package org.apache.hadoop.ozone.s3.signature;

import com.google.common.annotations.VisibleForTesting;
import java.io.UnsupportedEncodingException;
import java.time.LocalDate;
import java.time.ZonedDateTime;
import java.time.format.DateTimeParseException;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Map;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.ozone.s3.signature.SignatureInfo;
import org.apache.hadoop.ozone.s3.util.S3Utils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/ozone/s3/signature/AuthorizationV4QueryParser.class */
public class AuthorizationV4QueryParser implements SignatureParser {
    private final Map<String, String> queryParameters;
    private static final String AWS_REQUEST = "aws4_request";
    private static final Logger LOG = LoggerFactory.getLogger(AuthorizationV4QueryParser.class);
    private static final Long X_AMZ_EXPIRES_MIN = 1L;
    private static final Long X_AMZ_EXPIRES_MAX = 604800L;

    public AuthorizationV4QueryParser(Map<String, String> map) {
        this.queryParameters = map;
    }

    @Override // org.apache.hadoop.ozone.s3.signature.SignatureParser
    public SignatureInfo parseSignature() throws MalformedResourceException {
        if (!this.queryParameters.containsKey("X-Amz-Signature")) {
            return null;
        }
        validateAlgorithm();
        try {
            validateDateAndExpires();
            String str = this.queryParameters.get("X-Amz-Credential");
            try {
                Credential credential = new Credential(S3Utils.urlDecode(str));
                validateCredential(credential);
                validateSignedHeaders();
                validateSignature();
                return new SignatureInfo(SignatureInfo.Version.V4, credential.getDate(), this.queryParameters.get("X-Amz-Date"), credential.getAccessKeyID(), this.queryParameters.get("X-Amz-Signature"), this.queryParameters.get("X-Amz-SignedHeaders"), credential.createScope(), this.queryParameters.get("X-Amz-Algorithm"), false);
            } catch (UnsupportedEncodingException e) {
                throw new MalformedResourceException("X-Amz-Credential is not proper URL encoded rawCredential:" + str);
            }
        } catch (DateTimeParseException e2) {
            throw new MalformedResourceException("Invalid X-Amz-Date format: " + this.queryParameters.get("X-Amz-Date"));
        }
    }

    private void validateAlgorithm() throws MalformedResourceException {
        String str = this.queryParameters.get("X-Amz-Algorithm");
        if (str == null) {
            throw new MalformedResourceException("Unspecified signature algorithm.");
        }
        if (StringUtils.isEmpty(str) || !str.equals(SignatureProcessor.AWS4_SIGNING_ALGORITHM)) {
            throw new MalformedResourceException("Unsupported signature algorithm: " + str);
        }
    }

    @VisibleForTesting
    protected void validateDateAndExpires() throws MalformedResourceException, DateTimeParseException {
        String str = this.queryParameters.get("X-Amz-Date");
        String str2 = this.queryParameters.get("X-Amz-Expires");
        if (str == null || str2 == null || str.length() == 0 || str2.length() == 0) {
            throw new MalformedResourceException("dateString or expiresString are missing or empty.");
        }
        Long valueOf = Long.valueOf(Long.parseLong(str2));
        if (valueOf.longValue() < X_AMZ_EXPIRES_MIN.longValue() || valueOf.longValue() > X_AMZ_EXPIRES_MAX.longValue()) {
            throw new MalformedResourceException("Invalid expiry duration. X-Amz-Expires should be between " + X_AMZ_EXPIRES_MIN + "and" + X_AMZ_EXPIRES_MAX + " expiresString:" + str2);
        }
        if (ZonedDateTime.parse(str, StringToSignProducer.TIME_FORMATTER).plus(valueOf.longValue(), (TemporalUnit) ChronoUnit.SECONDS).isBefore(ZonedDateTime.now())) {
            throw new MalformedResourceException("Pre-signed S3 url is expired. dateString:" + str + " expiresString:" + str2);
        }
    }

    private void validateCredential(Credential credential) throws MalformedResourceException {
        if (credential.getAccessKeyID().isEmpty()) {
            throw new MalformedResourceException("AWS access id is empty. credential: " + credential);
        }
        if (credential.getAwsRegion().isEmpty()) {
            throw new MalformedResourceException("AWS region is empty. credential: " + credential);
        }
        if (credential.getAwsRequest().isEmpty() || !credential.getAwsRequest().equals(AWS_REQUEST)) {
            throw new MalformedResourceException("AWS request is empty or invalid. credential:" + credential);
        }
        if (credential.getAwsService().isEmpty()) {
            throw new MalformedResourceException("AWS service is empty. credential:" + credential);
        }
        if (credential.getDate().isEmpty()) {
            throw new MalformedResourceException("AWS date is empty. credential:{}" + credential);
        }
        try {
            LocalDate.parse(credential.getDate(), SignatureProcessor.DATE_FORMATTER);
        } catch (DateTimeParseException e) {
            throw new MalformedResourceException("AWS date format is invalid. credential:" + credential);
        }
    }

    private void validateSignedHeaders() throws MalformedResourceException {
        String str = this.queryParameters.get("X-Amz-SignedHeaders");
        if (str == null || StringUtils.isEmpty(str) || str.split(";").length == 0) {
            throw new MalformedResourceException("No signed headers found.");
        }
    }

    private void validateSignature() throws MalformedResourceException {
        String str = this.queryParameters.get("X-Amz-Signature");
        if (StringUtils.isEmpty(str)) {
            throw new MalformedResourceException("Signature is empty.");
        }
        try {
            Hex.decodeHex(str);
        } catch (DecoderException e) {
            throw new MalformedResourceException("Signature:" + str + " should be in hexa-decimal encoding.");
        }
    }
}
