package io.trino.aws.proxy.server.signing;

import io.airlift.units.Duration;
import io.trino.aws.proxy.server.credentials.CredentialsController;
import io.trino.aws.proxy.server.rest.RequestLoggerConfig;
import io.trino.aws.proxy.server.rest.RequestLoggerController;
import io.trino.aws.proxy.server.testing.TestingRemoteS3Facade;
import io.trino.aws.proxy.spi.credentials.Credential;
import io.trino.aws.proxy.spi.credentials.Credentials;
import io.trino.aws.proxy.spi.credentials.CredentialsProvider;
import io.trino.aws.proxy.spi.rest.Request;
import io.trino.aws.proxy.spi.rest.RequestContent;
import io.trino.aws.proxy.spi.rest.RequestHeaders;
import io.trino.aws.proxy.spi.signing.SigningController;
import io.trino.aws.proxy.spi.signing.SigningMetadata;
import io.trino.aws.proxy.spi.signing.SigningServiceType;
import io.trino.aws.proxy.spi.util.AwsTimestamp;
import io.trino.aws.proxy.spi.util.ImmutableMultiMap;
import jakarta.ws.rs.WebApplicationException;
import java.net.URI;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/trino/aws/proxy/server/signing/TestSigningController.class */
public class TestSigningController {
    private static final Credentials CREDENTIALS = Credentials.build(new Credential("THIS_IS_AN_ACCESS_KEY", "THIS_IS_A_SECRET_KEY"));
    private static final CredentialsProvider CREDENTIALS_PROVIDER = (str, optional) -> {
        return Optional.of(CREDENTIALS);
    };
    private static final CredentialsController CREDENTIALS_CONTROLLER = new CredentialsController(new TestingRemoteS3Facade(), CREDENTIALS_PROVIDER);
    private static final SigningController LARGE_DRIFT_SIGNING_CONTROLLER = new InternalSigningController(CREDENTIALS_CONTROLLER, new SigningControllerConfig().setMaxClockDrift(new Duration(99999.0d, TimeUnit.DAYS)), new RequestLoggerController(new RequestLoggerConfig()));

    @Test
    public void testRootLs() {
        ImmutableMultiMap.Builder builder = ImmutableMultiMap.builder(false);
        Instant fromRequestTimestamp = AwsTimestamp.fromRequestTimestamp("20240516T024511Z");
        builder.putOrReplaceSingle("X-Amz-Date", "20240516T024511Z");
        builder.putOrReplaceSingle("X-Amz-Content-SHA256", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
        builder.putOrReplaceSingle("X-Amz-Security-Token", "FwoGZXIvYXdzEP3//////////wEaDG79rlcAjsgKPP9N3SKIAu7/Zvngne5Ov6kGrDcIIPUZYkGpwNbj8zNnbWgOhiqmOCM3hrk4NuH17mP5n3nC7urlXZxaTCywKpAHpO3YsvLXcwjlfaYFA0Au4oejwSbU9ybIlzPzrqz7lVesgCfJOV+rj5F5UAh19d7RpRpA6Vy4nxGBTTlCNIVbkW9fp2Esql2/vsdh77rAG+j+BQegtegDCKBfen4gHMdvEOF6hyc4ne43eLXjpvUKxBgpI9MjOHtNHrDbOOBFXDDyknoESgE9Hsm12nDuVQhwrI/hhA4YB/MSIpl4FTgVs2sQP3K+v65tmyvIlpL6O78S6spMM9Tv/F4JLtksTzb90w46uZk9sxKC/RBkRijisM6tBjIrr/0znxnW3i5ggGAX4H/Z3aWlxSdzNs2UGWtqig9Plp3Xa9gG+zCKcXmDAA==");
        builder.putOrReplaceSingle("Host", "localhost:10064");
        Assertions.assertThat(LARGE_DRIFT_SIGNING_CONTROLLER.signRequest(new SigningMetadata(SigningServiceType.S3, CREDENTIALS, Optional.empty()), "us-east-1", fromRequestTimestamp, Optional.empty(), (v0) -> {
            return v0.emulated();
        }, URI.create("http://localhost:10064/"), builder.build(), ImmutableMultiMap.empty(), "GET").signingAuthorization().authorization()).isEqualTo("AWS4-HMAC-SHA256 Credential=THIS_IS_AN_ACCESS_KEY/20240516/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token, Signature=9a19c251bf4e1533174e80da59fa57c65b3149b611ec9a4104f6944767c25704");
    }

    @Test
    public void testBucketLs() {
        ImmutableMultiMap.Builder builder = ImmutableMultiMap.builder(false);
        Instant fromRequestTimestamp = AwsTimestamp.fromRequestTimestamp("20240516T034003Z");
        builder.putOrReplaceSingle("X-Amz-Date", "20240516T034003Z");
        builder.putOrReplaceSingle("X-Amz-Content-SHA256", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
        builder.putOrReplaceSingle("X-Amz-Security-Token", "FwoGZXIvYXdzEP3//////////wEaDG79rlcAjsgKPP9N3SKIAu7/Zvngne5Ov6kGrDcIIPUZYkGpwNbj8zNnbWgOhiqmOCM3hrk4NuH17mP5n3nC7urlXZxaTCywKpAHpO3YsvLXcwjlfaYFA0Au4oejwSbU9ybIlzPzrqz7lVesgCfJOV+rj5F5UAh19d7RpRpA6Vy4nxGBTTlCNIVbkW9fp2Esql2/vsdh77rAG+j+BQegtegDCKBfen4gHMdvEOF6hyc4ne43eLXjpvUKxBgpI9MjOHtNHrDbOOBFXDDyknoESgE9Hsm12nDuVQhwrI/hhA4YB/MSIpl4FTgVs2sQP3K+v65tmyvIlpL6O78S6spMM9Tv/F4JLtksTzb90w46uZk9sxKC/RBkRijisM6tBjIrr/0znxnW3i5ggGAX4H/Z3aWlxSdzNs2UGWtqig9Plp3Xa9gG+zCKcXmDAA==");
        builder.putOrReplaceSingle("Host", "localhost:10064");
        ImmutableMultiMap.Builder builder2 = ImmutableMultiMap.builder(true);
        builder2.putOrReplaceSingle("list-type", "2");
        builder2.putOrReplaceSingle("prefix", "foo/bar");
        builder2.putOrReplaceSingle("delimiter", "/");
        builder2.putOrReplaceSingle("encoding-type", "url");
        Assertions.assertThat(LARGE_DRIFT_SIGNING_CONTROLLER.signRequest(new SigningMetadata(SigningServiceType.S3, CREDENTIALS, Optional.empty()), "us-east-1", fromRequestTimestamp, Optional.empty(), (v0) -> {
            return v0.emulated();
        }, URI.create("http://localhost:10064/mybucket"), builder.build(), builder2.build(), "GET").signingAuthorization().authorization()).isEqualTo("AWS4-HMAC-SHA256 Credential=THIS_IS_AN_ACCESS_KEY/20240516/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token, Signature=222d7b7fcd4d5560c944e8fecd9424ee3915d131c3ad9e000d65db93e87946c4");
    }

    @Test
    public void testStandardRequestClockDrift() {
        long j = 120;
        Duration duration = new Duration(120L, TimeUnit.SECONDS);
        tryValidateRequestOfAge(Instant.now(), duration);
        tryValidateRequestOfAge(nowOffsetBySeconds(-(120 - 10)), duration);
        tryValidateRequestOfAge(nowOffsetBySeconds(120 - 10), duration);
        Assertions.assertThatThrownBy(() -> {
            tryValidateRequestOfAge(nowOffsetBySeconds(-(j + 10)), duration);
        }).isInstanceOf(WebApplicationException.class);
        Assertions.assertThatThrownBy(() -> {
            tryValidateRequestOfAge(nowOffsetBySeconds(j + 10), duration);
        }).isInstanceOf(WebApplicationException.class);
    }

    @Test
    public void testPresignedRequestClockDrift() {
        long j = 120;
        Duration duration = new Duration(120L, TimeUnit.SECONDS);
        tryValidateRequestOfAgeAndExpiry(Instant.now(), nowOffsetBySeconds(10L), duration);
        tryValidateRequestOfAgeAndExpiry(nowOffsetBySeconds(120 - 10), nowOffsetBySeconds(120 + 50), duration);
        Assertions.assertThatThrownBy(() -> {
            tryValidateRequestOfAgeAndExpiry(nowOffsetBySeconds(j + 10), nowOffsetBySeconds(j + 50), duration);
        }).isInstanceOf(WebApplicationException.class);
        tryValidateRequestOfAgeAndExpiry(nowOffsetBySeconds(-(120 * 2)), nowOffsetBySeconds(10L), duration);
        Instant minus = Instant.now().minus((TemporalAmount) Signer.MAX_PRESIGNED_REQUEST_AGE);
        tryValidateRequestOfAgeAndExpiry(minus.plusSeconds(30L), nowOffsetBySeconds(10L), duration);
        Assertions.assertThatThrownBy(() -> {
            tryValidateRequestOfAgeAndExpiry(minus, nowOffsetBySeconds(-10L), duration);
        }).isInstanceOf(WebApplicationException.class);
        Assertions.assertThatThrownBy(() -> {
            tryValidateRequestOfAgeAndExpiry(nowOffsetBySeconds(-30L), nowOffsetBySeconds(-10L), duration);
        }).isInstanceOf(WebApplicationException.class);
        Assertions.assertThatThrownBy(() -> {
            tryValidateRequestOfAgeAndExpiry(minus.minusSeconds(100L), nowOffsetBySeconds(10L), duration);
        }).isInstanceOf(WebApplicationException.class);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void tryValidateRequestOfAge(Instant instant, Duration duration) {
        tryValidateRequestOfAgeAndExpiry(instant, (Optional<Instant>) Optional.empty(), duration);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void tryValidateRequestOfAgeAndExpiry(Instant instant, Instant instant2, Duration duration) {
        tryValidateRequestOfAgeAndExpiry(instant, (Optional<Instant>) Optional.of(instant2), duration);
    }

    private static void tryValidateRequestOfAgeAndExpiry(Instant instant, Optional<Instant> optional, Duration duration) {
        RequestLoggerController requestLoggerController = new RequestLoggerController(new RequestLoggerConfig());
        InternalSigningController internalSigningController = new InternalSigningController(CREDENTIALS_CONTROLLER, new SigningControllerConfig().setMaxClockDrift(duration), requestLoggerController);
        URI create = URI.create("http://dummy-url");
        ImmutableMultiMap build = ImmutableMultiMap.builder(false).putOrReplaceSingle("Host", "http://127.0.0.1:8888").build();
        RequestHeaders requestHeaders = new RequestHeaders(build, build);
        ImmutableMultiMap empty = ImmutableMultiMap.empty();
        Request request = new Request(UUID.randomUUID(), internalSigningController.signRequest(new SigningMetadata(SigningServiceType.S3, CREDENTIALS, Optional.empty()), "some-region", instant, optional, (v0) -> {
            return v0.emulated();
        }, create, build, empty, "POST").signingAuthorization(), instant, create, requestHeaders, empty, "POST", RequestContent.EMPTY);
        requestLoggerController.newRequestSession(request, SigningServiceType.S3);
        internalSigningController.validateAndParseAuthorization(request, SigningServiceType.S3);
    }

    private static Instant nowOffsetBySeconds(long j) {
        return Instant.now().plusSeconds(j);
    }
}
