package com.volcengine.tos.internal;

import com.volcengine.tos.TosClientException;
import com.volcengine.tos.TosException;
import com.volcengine.tos.auth.Credential;
import com.volcengine.tos.auth.SignKeyInfo;
import com.volcengine.tos.auth.Signer;
import com.volcengine.tos.credential.Credentials;
import com.volcengine.tos.internal.model.PostPolicyJson;
import com.volcengine.tos.internal.model.PreSignedPolicyJson;
import com.volcengine.tos.internal.util.ParamsChecker;
import com.volcengine.tos.internal.util.PayloadConverter;
import com.volcengine.tos.internal.util.SigningUtils;
import com.volcengine.tos.internal.util.StringUtils;
import com.volcengine.tos.internal.util.TosUtils;
import com.volcengine.tos.internal.util.base64.Base64;
import com.volcengine.tos.model.object.DefaultPreSignedPolicyURLGenerator;
import com.volcengine.tos.model.object.PolicySignatureCondition;
import com.volcengine.tos.model.object.PostSignatureCondition;
import com.volcengine.tos.model.object.PreSignedPolicyURLInput;
import com.volcengine.tos.model.object.PreSignedPolicyURLOutput;
import com.volcengine.tos.model.object.PreSignedPostSignatureInput;
import com.volcengine.tos.model.object.PreSignedPostSignatureOutput;
import com.volcengine.tos.model.object.PreSignedURLInput;
import com.volcengine.tos.model.object.PreSignedURLOutput;
import java.io.ByteArrayInputStream;
import java.time.Instant;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import java.util.function.BiConsumer;

/* loaded from: classes6.dex */
public class TosPreSignedRequestHandler {
    private TosRequestFactory factory;
    private Signer signer;

    public TosPreSignedRequestHandler(TosRequestFactory tosRequestFactory, Signer signer) {
        ParamsChecker.ensureNotNull(tosRequestFactory, "TosRequestFactory");
        this.factory = tosRequestFactory;
        this.signer = signer;
    }

    public TosRequestFactory getFactory() {
        return this.factory;
    }

    public Signer getSigner() {
        return this.signer;
    }

    public PreSignedPolicyURLOutput preSignedPolicyURL(PreSignedPolicyURLInput preSignedPolicyURLInput) throws TosException {
        String str;
        String str2;
        String str3;
        String str4;
        ParamsChecker.ensureNotNull(preSignedPolicyURLInput, "PreSingedPolicyURLInput");
        ParamsChecker.isValidBucketName(preSignedPolicyURLInput.getBucket());
        byte[] bArr = null;
        if (preSignedPolicyURLInput.getConditions() == null || preSignedPolicyURLInput.getConditions().size() == 0) {
            throw new TosClientException("empty PolicySignatureConditions", null);
        }
        Iterator<PolicySignatureCondition> it = preSignedPolicyURLInput.getConditions().iterator();
        while (it.hasNext()) {
            if (!StringUtils.equals(it.next().getKey(), "key")) {
                throw new TosClientException("invalid pre signed url conditions, condition key should be 'key'", null);
            }
        }
        long validateAndGetTtl = TosUtils.validateAndGetTtl(preSignedPolicyURLInput.getExpires());
        OffsetDateTime atOffset = Instant.now().atOffset(ZoneOffset.UTC);
        String format = atOffset.format(SigningUtils.iso8601Layout);
        String format2 = atOffset.format(SigningUtils.yyyyMMdd);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new AbstractMap.SimpleEntry(SigningUtils.v4Algorithm, SigningUtils.signPrefix));
        arrayList.add(new AbstractMap.SimpleEntry(SigningUtils.v4Date, format));
        arrayList.add(new AbstractMap.SimpleEntry(SigningUtils.v4Expires, String.valueOf(validateAndGetTtl)));
        Signer signer = this.signer;
        if (signer != null) {
            if (signer.getCredentialsProvider() != null) {
                Credentials credentials = this.signer.getCredentialsProvider().getCredentials();
                str2 = credentials.getAk();
                str3 = credentials.getSk();
                str = credentials.getSecurityToken();
            } else if (this.signer.getCredential() != null) {
                Credential credential = this.signer.getCredential().credential();
                str2 = credential.getAccessKeyId();
                str3 = credential.getAccessKeySecret();
                str = credential.getSecurityToken();
            } else {
                str = null;
                str2 = null;
                str3 = null;
            }
            str4 = this.signer.getRegion();
        } else {
            str = null;
            str2 = null;
            str3 = null;
            str4 = null;
        }
        if (str2 != null && str3 != null && str4 != null) {
            arrayList.add(new AbstractMap.SimpleEntry(SigningUtils.v4Credential, String.format("%s/%s/%s/tos/request", str2, format2, str4)));
            if (StringUtils.isNotEmpty(str)) {
                arrayList.add(new AbstractMap.SimpleEntry(SigningUtils.v4SecurityToken, str));
            }
        }
        ArrayList arrayList2 = new ArrayList(preSignedPolicyURLInput.getConditions());
        arrayList2.add(new PolicySignatureCondition().setKey(SigningUtils.signConditionBucket).setValue(preSignedPolicyURLInput.getBucket()));
        arrayList.add(new AbstractMap.SimpleEntry(SigningUtils.v4Policy, StringUtils.toString(new ByteArrayInputStream(Base64.encodeBase64(PayloadConverter.serializePayloadAndComputeMD5(new PreSignedPolicyJson().setConditions(arrayList2)).getData())), "policyInByte")));
        String str5 = "TOS4-HMAC-SHA256\n" + format + '\n' + format2 + '/' + str4 + "/tos/request\n" + String.valueOf(SigningUtils.toHex(SigningUtils.sha256(SigningUtils.encodeQuery(arrayList) + '\n' + SigningUtils.unsignedPayload)));
        if (str2 != null && str3 != null && str4 != null) {
            bArr = SigningUtils.signKey(new SignKeyInfo().setSk(str3).setDate(format2).setRegion(str4));
        }
        arrayList.add(new AbstractMap.SimpleEntry(SigningUtils.v4Signature, String.valueOf(SigningUtils.toHex(SigningUtils.hmacSha256(bArr, str5.getBytes())))));
        String encodeQuery = SigningUtils.encodeQuery(arrayList);
        String scheme = this.factory.getScheme();
        String host = this.factory.getHost();
        if (StringUtils.isNotEmpty(preSignedPolicyURLInput.getAlternativeEndpoint())) {
            host = ParamsChecker.parseFromEndpoint(preSignedPolicyURLInput.getAlternativeEndpoint()).get(1);
        }
        return new PreSignedPolicyURLOutput().setPreSignedPolicyURLGenerator(new DefaultPreSignedPolicyURLGenerator().setScheme(scheme).setSignatureQuery(encodeQuery).setCustomDomain(preSignedPolicyURLInput.isCustomDomain()).setBucket(preSignedPolicyURLInput.getBucket()).setHost(host)).setScheme(scheme).setHost(host).setSignatureQuery(encodeQuery);
    }

    public PreSignedPostSignatureOutput preSignedPostSignature(PreSignedPostSignatureInput preSignedPostSignatureInput) throws TosException {
        String str;
        String str2;
        String str3;
        String str4;
        String str5;
        ParamsChecker.ensureNotNull(preSignedPostSignatureInput, "PreSignedPostSignatureInput");
        long validateAndGetTtl = TosUtils.validateAndGetTtl(preSignedPostSignatureInput.getExpires());
        OffsetDateTime atOffset = Instant.now().atOffset(ZoneOffset.UTC);
        String format = atOffset.format(SigningUtils.iso8601Layout);
        String format2 = atOffset.format(SigningUtils.yyyyMMdd);
        Signer signer = this.signer;
        if (signer != null) {
            if (signer.getCredentialsProvider() != null) {
                Credentials credentials = this.signer.getCredentialsProvider().getCredentials();
                str2 = credentials.getAk();
                str3 = credentials.getSk();
                str = credentials.getSecurityToken();
            } else if (this.signer.getCredential() != null) {
                Credential credential = this.signer.getCredential().credential();
                str2 = credential.getAccessKeyId();
                str3 = credential.getAccessKeySecret();
                str = credential.getSecurityToken();
            } else {
                str = null;
                str2 = null;
                str3 = null;
            }
            str4 = this.signer.getRegion();
        } else {
            str = null;
            str2 = null;
            str3 = null;
            str4 = null;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(new PostSignatureCondition(SigningUtils.v4Algorithm, SigningUtils.signPrefix));
        arrayList.add(new PostSignatureCondition(SigningUtils.v4Date, format));
        if (str2 == null || str3 == null || str4 == null) {
            str5 = null;
        } else {
            str5 = String.format("%s/%s/%s/tos/request", str2, format2, str4);
            arrayList.add(new PostSignatureCondition(SigningUtils.v4Credential, str5));
            if (StringUtils.isNotEmpty(str)) {
                arrayList.add(new PostSignatureCondition(SigningUtils.v4SecurityToken, str));
            }
        }
        if (StringUtils.isNotEmpty(preSignedPostSignatureInput.getBucket())) {
            ParamsChecker.isValidBucketName(preSignedPostSignatureInput.getBucket());
            arrayList.add(new PostSignatureCondition(SigningUtils.signConditionBucket, preSignedPostSignatureInput.getBucket()));
        }
        if (StringUtils.isNotEmpty(preSignedPostSignatureInput.getKey())) {
            ParamsChecker.isValidKey(preSignedPostSignatureInput.getKey());
            arrayList.add(new PostSignatureCondition("key", preSignedPostSignatureInput.getKey()));
        }
        if (preSignedPostSignatureInput.getConditions() != null) {
            for (int i = 0; i < preSignedPostSignatureInput.getConditions().size(); i++) {
                PostSignatureCondition postSignatureCondition = preSignedPostSignatureInput.getConditions().get(i);
                if (postSignatureCondition.getOperator() != null) {
                    arrayList.add(new PostSignatureCondition("$" + postSignatureCondition.getKey(), postSignatureCondition.getValue(), postSignatureCondition.getOperator()));
                } else {
                    arrayList.add(new PostSignatureCondition(postSignatureCondition.getKey(), postSignatureCondition.getValue()));
                }
            }
        }
        if (preSignedPostSignatureInput.getContentLengthRange() != null) {
            arrayList.add(new PostSignatureCondition(String.valueOf(preSignedPostSignatureInput.getContentLengthRange().getRangeStart()), String.valueOf(preSignedPostSignatureInput.getContentLengthRange().getRangeEnd()), SigningUtils.signConditionRange));
        }
        TosMarshalResult serializePayloadAndComputeMD5 = PayloadConverter.serializePayloadAndComputeMD5(new PostPolicyJson().setConditions(arrayList).setExpiration(atOffset.plusSeconds(validateAndGetTtl).format(SigningUtils.serverTimeFormat)));
        String stringUtils = StringUtils.toString(new ByteArrayInputStream(serializePayloadAndComputeMD5.getData()), "policyJson");
        byte[] signKey = (str2 == null || str3 == null || str4 == null) ? null : SigningUtils.signKey(new SignKeyInfo().setSk(str3).setDate(format2).setRegion(str4));
        byte[] encodeBase64 = Base64.encodeBase64(serializePayloadAndComputeMD5.getData());
        return new PreSignedPostSignatureOutput().setOriginPolicy(stringUtils).setPolicy(StringUtils.toString(new ByteArrayInputStream(encodeBase64), "policyInByte")).setAlgorithm(SigningUtils.signPrefix).setCredential(str5).setDate(format).setSignature(String.valueOf(SigningUtils.toHex(SigningUtils.hmacSha256(signKey, encodeBase64))));
    }

    public PreSignedURLOutput preSignedURL(PreSignedURLInput preSignedURLInput) throws TosException {
        ParamsChecker.ensureNotNull(preSignedURLInput, "PreSignedURLInput");
        boolean isCustomDomain = this.factory.isCustomDomain();
        if (preSignedURLInput.isCustomDomain() != null) {
            isCustomDomain = preSignedURLInput.isCustomDomain().booleanValue();
        }
        if (!isCustomDomain) {
            ParamsChecker.isValidBucketName(preSignedURLInput.getBucket());
        }
        ParamsChecker.isValidHttpMethod(preSignedURLInput.getHttpMethod());
        long validateAndGetTtl = TosUtils.validateAndGetTtl(preSignedURLInput.getExpires());
        String key = preSignedURLInput.getKey();
        if (StringUtils.isEmpty(key)) {
            key = "";
        }
        final RequestBuilder init = this.factory.init(preSignedURLInput.getBucket(), key, preSignedURLInput.getHeader());
        init.setUrlMode(isCustomDomain ? 2 : 0);
        if (StringUtils.isNotEmpty(preSignedURLInput.getAlternativeEndpoint())) {
            init.setHost(ParamsChecker.parseFromEndpoint(preSignedURLInput.getAlternativeEndpoint()).get(1));
        }
        if (preSignedURLInput.getQuery() != null) {
            Map<String, String> query = preSignedURLInput.getQuery();
            init.getClass();
            query.forEach(new BiConsumer() { // from class: com.volcengine.tos.internal.-$$Lambda$lqkswrpLX0Cj4HnQvNLCNwm1GHk
                @Override // java.util.function.BiConsumer
                public final void accept(Object obj, Object obj2) {
                    RequestBuilder.this.withQuery((String) obj, (String) obj2);
                }
            });
        }
        TosRequest build = this.factory.build(init, preSignedURLInput.getHttpMethod(), validateAndGetTtl);
        return new PreSignedURLOutput(build.toURL().toString(), build.getHeaders());
    }

    public TosPreSignedRequestHandler setFactory(TosRequestFactory tosRequestFactory) {
        this.factory = tosRequestFactory;
        return this;
    }

    public TosPreSignedRequestHandler setSigner(Signer signer) {
        this.signer = signer;
        return this;
    }
}
