package com.sequenceiq.cloudbreak.client;

import com.sequenceiq.cloudbreak.common.json.JsonUtil;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.util.Base64;
import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.client.ClientRequestFilter;
import javax.ws.rs.core.MultivaluedMap;
import net.i2p.crypto.eddsa.EdDSAEngine;
import net.i2p.crypto.eddsa.EdDSAPrivateKey;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
import org.apache.http.entity.ContentType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sequenceiq/cloudbreak/client/ApiKeyRequestFilter.class */
public class ApiKeyRequestFilter implements ClientRequestFilter {
    private static final String AUTH_METHOD = "ed25519v1";
    private static final Logger LOGGER = LoggerFactory.getLogger(ApiKeyRequestFilter.class);
    private static final String X_ALTUS_DATE = "x-altus-date";
    private static final String X_ALTUS_AUTH = "x-altus-auth";
    private String accessKey;
    private String secretKey;

    public ApiKeyRequestFilter(String str, String str2) {
        this.accessKey = str;
        this.secretKey = str2;
    }

    public void filter(ClientRequestContext clientRequestContext) throws IOException {
        MultivaluedMap headers = clientRequestContext.getHeaders();
        String format = DateTimeFormatter.RFC_1123_DATE_TIME.format(OffsetDateTime.now(ZoneOffset.UTC));
        if (headers.get("Content-Type") == null) {
            headers.add("Content-Type", ContentType.APPLICATION_JSON);
        }
        headers.add(X_ALTUS_DATE, format);
        headers.add(X_ALTUS_AUTH, authHeader(this.accessKey, this.secretKey, clientRequestContext.getMethod(), clientRequestContext.getUri().getPath(), format));
    }

    private String authHeader(String str, String str2, String str3, String str4, String str5) {
        return urlsafeMeta(str) + "." + urlsafeSignature(str2, str3, str4, str5);
    }

    private String urlsafeMeta(String str) {
        return new String(Base64.getUrlEncoder().encode(JsonUtil.writeValueAsStringSilent(new AccessKeyAuthMethod(str, AUTH_METHOD)).getBytes(StandardCharsets.UTF_8)));
    }

    private String urlsafeSignature(String str, String str2, String str3, String str4) {
        PrivateKey edDSAPrivateKey = new EdDSAPrivateKey(new EdDSAPrivateKeySpec(Base64.getDecoder().decode(str), EdDSANamedCurveTable.ED_25519_CURVE_SPEC));
        try {
            EdDSAEngine edDSAEngine = new EdDSAEngine(MessageDigest.getInstance("SHA-512"));
            edDSAEngine.initSign(edDSAPrivateKey);
            String str5 = str2 + "\napplication/json\n" + str4 + "\n" + str3 + "\ned25519v1";
            LOGGER.info("Message to sign: \n'{}'", str5);
            edDSAEngine.update(str5.getBytes(StandardCharsets.UTF_8));
            return new String(Base64.getUrlEncoder().encode(edDSAEngine.sign()), StandardCharsets.UTF_8);
        } catch (InvalidKeyException e) {
            LOGGER.error("Invalid private key for signing", e);
            throw new IllegalArgumentException("Invalid private key for signing", e);
        } catch (NoSuchAlgorithmException e2) {
            LOGGER.error("Can not find SHA-512", e2);
            throw new IllegalStateException("Can not find SHA-512", e2);
        } catch (SignatureException e3) {
            LOGGER.error("Signing failed", e3);
            throw new IllegalArgumentException("Signing failed", e3);
        }
    }
}
