package com.xiaomi.infra.galaxy.common.auth;

import com.xiaomi.infra.galaxy.common.BasicGalaxyRequest;
import com.xiaomi.infra.galaxy.common.GalaxyClientException;
import com.xiaomi.infra.galaxy.common.constants.Constants;
import com.xiaomi.infra.galaxy.common.constants.ReturnCode;
import com.xiaomi.infra.galaxy.common.util.BinaryUtils;
import com.xiaomi.infra.galaxy.common.util.HttpUtils;
import java.io.IOException;
import java.io.InputStream;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.SimpleTimeZone;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: classes.dex */
public class Galaxy4Signer extends AbstractGalaxySigner {
    protected static final String ALGORITHM = "Galaxy-HMAC-SHA256";
    protected static final String TERMINATOR = "galaxy_request";
    protected static final Log log = LogFactory.getLog(Galaxy4Signer.class);
    protected Date overriddenDate;
    protected String serviceName;
    protected ThreadLocal<SimpleDateFormat> dateTimeFormat = new ThreadLocal<SimpleDateFormat>() { // from class: com.xiaomi.infra.galaxy.common.auth.Galaxy4Signer.1
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // java.lang.ThreadLocal
        public SimpleDateFormat initialValue() {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMdd'T'HHmmss'Z'");
            simpleDateFormat.setTimeZone(new SimpleTimeZone(0, "UTC"));
            return simpleDateFormat;
        }
    };
    protected ThreadLocal<SimpleDateFormat> dateStampFormat = new ThreadLocal<SimpleDateFormat>() { // from class: com.xiaomi.infra.galaxy.common.auth.Galaxy4Signer.2
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // java.lang.ThreadLocal
        public SimpleDateFormat initialValue() {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMdd");
            simpleDateFormat.setTimeZone(new SimpleTimeZone(0, "UTC"));
            return simpleDateFormat;
        }
    };

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes.dex */
    public class HeaderSigningResult {
        private String dateTime;
        private byte[] kSigning;
        private String scope;
        private byte[] signature;

        public HeaderSigningResult(String str, String str2, byte[] bArr, byte[] bArr2) {
            this.dateTime = str;
            this.scope = str2;
            this.kSigning = bArr;
            this.signature = bArr2;
        }

        public String getDateTime() {
            return this.dateTime;
        }

        public byte[] getKSigning() {
            byte[] bArr = new byte[this.kSigning.length];
            System.arraycopy(this.kSigning, 0, bArr, 0, this.kSigning.length);
            return bArr;
        }

        public String getScope() {
            return this.scope;
        }

        public byte[] getSignature() {
            byte[] bArr = new byte[this.signature.length];
            System.arraycopy(this.signature, 0, bArr, 0, this.signature.length);
            return bArr;
        }
    }

    protected void addHostHeader(BasicGalaxyRequest basicGalaxyRequest) {
        String host = basicGalaxyRequest.getEndpoint().getHost();
        if (HttpUtils.isUsingNonDefaultPort(basicGalaxyRequest.getEndpoint())) {
            host = host + ":" + basicGalaxyRequest.getEndpoint().getPort();
        }
        basicGalaxyRequest.addHeader("Host", host);
    }

    protected String calculateContentHash(BasicGalaxyRequest basicGalaxyRequest) throws GalaxyClientException {
        InputStream binaryRequestPayloadStream = getBinaryRequestPayloadStream(basicGalaxyRequest);
        binaryRequestPayloadStream.mark(-1);
        String hex = BinaryUtils.toHex(hash(binaryRequestPayloadStream));
        try {
            binaryRequestPayloadStream.reset();
            return hex;
        } catch (IOException e) {
            throw new GalaxyClientException(ReturnCode.SIGNATURE_FAILED, "Unable to reset stream after calculating galaxy signature", e);
        }
    }

    protected HeaderSigningResult computeSignature(BasicGalaxyRequest basicGalaxyRequest, Date date, String str, String str2, GalaxyCredentials galaxyCredentials) throws GalaxyClientException {
        String dateTimeStamp = getDateTimeStamp(date);
        String dateStamp = getDateStamp(date);
        StringBuilder sb = new StringBuilder();
        sb.append(dateStamp).append("/").append(Constants.SERVICE_NAME).append("/").append(TERMINATOR);
        StringBuilder stringToSign = getStringToSign(str, dateTimeStamp, sb, getCanonicalRequest(basicGalaxyRequest, str2));
        StringBuilder sb2 = new StringBuilder();
        sb2.append(Constants.SERVICE_NAME).append(galaxyCredentials.getGalaxySecretKey());
        byte[] sign = sign(TERMINATOR, sign(Constants.SERVICE_NAME, sign(dateStamp, sb2.toString().getBytes(), SigningAlgorithm.HmacSHA256), SigningAlgorithm.HmacSHA256), SigningAlgorithm.HmacSHA256);
        return new HeaderSigningResult(dateTimeStamp, sb.toString(), sign, sign(stringToSign.toString().getBytes(), sign, SigningAlgorithm.HmacSHA256));
    }

    protected StringBuilder getCanonicalRequest(BasicGalaxyRequest basicGalaxyRequest, String str) {
        StringBuilder sb = new StringBuilder();
        sb.append(basicGalaxyRequest.getHttpMethod().toString()).append("\n").append(getCanonicalizedResourcePath(basicGalaxyRequest.getResourcePath())).append("\n").append(getCanonicalizedQueryString(basicGalaxyRequest)).append("\n").append(getCanonicalizedHeaderString(basicGalaxyRequest)).append("\n").append((CharSequence) getSignedHeadersString(basicGalaxyRequest)).append("\n").append(str);
        if (log.isDebugEnabled()) {
            log.debug("Galaxy Canonical Request: '\"" + ((Object) sb) + "\"");
        }
        return sb;
    }

    protected String getCanonicalizedHeaderString(BasicGalaxyRequest basicGalaxyRequest) {
        ArrayList<String> arrayList = new ArrayList();
        arrayList.addAll(basicGalaxyRequest.getHeaders().keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            sb.append(str.toLowerCase().replaceAll("\\s+", " ") + ":" + basicGalaxyRequest.getHeaders().get(str).replaceAll("\\s+", " "));
            sb.append("\n");
        }
        return sb.toString();
    }

    protected String getDateStamp(Date date) {
        return this.dateStampFormat.get().format(date);
    }

    protected String getDateTimeStamp(Date date) {
        return this.dateTimeFormat.get().format(date);
    }

    protected StringBuilder getScope(BasicGalaxyRequest basicGalaxyRequest, Date date) {
        String dateStamp = getDateStamp(date);
        StringBuilder sb = new StringBuilder();
        sb.append(dateStamp).append("/").append(this.serviceName).append("/").append(TERMINATOR);
        return sb;
    }

    protected StringBuilder getSignedHeadersString(BasicGalaxyRequest basicGalaxyRequest) {
        ArrayList<String> arrayList = new ArrayList();
        arrayList.addAll(basicGalaxyRequest.getHeaders().keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            if (sb.length() > 0) {
                sb.append(";");
            }
            sb.append(str.toLowerCase());
        }
        return sb;
    }

    protected StringBuilder getStringToSign(String str, String str2, CharSequence charSequence, CharSequence charSequence2) throws GalaxyClientException {
        StringBuilder sb = new StringBuilder();
        sb.append(str).append("\n").append(str2).append("\n").append(charSequence).append("\n").append(BinaryUtils.toHex(hash(charSequence2.toString())));
        if (log.isDebugEnabled()) {
            log.debug("Galaxy String to Sign: '\"" + ((Object) sb) + "\"");
        }
        return sb;
    }

    void overrideDate(Date date) {
        this.overriddenDate = date;
    }

    protected void processRequestPayload(BasicGalaxyRequest basicGalaxyRequest, HeaderSigningResult headerSigningResult) {
    }

    public void setServiceName(String str) {
        this.serviceName = str;
    }

    @Override // com.xiaomi.infra.galaxy.common.auth.Signer
    public void sign(BasicGalaxyRequest basicGalaxyRequest, GalaxyCredentials galaxyCredentials) throws GalaxyClientException {
        if (galaxyCredentials instanceof AnonymousGalaxyCredentials) {
            basicGalaxyRequest.addHeader(Constants.HK_ACCESS_METHOD, Constants.HV_ANONYMOUS);
            return;
        }
        if (galaxyCredentials instanceof AppSecretCredentials) {
            basicGalaxyRequest.addHeader(Constants.HK_ACCESS_METHOD, Constants.HV_APPSECRETTOKEN);
            basicGalaxyRequest.addHeader(Constants.HK_TOKEN, galaxyCredentials.getGalaxySecretKey());
        }
        GalaxyCredentials sanitizeCredentials = sanitizeCredentials(galaxyCredentials);
        if (galaxyCredentials instanceof SessionCredentials) {
            basicGalaxyRequest.addHeader(Constants.HK_TOKEN, galaxyCredentials.getGalaxySecretKey());
        }
        addHostHeader(basicGalaxyRequest);
        Date date = new Date();
        StringBuilder scope = getScope(basicGalaxyRequest, date);
        String calculateContentHash = calculateContentHash(basicGalaxyRequest);
        basicGalaxyRequest.addHeader(Constants.HK_DATE, getDateTimeStamp(date));
        if (basicGalaxyRequest.getHeaders().get(Constants.HK_CONTENT_SHA256) != null && basicGalaxyRequest.getHeaders().get(Constants.HK_CONTENT_SHA256).equals("required")) {
            basicGalaxyRequest.addHeader(Constants.HK_CONTENT_SHA256, calculateContentHash);
        }
        basicGalaxyRequest.addHeader(Constants.HK_CONTENT_SHA256, calculateContentHash);
        StringBuilder sb = new StringBuilder();
        sb.append(sanitizeCredentials.getGalaxyAppId()).append("/").append((CharSequence) scope);
        HeaderSigningResult computeSignature = computeSignature(basicGalaxyRequest, date, ALGORITHM, calculateContentHash, sanitizeCredentials);
        StringBuilder sb2 = new StringBuilder();
        sb2.append("Credential=").append((CharSequence) sb);
        StringBuilder sb3 = new StringBuilder();
        sb3.append("SignedHeaders=").append((CharSequence) getSignedHeadersString(basicGalaxyRequest));
        StringBuilder sb4 = new StringBuilder();
        sb4.append("Signature=").append(BinaryUtils.toHex(computeSignature.getSignature()));
        StringBuilder sb5 = new StringBuilder();
        sb5.append(ALGORITHM).append(" ").append((CharSequence) sb2).append(", ").append((CharSequence) sb3).append(", ").append((CharSequence) sb4);
        basicGalaxyRequest.addHeader(Constants.HK_AUTHORIZATION, sb5.toString());
        processRequestPayload(basicGalaxyRequest, computeSignature);
    }
}
