package org.apache.hadoop.ozone.s3;

import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import javax.annotation.Priority;
import javax.inject.Inject;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.apache.hadoop.ozone.s3.exception.OS3Exception;
import org.apache.hadoop.ozone.s3.exception.S3ErrorTable;
import org.apache.hadoop.ozone.s3.signature.SignatureInfo;
import org.apache.hadoop.ozone.s3.signature.SignatureProcessor;
import org.apache.hadoop.ozone.s3.signature.StringToSignProducer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Provider
@Priority(50)
@PreMatching
/* loaded from: input_file:org/apache/hadoop/ozone/s3/AuthorizationFilter.class */
public class AuthorizationFilter implements ContainerRequestFilter {
    public static final int PRIORITY = 50;
    private static final Logger LOG = LoggerFactory.getLogger(AuthorizationFilter.class);

    @Inject
    private SignatureProcessor signatureProcessor;

    @Inject
    private SignatureInfo signatureInfo;

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        if (containerRequestContext.getUriInfo().getRequestUri().getPath().startsWith("/secret")) {
            return;
        }
        try {
            this.signatureInfo.initialize(this.signatureProcessor.parseSignature());
            if (this.signatureInfo.getVersion() != SignatureInfo.Version.V4) {
                LOG.debug("Unsupported AWS signature version: {}", this.signatureInfo.getVersion());
                throw S3ErrorTable.S3_AUTHINFO_CREATION_ERROR;
            }
            this.signatureInfo.setStrToSign(StringToSignProducer.createSignatureBase(this.signatureInfo, containerRequestContext));
            String awsAccessId = this.signatureInfo.getAwsAccessId();
            if (awsAccessId == null || awsAccessId.equals("")) {
                LOG.debug("Malformed s3 header. awsAccessID: {}", awsAccessId);
                throw S3ErrorTable.ACCESS_DENIED;
            }
        } catch (OS3Exception e) {
            LOG.debug("Error during Client Creation: ", e);
            throw wrapOS3Exception(e);
        } catch (Exception e2) {
            LOG.debug("Error during Client Creation: ", e2);
            throw wrapOS3Exception(S3ErrorTable.newError(S3ErrorTable.INTERNAL_ERROR, null, e2));
        }
    }

    @VisibleForTesting
    public void setSignatureParser(SignatureProcessor signatureProcessor) {
        this.signatureProcessor = signatureProcessor;
    }

    @VisibleForTesting
    public void setSignatureInfo(SignatureInfo signatureInfo) {
        this.signatureInfo = signatureInfo;
    }

    @VisibleForTesting
    public SignatureInfo getSignatureInfo() {
        return this.signatureInfo;
    }

    private WebApplicationException wrapOS3Exception(OS3Exception oS3Exception) {
        return new WebApplicationException(oS3Exception.getErrorMessage(), oS3Exception, Response.status(oS3Exception.getHttpCode()).entity(oS3Exception.toXml()).build());
    }
}
