package org.apache.hadoop.ozone.s3.endpoint;

import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.ozone.audit.AuditAction;
import org.apache.hadoop.ozone.audit.AuditEventStatus;
import org.apache.hadoop.ozone.audit.AuditLogger;
import org.apache.hadoop.ozone.audit.AuditLoggerType;
import org.apache.hadoop.ozone.audit.AuditMessage;
import org.apache.hadoop.ozone.audit.Auditor;
import org.apache.hadoop.ozone.client.OzoneBucket;
import org.apache.hadoop.ozone.client.OzoneClient;
import org.apache.hadoop.ozone.client.OzoneKey;
import org.apache.hadoop.ozone.client.OzoneVolume;
import org.apache.hadoop.ozone.client.protocol.ClientProtocol;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.om.protocol.S3Auth;
import org.apache.hadoop.ozone.s3.exception.OS3Exception;
import org.apache.hadoop.ozone.s3.exception.S3ErrorTable;
import org.apache.hadoop.ozone.s3.metrics.S3GatewayMetrics;
import org.apache.hadoop.ozone.s3.signature.SignatureInfo;
import org.apache.hadoop.ozone.s3.util.AuditUtils;
import org.apache.hadoop.ozone.s3.util.S3Consts;
import org.apache.hadoop.util.Time;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/ozone/s3/endpoint/EndpointBase.class */
public abstract class EndpointBase implements Auditor {
    protected static final String ETAG = "ETag";
    protected static final String ETAG_CUSTOM = "etag-custom";

    @Inject
    private OzoneClient client;

    @Inject
    private SignatureInfo signatureInfo;
    private S3Auth s3Auth;

    @Context
    private ContainerRequestContext context;
    private Set<String> excludeMetadataFields = new HashSet(Arrays.asList("gdprEnabled"));
    private static final Logger LOG = LoggerFactory.getLogger(EndpointBase.class);
    protected static final AuditLogger AUDIT = new AuditLogger(AuditLoggerType.S3GLOGGER);

    protected OzoneBucket getBucket(OzoneVolume ozoneVolume, String str) throws OS3Exception, IOException {
        try {
            return ozoneVolume.getBucket(str);
        } catch (OMException e) {
            if (e.getResult() == OMException.ResultCodes.BUCKET_NOT_FOUND) {
                throw S3ErrorTable.newError(S3ErrorTable.NO_SUCH_BUCKET, str, e);
            }
            if (e.getResult() == OMException.ResultCodes.INVALID_TOKEN) {
                throw S3ErrorTable.newError(S3ErrorTable.ACCESS_DENIED, this.s3Auth.getAccessID(), e);
            }
            if (e.getResult() == OMException.ResultCodes.TIMEOUT || e.getResult() == OMException.ResultCodes.INTERNAL_ERROR) {
                throw S3ErrorTable.newError(S3ErrorTable.INTERNAL_ERROR, str, e);
            }
            throw e;
        }
    }

    @PostConstruct
    public void initialization() {
        this.s3Auth = new S3Auth(this.signatureInfo.getStringToSign(), this.signatureInfo.getSignature(), this.signatureInfo.getAwsAccessId(), this.signatureInfo.getAwsAccessId());
        LOG.debug("S3 access id: {}", this.s3Auth.getAccessID());
        ClientProtocol clientProxy = getClient().getObjectStore().getClientProxy();
        clientProxy.setThreadLocalS3Auth(this.s3Auth);
        clientProxy.setIsS3Request(true);
        init();
    }

    public abstract void init();

    /* JADX INFO: Access modifiers changed from: protected */
    public OzoneBucket getBucket(String str) throws OS3Exception, IOException {
        try {
            return this.client.getObjectStore().getS3Bucket(str);
        } catch (OMException e) {
            if (e.getResult() == OMException.ResultCodes.BUCKET_NOT_FOUND || e.getResult() == OMException.ResultCodes.VOLUME_NOT_FOUND) {
                throw S3ErrorTable.newError(S3ErrorTable.NO_SUCH_BUCKET, str, e);
            }
            if (e.getResult() == OMException.ResultCodes.INVALID_TOKEN) {
                throw S3ErrorTable.newError(S3ErrorTable.ACCESS_DENIED, this.s3Auth.getAccessID(), e);
            }
            if (e.getResult() == OMException.ResultCodes.PERMISSION_DENIED) {
                throw S3ErrorTable.newError(S3ErrorTable.ACCESS_DENIED, str, e);
            }
            if (e.getResult() == OMException.ResultCodes.TIMEOUT || e.getResult() == OMException.ResultCodes.INTERNAL_ERROR) {
                throw S3ErrorTable.newError(S3ErrorTable.INTERNAL_ERROR, str, e);
            }
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OzoneVolume getVolume() throws IOException {
        return this.client.getObjectStore().getS3Volume();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String createS3Bucket(String str) throws IOException, OS3Exception {
        long monotonicNowNanos = Time.monotonicNowNanos();
        try {
            this.client.getObjectStore().createS3Bucket(str);
            return "/" + str;
        } catch (OMException e) {
            getMetrics().updateCreateBucketFailureStats(monotonicNowNanos);
            if (e.getResult() == OMException.ResultCodes.PERMISSION_DENIED) {
                throw S3ErrorTable.newError(S3ErrorTable.ACCESS_DENIED, str, e);
            }
            if (e.getResult() == OMException.ResultCodes.INVALID_TOKEN) {
                throw S3ErrorTable.newError(S3ErrorTable.ACCESS_DENIED, this.s3Auth.getAccessID(), e);
            }
            if (e.getResult() == OMException.ResultCodes.TIMEOUT || e.getResult() == OMException.ResultCodes.INTERNAL_ERROR) {
                throw S3ErrorTable.newError(S3ErrorTable.INTERNAL_ERROR, str, e);
            }
            if (e.getResult() == OMException.ResultCodes.BUCKET_ALREADY_EXISTS) {
                throw S3ErrorTable.newError(S3ErrorTable.BUCKET_ALREADY_EXISTS, str, e);
            }
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void deleteS3Bucket(String str) throws IOException, OS3Exception {
        try {
            this.client.getObjectStore().deleteS3Bucket(str);
        } catch (OMException e) {
            if (e.getResult() == OMException.ResultCodes.PERMISSION_DENIED) {
                throw S3ErrorTable.newError(S3ErrorTable.ACCESS_DENIED, str, e);
            }
            if (e.getResult() == OMException.ResultCodes.INVALID_TOKEN) {
                throw S3ErrorTable.newError(S3ErrorTable.ACCESS_DENIED, this.s3Auth.getAccessID(), e);
            }
            if (e.getResult() != OMException.ResultCodes.TIMEOUT && e.getResult() != OMException.ResultCodes.INTERNAL_ERROR) {
                throw e;
            }
            throw S3ErrorTable.newError(S3ErrorTable.INTERNAL_ERROR, str, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Iterator<? extends OzoneBucket> listS3Buckets(String str) throws IOException, OS3Exception {
        return iterateBuckets(ozoneVolume -> {
            return ozoneVolume.listBuckets(str);
        });
    }

    protected Iterator<? extends OzoneBucket> listS3Buckets(String str, String str2) throws IOException, OS3Exception {
        return iterateBuckets(ozoneVolume -> {
            return ozoneVolume.listBuckets(str, str2);
        });
    }

    private Iterator<? extends OzoneBucket> iterateBuckets(Function<OzoneVolume, Iterator<? extends OzoneBucket>> function) throws IOException, OS3Exception {
        try {
            return function.apply(getVolume());
        } catch (OMException e) {
            if (e.getResult() == OMException.ResultCodes.VOLUME_NOT_FOUND) {
                return Collections.emptyIterator();
            }
            if (e.getResult() == OMException.ResultCodes.PERMISSION_DENIED) {
                throw S3ErrorTable.newError(S3ErrorTable.ACCESS_DENIED, "listBuckets", e);
            }
            if (e.getResult() == OMException.ResultCodes.INVALID_TOKEN) {
                throw S3ErrorTable.newError(S3ErrorTable.ACCESS_DENIED, this.s3Auth.getAccessID(), e);
            }
            if (e.getResult() == OMException.ResultCodes.TIMEOUT || e.getResult() == OMException.ResultCodes.INTERNAL_ERROR) {
                throw S3ErrorTable.newError(S3ErrorTable.INTERNAL_ERROR, "listBuckets", e);
            }
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, String> getCustomMetadataFromHeaders(MultivaluedMap<String, String> multivaluedMap) throws OS3Exception {
        HashMap hashMap = new HashMap();
        if (multivaluedMap == null || multivaluedMap.isEmpty()) {
            return hashMap;
        }
        Set<String> set = (Set) multivaluedMap.keySet().stream().filter(str -> {
            return str.startsWith(S3Consts.CUSTOM_METADATA_HEADER_PREFIX) && !this.excludeMetadataFields.contains(str.substring(S3Consts.CUSTOM_METADATA_HEADER_PREFIX.length()));
        }).collect(Collectors.toSet());
        long j = 0;
        if (!set.isEmpty()) {
            for (String str2 : set) {
                String substring = str2.substring(S3Consts.CUSTOM_METADATA_HEADER_PREFIX.length());
                String join = StringUtils.join((List) multivaluedMap.get(str2), ",");
                j = j + substring.getBytes(StandardCharsets.UTF_8).length + join.getBytes(StandardCharsets.UTF_8).length;
                if (j > 2048) {
                    throw S3ErrorTable.newError(S3ErrorTable.METADATA_TOO_LARGE, str2);
                }
                hashMap.put(substring, join);
            }
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addCustomMetadataHeaders(Response.ResponseBuilder responseBuilder, OzoneKey ozoneKey) {
        for (Map.Entry entry : ozoneKey.getMetadata().entrySet()) {
            if (!((String) entry.getKey()).equals(ETAG)) {
                String str = (String) entry.getKey();
                if (str.equals(ETAG_CUSTOM)) {
                    str = ETAG.toLowerCase();
                }
                responseBuilder.header(S3Consts.CUSTOM_METADATA_HEADER_PREFIX + str, entry.getValue());
            }
        }
    }

    private AuditMessage.Builder auditMessageBaseBuilder(AuditAction auditAction, Map<String, String> map) {
        AuditMessage.Builder withParams = new AuditMessage.Builder().forOperation(auditAction).withParams(map);
        if (this.s3Auth != null && this.s3Auth.getAccessID() != null && !this.s3Auth.getAccessID().isEmpty()) {
            withParams.setUser(this.s3Auth.getAccessID());
        }
        if (this.context != null) {
            withParams.atIp(AuditUtils.getClientIpAddress(this.context));
        }
        return withParams;
    }

    public AuditMessage buildAuditMessageForSuccess(AuditAction auditAction, Map<String, String> map) {
        return auditMessageBaseBuilder(auditAction, map).withResult(AuditEventStatus.SUCCESS).build();
    }

    public AuditMessage buildAuditMessageForSuccess(AuditAction auditAction, Map<String, String> map, AuditLogger.PerformanceStringBuilder performanceStringBuilder) {
        AuditMessage.Builder withResult = auditMessageBaseBuilder(auditAction, map).withResult(AuditEventStatus.SUCCESS);
        withResult.setPerformance(performanceStringBuilder);
        return withResult.build();
    }

    public AuditMessage buildAuditMessageForFailure(AuditAction auditAction, Map<String, String> map, Throwable th) {
        return auditMessageBaseBuilder(auditAction, map).withResult(AuditEventStatus.FAILURE).withException(th).build();
    }

    @VisibleForTesting
    public void setClient(OzoneClient ozoneClient) {
        this.client = ozoneClient;
    }

    public OzoneClient getClient() {
        return this.client;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientProtocol getClientProtocol() {
        return getClient().getProxy();
    }

    @VisibleForTesting
    public S3GatewayMetrics getMetrics() {
        return S3GatewayMetrics.create();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, String> getAuditParameters() {
        return AuditUtils.getAuditParameters(this.context);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void auditWriteFailure(AuditAction auditAction, Throwable th) {
        AUDIT.logWriteFailure(buildAuditMessageForFailure(auditAction, getAuditParameters(), th));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void auditReadFailure(AuditAction auditAction, Exception exc) {
        AUDIT.logReadFailure(buildAuditMessageForFailure(auditAction, getAuditParameters(), exc));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isAccessDenied(OMException oMException) {
        OMException.ResultCodes result = oMException.getResult();
        return result == OMException.ResultCodes.PERMISSION_DENIED || result == OMException.ResultCodes.INVALID_TOKEN;
    }
}
