package io.trino.aws.proxy.server;

import com.google.common.base.Preconditions;
import com.google.inject.Inject;
import io.airlift.http.client.HttpClient;
import io.airlift.http.client.Request;
import io.airlift.http.client.StatusResponseHandler;
import io.airlift.http.client.StreamingBodyGenerator;
import io.airlift.http.server.testing.TestingHttpServer;
import io.airlift.units.Duration;
import io.trino.aws.proxy.server.TestGenericRestRequests;
import io.trino.aws.proxy.server.credentials.CredentialsController;
import io.trino.aws.proxy.server.rest.RequestLoggerController;
import io.trino.aws.proxy.server.signing.InternalSigningController;
import io.trino.aws.proxy.server.signing.SigningControllerConfig;
import io.trino.aws.proxy.server.signing.TestingChunkSigningSession;
import io.trino.aws.proxy.server.testing.TestingCredentialsRolesProvider;
import io.trino.aws.proxy.server.testing.TestingRemoteS3Facade;
import io.trino.aws.proxy.server.testing.TestingUtil;
import io.trino.aws.proxy.server.testing.containers.S3Container;
import io.trino.aws.proxy.server.testing.harness.TrinoAwsProxyTest;
import io.trino.aws.proxy.spi.credentials.Credential;
import io.trino.aws.proxy.spi.credentials.Credentials;
import io.trino.aws.proxy.spi.signing.RequestAuthorization;
import io.trino.aws.proxy.spi.signing.SigningMetadata;
import io.trino.aws.proxy.spi.signing.SigningServiceType;
import io.trino.aws.proxy.spi.util.AwsTimestamp;
import io.trino.aws.proxy.spi.util.ImmutableMultiMap;
import io.trino.aws.proxy.spi.util.MultiMap;
import jakarta.ws.rs.core.UriBuilder;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.time.Instant;
import java.util.LinkedList;
import java.util.Objects;
import java.util.Optional;
import java.util.Queue;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.model.HeadObjectResponse;

@TrinoAwsProxyTest(filters = {TestGenericRestRequests.Filter.class})
/* loaded from: input_file:io/trino/aws/proxy/server/TestHttpChunked.class */
public class TestHttpChunked {
    private final URI baseUri;
    private final TestingCredentialsRolesProvider credentialsRolesProvider;
    private final HttpClient httpClient;
    private final Credentials testingCredentials;
    private final S3Client storageClient;
    private static final String TEST_CONTENT_TYPE = "text/plain;charset=utf-8";
    private static final Credential VALID_CREDENTIAL = new Credential(UUID.randomUUID().toString(), UUID.randomUUID().toString());

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/trino/aws/proxy/server/TestHttpChunked$ForceChunkInputStream.class */
    public class ForceChunkInputStream extends InputStream {
        private final int chunkSize;
        private final Queue<InputStream> underlyingStreams;

        public ForceChunkInputStream(TestHttpChunked testHttpChunked, String str, int i) {
            Preconditions.checkArgument(i > 0, "chunkCount must be greater than 0");
            this.chunkSize = Math.ceilDiv(str.length(), i);
            this.underlyingStreams = new LinkedList();
            int ceilDiv = Math.ceilDiv(str.length(), this.chunkSize);
            for (int i2 = 0; i2 < ceilDiv; i2++) {
                this.underlyingStreams.add(new ByteArrayInputStream(str.substring(i2 * this.chunkSize, Math.min((i2 + 1) * this.chunkSize, str.length())).getBytes(StandardCharsets.UTF_8)));
            }
        }

        @Override // java.io.InputStream
        public int read() throws IOException {
            if (this.underlyingStreams.isEmpty()) {
                return -1;
            }
            int read = this.underlyingStreams.peek().read();
            if (read != -1) {
                return read;
            }
            this.underlyingStreams.poll();
            return read();
        }

        @Override // java.io.InputStream
        public int read(byte[] bArr, int i, int i2) throws IOException {
            if (this.underlyingStreams.isEmpty()) {
                return -1;
            }
            int read = this.underlyingStreams.peek().read(bArr, i, i2);
            if (read != -1) {
                return read;
            }
            this.underlyingStreams.poll();
            return read(bArr, i, i2);
        }
    }

    @BeforeEach
    public void setupCredentials() {
        this.credentialsRolesProvider.addCredentials(Credentials.build(VALID_CREDENTIAL, this.testingCredentials.requiredRemoteCredential()));
    }

    @Inject
    public TestHttpChunked(TestingHttpServer testingHttpServer, TestingCredentialsRolesProvider testingCredentialsRolesProvider, @TestingUtil.ForTesting HttpClient httpClient, @TestingUtil.ForTesting Credentials credentials, @S3Container.ForS3Container S3Client s3Client, TrinoAwsProxyConfig trinoAwsProxyConfig) {
        this.baseUri = testingHttpServer.getBaseUrl().resolve(trinoAwsProxyConfig.getS3Path());
        this.credentialsRolesProvider = (TestingCredentialsRolesProvider) Objects.requireNonNull(testingCredentialsRolesProvider, "credentialsRolesProvider is null");
        this.httpClient = (HttpClient) Objects.requireNonNull(httpClient, "httpClient is null");
        this.testingCredentials = (Credentials) Objects.requireNonNull(credentials, "testingCredentials is null");
        this.storageClient = (S3Client) Objects.requireNonNull(s3Client, "storageClient is null");
    }

    @AfterEach
    public void cleanupStorage() {
        TestingUtil.deleteAllBuckets(this.storageClient);
    }

    @Test
    public void testHttpChunked() throws IOException {
        String str = "test-http-chunked";
        String str2 = "test-http-chunked-two";
        this.storageClient.createBucket(builder -> {
            builder.bucket(str).build();
        });
        testHttpChunked("test-http-chunked", TestingUtil.LOREM_IPSUM, "UNSIGNED-PAYLOAD", 1);
        testHttpChunked("test-http-chunked", TestingUtil.LOREM_IPSUM, "UNSIGNED-PAYLOAD", 3);
        testHttpChunked("test-http-chunked", TestingUtil.LOREM_IPSUM, "UNSIGNED-PAYLOAD", 5);
        this.storageClient.createBucket(builder2 -> {
            builder2.bucket(str2).build();
        });
        testHttpChunked("test-http-chunked-two", TestingUtil.LOREM_IPSUM, TestingUtil.sha256(TestingUtil.LOREM_IPSUM), 1);
        testHttpChunked("test-http-chunked-two", TestingUtil.LOREM_IPSUM, TestingUtil.sha256(TestingUtil.LOREM_IPSUM), 3);
        testHttpChunked("test-http-chunked-two", TestingUtil.LOREM_IPSUM, TestingUtil.sha256(TestingUtil.LOREM_IPSUM), 5);
    }

    private void testHttpChunked(String str, String str2, String str3, int i) throws IOException {
        Assertions.assertThat(doHttpChunkedUpload(str, "basic-upload", str2, i, ImmutableMultiMap.builder(false).add("X-Amz-Content-Sha256", str3).build())).isEqualTo(200);
        Assertions.assertThat(TestingUtil.getFileFromStorage(this.storageClient, str, "basic-upload")).isEqualTo(str2);
        HeadObjectResponse headObjectInStorage = TestingUtil.headObjectInStorage(this.storageClient, str, "basic-upload");
        Assertions.assertThat(headObjectInStorage.contentEncoding()).isNullOrEmpty();
        Assertions.assertThat(headObjectInStorage.metadata()).isEmpty();
        Assertions.assertThat(doHttpChunkedUpload(str, "with-content-type", str2, i, ImmutableMultiMap.builder(false).add("X-Amz-Content-Sha256", str3).add("Content-Type", TEST_CONTENT_TYPE).add("Content-Encoding", "gzip,compress").add("x-amz-meta-foobar", "baz").build())).isEqualTo(200);
        Assertions.assertThat(TestingUtil.getFileFromStorage(this.storageClient, str, "with-content-type")).isEqualTo(str2);
        HeadObjectResponse headObjectInStorage2 = TestingUtil.headObjectInStorage(this.storageClient, str, "with-content-type");
        Assertions.assertThat(headObjectInStorage2.contentType()).contains(new CharSequence[]{TEST_CONTENT_TYPE});
        Assertions.assertThat(headObjectInStorage2.contentEncoding()).isEqualTo("gzip,compress");
        Assertions.assertThat(headObjectInStorage2.metadata()).containsEntry("foobar", "baz");
    }

    @Test
    public void testHttpChunkedValidatesSignature() {
        Assertions.assertThat(doHttpChunkedUpload("http-chunked-wrong-signature", "test-upload", TestingUtil.LOREM_IPSUM, 3, ImmutableMultiMap.builder(false).add("X-Amz-Content-Sha256", TestingUtil.sha256("Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Viverra aliquet eget sit amet tellus cras adipiscing. Viverra mauris in aliquam sem fringilla. Facilisis mauris sit amet massa vitae. Mauris vitae ultricies leo integer malesuada. Sed libero enim sed faucibus turpis in eu mi bibendum. Lorem sed risus ultricies tristique nulla aliquet enim. Quis blandit turpis cursus in hac habitasse platea dictumst quisque. Diam maecenas ultricies mi eget mauris pharetra et ultrices neque. Aliquam sem fringilla ut morbi.foo")).add("Content-Type", TEST_CONTENT_TYPE).build())).isEqualTo(401);
        TestingUtil.assertFileNotInS3(this.storageClient, "http-chunked-wrong-signature", "test-upload");
    }

    @Test
    public void testHttpChunkedContainingAwsChunkedPayload() throws IOException {
        String str = "http-chunked-aws-chunked";
        this.storageClient.createBucket(builder -> {
            builder.bucket(str).build();
        });
        ImmutableMultiMap.Builder add = ImmutableMultiMap.builder(false).add("X-Amz-Content-Sha256", "STREAMING-AWS4-HMAC-SHA256-PAYLOAD").add("Content-Encoding", "aws-chunked");
        Assertions.assertThat(doCustomHttpChunkedUpload("http-chunked-aws-chunked", "test-upload", 3, add.build(), TestingUtil.LOREM_IPSUM.length(), str2 -> {
            return TestingChunkSigningSession.build(VALID_CREDENTIAL, str2).generateChunkedStream(TestingUtil.LOREM_IPSUM, 3);
        })).isEqualTo(200);
        Assertions.assertThat(TestingUtil.getFileFromStorage(this.storageClient, "http-chunked-aws-chunked", "test-upload")).isEqualTo(TestingUtil.LOREM_IPSUM);
        add.add("Content-Type", TEST_CONTENT_TYPE).add("Content-Encoding", "gzip,compress").add("x-amz-meta-foobar", "baz");
        Assertions.assertThat(doCustomHttpChunkedUpload("http-chunked-aws-chunked", "test-upload-with-metadata", 3, add.build(), TestingUtil.LOREM_IPSUM.length(), str3 -> {
            return TestingChunkSigningSession.build(VALID_CREDENTIAL, str3).generateChunkedStream(TestingUtil.LOREM_IPSUM, 3);
        })).isEqualTo(200);
        Assertions.assertThat(TestingUtil.getFileFromStorage(this.storageClient, "http-chunked-aws-chunked", "test-upload-with-metadata")).isEqualTo(TestingUtil.LOREM_IPSUM);
        HeadObjectResponse headObjectInStorage = TestingUtil.headObjectInStorage(this.storageClient, "http-chunked-aws-chunked", "test-upload-with-metadata");
        Assertions.assertThat(headObjectInStorage.contentType()).contains(new CharSequence[]{TEST_CONTENT_TYPE});
        Assertions.assertThat(headObjectInStorage.contentEncoding()).isEqualTo("gzip,compress");
        Assertions.assertThat(headObjectInStorage.metadata()).containsEntry("foobar", "baz");
    }

    @Test
    public void testHttpChunkedContainingAwsChunkedPayloadValidatesChunkSignatures() {
        String str = "http-chunked-aws-chunked-errors";
        this.storageClient.createBucket(builder -> {
            builder.bucket(str).build();
        });
        Assertions.assertThat(doCustomHttpChunkedUpload("http-chunked-aws-chunked-errors", "test-upload", 3, ImmutableMultiMap.builder(false).add("X-Amz-Content-Sha256", "STREAMING-AWS4-HMAC-SHA256-PAYLOAD").add("Content-Encoding", "aws-chunked").build(), TestingUtil.LOREM_IPSUM.length(), str2 -> {
            return TestingChunkSigningSession.build(new Credential(UUID.randomUUID().toString(), UUID.randomUUID().toString()), str2).generateChunkedStream(TestingUtil.LOREM_IPSUM, 3);
        })).isEqualTo(401);
        TestingUtil.assertFileNotInS3(this.storageClient, "http-chunked-aws-chunked-errors", "test-upload");
    }

    private int doHttpChunkedUpload(String str, String str2, String str3, int i, MultiMap multiMap) {
        return doCustomHttpChunkedUpload(str, str2, i, multiMap, str3.length(), str4 -> {
            return str3;
        });
    }

    private int doCustomHttpChunkedUpload(String str, String str2, int i, MultiMap multiMap, int i2, Function<String, String> function) {
        Instant now = Instant.now();
        ImmutableMultiMap.Builder add = ImmutableMultiMap.builder(false).add("Transfer-Encoding", "chunked").add("X-Amz-Date", AwsTimestamp.toRequestFormat(now)).add("X-Amz-Decoded-Content-Length", String.valueOf(i2));
        Objects.requireNonNull(add);
        multiMap.forEach((v1, v2) -> {
            r1.addAll(v1, v2);
        });
        URI build = UriBuilder.fromUri(this.baseUri).path(str).path(str2).build(new Object[0]);
        RequestAuthorization signingAuthorization = new InternalSigningController(new CredentialsController(new TestingRemoteS3Facade(), this.credentialsRolesProvider), new SigningControllerConfig().setMaxClockDrift(new Duration(10.0d, TimeUnit.SECONDS)), new RequestLoggerController(new TrinoAwsProxyConfig())).signRequest(new SigningMetadata(SigningServiceType.S3, Credentials.build(VALID_CREDENTIAL, this.testingCredentials.requiredRemoteCredential()), Optional.empty()), "us-east-1", now, Optional.empty(), (v0) -> {
            return v0.emulated();
        }, build, add.build(), ImmutableMultiMap.empty(), "PUT").signingAuthorization();
        add.add("Authorization", signingAuthorization.authorization());
        Request.Builder bodyGenerator = Request.Builder.preparePut().setUri(build).setBodyGenerator(StreamingBodyGenerator.streamingBodyGenerator(new ForceChunkInputStream(this, function.apply(signingAuthorization.signature()), i)));
        ImmutableMultiMap build2 = add.build();
        Objects.requireNonNull(bodyGenerator);
        build2.forEachEntry(bodyGenerator::addHeader);
        return ((StatusResponseHandler.StatusResponse) this.httpClient.execute(bodyGenerator.build(), StatusResponseHandler.createStatusResponseHandler())).getStatusCode();
    }
}
