package org.apache.hadoop.ozone.s3;

import com.google.common.annotations.VisibleForTesting;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.net.UnknownHostException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.time.LocalDate;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.PostConstruct;
import javax.enterprise.context.RequestScoped;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.hadoop.ozone.s3.exception.OS3Exception;
import org.apache.hadoop.ozone.s3.exception.S3ErrorTable;
import org.apache.hadoop.ozone.s3.header.AuthorizationHeaderV4;
import org.apache.hadoop.ozone.s3.header.Credential;
import org.apache.kerby.util.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RequestScoped
/* loaded from: input_file:org/apache/hadoop/ozone/s3/AWSV4SignatureProcessor.class */
public class AWSV4SignatureProcessor implements SignatureProcessor {
    private static final Logger LOG = LoggerFactory.getLogger(AWSV4SignatureProcessor.class);

    @Context
    private ContainerRequestContext context;
    private Map<String, String> headers;
    private MultivaluedMap<String, String> queryMap;
    private String uri;
    private String method;
    private AuthorizationHeaderV4 v4Header;
    private String stringToSign;

    /* loaded from: input_file:org/apache/hadoop/ozone/s3/AWSV4SignatureProcessor$LowerCaseKeyStringMap.class */
    public static class LowerCaseKeyStringMap implements Map<String, String> {
        private HashMap<String, String> delegate;

        public LowerCaseKeyStringMap(HashMap<String, String> hashMap) {
            this.delegate = hashMap;
        }

        @Override // java.util.Map
        public int size() {
            return this.delegate.size();
        }

        @Override // java.util.Map
        public boolean isEmpty() {
            return this.delegate.isEmpty();
        }

        @Override // java.util.Map
        public boolean containsKey(Object obj) {
            return this.delegate.containsKey(obj.toString().toLowerCase());
        }

        @Override // java.util.Map
        public boolean containsValue(Object obj) {
            return this.delegate.containsValue(obj);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.Map
        public String get(Object obj) {
            return this.delegate.get(obj.toString().toLowerCase());
        }

        @Override // java.util.Map
        public String put(String str, String str2) {
            return this.delegate.put(str.toLowerCase(), str2);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.Map
        public String remove(Object obj) {
            return this.delegate.remove(obj.toString());
        }

        @Override // java.util.Map
        public void putAll(Map<? extends String, ? extends String> map) {
            for (Map.Entry<? extends String, ? extends String> entry : map.entrySet()) {
                put(entry.getKey().toLowerCase(), entry.getValue());
            }
        }

        @Override // java.util.Map
        public void clear() {
            this.delegate.clear();
        }

        @Override // java.util.Map
        public Set<String> keySet() {
            return this.delegate.keySet();
        }

        @Override // java.util.Map
        public Collection<String> values() {
            return this.delegate.values();
        }

        @Override // java.util.Map
        public Set<Map.Entry<String, String>> entrySet() {
            return this.delegate.entrySet();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @PostConstruct
    public void init() throws Exception {
        LOG.info("Initializing request header parser");
        this.headers = new LowerCaseKeyStringMap(new HashMap());
        for (Map.Entry entry : this.context.getHeaders().entrySet()) {
            if (0 < ((List) entry.getValue()).size()) {
                String str = (String) entry.getKey();
                if (this.headers.containsKey(str)) {
                    this.headers.put(str, this.headers.get(str) + "," + ((String) ((List) entry.getValue()).get(0)));
                } else {
                    this.headers.put(str, ((List) entry.getValue()).get(0));
                }
            }
        }
        if (this.headers.containsKey(HeaderPreprocessor.ORIGINAL_CONTENT_TYPE)) {
            this.headers.put(HeaderPreprocessor.CONTENT_TYPE, this.headers.get(HeaderPreprocessor.ORIGINAL_CONTENT_TYPE));
        }
        this.queryMap = this.context.getUriInfo().getQueryParameters();
        try {
            this.uri = new URI(this.context.getUriInfo().getRequestUri().getPath().replaceAll("\\/+", "/")).normalize().getPath();
            this.method = this.context.getMethod();
            if (this.v4Header == null) {
                this.v4Header = new AuthorizationHeaderV4(this.headers.get(SignatureProcessor.AUTHORIZATION_HEADER));
            }
            parse();
        } catch (URISyntaxException e) {
            throw S3ErrorTable.S3_AUTHINFO_CREATION_ERROR;
        }
    }

    public void parse() throws Exception {
        StringBuilder sb = new StringBuilder();
        String algorithm = this.v4Header.getAlgorithm();
        String str = this.headers.get(SignatureProcessor.X_AMAZ_DATE);
        Credential credentialObj = this.v4Header.getCredentialObj();
        String format = String.format("%s/%s/%s/%s", credentialObj.getDate(), credentialObj.getAwsRegion(), credentialObj.getAwsService(), credentialObj.getAwsRequest());
        this.uri = this.uri.trim().length() > 0 ? this.uri : "/";
        sb.append(algorithm + SignatureProcessor.NEWLINE);
        sb.append(str + SignatureProcessor.NEWLINE);
        sb.append(format + SignatureProcessor.NEWLINE);
        String buildCanonicalRequest = buildCanonicalRequest();
        sb.append(hash(buildCanonicalRequest));
        if (LOG.isDebugEnabled()) {
            LOG.debug("canonicalRequest:[{}]", buildCanonicalRequest);
        }
        if (LOG.isTraceEnabled()) {
            this.headers.keySet().forEach(str2 -> {
                LOG.trace("Header:{},value:{}", str2, this.headers.get(str2));
            });
        }
        LOG.debug("StringToSign:[{}]", sb);
        this.stringToSign = sb.toString();
    }

    @VisibleForTesting
    public String buildCanonicalRequest() throws OS3Exception {
        Iterable<String> split = split("/", this.uri);
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = split.iterator();
        while (it.hasNext()) {
            arrayList.add(urlEncode(it.next()));
        }
        String join = join("/", arrayList);
        String queryParamString = getQueryParamString();
        StringBuilder sb = new StringBuilder();
        for (String str : this.v4Header.getSignedHeaders()) {
            sb.append(str.toLowerCase());
            sb.append(":");
            if (!this.headers.containsKey(str)) {
                throw new RuntimeException("Header " + str + " not present in request but requested to be signed.");
            }
            String str2 = this.headers.get(str);
            sb.append(str2);
            sb.append(SignatureProcessor.NEWLINE);
            validateSignedHeader(str, str2);
        }
        return this.method + SignatureProcessor.NEWLINE + join + SignatureProcessor.NEWLINE + queryParamString + SignatureProcessor.NEWLINE + ((Object) sb) + SignatureProcessor.NEWLINE + this.v4Header.getSignedHeaderString() + SignatureProcessor.NEWLINE + (SignatureProcessor.UNSIGNED_PAYLOAD.equals(this.headers.get(SignatureProcessor.X_AMZ_CONTENT_SHA256)) ? SignatureProcessor.UNSIGNED_PAYLOAD : this.headers.get(SignatureProcessor.X_AMZ_CONTENT_SHA256));
    }

    @VisibleForTesting
    void validateSignedHeader(String str, String str2) throws OS3Exception {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1485629489:
                if (str.equals(SignatureProcessor.X_AMZ_CONTENT_SHA256)) {
                    z = 2;
                    break;
                }
                break;
            case -1035745694:
                if (str.equals(SignatureProcessor.X_AMAZ_DATE)) {
                    z = true;
                    break;
                }
                break;
            case 3208616:
                if (str.equals(SignatureProcessor.HOST)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                try {
                    InetAddress.getByName(new URI(this.context.getUriInfo().getRequestUri().getScheme() + "://" + str2).getHost());
                    return;
                } catch (URISyntaxException | UnknownHostException e) {
                    LOG.error("Host value mentioned in signed header is not valid. Host:{}", str2);
                    throw S3ErrorTable.S3_AUTHINFO_CREATION_ERROR;
                }
            case true:
                LocalDate parse = LocalDate.parse(str2, TIME_FORMATTER);
                LocalDate now = LocalDate.now();
                if (parse.isBefore(now.minus(SignatureProcessor.PRESIGN_URL_MAX_EXPIRATION_SECONDS, (TemporalUnit) ChronoUnit.SECONDS)) || parse.isAfter(now.plus(SignatureProcessor.PRESIGN_URL_MAX_EXPIRATION_SECONDS, (TemporalUnit) ChronoUnit.SECONDS))) {
                    LOG.error("AWS date not in valid range. Request timestamp:{} should not be older than {} seconds.", str2, Long.valueOf(SignatureProcessor.PRESIGN_URL_MAX_EXPIRATION_SECONDS));
                    throw S3ErrorTable.S3_AUTHINFO_CREATION_ERROR;
                }
                return;
            case true:
            default:
                return;
        }
    }

    private static String join(String str, List<String> list) {
        StringBuilder sb = new StringBuilder();
        boolean z = false;
        for (String str2 : list) {
            if (z) {
                sb.append(str);
            }
            sb.append(str2);
            z = true;
        }
        return sb.toString();
    }

    private static Iterable<String> split(String str, String str2) {
        Matcher matcher = Pattern.compile(str).matcher(str2);
        ArrayList arrayList = new ArrayList();
        int i = 0;
        while (true) {
            int i2 = i;
            if (!matcher.find()) {
                arrayList.add(str2.substring(i2));
                return arrayList;
            }
            arrayList.add(str2.substring(i2, matcher.start()));
            i = matcher.end();
        }
    }

    private String urlEncode(String str) {
        try {
            return URLEncoder.encode(str, UTF_8.name()).replaceAll("\\+", "%20").replaceAll("%7E", "~");
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    private String getQueryParamString() {
        ArrayList<String> arrayList = new ArrayList(this.queryMap.keySet());
        Collections.sort(arrayList, (str, str2) -> {
            return str.equals(str2) ? ((String) this.queryMap.getFirst(str)).compareTo((String) this.queryMap.getFirst(str2)) : str.compareTo(str2);
        });
        StringBuilder sb = new StringBuilder();
        for (String str3 : arrayList) {
            if (sb.length() > 0) {
                sb.append("&");
            }
            sb.append(urlEncode(str3));
            sb.append('=');
            sb.append(urlEncode((String) this.queryMap.getFirst(str3)));
        }
        return sb.toString();
    }

    public static String hash(String str) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(str.getBytes(UTF_8));
        return Hex.encode(messageDigest.digest()).toLowerCase();
    }

    @Override // org.apache.hadoop.ozone.s3.SignatureProcessor
    public String getAwsAccessId() {
        return this.v4Header.getAccessKeyID();
    }

    @Override // org.apache.hadoop.ozone.s3.SignatureProcessor
    public String getSignature() {
        return this.v4Header.getSignature();
    }

    @Override // org.apache.hadoop.ozone.s3.SignatureProcessor
    public String getStringToSign() throws Exception {
        return this.stringToSign;
    }

    @VisibleForTesting
    public void setContext(ContainerRequestContext containerRequestContext) {
        this.context = containerRequestContext;
    }

    @VisibleForTesting
    public void setV4Header(AuthorizationHeaderV4 authorizationHeaderV4) {
        this.v4Header = authorizationHeaderV4;
    }
}
