package org.projectnessie.catalog.service.rest;

import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
import com.google.common.hash.Hasher;
import com.google.common.hash.Hashing;
import jakarta.validation.constraints.NotNull;
import java.nio.charset.StandardCharsets;
import java.time.Instant;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import org.projectnessie.catalog.service.objtypes.SignerKey;
import org.projectnessie.catalog.service.rest.ImmutableSignerSignature;
import org.projectnessie.nessie.immutables.NessieImmutable;

@JsonSerialize(as = ImmutableSignerSignature.class)
@JsonDeserialize(as = ImmutableSignerSignature.class)
@NessieImmutable
/* loaded from: input_file:org/projectnessie/catalog/service/rest/SignerSignature.class */
public abstract class SignerSignature {
    public abstract String prefix();

    public abstract String identifier();

    public abstract String warehouseLocation();

    /* renamed from: writeLocations */
    public abstract List<String> mo15writeLocations();

    /* renamed from: readLocations */
    public abstract List<String> mo14readLocations();

    public abstract long expirationTimestamp();

    public String sign(SignerKey signerKey) {
        Hasher newHasher = Hashing.hmacSha256(signerKey.secretKeySpec()).newHasher();
        newHasher.putLong(expirationTimestamp());
        newHasher.putString("prefix=" + prefix(), StandardCharsets.UTF_8);
        newHasher.putString("identifier=" + identifier(), StandardCharsets.UTF_8);
        newHasher.putString("b=" + warehouseLocation(), StandardCharsets.UTF_8);
        Iterator<String> it = mo15writeLocations().iterator();
        while (it.hasNext()) {
            newHasher.putString("w=" + it.next(), StandardCharsets.UTF_8);
        }
        Iterator<String> it2 = mo14readLocations().iterator();
        while (it2.hasNext()) {
            newHasher.putString("r=" + it2.next(), StandardCharsets.UTF_8);
        }
        return newHasher.hash().toString();
    }

    public String toPathParam(SignerKey signerKey) {
        return SignerParams.builder().keyName(signerKey.name()).signature(sign(signerKey)).signerSignature(this).build().toPathParam();
    }

    public Optional<String> verify(SignerKey signerKey, @NotNull String str, @NotNull Instant instant) {
        return signerKey == null ? Optional.of("Could not find signingKey") : !sign(signerKey).equals(str) ? Optional.of("Got invalid signature") : expirationTimestamp() <= instant.getEpochSecond() ? Optional.of("Got expired signature") : Optional.empty();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ImmutableSignerSignature.Builder builder() {
        return ImmutableSignerSignature.builder();
    }
}
