package alluxio.proxy.s3.signature.utils;

import alluxio.proxy.s3.S3ErrorCode;
import alluxio.proxy.s3.S3Exception;
import alluxio.proxy.s3.signature.AwsCredential;
import alluxio.proxy.s3.signature.SignatureInfo;
import java.util.StringTokenizer;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:alluxio/proxy/s3/signature/utils/AwsAuthV4HeaderParserUtils.class */
public final class AwsAuthV4HeaderParserUtils {
    private static final Logger LOG = LoggerFactory.getLogger(AwsAuthV4HeaderParserUtils.class);
    private static final String CREDENTIAL = "Credential=";
    private static final String SIGNEDHEADERS = "SignedHeaders=";
    private static final String SIGNATURE = "Signature=";
    private static final String AWS4_SIGNING_ALGORITHM = "AWS4-HMAC-SHA256";

    private static String parseSignedHeaders(String str, String str2) throws S3Exception {
        if (!StringUtils.isNotEmpty(str2) || !str2.startsWith(SIGNEDHEADERS)) {
            LOG.error("No signed headers found. AuthHeader:{}", str);
            throw new S3Exception(str, S3ErrorCode.AUTHORIZATION_HEADER_MALFORMED);
        }
        String substring = str2.substring(SIGNEDHEADERS.length());
        if (new StringTokenizer(substring, ";").hasMoreTokens()) {
            return substring;
        }
        LOG.error("No signed headers found. AuthHeader:{}", str);
        throw new S3Exception(str, S3ErrorCode.AUTHORIZATION_HEADER_MALFORMED);
    }

    public static SignatureInfo parseSignature(String str, String str2) throws S3Exception {
        if (str == null || !str.startsWith("AWS4")) {
            return null;
        }
        int indexOf = str.indexOf(32);
        if (indexOf < 0) {
            throw new S3Exception(str, S3ErrorCode.AUTHORIZATION_HEADER_MALFORMED);
        }
        String[] split = str.substring(indexOf + 1).trim().split(", *");
        if (split.length != 3) {
            throw new S3Exception(str, S3ErrorCode.AUTHORIZATION_HEADER_MALFORMED);
        }
        String substring = str.substring(0, indexOf);
        validateAlgorithm(str, substring);
        AwsCredential parseCredentials = parseCredentials(str, split[0]);
        String parseSignedHeaders = parseSignedHeaders(str, split[1]);
        return new SignatureInfo(SignatureInfo.Version.V4, parseCredentials.getDate(), str2, parseCredentials.getAccessKeyID(), encodeSignature(str, split[2]), parseSignedHeaders, parseCredentials.createScope(), substring, true);
    }

    private static String encodeSignature(String str, String str2) throws S3Exception {
        if (!str2.startsWith(SIGNATURE)) {
            LOG.error("No signature found: {}", str2);
            throw new S3Exception(str, S3ErrorCode.AUTHORIZATION_HEADER_MALFORMED);
        }
        String substring = str2.substring(SIGNATURE.length());
        if (StringUtils.isEmpty(substring)) {
            LOG.error("Signature can't be empty: {}", str2);
            throw new S3Exception(str, S3ErrorCode.AUTHORIZATION_HEADER_MALFORMED);
        }
        try {
            Hex.decodeHex(substring);
            return substring;
        } catch (DecoderException e) {
            LOG.error("Signature:{} should be in hexa-decimal encoding.", str2);
            throw new S3Exception(str, S3ErrorCode.AUTHORIZATION_HEADER_MALFORMED);
        }
    }

    private static AwsCredential parseCredentials(String str, String str2) throws S3Exception {
        if (StringUtils.isNotEmpty(str2) && str2.startsWith(CREDENTIAL)) {
            return AwsCredential.create(str2.substring(CREDENTIAL.length()));
        }
        throw new S3Exception(str, S3ErrorCode.AUTHORIZATION_HEADER_MALFORMED);
    }

    private static void validateAlgorithm(String str, String str2) throws S3Exception {
        if (StringUtils.isEmpty(str2) || !str2.equals(AWS4_SIGNING_ALGORITHM)) {
            LOG.error("Unexpected hash algorithm. Algorithm:{}", str2);
            throw new S3Exception(str, S3ErrorCode.AUTHORIZATION_HEADER_MALFORMED);
        }
    }
}
