHORIZATION_PATTERN_SHA256 = Pattern.compile("SDK-HMAC-SHA256\\s+Access=([^,]+),\\s?SignedHeaders=([^,]+),\\s?Signature=(\\w+)");
    private static final Pattern AUTHORIZATION_PATTERN_SM3 = Pattern.compile("SDK-HMAC-SM3\\s+Access=([^,]+),\\s?SignedHeaders=([^,]+),\\s?Signature=(\\w+)");
    private static final String LINUX_NEW_LINE = "\n";
    public static final String HOST = "Host";
    public String messageDigestAlgorithm;

    public Signer(String str) {
        this.messageDigestAlgorithm = SDK_SIGNING_ALGORITHM;
        this.messageDigestAlgorithm = str;
    }

    public Signer() {
        this.messageDigestAlgorithm = SDK_SIGNING_ALGORITHM;
    }

    public void sign(Request request) throws UnsupportedEncodingException {
        String header = getHeader(request, X_SDK_DATE);
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMdd'T'HHmmss'Z'");
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
        if (header == null) {
            header = simpleDateFormat.format(new Date());
            request.addHeader(X_SDK_DATE, header);
        }
        addHostHeader(request);
        String calculateContentHash = calculateContentHash(request);
        String[] signedHeaders = getSignedHeaders(request);
        String createCanonicalRequest = createCanonicalRequest(request, signedHeaders, calculateContentHash);
        request.addHeader(AUTHORIZATION, buildAuthorizationHeader(signedHeaders, computeSignature(createStringToSign(createCanonicalRequest, header), deriveSigningKey(request.getSecrect())), request.getKey()));
    }

    protected String getCanonicalizedResourcePath(String str) throws UnsupportedEncodingException {
        if (str == null || str.isEmpty()) {
            return "/";
        }
        try {
            str = new URI(str).getPath();
            String urlEncode = HttpUtils.urlEncode(str, true);
            if (!urlEncode.startsWith("/")) {
                urlEncode = "/".concat(urlEncode);
            }
            if (!urlEncode.endsWith("/")) {
                urlEncode = urlEncode.concat("/");
            }
            return urlEncode;
        } catch (URISyntaxException e) {
            return str;
        }
    }

    protected String getCanonicalizedQueryString(Map<String, List<String>> map) throws UnsupportedEncodingException {
        TreeMap treeMap = new TreeMap();
        for (Map.Entry<String, List<String>> entry : map.entrySet()) {
            String urlEncode = HttpUtils.urlEncode(entry.getKey(), false);
            List<String> value = entry.getValue();
            ArrayList arrayList = new ArrayList(value.size());
            Iterator<String> it = value.iterator();
            while (it.hasNext()) {
                arrayList.add(HttpUtils.urlEncode(it.next(), false));
            }
            Collections.sort(arrayList);
            treeMap.put(urlEncode, arrayList);
        }
        StringBuilder sb = new StringBuilder();
        for (Map.Entry entry2 : treeMap.entrySet()) {
            for (String str : (List) entry2.getValue()) {
                if (sb.length() > 0) {
                    sb.append("&");
                }
                sb.append((String) entry2.getKey()).append("=").append(str);
            }
        }
        return sb.toString();
    }

    protected String createCanonicalRequest(Request request, String[] strArr, String str) throws UnsupportedEncodingException {
        return request.getMethod().toString() + "\n" + getCanonicalizedResourcePath(request.getPath()) + "\n" + getCanonicalizedQueryString(request.getQueryStringParams()) + "\n" + getCanonicalizedHeaderString(request, strArr) + "\n" + getSignedHeadersString(strArr) + "\n" + str;
    }

    protected String createStringToSign(String str, String str2) {
        return StringUtils.equals(this.messageDigestAlgorithm, SDK_SIGNING_ALGORITHM) ? this.messageDigestAlgorithm + "\n" + str2 + "\n" + BinaryUtils.toHex(hash(str)) : this.messageDigestAlgorithm + "\n" + str2 + "\n" + BinaryUtils.toHex(hashSm3(str));
    }

    private byte[] deriveSigningKey(String str) {
        return str.getBytes(StandardCharsets.UTF_8);
    }

    protected byte[] sign(byte[] bArr, byte[] bArr2, SigningAlgorithm signingAlgorithm) {
        try {
            Mac mac = Mac.getInstance(signingAlgorithm.toString());
            mac.init(new SecretKeySpec(bArr2, signingAlgorithm.toString()));
            return mac.doFinal(bArr);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            return new byte[0];
        }
    }

    protected final byte[] computeSignature(String str, byte[] bArr) {
        return StringUtils.equals(this.messageDigestAlgorithm, SDK_SIGNING_ALGORITHM) ? sign(str.getBytes(StandardCharsets.UTF_8), bArr, SigningAlgorithm.HmacSHA256) : sign(str.getBytes(StandardCharsets.UTF_8), bArr, SigningAlgorithm.HmacSM3);
    }

    private String buildAuthorizationHeader(String[] strArr, byte[] bArr, String str) {
        return this.messageDigestAlgorithm + " " + ("Access=" + str) + ", " + ("SignedHeaders=" + getSignedHeadersString(strArr)) + ", " + ("Signature=" + BinaryUtils.toHex(bArr));
    }

    protected String[] getSignedHeaders(Request request) {
        String[] strArr = (String[]) request.getHeaders().keySet().toArray(new String[0]);
        Arrays.sort(strArr, String.CASE_INSENSITIVE_ORDER);
        return strArr;
    }

    protected String getCanonicalizedHeaderString(Request request, String[] strArr) {
        Map<String, String> headers = request.getHeaders();
        StringBuilder sb = new StringBuilder();
        for (String str : strArr) {
            String lowerCase = str.toLowerCase(Locale.getDefault());
            String str2 = headers.get(str);
            sb.append(lowerCase).append(":");
            if (str2 != null) {
                sb.append(str2.trim());
            }
            sb.append("\n");
        }
        return sb.toString();
    }

    protected String getSignedHeadersString(String[] strArr) {
        StringBuilder sb = new StringBuilder();
        for (String str : strArr) {
            if (sb.length() > 0) {
                sb.append(";");
            }
            sb.append(str.toLowerCase(Locale.getDefault()));
        }
        return sb.toString();
    }

    protected void addHostHeader(Request request) {
        boolean z = false;
        Iterator<String> it = request.getHeaders().keySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (HOST.equalsIgnoreCase(it.next())) {
                z = true;
                break;
            }
        }
        if (z) {
            return;
        }
        request.addHeader(HOST, request.getHost());
    }

    protected String getHeader(Request request, String str) {
        if (str == null) {
            return null;
        }
        for (Map.Entry<String, String> entry : request.getHeaders().entrySet()) {
            if (str.equalsIgnoreCase(entry.getKey())) {
                return entry.getValue();
            }
        }
        return null;
    }

    public boolean verify(Request request) throws UnsupportedEncodingException {
        String header = getHeader(request, X_SDK_DATE);
        String header2 = getHeader(request, AUTHORIZATION);
        Matcher matcher = AUTHORIZATION_PATTERN_SM3.matcher(header2);
        if (StringUtils.equals(this.messageDigestAlgorithm, SDK_SIGNING_ALGORITHM)) {
            matcher = AUTHORIZATION_PATTERN_SHA256.matcher(header2);
        }
        if (!matcher.find()) {
            return false;
        }
        String[] split = matcher.group(2).split(";");
        return buildAuthorizationHeader(split, computeSignature(createStringToSign(createCanonicalRequest(request, split, calculateContentHash(request)), header), deriveSigningKey(request.getSecrect())), request.getKey()).equals(header2);
    }

    protected String calculateContentHash(Request request) {
        String header = getHeader(request, X_SDK_CONTENT_SHA256);
        return header != null ? header : StringUtils.equals(this.messageDigestAlgorithm, SDK_SIGNING_ALGORITHM) ? BinaryUtils.toHex(hash(request.getBody())) : BinaryUtils.toHex(hashSm3(request.getBody()));
    }

    public byte[] hash(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(str.getBytes(StandardCharsets.UTF_8));
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            return new byte[0];
        }
    }

    public byte[] hashSm3(String str) {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        SM3Digest sM3Digest = new SM3Digest();
        sM3Digest.update(bytes, 0, bytes.length);
        byte[] bArr = new byte[sM3Digest.getDigestSize()];
        sM3Digest.doFinal(bArr, 0);
        return bArr;
    }

    static {
        Security.insertProviderAt(new BGMJCEProvider(), 1);
    }
}
