package org.jclouds.cloudstack.filters;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSortedSet;
import com.google.common.collect.Multimap;
import java.util.Comparator;
import java.util.Map;
import javax.annotation.Resource;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Provider;
import javax.inject.Singleton;
import javax.ws.rs.core.UriBuilder;
import org.jclouds.crypto.Crypto;
import org.jclouds.crypto.CryptoStreams;
import org.jclouds.http.HttpException;
import org.jclouds.http.HttpRequest;
import org.jclouds.http.HttpUtils;
import org.jclouds.http.internal.SignatureWire;
import org.jclouds.http.utils.Queries;
import org.jclouds.io.InputSuppliers;
import org.jclouds.logging.Logger;
import org.jclouds.rest.RequestSigner;
import org.jclouds.rest.annotations.Credential;
import org.jclouds.rest.annotations.Identity;
import org.jclouds.util.Strings2;

@Singleton
/* loaded from: input_file:org/jclouds/cloudstack/filters/QuerySigner.class */
public class QuerySigner implements AuthenticationFilter, RequestSigner {
    private final SignatureWire signatureWire;
    private final String accessKey;
    private final String secretKey;
    private final Crypto crypto;
    private final HttpUtils utils;
    private final Provider<UriBuilder> builder;

    @Resource
    @Named("jclouds.signature")
    private Logger signatureLog = Logger.NULL;

    @Inject
    public QuerySigner(SignatureWire signatureWire, @Identity String str, @Credential String str2, Crypto crypto, HttpUtils httpUtils, Provider<UriBuilder> provider) {
        this.signatureWire = signatureWire;
        this.accessKey = str;
        this.secretKey = str2;
        this.crypto = crypto;
        this.utils = httpUtils;
        this.builder = provider;
    }

    public HttpRequest filter(HttpRequest httpRequest) throws HttpException {
        Preconditions.checkNotNull(httpRequest, "request must be present");
        Multimap<String, String> parseQueryToMap = Queries.parseQueryToMap(httpRequest.getEndpoint().getRawQuery());
        addSigningParams(parseQueryToMap);
        addSignature(parseQueryToMap, sign(createStringToSign(httpRequest, parseQueryToMap)));
        HttpRequest build = httpRequest.toBuilder().endpoint(((UriBuilder) this.builder.get()).uri(httpRequest.getEndpoint()).replaceQuery(Queries.makeQueryLine(parseQueryToMap, (Comparator) null, new char[0])).build(new Object[0])).build();
        this.utils.logRequest(this.signatureLog, build, "<<");
        return build;
    }

    @VisibleForTesting
    void addSignature(Multimap<String, String> multimap, String str) {
        multimap.replaceValues("signature", ImmutableList.of(str));
    }

    @VisibleForTesting
    public String sign(String str) {
        try {
            String base64 = CryptoStreams.base64(CryptoStreams.mac(InputSuppliers.of(str), this.crypto.hmacSHA1(this.secretKey.getBytes())));
            if (this.signatureWire.enabled()) {
                this.signatureWire.input(Strings2.toInputStream(base64));
            }
            return base64;
        } catch (Exception e) {
            throw new HttpException("error signing request", e);
        }
    }

    @VisibleForTesting
    public String createStringToSign(HttpRequest httpRequest, Multimap<String, String> multimap) {
        this.utils.logRequest(this.signatureLog, httpRequest, ">>");
        ImmutableSortedSet.Builder naturalOrder = ImmutableSortedSet.naturalOrder();
        for (Map.Entry entry : multimap.entries()) {
            naturalOrder.add(((String) entry.getKey()) + "=" + Strings2.urlEncode((String) entry.getValue(), new char[0]));
        }
        String lowerCase = Joiner.on('&').join(naturalOrder.build()).toLowerCase();
        if (this.signatureWire.enabled()) {
            this.signatureWire.output(lowerCase);
        }
        return lowerCase;
    }

    @VisibleForTesting
    void addSigningParams(Multimap<String, String> multimap) {
        multimap.replaceValues("apiKey", ImmutableList.of(this.accessKey));
        multimap.removeAll("signature");
    }

    public String createStringToSign(HttpRequest httpRequest) {
        Multimap<String, String> parseQueryToMap = Queries.parseQueryToMap(httpRequest.getEndpoint().getQuery());
        addSigningParams(parseQueryToMap);
        return createStringToSign(httpRequest, parseQueryToMap);
    }
}
