package us.cuatoi.s34jserver.core.servlet;

import com.google.common.io.BaseEncoding;
import java.io.IOException;
import java.net.URL;
import java.net.URLDecoder;
import java.nio.file.Files;
import java.nio.file.Path;
import java.text.ParseException;
import java.util.Date;
import java.util.HashMap;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import us.cuatoi.s34jserver.core.ErrorCode;
import us.cuatoi.s34jserver.core.Request;
import us.cuatoi.s34jserver.core.S3Context;
import us.cuatoi.s34jserver.core.S3Exception;
import us.cuatoi.s34jserver.core.StorageContext;
import us.cuatoi.s34jserver.core.auth.AWS4Authorization;
import us.cuatoi.s34jserver.core.auth.AWS4SignerForAuthorizationHeader;
import us.cuatoi.s34jserver.core.auth.AWS4SignerForChunkedUpload;
import us.cuatoi.s34jserver.core.helper.PathHelper;

/* loaded from: input_file:us/cuatoi/s34jserver/core/servlet/ServletParserVerifier.class */
public class ServletParserVerifier {
    private final StorageContext context;
    private final Request request;
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private AWS4SignerForChunkedUpload aws4SignerForChunkedUpload;

    public ServletParserVerifier(StorageContext storageContext, Request request) {
        this.context = storageContext;
        this.request = request;
    }

    public void verifyHeaders() throws Exception {
        URL url = new URL(URLDecoder.decode(this.request.getUrl(), "UTF-8"));
        String header = this.request.getHeader("authorization");
        if (StringUtils.isBlank(header)) {
            String queryParameter = this.request.getQueryParameter("X-Amz-Algorithm");
            String queryParameter2 = this.request.getQueryParameter("X-Amz-Credential");
            String queryParameter3 = this.request.getQueryParameter("X-Amz-Date");
            String queryParameter4 = this.request.getQueryParameter("X-Amz-SignedHeaders");
            String queryParameter5 = this.request.getQueryParameter("X-Amz-Signature");
            if (StringUtils.isNoneBlank(new CharSequence[]{queryParameter, queryParameter2, queryParameter3, queryParameter4, queryParameter5})) {
                header = queryParameter + " Credential=" + queryParameter2 + ", SignedHeaders=" + queryParameter4 + ", Signature=" + queryParameter5;
                this.logger.debug("Constructed authorizationHeader based on Query String:" + header);
            }
        }
        if (StringUtils.isBlank(header) && StringUtils.equalsIgnoreCase(this.request.getMethod(), "post")) {
            String formParameter = this.request.getFormParameter("x-amz-algorithm");
            String formParameter2 = this.request.getFormParameter("x-amz-credential");
            String formParameter3 = this.request.getFormParameter("x-amz-date");
            String formParameter4 = this.request.getFormParameter("x-amz-signature");
            if (StringUtils.isNoneBlank(new CharSequence[]{formParameter, formParameter2, formParameter3, formParameter4})) {
                header = formParameter + " Credential=" + formParameter2 + ", SignedHeaders=host, Signature=" + formParameter4;
                this.logger.debug("Constructed authorizationHeader based on Form Data:" + header);
            }
        }
        if (StringUtils.isBlank(header)) {
            this.logger.info("MISSING_SECURITY_HEADER authorizationHeader=" + header);
            this.logger.debug("MISSING_SECURITY_HEADER request=" + this.request);
            throw new S3Exception(ErrorCode.MISSING_SECURITY_HEADER);
        }
        String header2 = this.request.getHeader("x-amz-date");
        if (StringUtils.isBlank(header2)) {
            header2 = this.request.getQueryParameter("X-Amz-Date");
        }
        if (StringUtils.isBlank(header2)) {
            header2 = this.request.getFormParameter("x-amz-date");
        }
        Date requestDate = getRequestDate(header2);
        AWS4Authorization aWS4Authorization = new AWS4Authorization(header);
        String header3 = this.request.getHeader("x-amz-content-sha256");
        if (StringUtils.isBlank(header3)) {
            header3 = "UNSIGNED-PAYLOAD";
        }
        String method = this.request.getMethod();
        String serviceName = aWS4Authorization.getServiceName();
        String regionName = aWS4Authorization.getRegionName();
        AWS4SignerForAuthorizationHeader aWS4SignerForAuthorizationHeader = new AWS4SignerForAuthorizationHeader(url, method, serviceName, regionName);
        this.aws4SignerForChunkedUpload = new AWS4SignerForChunkedUpload(url, method, serviceName, regionName);
        String awsAccessKey = aWS4Authorization.getAwsAccessKey();
        String secretKey = this.context.getSecretKey(awsAccessKey);
        if (StringUtils.isBlank(secretKey)) {
            this.logger.info("INVALID_ACCESS_KEY_ID awsAccessKey=" + awsAccessKey);
            this.logger.info("INVALID_ACCESS_KEY_ID awsSecretKey=" + secretKey);
            throw new S3Exception(ErrorCode.INVALID_ACCESS_KEY_ID);
        }
        if (StringUtils.equalsIgnoreCase(this.request.getMethod(), "post") && StringUtils.contains(this.request.getHeader("content-type"), "multipart/form-data")) {
            String signPOSTPolicy = aWS4SignerForAuthorizationHeader.signPOSTPolicy(secretKey, requestDate, this.request.getFormParameter("policy"));
            String formParameter5 = this.request.getFormParameter("x-amz-signature");
            if (StringUtils.equalsIgnoreCase(signPOSTPolicy, formParameter5)) {
                return;
            }
            this.logger.info("SIGNATURE_DOES_NOT_MATCH computedHTTPPostSignature=" + signPOSTPolicy);
            this.logger.info("SIGNATURE_DOES_NOT_MATCH providedHTTPPostSignature=" + formParameter5);
            throw new S3Exception(ErrorCode.SIGNATURE_DOES_NOT_MATCH);
        }
        HashMap hashMap = new HashMap();
        for (String str : aWS4Authorization.getSignedHeaders()) {
            if (!StringUtils.equalsAnyIgnoreCase(str, new CharSequence[]{"host"})) {
                hashMap.put(str, this.request.getHeader(str));
            }
        }
        HashMap hashMap2 = new HashMap();
        this.request.getQueryParameters().forEach((str2, str3) -> {
            if (StringUtils.equalsIgnoreCase(str2, "X-Amz-Signature")) {
                return;
            }
            hashMap2.put(str2, str3);
        });
        Date date = new Date();
        if (StringUtils.isNotBlank(this.request.getQueryParameter("X-Amz-Expires"))) {
            if (Math.abs(requestDate.getTime() - date.getTime()) > Integer.parseInt(r0) * 1000) {
                this.logger.info("EXPIRED_TOKEN currentDate=" + date);
                this.logger.info("EXPIRED_TOKEN requestDate=" + requestDate);
                throw new S3Exception(ErrorCode.EXPIRED_TOKEN);
            }
        } else if (Math.abs(requestDate.getTime() - date.getTime()) > S3Context.MAX_DIFFERENT_IN_REQUEST_TIME) {
            this.logger.info("REQUEST_TIME_TOO_SKEWED currentDate=" + date);
            this.logger.info("REQUEST_TIME_TOO_SKEWED requestDate=" + requestDate);
            throw new S3Exception(ErrorCode.REQUEST_TIME_TOO_SKEWED);
        }
        String computeSignature = aWS4SignerForAuthorizationHeader.computeSignature(hashMap, hashMap2, header3, awsAccessKey, secretKey, requestDate);
        this.aws4SignerForChunkedUpload.computeSignature(hashMap, hashMap2, AWS4SignerForChunkedUpload.STREAMING_BODY_SHA256, awsAccessKey, secretKey, requestDate);
        this.logger.trace("headers=" + hashMap);
        this.logger.trace("parameters=" + hashMap2);
        this.logger.trace("bodyHash=" + header3);
        this.logger.trace("amzDateHeader=" + header2);
        this.logger.trace("date=" + requestDate);
        this.logger.trace("url=" + url);
        this.logger.trace("url.getHost()=" + url.getHost());
        this.logger.trace("url.getPort()=" + url.getPort());
        if (StringUtils.equals(header, computeSignature)) {
            return;
        }
        this.logger.info("SIGNATURE_DOES_NOT_MATCH providedHeader=" + header);
        this.logger.info("SIGNATURE_DOES_NOT_MATCH computedHeader=" + computeSignature);
        throw new S3Exception(ErrorCode.SIGNATURE_DOES_NOT_MATCH);
    }

    private Date getRequestDate(String str) {
        long date = this.request.getDate();
        if (date <= 0 && StringUtils.isBlank(str)) {
            this.logger.info("MISSING_SECURITY_HEADER amzDateHeader=" + str);
            throw new S3Exception(ErrorCode.MISSING_SECURITY_HEADER);
        }
        try {
            return StringUtils.isBlank(str) ? new Date(date) : AWS4Authorization.utcDateFormat("yyyyMMdd'T'HHmmss'Z'").parse(str);
        } catch (ParseException e) {
            this.logger.info("AUTHORIZATION_HEADER_MALFORMED amzDateHeader=" + str);
            throw new S3Exception(ErrorCode.AUTHORIZATION_HEADER_MALFORMED);
        }
    }

    public void verifySingleChunk() throws IOException {
        String header = this.request.getHeader("x-amz-content-sha256");
        Path content = this.request.getContent();
        this.logger.trace("Checking " + content);
        long size = Files.size(content);
        if (StringUtils.isNotBlank(header) && !StringUtils.equalsIgnoreCase(header, "UNSIGNED-PAYLOAD")) {
            String sha256HashFile = size > 0 ? PathHelper.sha256HashFile(content) : "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
            if (!StringUtils.equalsIgnoreCase(sha256HashFile, header)) {
                this.logger.info("X_AMZ_CONTENT_SHA256_MISMATCH: providedSha256=" + header);
                this.logger.info("X_AMZ_CONTENT_SHA256_MISMATCH: computedSha256=" + sha256HashFile);
                throw new S3Exception(ErrorCode.X_AMZ_CONTENT_SHA256_MISMATCH);
            }
        }
        String header2 = this.request.getHeader("content-md5");
        if (size <= 0 || !StringUtils.isNotBlank(header2)) {
            return;
        }
        String encode = BaseEncoding.base64().encode(PathHelper.md5HashFileToByte(content));
        if (StringUtils.equalsIgnoreCase(header2, encode)) {
            return;
        }
        this.logger.info("INVALID_DIGEST: providedMd5=" + header2);
        this.logger.info("INVALID_DIGEST: computedMd5=" + encode);
        throw new S3Exception(ErrorCode.INVALID_DIGEST);
    }

    public AWS4SignerForChunkedUpload getAws4SignerForChunkedUpload() {
        return this.aws4SignerForChunkedUpload;
    }
}
