package org.apache.hadoop.ozone.s3;

import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import javax.annotation.PreDestroy;
import javax.enterprise.context.RequestScoped;
import javax.enterprise.inject.Produces;
import javax.inject.Inject;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Context;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.ozone.OzoneSecurityUtil;
import org.apache.hadoop.ozone.client.OzoneClient;
import org.apache.hadoop.ozone.client.OzoneClientFactory;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos;
import org.apache.hadoop.ozone.s3.exception.OS3Exception;
import org.apache.hadoop.ozone.s3.exception.S3ErrorTable;
import org.apache.hadoop.ozone.s3.signature.SignatureInfo;
import org.apache.hadoop.ozone.s3.signature.SignatureProcessor;
import org.apache.hadoop.ozone.s3.signature.StringToSignProducer;
import org.apache.hadoop.ozone.security.OzoneTokenIdentifier;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RequestScoped
/* loaded from: input_file:org/apache/hadoop/ozone/s3/OzoneClientProducer.class */
public class OzoneClientProducer {
    private static final Logger LOG = LoggerFactory.getLogger(OzoneClientProducer.class);
    private OzoneClient client;

    @Inject
    private SignatureProcessor signatureProcessor;

    @Inject
    private OzoneConfiguration ozoneConfiguration;

    @Inject
    private Text omService;

    @Inject
    private String omServiceID;

    @Context
    private ContainerRequestContext context;

    @Produces
    public OzoneClient createClient() throws WebApplicationException, IOException {
        this.client = getClient(this.ozoneConfiguration);
        return this.client;
    }

    @PreDestroy
    public void destroy() throws IOException {
        this.client.close();
    }

    private OzoneClient getClient(OzoneConfiguration ozoneConfiguration) throws WebApplicationException {
        try {
            SignatureInfo parseSignature = this.signatureProcessor.parseSignature();
            String createSignatureBase = parseSignature.getVersion() == SignatureInfo.Version.V4 ? StringToSignProducer.createSignatureBase(parseSignature, this.context) : "";
            String awsAccessId = parseSignature.getAwsAccessId();
            validateAccessId(awsAccessId);
            UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(awsAccessId);
            if (OzoneSecurityUtil.isSecurityEnabled(ozoneConfiguration)) {
                LOG.debug("Creating s3 auth info for client.");
                if (parseSignature.getVersion() == SignatureInfo.Version.NONE) {
                    throw S3ErrorTable.MALFORMED_HEADER;
                }
                OzoneTokenIdentifier ozoneTokenIdentifier = new OzoneTokenIdentifier();
                ozoneTokenIdentifier.setTokenType(OzoneManagerProtocolProtos.OMTokenProto.Type.S3AUTHINFO);
                ozoneTokenIdentifier.setStrToSign(createSignatureBase);
                ozoneTokenIdentifier.setSignature(parseSignature.getSignature());
                ozoneTokenIdentifier.setAwsAccessId(awsAccessId);
                ozoneTokenIdentifier.setOwner(new Text(awsAccessId));
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Adding token for service:{}", this.omService);
                }
                createRemoteUser.addToken(new Token(ozoneTokenIdentifier.getBytes(), ozoneTokenIdentifier.getSignature().getBytes(StandardCharsets.UTF_8), ozoneTokenIdentifier.getKind(), this.omService));
            }
            return (OzoneClient) createRemoteUser.doAs(() -> {
                return createOzoneClient();
            });
        } catch (OS3Exception e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Error during Client Creation: ", e);
            }
            throw wrapOS3Exception(e);
        } catch (Exception e2) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Error during Client Creation: ", e2);
            }
            throw wrapOS3Exception(S3ErrorTable.INTERNAL_ERROR);
        }
    }

    @VisibleForTesting
    @NotNull
    OzoneClient createOzoneClient() throws IOException {
        return this.omServiceID == null ? OzoneClientFactory.getRpcClient(this.ozoneConfiguration) : OzoneClientFactory.getRpcClient(this.omServiceID, this.ozoneConfiguration);
    }

    private void validateAccessId(String str) throws Exception {
        if (str == null || str.equals("")) {
            LOG.error("Malformed s3 header. awsAccessID: ", str);
            throw wrapOS3Exception(S3ErrorTable.MALFORMED_HEADER);
        }
    }

    public void setOzoneConfiguration(OzoneConfiguration ozoneConfiguration) {
        this.ozoneConfiguration = ozoneConfiguration;
    }

    @VisibleForTesting
    public void setSignatureParser(SignatureProcessor signatureProcessor) {
        this.signatureProcessor = signatureProcessor;
    }

    private WebApplicationException wrapOS3Exception(OS3Exception oS3Exception) {
        return new WebApplicationException(oS3Exception, oS3Exception.getHttpCode());
    }
}
