package com.google.scp.shared.aws.util;

import com.google.scp.shared.aws.credsprovider.AwsSessionCredentialsProvider;
import io.grpc.internal.GrpcUtil;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.apache.hc.core5.http.HttpEntity;
import org.apache.hc.core5.http.HttpEntityContainer;
import org.apache.hc.core5.http.io.support.ClassicRequestBuilder;
import org.apache.http.Header;
import org.apache.http.HttpEntityEnclosingRequest;
import org.apache.http.HttpException;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.client.methods.RequestBuilder;
import org.apache.http.entity.StringEntity;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.signer.Aws4Signer;
import software.amazon.awssdk.auth.signer.params.Aws4SignerParams;
import software.amazon.awssdk.http.SdkHttpFullRequest;
import software.amazon.awssdk.http.SdkHttpMethod;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.utils.StringInputStream;

/* loaded from: input_file:com/google/scp/shared/aws/util/AwsRequestSigner.class */
public final class AwsRequestSigner {
    private AwsRequestSigner() {
    }

    public static HttpRequest makeSignedHttpRequest(HttpRequest httpRequest, String str, Region region, AwsCredentials awsCredentials) throws URISyntaxException, IOException {
        Optional<String> extractBody = extractBody(httpRequest);
        return toApacheHttpRequest(signHttpRequest(toSdkHttpRequest(httpRequest, extractBody), str, region, awsCredentials), extractBody);
    }

    public static org.apache.hc.core5.http.HttpRequest makeSignedHttpRequest(org.apache.hc.core5.http.HttpRequest httpRequest, String str, Region region, AwsCredentials awsCredentials) throws URISyntaxException, IOException {
        Optional<String> extractBody = extractBody(httpRequest);
        return toApacheHttpRequestV2(signHttpRequest(toSdkHttpRequest(httpRequest, extractBody), str, region, awsCredentials), extractBody);
    }

    public static HttpRequestInterceptor createRequestSignerInterceptor(Region region, AwsSessionCredentialsProvider awsSessionCredentialsProvider) {
        return (httpRequest, httpContext) -> {
            try {
                httpRequest.setHeaders(makeSignedHttpRequest(RequestBuilder.copy(httpRequest).setUri(((HttpHost) httpContext.getAttribute("http.target_host")).toString() + httpRequest.getRequestLine().getUri()).build(), "execute-api", region, awsSessionCredentialsProvider.resolveCredentials()).getAllHeaders());
            } catch (URISyntaxException e) {
                throw new HttpException("Syntax error in URI.", e);
            }
        };
    }

    private static SdkHttpFullRequest changePort(SdkHttpFullRequest sdkHttpFullRequest, int i) {
        return sdkHttpFullRequest.mo13507toBuilder().port(Integer.valueOf(i)).mo12755build();
    }

    private static Optional<String> extractBody(HttpRequest httpRequest) throws IOException {
        return httpRequest instanceof HttpEntityEnclosingRequest ? Optional.of(new String(((HttpEntityEnclosingRequest) httpRequest).getEntity().getContent().readAllBytes())) : Optional.empty();
    }

    private static Optional<String> extractBody(org.apache.hc.core5.http.HttpRequest httpRequest) throws IOException {
        if (httpRequest instanceof HttpEntityContainer) {
            Optional ofNullable = Optional.ofNullable(((HttpEntityContainer) httpRequest).getEntity());
            if (ofNullable.isPresent()) {
                return Optional.of(new String(((HttpEntity) ofNullable.get()).getContent().readAllBytes()));
            }
        }
        return Optional.empty();
    }

    private static HttpRequest toApacheHttpRequest(SdkHttpFullRequest sdkHttpFullRequest, Optional<String> optional) throws IOException {
        RequestBuilder create = RequestBuilder.create(sdkHttpFullRequest.method().toString());
        create.setUri(sdkHttpFullRequest.getUri().toString());
        for (Map.Entry<String, List<String>> entry : sdkHttpFullRequest.headers().entrySet()) {
            Iterator<String> it = entry.getValue().iterator();
            while (it.hasNext()) {
                create.addHeader(entry.getKey(), it.next());
            }
        }
        if (optional.isPresent()) {
            create.setEntity(new StringEntity(optional.get()));
        }
        return create.build();
    }

    private static org.apache.hc.core5.http.HttpRequest toApacheHttpRequestV2(SdkHttpFullRequest sdkHttpFullRequest, Optional<String> optional) {
        ClassicRequestBuilder create = ClassicRequestBuilder.create(sdkHttpFullRequest.method().toString());
        create.setUri2(sdkHttpFullRequest.getUri().toString());
        for (Map.Entry<String, List<String>> entry : sdkHttpFullRequest.headers().entrySet()) {
            Iterator<String> it = entry.getValue().iterator();
            while (it.hasNext()) {
                create.addHeader(entry.getKey(), it.next());
            }
        }
        if (optional.isPresent()) {
            create.setEntity(optional.get());
        }
        return create.build();
    }

    private static SdkHttpFullRequest toSdkHttpRequest(HttpRequest httpRequest, Optional<String> optional) throws URISyntaxException {
        SdkHttpFullRequest.Builder method = SdkHttpFullRequest.builder().uri(new URI(httpRequest.getRequestLine().getUri())).method(SdkHttpMethod.fromValue(httpRequest.getRequestLine().getMethod()));
        for (Header header : httpRequest.getAllHeaders()) {
            method.appendHeader(header.getName(), header.getValue());
        }
        optional.ifPresent(str -> {
            method.contentStreamProvider(() -> {
                return new StringInputStream(str);
            });
        });
        return method.mo12755build();
    }

    private static SdkHttpFullRequest toSdkHttpRequest(org.apache.hc.core5.http.HttpRequest httpRequest, Optional<String> optional) throws URISyntaxException {
        SdkHttpFullRequest.Builder method = SdkHttpFullRequest.builder().uri(httpRequest.getUri()).method(SdkHttpMethod.fromValue(httpRequest.getMethod()));
        for (org.apache.hc.core5.http.Header header : httpRequest.getHeaders()) {
            method.appendHeader(header.getName(), header.getValue());
        }
        optional.ifPresent(str -> {
            method.contentStreamProvider(() -> {
                return new StringInputStream(str);
            });
        });
        return method.mo12755build();
    }

    private static SdkHttpFullRequest signHttpRequest(SdkHttpFullRequest sdkHttpFullRequest, String str, Region region, AwsCredentials awsCredentials) {
        return changePort(Aws4Signer.create().sign(changePort(sdkHttpFullRequest, GrpcUtil.DEFAULT_PORT_SSL), Aws4SignerParams.builder().signingName(str).signingRegion(region).awsCredentials(awsCredentials).doubleUrlEncode(true).mo12755build()), sdkHttpFullRequest.getUri().getPort());
    }
}
