package org.jclouds.chef.filters;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Charsets;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.base.Splitter;
import com.google.common.base.Supplier;
import com.google.common.base.Throwables;
import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.Iterables;
import com.google.common.hash.Hashing;
import com.google.common.io.BaseEncoding;
import com.google.common.io.ByteSource;
import java.io.IOException;
import java.security.Key;
import java.security.PrivateKey;
import java.util.NoSuchElementException;
import javax.annotation.Resource;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Provider;
import javax.inject.Singleton;
import org.apache.karaf.jaas.modules.audit.FileAuditLoginModule;
import org.jclouds.Constants;
import org.jclouds.crypto.Crypto;
import org.jclouds.date.TimeStamp;
import org.jclouds.domain.Credentials;
import org.jclouds.http.HttpException;
import org.jclouds.http.HttpRequest;
import org.jclouds.http.HttpRequestFilter;
import org.jclouds.http.HttpUtils;
import org.jclouds.http.internal.SignatureWire;
import org.jclouds.io.ByteStreams2;
import org.jclouds.io.Payload;
import org.jclouds.io.Payloads;
import org.jclouds.io.payloads.MultipartForm;
import org.jclouds.io.payloads.Part;
import org.jclouds.io.payloads.RSAEncryptingPayload;
import org.jclouds.logging.Logger;
import org.jclouds.util.Strings2;

/* JADX WARN: Classes with same name are omitted:
  input_file:chef-1.9.1.jar:org/jclouds/chef/filters/SignedHeaderAuth.class
 */
@Singleton
/* loaded from: input_file:org/jclouds/chef/filters/SignedHeaderAuth.class */
public class SignedHeaderAuth implements HttpRequestFilter {
    public static final String SIGNING_DESCRIPTION = "version=1.0";
    private final SignatureWire signatureWire;
    private final Supplier<Credentials> creds;
    private final Supplier<PrivateKey> supplyKey;
    private final Provider<String> timeStampProvider;
    private final HttpUtils utils;
    private final Crypto crypto;

    @Resource
    @Named(Constants.LOGGER_SIGNATURE)
    Logger signatureLog = Logger.NULL;
    private final String emptyStringHash = hashBody(Payloads.newStringPayload(""));

    @Inject
    public SignedHeaderAuth(SignatureWire signatureWire, @org.jclouds.location.Provider Supplier<Credentials> supplier, Supplier<PrivateKey> supplier2, @TimeStamp Provider<String> provider, HttpUtils httpUtils, Crypto crypto) {
        this.signatureWire = (SignatureWire) Preconditions.checkNotNull(signatureWire, "signatureWire");
        this.creds = (Supplier) Preconditions.checkNotNull(supplier, "creds");
        this.supplyKey = (Supplier) Preconditions.checkNotNull(supplier2, "supplyKey");
        this.timeStampProvider = (Provider) Preconditions.checkNotNull(provider, "timeStampProvider");
        this.utils = (HttpUtils) Preconditions.checkNotNull(httpUtils, "utils");
        this.crypto = (Crypto) Preconditions.checkNotNull(crypto, "crypto");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v2, types: [org.jclouds.http.HttpRequest$Builder] */
    @Override // org.jclouds.http.HttpRequestFilter
    public HttpRequest filter(HttpRequest httpRequest) throws HttpException {
        HttpRequest build = httpRequest.toBuilder().endpoint(httpRequest.getEndpoint().toString().replace("%3F", "?")).build();
        String hashBody = hashBody(build.getPayload());
        ArrayListMultimap create = ArrayListMultimap.create();
        create.put("X-Ops-Content-Hash", hashBody);
        String str = this.timeStampProvider.get();
        String createStringToSign = createStringToSign(build.getMethod(), hashPath(build.getEndpoint().getPath()), hashBody, str);
        create.put("X-Ops-Userid", ((Credentials) this.creds.get()).identity);
        create.put("X-Ops-Sign", SIGNING_DESCRIPTION);
        HttpRequest calculateAndReplaceAuthorizationHeaders = calculateAndReplaceAuthorizationHeaders(build, createStringToSign);
        create.put("X-Ops-Timestamp", str);
        this.utils.logRequest(this.signatureLog, calculateAndReplaceAuthorizationHeaders, "<<");
        return ((HttpRequest.Builder) calculateAndReplaceAuthorizationHeaders.toBuilder().replaceHeaders(create)).build();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @VisibleForTesting
    HttpRequest calculateAndReplaceAuthorizationHeaders(HttpRequest httpRequest, String str) throws HttpException {
        String sign = sign(str);
        if (this.signatureWire.enabled()) {
            this.signatureWire.input(Strings2.toInputStream(sign));
        }
        String[] strArr = (String[]) Iterables.toArray(Splitter.fixedLength(60).split(sign), String.class);
        ArrayListMultimap create = ArrayListMultimap.create();
        for (int i = 0; i < strArr.length; i++) {
            create.put("X-Ops-Authorization-" + (i + 1), strArr[i]);
        }
        return ((HttpRequest.Builder) httpRequest.toBuilder().replaceHeaders(create)).build();
    }

    public String createStringToSign(String str, String str2, String str3, String str4) {
        return "Method:" + str + "\nHashed Path:" + str2 + "\nX-Ops-Content-Hash:" + str3 + "\nX-Ops-Timestamp:" + str4 + "\nX-Ops-UserId:" + ((Credentials) this.creds.get()).identity;
    }

    @VisibleForTesting
    String hashPath(String str) {
        try {
            return BaseEncoding.base64().encode(ByteSource.wrap(canonicalPath(str).getBytes(Charsets.UTF_8)).hash(Hashing.sha1()).asBytes());
        } catch (Exception e) {
            Throwables.propagateIfPossible(e);
            throw new HttpException("error creating sigature for path: " + str, e);
        }
    }

    @VisibleForTesting
    String canonicalPath(String str) {
        String replaceAll = str.replaceAll("\\/+", "/");
        return (!replaceAll.endsWith("/") || replaceAll.length() <= 1) ? replaceAll : replaceAll.substring(0, replaceAll.length() - 1);
    }

    @VisibleForTesting
    String hashBody(Payload payload) {
        if (payload == null) {
            return this.emptyStringHash;
        }
        Payload useTheFilePartIfForm = useTheFilePartIfForm(payload);
        Preconditions.checkArgument(useTheFilePartIfForm != null, "payload was null");
        Preconditions.checkArgument(useTheFilePartIfForm.isRepeatable(), "payload must be repeatable: " + useTheFilePartIfForm);
        try {
            return BaseEncoding.base64().encode(ByteStreams2.hashAndClose(useTheFilePartIfForm.getInput(), Hashing.sha1()).asBytes());
        } catch (Exception e) {
            Throwables.propagateIfPossible(e);
            throw new HttpException("error creating sigature for payload: " + useTheFilePartIfForm, e);
        }
    }

    private Payload useTheFilePartIfForm(Payload payload) {
        if (payload instanceof MultipartForm) {
            try {
                payload = (Payload) Iterables.find(((MultipartForm) MultipartForm.class.cast(payload)).getRawContent(), new Predicate<Part>() { // from class: org.jclouds.chef.filters.SignedHeaderAuth.1
                    public boolean apply(Part part) {
                        return FileAuditLoginModule.LOG_FILE_OPTION.equals(part.getName());
                    }
                });
            } catch (NoSuchElementException e) {
            }
        }
        return payload;
    }

    public String sign(String str) {
        try {
            return BaseEncoding.base64().encode(ByteStreams2.toByteArrayAndClose(new RSAEncryptingPayload(this.crypto, Payloads.newStringPayload(str), (Key) this.supplyKey.get()).openStream()));
        } catch (IOException e) {
            throw new HttpException("error signing request", e);
        }
    }
}
