package com.amazonaws.services.iot.client.util;

import com.amazonaws.services.iot.client.AWSIotException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.TimeZone;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/amazonaws/services/iot/client/util/AwsIotWebSocketUrlSigner.class */
public class AwsIotWebSocketUrlSigner {
    private static final String HASH_ALGORITHM = "SHA-256";
    private static final String HMAC_ALGORITHM = "HmacSHA256";
    private static final String ALGORITHM = "AWS4-HMAC-SHA256";
    private static final String KEY_PREFIX = "AWS4";
    private static final String TERMINATOR = "aws4_request";
    private static final String DATE_PATTERN = "yyyyMMdd";
    private static final String TIME_PATTERN = "yyyyMMdd'T'HHmmss'Z'";
    private static final String UTF8 = "UTF-8";
    private static final String METHOD = "GET";
    private static final String CANONICAL_URI = "/mqtt";
    private static final String ServiceName = "iotdata";
    private String endpoint;
    private String regionName;
    private String awsAccessKeyId;
    private String sessionToken;
    private Mac signingSecretMac;
    private static final TimeZone TIME_ZONE = TimeZone.getTimeZone("UTC");
    private static final Pattern EndpointPattern = Pattern.compile("iot\\.([\\w-]+)\\.amazonaws\\..*");

    public AwsIotWebSocketUrlSigner(String str) {
        if (str == null) {
            throw new IllegalArgumentException("Invalid endpoint provided");
        }
        this.endpoint = str.trim().toLowerCase();
        this.regionName = getRegionFromEndpoint(this.endpoint);
        if (this.regionName == null) {
            throw new IllegalArgumentException("Could not extract region from endpoint provided");
        }
    }

    public AwsIotWebSocketUrlSigner(String str, String str2, String str3, String str4) {
        this(str);
        updateCredentials(str2, str3, str4);
    }

    public void updateCredentials(String str, String str2, String str3) {
        if (str == null || str2 == null) {
            throw new IllegalArgumentException("Missing required data for signing");
        }
        this.awsAccessKeyId = str.trim();
        try {
            byte[] bytes = (KEY_PREFIX + str2).getBytes(UTF8);
            this.signingSecretMac = Mac.getInstance(HMAC_ALGORITHM);
            this.signingSecretMac.init(new SecretKeySpec(bytes, HMAC_ALGORITHM));
            this.sessionToken = str3;
            if (this.sessionToken != null) {
                this.sessionToken = URLEncoder.encode(this.sessionToken, UTF8);
            }
        } catch (UnsupportedEncodingException | InvalidKeyException | NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("Error in initializing signing secret MAC");
        }
    }

    public String getSignedUrl(Date date) throws AWSIotException {
        Date date2 = date;
        if (date2 == null) {
            date2 = new Date();
        }
        String amzDate = getAmzDate(date2);
        String dateStamp = getDateStamp(date2);
        String str = dateStamp + "/" + this.regionName + "/" + ServiceName + "/aws4_request";
        StringBuilder sb = new StringBuilder();
        sb.append("X-Amz-Algorithm=").append(ALGORITHM);
        sb.append("&X-Amz-Credential=");
        try {
            sb.append(URLEncoder.encode(this.awsAccessKeyId + "/" + str, UTF8));
            sb.append("&X-Amz-Date=").append(amzDate);
            sb.append("&X-Amz-SignedHeaders=host");
            String stringToHex = stringToHex(sign("AWS4-HMAC-SHA256\n" + amzDate + "\n" + str + "\n" + stringToHex(hash("GET\n/mqtt\n" + sb.toString() + "\n" + ("host:" + this.endpoint + "\n") + "\nhost\n" + stringToHex(hash("")))), getSigningKey(dateStamp)));
            sb.append("&X-Amz-Signature=");
            sb.append(stringToHex);
            String str2 = "wss://" + this.endpoint + CANONICAL_URI + "?" + sb.toString();
            if (this.sessionToken != null) {
                str2 = str2 + "&X-Amz-Security-Token=" + this.sessionToken;
            }
            return str2;
        } catch (UnsupportedEncodingException e) {
            throw new AWSIotException("Error encoding URL when building WebSocket URL");
        }
    }

    private String getRegionFromEndpoint(String str) {
        Matcher matcher = EndpointPattern.matcher(str);
        if (matcher.find()) {
            return matcher.group(1);
        }
        return null;
    }

    private String stringToHex(byte[] bArr) {
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            String hexString = Integer.toHexString(b);
            if (hexString.length() == 1) {
                sb.append("0");
            } else if (hexString.length() == 8) {
                hexString = hexString.substring(6);
            }
            sb.append(hexString);
        }
        return sb.toString().toLowerCase();
    }

    private byte[] getSigningKey(String str) throws AWSIotException {
        if (this.signingSecretMac == null) {
            throw new AWSIotException("Signing credentials not provided");
        }
        return sign(TERMINATOR, sign(ServiceName, sign(this.regionName, sign(str, this.signingSecretMac))));
    }

    private String getAmzDate(Date date) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(TIME_PATTERN);
        simpleDateFormat.setTimeZone(TIME_ZONE);
        return simpleDateFormat.format(date);
    }

    private String getDateStamp(Date date) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(DATE_PATTERN);
        simpleDateFormat.setTimeZone(TIME_ZONE);
        return simpleDateFormat.format(date);
    }

    private byte[] hash(String str) throws AWSIotException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(HASH_ALGORITHM);
            messageDigest.update(str.getBytes(UTF8));
            return messageDigest.digest();
        } catch (Exception e) {
            throw new AWSIotException("Unable to compute hash while signing request: " + e.getMessage());
        }
    }

    private byte[] sign(String str, byte[] bArr) throws AWSIotException {
        try {
            byte[] bytes = str.getBytes(UTF8);
            Mac mac = Mac.getInstance(HMAC_ALGORITHM);
            mac.init(new SecretKeySpec(bArr, HMAC_ALGORITHM));
            return mac.doFinal(bytes);
        } catch (Exception e) {
            throw new AWSIotException("Unable to calculate a request signature: " + e.getMessage());
        }
    }

    private byte[] sign(String str, Mac mac) throws AWSIotException {
        try {
            return mac.doFinal(str.getBytes(UTF8));
        } catch (Exception e) {
            throw new AWSIotException("Unable to calculate a request signature: " + e.getMessage());
        }
    }
}
