package org.apache.hadoop.ozone.s3;

import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.time.LocalDate;
import java.time.LocalDateTime;
import java.util.stream.Stream;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.UriInfo;
import org.apache.hadoop.ozone.s3.exception.S3ErrorTable;
import org.apache.hadoop.ozone.s3.signature.AWSSignatureProcessor;
import org.apache.hadoop.ozone.s3.signature.SignatureInfo;
import org.apache.hadoop.ozone.s3.signature.StringToSignProducer;
import org.apache.kerby.util.Hex;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/hadoop/ozone/s3/TestAuthorizationFilter.class */
public class TestAuthorizationFilter {
    private AuthorizationFilter authorizationFilter = new AuthorizationFilter();
    private MultivaluedMap<String, String> headerMap;
    private MultivaluedMap<String, String> queryMap;
    private MultivaluedMap<String, String> pathParamsMap;
    private static final String DATETIME = StringToSignProducer.TIME_FORMATTER.format(LocalDateTime.now());
    private static final String CURDATE = AWSSignatureProcessor.DATE_FORMATTER.format(LocalDate.now());

    private static Stream<Arguments> testAuthFilterFailuresInput() {
        return Stream.of((Object[]) new Arguments[]{Arguments.arguments(new Object[]{"GET", "AWS4-HMAC-SHA256 Credential=testuser1/20190221/us-west-1/s3/aws4_request, SignedHeaders=content-md5;host;x-amz-content-sha256;x-amz-date, Signature=56ec73ba1974f8feda8365c3caef89c5d4a688d5f9baccf4765f46a14cd745ad", "Zi68x2nPDDXv5qfDC+ZWTg==", "s3g:9878", "e2bd43f11c97cde3465e0e8d1aad77af7ec7aa2ed8e213cd0e241e28375860c6", "20190221T002037Z", "", "/", S3ErrorTable.MALFORMED_HEADER.getErrorMessage()}), Arguments.arguments(new Object[]{"GET", "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/iam/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924a6f2b5d7", "", "iam.amazonaws.com", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "20150830T123600Z", "application/x-www-form-urlencoded; charset=utf-8", "", S3ErrorTable.MALFORMED_HEADER.getErrorMessage()}), Arguments.arguments(new Object[]{null, null, null, null, null, null, null, null, S3ErrorTable.S3_AUTHINFO_CREATION_ERROR.getErrorMessage()}), Arguments.arguments(new Object[]{null, "", null, null, null, null, null, null, S3ErrorTable.S3_AUTHINFO_CREATION_ERROR.getErrorMessage()}), Arguments.arguments(new Object[]{"GET", "AWS AKIDEXAMPLE:St7bHPOdkmsX/GITGe98rOQiUCg=", "", "s3g:9878", "", "Wed, 22 Mar 2023 17:00:06 +0000", "application/octet-stream", "/", S3ErrorTable.S3_AUTHINFO_CREATION_ERROR.getErrorMessage()})});
    }

    @MethodSource({"testAuthFilterFailuresInput"})
    @ParameterizedTest
    public void testAuthFilterFailures(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9) {
        try {
            ContainerRequestContext containerRequestContext = setupContext(str, str2, str3, str4, str5, str6, str7, str8);
            AWSSignatureProcessor aWSSignatureProcessor = new AWSSignatureProcessor();
            aWSSignatureProcessor.setContext(containerRequestContext);
            SignatureInfo signatureInfo = new SignatureInfo();
            this.authorizationFilter.setSignatureParser(aWSSignatureProcessor);
            this.authorizationFilter.setSignatureInfo(signatureInfo);
            this.authorizationFilter.filter(containerRequestContext);
            if ("".equals(str2)) {
                Assertions.fail("Empty AuthHeader must fail");
            }
        } catch (WebApplicationException e) {
            if (str2 == null || str2.isEmpty() || str2.startsWith("AWS ")) {
                Assertions.assertEquals(403, e.getResponse().getStatus());
                Assertions.assertEquals(str9, e.getMessage());
            } else {
                Assertions.assertEquals(400, e.getResponse().getStatus());
                Assertions.assertEquals(str9, e.getMessage());
            }
        } catch (Exception e2) {
            Assertions.fail("Unexpected exception: " + e2);
        }
    }

    private static Stream<Arguments> testAuthFilterInput() {
        return Stream.of((Object[]) new Arguments[]{Arguments.arguments(new Object[]{"GET", "AWS4-HMAC-SHA256 Credential=testuser1/" + CURDATE + "/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=56ec73ba1974f8feda8365c3caef89c5d4a688d5f9baccf4765f46a14cd745ad", "Content-SHA", "s3g:9878", "Content-SHA", DATETIME, "", "/bucket1/key1"}), Arguments.arguments(new Object[]{"GET", "AWS4-HMAC-SHA256 Credential=testuser1/" + CURDATE + "/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=56ec73ba1974f8feda8365c3caef89c5d4a688d5f9baccf4765f46a14cd745ad", "Content-SHA", "bucket1.s3g.internal:9878", "Content-SHA", DATETIME, "", "/key1"}), Arguments.arguments(new Object[]{"POST", null, null, "s3g:9878", null, null, "", "/secret/generate"}), Arguments.arguments(new Object[]{"POST", null, null, "s3g:9878", null, null, "", "/secret/revoke"})});
    }

    @MethodSource({"testAuthFilterInput"})
    @ParameterizedTest
    public void testAuthFilter(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
        try {
            ContainerRequestContext containerRequestContext = setupContext(str, str2, str3, str4, str5, str6, str7, str8);
            AWSSignatureProcessor aWSSignatureProcessor = new AWSSignatureProcessor();
            aWSSignatureProcessor.setContext(containerRequestContext);
            SignatureInfo signatureInfo = new SignatureInfo();
            this.authorizationFilter.setSignatureParser(aWSSignatureProcessor);
            this.authorizationFilter.setSignatureInfo(signatureInfo);
            this.authorizationFilter.filter(containerRequestContext);
            if (str8.startsWith("/secret")) {
                Assertions.assertNull(this.authorizationFilter.getSignatureInfo().getUnfilteredURI());
                Assertions.assertNull(this.authorizationFilter.getSignatureInfo().getStringToSign());
            } else {
                String str9 = str + "\n" + str8 + "\n\nhost:" + str4 + "\nx-amz-content-sha256:" + str5 + "\nx-amz-date:" + DATETIME + "\n\nhost;x-amz-content-sha256;x-amz-date\n" + str5;
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                messageDigest.update(str9.getBytes(StandardCharsets.UTF_8));
                String str10 = "AWS4-HMAC-SHA256\n" + DATETIME + "\n" + CURDATE + "/us-east-1/s3/aws4_request\n" + Hex.encode(messageDigest.digest()).toLowerCase();
                Assertions.assertEquals(str8, this.authorizationFilter.getSignatureInfo().getUnfilteredURI(), "Unfiltered URI is not preserved");
                Assertions.assertEquals(str10, this.authorizationFilter.getSignatureInfo().getStringToSign(), "String to sign is invalid");
            }
        } catch (Exception e) {
            Assertions.fail("Unexpected exception: " + e);
        }
    }

    private ContainerRequestContext setupContext(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) throws URISyntaxException {
        this.headerMap = new MultivaluedHashMap();
        this.queryMap = new MultivaluedHashMap();
        this.pathParamsMap = new MultivaluedHashMap();
        System.err.println("Testing: " + str2);
        this.headerMap.putSingle("Authorization", str2);
        this.headerMap.putSingle("content-md5", str3);
        this.headerMap.putSingle("Host", str4);
        this.headerMap.putSingle("x-amz-content-sha256", str5);
        this.headerMap.putSingle("x-amz-date", str6);
        this.headerMap.putSingle("content-type", str7);
        UriInfo uriInfo = (UriInfo) Mockito.mock(UriInfo.class);
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) Mockito.mock(ContainerRequestContext.class);
        Mockito.when(uriInfo.getQueryParameters()).thenReturn(this.queryMap);
        Mockito.when(uriInfo.getRequestUri()).thenReturn(new URI("http://" + str4 + str8));
        Mockito.when(containerRequestContext.getMethod()).thenReturn(str);
        Mockito.when(containerRequestContext.getUriInfo()).thenReturn(uriInfo);
        Mockito.when(containerRequestContext.getHeaders()).thenReturn(this.headerMap);
        Mockito.when(containerRequestContext.getHeaderString("Authorization")).thenReturn(str2);
        Mockito.when(containerRequestContext.getUriInfo().getQueryParameters()).thenReturn(this.queryMap);
        Mockito.when(containerRequestContext.getUriInfo().getPathParameters()).thenReturn(this.pathParamsMap);
        return containerRequestContext;
    }
}
