package org.hibernate.search.elasticsearch.aws.impl;

import java.io.IOException;
import java.io.InputStream;
import java.security.MessageDigest;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.util.Arrays;
import java.util.Set;
import java.util.stream.Stream;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.http.HttpEntity;
import org.apache.http.HttpEntityEnclosingRequest;
import org.apache.http.HttpException;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.RequestLine;
import org.apache.http.protocol.HttpContext;
import org.hibernate.search.elasticsearch.spi.DigestSelfSigningCapable;
import org.hibernate.search.util.impl.CollectionHelper;
import uk.co.lucasweb.aws.v4.signer.Signer;
import uk.co.lucasweb.aws.v4.signer.credentials.AwsCredentials;

/* loaded from: input_file:org/hibernate/search/elasticsearch/aws/impl/AWSSigningRequestInterceptor.class */
class AWSSigningRequestInterceptor implements HttpRequestInterceptor {
    private static final Set<String> HEADERS_TO_SIGN = CollectionHelper.asImmutableSet(new String[]{AWSHeaders.HOST, AWSHeaders.X_AMZ_DATE_HEADER_NAME, AWSHeaders.X_AMZ_CONTENT_SHA256_HEADER_NAME});
    private final AwsCredentials credentials;
    private final String region;
    private final String service;

    public AWSSigningRequestInterceptor(String str, String str2, String str3, String str4) {
        this.credentials = new AwsCredentials(str, str2);
        this.region = str3;
        this.service = str4;
    }

    @Override // org.apache.http.HttpRequestInterceptor
    public void process(HttpRequest httpRequest, HttpContext httpContext) throws HttpException, IOException {
        httpRequest.addHeader(AWSHeaders.X_AMZ_DATE_HEADER_NAME, AWSHeaders.toAmzDate(LocalDateTime.now(ZoneOffset.UTC)));
        String computeContentHash = computeContentHash(httpRequest);
        httpRequest.addHeader(AWSHeaders.X_AMZ_CONTENT_SHA256_HEADER_NAME, computeContentHash);
        httpRequest.addHeader(AWSHeaders.AUTHORIZATION, sign(httpRequest, computeContentHash));
    }

    private String computeContentHash(HttpRequest httpRequest) throws IOException {
        DigestSelfSigningCapable entity = getEntity(httpRequest);
        if (entity == null) {
            return DigestUtils.sha256Hex("");
        }
        if (entity instanceof DigestSelfSigningCapable) {
            DigestSelfSigningCapable digestSelfSigningCapable = entity;
            MessageDigest sha256Digest = DigestUtils.getSha256Digest();
            digestSelfSigningCapable.fillDigest(sha256Digest);
            return Hex.encodeHexString(sha256Digest.digest());
        }
        if (!entity.isRepeatable()) {
            throw new IllegalStateException("Cannot sign AWS requests with non-repeatable entities");
        }
        InputStream content = entity.getContent();
        Throwable th = null;
        try {
            String sha256Hex = DigestUtils.sha256Hex(content);
            if (content != null) {
                if (0 != 0) {
                    try {
                        content.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    content.close();
                }
            }
            return sha256Hex;
        } catch (Throwable th3) {
            if (content != null) {
                if (0 != 0) {
                    try {
                        content.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    content.close();
                }
            }
            throw th3;
        }
    }

    private HttpEntity getEntity(HttpRequest httpRequest) throws IOException {
        if (httpRequest instanceof HttpEntityEnclosingRequest) {
            return ((HttpEntityEnclosingRequest) httpRequest).getEntity();
        }
        return null;
    }

    private String sign(HttpRequest httpRequest, String str) {
        RequestLine requestLine = httpRequest.getRequestLine();
        uk.co.lucasweb.aws.v4.signer.HttpRequest httpRequest2 = new uk.co.lucasweb.aws.v4.signer.HttpRequest(requestLine.getMethod(), requestLine.getUri());
        Signer.Builder region = Signer.builder().awsCredentials(this.credentials).region(this.region);
        for (String str2 : HEADERS_TO_SIGN) {
            Stream map = Arrays.stream(httpRequest.getHeaders(str2)).map((v0) -> {
                return v0.getValue();
            });
            if (AWSHeaders.HOST.equalsIgnoreCase(str2)) {
                map = map.map(AWSNormalization::normalizeHost);
            }
            map.forEach(str3 -> {
                region.header(str2, str3);
            });
        }
        return region.build(httpRequest2, this.service, str).getSignature();
    }
}
