const std::vector<Matchers::StringMatcherPtr>& included_headers) {

  std::map<std::string, std::string> out;

  headers.iterate([&out, &excluded_headers,

                   &included_headers](const Http::HeaderEntry& entry) -> Http::HeaderMap::Iterate {

    if (entry.key().empty() || entry.value().empty()) {

    const auto key = entry.key().getStringView();

    if (!key.empty() && key[0] == ':') {

      return Http::HeaderMap::Iterate::Continue;

    }

    const auto key_lower = absl::AsciiStrToLower(key);

    const bool is_required_header =

        absl::StartsWith(key_lower, "x-amz-") || key_lower == "content-type";

    if (!is_required_header) {

      if (!included_headers.empty()) {

        if (!std::any_of(included_headers.begin(), included_headers.end(),

                         [&key](const Matchers::StringMatcherPtr& matcher) {

                           return matcher->match(key);

                         })) {

          return Http::HeaderMap::Iterate::Continue;

        }

      } else {

        if (std::any_of(excluded_headers.begin(), excluded_headers.end(),

                        [&key](const Matchers::StringMatcherPtr& matcher) {

                          return matcher->match(key);

                        })) {

          return Http::HeaderMap::Iterate::Continue;

        }

      }

    }

    std::string value(entry.value().getStringView());

    absl::RemoveExtraAsciiWhitespace(&value);

    const std::string key_str(key);

    const auto iter = out.find(key_str);

    if (iter != out.end()) {

      iter->second += fmt::format(",{}", value);

    } else {

      out.emplace(std::move(key_str), std::move(value));

    }

    return Http::HeaderMap::Iterate::Continue;

  });

  const absl::string_view authority_header = headers.getHostValue();

  if (!authority_header.empty()) {

    const auto parts = StringUtil::splitToken(authority_header, ":");

    if (parts.size() > 1 && (parts[1] == "80" || parts[1] == "443")) {

      out.emplace(Http::Headers::get().HostLegacy.get(), std::string(parts[0]));

    } else {

      out.emplace(Http::Headers::get().HostLegacy.get(), std::string(authority_header));

    }

  }

  return out;

}

                                bool use_double_uri_uncode) {

  std::string canonical_request;

  canonical_request = absl::StrCat(method, "\n");

  const auto path_part = StringUtil::cropRight(path, QUERY_SPLITTER);

  std::string new_path;

  if (use_double_uri_uncode) {

    if (should_normalize_uri_path) {

      new_path = normalizePath(path_part);

    } else {

      new_path = path_part;

    }

    new_path = uriEncodePath(new_path);

  } else {

    auto encoded_path =

        isUriPathEncoded(path_part) ? std::string(path_part) : uriEncodePath(path_part);

    if (should_normalize_uri_path) {

      new_path = normalizePath(encoded_path);

    } else {

      new_path = encoded_path;

    }

  }

  if (new_path.empty()) {

    absl::StrAppend(&canonical_request, PATH_SPLITTER, "\n");

  } else {

    absl::StrAppend(&canonical_request, new_path, "\n");

  }

  const auto query_part = StringUtil::cropLeft(path, QUERY_SPLITTER);

  if (query_part == path_part) {

    absl::StrAppend(&canonical_request, "\n");

  } else {

    absl::StrAppend(&canonical_request, canonicalizeQueryString(query_part), "\n");

  }

  std::vector<std::string> formatted_headers;

  formatted_headers.reserve(canonical_headers.size());

  for (const auto& header : canonical_headers) {

    formatted_headers.emplace_back(fmt::format("{}:{}", header.first, header.second));

    absl::StrAppend(&canonical_request, formatted_headers.back(), "\n");

  }

  absl::StrAppend(&canonical_request, "\n");

  absl::StrAppend(&canonical_request, joinCanonicalHeaderNames(canonical_headers), "\n");

  absl::StrAppend(&canonical_request, content_hash);

  return canonical_request;

}

std::string Utility::normalizePath(absl::string_view original_path) {

  const auto path_segments = StringUtil::splitToken(original_path, std::string{PATH_SPLITTER});

  std::vector<std::string> path_list;

  path_list.reserve(path_segments.size());

  for (const auto& path_segment : path_segments) {

    if (path_segment.empty() || path_segment == ".") {

      continue;

    } else if (path_segment == "..") {

      if (path_list.empty()) {

        path_list.emplace_back(PATH_SPLITTER);

      } else {

        path_list.pop_back();

      }

    } else {

      path_list.emplace_back(path_segment);

    }

  }

  auto canonical_path_string =

      fmt::format("{}{}", PATH_SPLITTER, absl::StrJoin(path_list, PATH_SPLITTER));

  if (absl::EndsWith(original_path, PATH_SPLITTER) && canonical_path_string.size() > 1) {

    canonical_path_string.push_back(PATH_SPLITTER[0]);

  }

  return canonical_path_string;

}

bool isReservedChar(const char c) {

  return std::isalnum(c) || RESERVED_CHARS.find(c) != std::string::npos;

}

void Utility::encodeCharacter(unsigned char c, std::string& result) {

  if (isReservedChar(c)) {

    result.push_back(c);

  } else {

    absl::StrAppend(&result, fmt::format(URI_ENCODE, c));

  }

}

std::string Utility::uriEncodePath(absl::string_view original_path) {

  const absl::string_view::size_type query_start = original_path.find_first_of("?#");

  const absl::string_view path = original_path.substr(0, query_start);

  const absl::string_view query = absl::ClippedSubstr(original_path, query_start);

  std::string encoded;

  for (unsigned char c : path) {

    if (c == PATH_SPLITTER[0]) {

      encoded.push_back(c);

    } else {

      encodeCharacter(c, encoded);

    }

  }

  absl::StrAppend(&encoded, query);

  return encoded;

}

std::string Utility::canonicalizeQueryString(absl::string_view query_string) {

  const auto query_fragments = StringUtil::splitToken(query_string, QUERY_SEPERATOR);

  std::vector<std::pair<std::string, std::string>> query_list;

  for (const auto& query_fragment : query_fragments) {

    const std::vector<std::string> query =

        absl::StrSplit(query_fragment, absl::MaxSplits(QUERY_PARAM_SEPERATOR, 1));

    if (!query.empty()) {

      const absl::string_view param = query[0];

      const absl::string_view value = query.size() > 1 ? query[1] : EMPTY_STRING;

      query_list.emplace_back(std::make_pair(param, value));

    }

  }

  for (auto& query : query_list) {

    if (query.first != SignatureQueryParameterValues::AmzSecurityToken) {

      query.first = Utility::encodeQueryComponentPreservingPlus(query.first);

      query.second = Utility::encodeQueryComponentPreservingPlus(query.second);

    }

  }

  std::sort(query_list.begin(), query_list.end());

  return absl::StrJoin(query_list, QUERY_SEPERATOR, absl::PairFormatter(QUERY_PARAM_SEPERATOR));

}

std::string Utility::encodeQueryComponentPreservingPlus(absl::string_view original) {

  std::string result;

  for (size_t i = 0; i < original.size(); ++i) {

    if (i + 2 < original.size() && absl::EqualsIgnoreCase(original.substr(i, 3), "%2B")) {

      absl::StrAppend(&result, "%2B");

      i += 2; // Skip the "2B" part

    } else if (original[i] == '+') {

      absl::StrAppend(&result, "%20");

    } else if (original[i] == '%' && i + 2 < original.size()) {

      std::string decoded_seq =

          Envoy::Http::Utility::PercentEncoding::decode(original.substr(i, 3));

      if (decoded_seq.size() == 1) {

        encodeCharacter(decoded_seq[0], result);

        i += 2;

      } else {

        encodeCharacter(original[i], result);

      }

    } else {

      encodeCharacter(original[i], result);

    }

  }

  return result;

}

Utility::joinCanonicalHeaderNames(const std::map<std::string, std::string>& canonical_headers) {

  return absl::StrJoin(canonical_headers, ";", [](auto* out, const auto& pair) {

    return absl::StrAppend(out, pair.first);

  });

}

std::string Utility::getSTSEndpoint(absl::string_view region) {

  std::string single_region;

  const bool fips_mode = FIPS_mode();

  if (absl::StrContains(region, ",") || (absl::StrContains(region, "*"))) {

    const std::vector<std::string> region_v = absl::StrSplit(region, ',');

    if (absl::StrContains(region_v[0], '*')) {

      if (fips_mode) {

      } else {

        return "sts.amazonaws.com";

      }

    }

    single_region = region_v[0];

  } else {

    single_region = region;

  }

  if (single_region == "cn-northwest-1" || single_region == "cn-north-1") {

    return fmt::format("sts.{}.amazonaws.com.cn", single_region);

  }

  if (fips_mode) {

  return fmt::format("sts.{}.amazonaws.com", single_region);

}

std::string Utility::getRolesAnywhereEndpoint(const std::string& trust_anchor_arn) {

  std::string region;

  const std::vector<std::string> arn_split = absl::StrSplit(trust_anchor_arn, ':');

  if (arn_split.size() < 3) {

    region = "us-east-1";

  } else {

    region = arn_split[3];

  }

  if (FIPS_mode() == 1) {

  } else {

    return fmt::format("rolesanywhere.{}.amazonaws.com", region);

  }

}

    const envoy::config::cluster::v3::Cluster::DiscoveryType cluster_type, absl::string_view uri) {

  envoy::config::cluster::v3::Cluster cluster;

  absl::string_view host_port;

  absl::string_view path;

  Http::Utility::extractHostPathFromUri(uri, host_port, path);

  const auto host_attributes = Http::Utility::parseAuthority(host_port);

  const auto host = host_attributes.host_;

  const auto port = host_attributes.port_ ? host_attributes.port_.value() : 80;

  cluster.set_name(cluster_name);

  cluster.set_type(cluster_type);

  cluster.mutable_connect_timeout()->set_seconds(5);

  cluster.mutable_load_assignment()->set_cluster_name(cluster_name);

  auto* endpoint =

      cluster.mutable_load_assignment()->add_endpoints()->add_lb_endpoints()->mutable_endpoint();

  auto* addr = endpoint->mutable_address();

  addr->mutable_socket_address()->set_address(host);

  addr->mutable_socket_address()->set_port_value(port);

  cluster.set_lb_policy(envoy::config::cluster::v3::Cluster::ROUND_ROBIN);

  envoy::extensions::upstreams::http::v3::HttpProtocolOptions protocol_options;

  auto* http_protocol_options =

      protocol_options.mutable_explicit_http_config()->mutable_http_protocol_options();

  http_protocol_options->set_accept_http_10(true);

  (*cluster.mutable_typed_extension_protocol_options())

      ["envoy.extensions.upstreams.http.v3.HttpProtocolOptions"]

          .PackFrom(protocol_options);

  if (port == 443) {

    auto* socket = cluster.mutable_transport_socket();

    envoy::extensions::transport_sockets::tls::v3::UpstreamTlsContext tls_socket;

    socket->set_name("envoy.transport_sockets.tls");

    socket->mutable_typed_config()->PackFrom(tls_socket);

  }

  return cluster;

}

                                                     const std::string& default_value) {

  const char* value = getenv(variable_name.c_str());

  return (value != nullptr) && (value[0] != '\0') ? value : default_value;

}

    absl::flat_hash_map<std::string, std::string>& elements) {

  std::unique_ptr<std::istream> stream;

  stream = std::make_unique<std::istringstream>(std::istringstream{string_data});

  return resolveProfileElementsFromStream(*stream, profile_name, elements);

}

    absl::flat_hash_map<std::string, std::string>& elements) {

  std::ifstream file(profile_file);

  if (!file.is_open()) {

    ENVOY_LOG(debug, "Error opening credentials file {}", profile_file);

    return false;

  }

  std::unique_ptr<std::istream> stream;

  stream = std::make_unique<std::ifstream>(std::move(file));

  return resolveProfileElementsFromStream(*stream, profile_name, elements);

}

    absl::flat_hash_map<std::string, std::string>& elements) {

  const auto profile_start = absl::StrFormat("[%s]", profile_name);

  bool found_profile = false;

  std::string line;

  while (std::getline(stream, line)) {

    line = std::string(StringUtil::trim(line));

    if (line.empty()) {

      continue;

    }

    if (line == profile_start) {

      found_profile = true;

      continue;

    }

    if (found_profile) {

      if (absl::StartsWith(line, "[")) {

        break;

      }

      std::vector<std::string> parts = absl::StrSplit(line, absl::MaxSplits('=', 1));

      if (parts.size() == 2) {

        const auto key = StringUtil::toUpper(StringUtil::trim(parts[0]));

        const auto val = StringUtil::trim(parts[1]);

        auto found = elements.find(key);

        if (found != elements.end()) {

          found->second = val;

        }

      }

    }

  }

  return true;

}

std::string Utility::getCredentialFilePath() {

  const auto home = getEnvironmentVariableOrDefault("HOME", "");

  const auto default_credentials_file_path =

      absl::StrCat(home, DEFAULT_AWS_SHARED_CREDENTIALS_FILE);

  return getEnvironmentVariableOrDefault(AWS_SHARED_CREDENTIALS_FILE,

                                         default_credentials_file_path);

}

std::string Utility::getConfigFilePath() {

  const auto home = Utility::getEnvironmentVariableOrDefault("HOME", "");

  const auto default_credentials_file_path = absl::StrCat(home, DEFAULT_AWS_CONFIG_FILE);

  return getEnvironmentVariableOrDefault(AWS_CONFIG_FILE, default_credentials_file_path);

}

std::string Utility::getCredentialProfileName() {

  return getEnvironmentVariableOrDefault(AWS_PROFILE, DEFAULT_AWS_PROFILE);

}

std::string Utility::getConfigProfileName() {

  auto profile_name = getEnvironmentVariableOrDefault(AWS_PROFILE, DEFAULT_AWS_PROFILE);

  if (profile_name == DEFAULT_AWS_PROFILE) {

    return profile_name;

  } else {

    return "profile " + profile_name;

  }

}

                                                const std::string& string_default) {

  absl::StatusOr<Envoy::Json::ValueType> value_or_error;

  value_or_error = json_object->getValue(string_value);

  if ((!value_or_error.ok()) || (!absl::holds_alternative<std::string>(value_or_error.value()))) {

    ENVOY_LOG(error, "Unable to retrieve string value from json: {}", string_value);

    return string_default;

  }

  return absl::get<std::string>(value_or_error.value());

}

                                             const int64_t integer_default) {

  absl::StatusOr<Envoy::Json::ValueType> value_or_error;

  value_or_error = json_object->getValue(integer_value);

  if (!value_or_error.ok() || ((!absl::holds_alternative<double>(value_or_error.value())) &&

                               (!absl::holds_alternative<int64_t>(value_or_error.value())))) {

    ENVOY_LOG(error, "Unable to retrieve integer value from json: {}", integer_value);

    return integer_default;

  }

  auto json_integer = value_or_error.value();

  if (auto* double_integer = absl::get_if<double>(&json_integer)) {

    if (*double_integer < 0) {

      ENVOY_LOG(error, "Integer {} less than 0: {}", integer_value, *double_integer);

      return integer_default;

    } else {

      return int64_t(*double_integer);

    }

  } else {

    return absl::get<int64_t>(json_integer);

  }

}

bool Utility::useDoubleUriEncode(const std::string service_name) {

  constexpr absl::string_view S3_SERVICE_NAME = "s3";

  constexpr absl::string_view S3_OUTPOSTS_SERVICE_NAME = "s3-outposts";

  constexpr absl::string_view S3_EXPRESS_SERVICE_NAME = "s3-express";

  const std::vector<absl::string_view> do_not_normalize = {

      S3_SERVICE_NAME, S3_OUTPOSTS_SERVICE_NAME, S3_EXPRESS_SERVICE_NAME};

  for (auto& it : do_not_normalize) {

    if (absl::EqualsIgnoreCase(service_name, it)) {

      return false;

    }

  }

  return true;

}

bool Utility::shouldNormalizeUriPath(const std::string service) {

  return Utility::useDoubleUriEncode(service);

}

bool Utility::isUriPathEncoded(absl::string_view path) {

  for (char ch : path) {

    if (!isReservedChar(ch) && ch != '%' && ch != '/') {

      return false;

    }

  }

  return true;

}