package software.amazon.awssdk.services.s3.internal.checksums;

import com.itextpdf.tool.xml.xtra.xfa.XFAConstants;
import java.util.Arrays;
import java.util.Optional;
import java.util.stream.Stream;
import org.apache.batik.constants.XMLConstants;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.core.ClientType;
import software.amazon.awssdk.core.SdkRequest;
import software.amazon.awssdk.core.checksums.ChecksumSpecs;
import software.amazon.awssdk.core.checksums.SdkChecksum;
import software.amazon.awssdk.core.exception.RetryableException;
import software.amazon.awssdk.core.interceptor.ExecutionAttribute;
import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
import software.amazon.awssdk.core.interceptor.SdkExecutionAttribute;
import software.amazon.awssdk.http.SdkHttpHeaders;
import software.amazon.awssdk.http.SdkHttpRequest;
import software.amazon.awssdk.http.SdkHttpResponse;
import software.amazon.awssdk.services.s3.S3Configuration;
import software.amazon.awssdk.services.s3.model.ChecksumMode;
import software.amazon.awssdk.services.s3.model.GetObjectRequest;
import software.amazon.awssdk.services.s3.model.PutObjectRequest;
import software.amazon.awssdk.services.s3.model.PutObjectResponse;
import software.amazon.awssdk.services.s3.model.ServerSideEncryption;
import software.amazon.awssdk.utils.BinaryUtils;
import software.amazon.awssdk.utils.StringUtils;
import software.amazon.awssdk.utils.internal.Base16Lower;

@SdkInternalApi
/* loaded from: input_file:BOOT-INF/lib/s3-2.29.12.jar:software/amazon/awssdk/services/s3/internal/checksums/ChecksumsEnabledValidator.class */
public final class ChecksumsEnabledValidator {
    public static final ExecutionAttribute<SdkChecksum> CHECKSUM = new ExecutionAttribute<>(XFAConstants.CHECKSUM);

    private ChecksumsEnabledValidator() {
    }

    public static boolean getObjectChecksumEnabledPerRequest(SdkRequest sdkRequest, ExecutionAttributes executionAttributes) {
        return (sdkRequest instanceof GetObjectRequest) && ((GetObjectRequest) sdkRequest).checksumMode() != ChecksumMode.ENABLED && checksumEnabledPerConfig(executionAttributes);
    }

    public static boolean getObjectChecksumEnabledPerResponse(SdkRequest sdkRequest, SdkHttpHeaders sdkHttpHeaders) {
        return (sdkRequest instanceof GetObjectRequest) && checksumEnabledPerResponse(sdkHttpHeaders);
    }

    public static boolean shouldRecordChecksum(SdkRequest sdkRequest, ClientType clientType, ExecutionAttributes executionAttributes, SdkHttpRequest sdkHttpRequest) {
        if ((sdkRequest instanceof PutObjectRequest) && clientType == ((ClientType) executionAttributes.getAttribute(SdkExecutionAttribute.CLIENT_TYPE)) && !hasServerSideEncryptionHeader(sdkHttpRequest) && !isHttpCheckSumValidationEnabled(executionAttributes, sdkRequest)) {
            return checksumEnabledPerConfig(executionAttributes);
        }
        return false;
    }

    private static boolean isHttpCheckSumValidationEnabled(ExecutionAttributes executionAttributes, SdkRequest sdkRequest) {
        if (isChecksumValueSpecified(sdkRequest)) {
            return true;
        }
        Optional optionalAttribute = executionAttributes.getOptionalAttribute(SdkExecutionAttribute.RESOLVED_CHECKSUM_SPECS);
        return optionalAttribute.isPresent() && ((ChecksumSpecs) optionalAttribute.get()).algorithm() != null;
    }

    private static boolean isChecksumValueSpecified(SdkRequest sdkRequest) {
        return Stream.of((Object[]) new String[]{"ChecksumCRC32", "ChecksumCRC32C", "ChecksumSHA1", "ChecksumSHA256"}).anyMatch(str -> {
            return sdkRequest.getValueForField(str, String.class).isPresent();
        });
    }

    public static boolean responseChecksumIsValid(SdkHttpResponse sdkHttpResponse) {
        return !hasServerSideEncryptionHeader(sdkHttpResponse);
    }

    private static boolean hasServerSideEncryptionHeader(SdkHttpHeaders sdkHttpHeaders) {
        return sdkHttpHeaders.firstMatchingHeader(ChecksumConstant.SERVER_SIDE_CUSTOMER_ENCRYPTION_HEADER).isPresent() || sdkHttpHeaders.firstMatchingHeader(ChecksumConstant.SERVER_SIDE_ENCRYPTION_HEADER).filter(str -> {
            return str.contains(ServerSideEncryption.AWS_KMS.toString());
        }).isPresent();
    }

    public static void validatePutObjectChecksum(PutObjectResponse putObjectResponse, ExecutionAttributes executionAttributes) {
        SdkChecksum sdkChecksum = (SdkChecksum) executionAttributes.getAttribute(CHECKSUM);
        if (putObjectResponse.eTag() != null) {
            byte[] fromBase64 = BinaryUtils.fromBase64(BinaryUtils.toBase64(sdkChecksum.getChecksumBytes()));
            byte[] decode = Base16Lower.decode(StringUtils.replace(putObjectResponse.eTag(), XMLConstants.XML_DOUBLE_QUOTE, ""));
            if (!Arrays.equals(fromBase64, decode)) {
                throw RetryableException.create(String.format("Data read has a different checksum than expected. Was 0x%s, but expected 0x%s. This commonly means that the data was corrupted between the client and service. Note: Despite this error, the upload still completed and was persisted in S3.", BinaryUtils.toHex(fromBase64), BinaryUtils.toHex(decode)));
            }
        }
    }

    private static boolean checksumEnabledPerResponse(SdkHttpHeaders sdkHttpHeaders) {
        return sdkHttpHeaders.firstMatchingHeader(ChecksumConstant.CHECKSUM_ENABLED_RESPONSE_HEADER).filter(str -> {
            return str.equals(ChecksumConstant.ENABLE_MD5_CHECKSUM_HEADER_VALUE);
        }).isPresent();
    }

    private static boolean checksumEnabledPerConfig(ExecutionAttributes executionAttributes) {
        S3Configuration s3Configuration = (S3Configuration) executionAttributes.getAttribute(SdkExecutionAttribute.SERVICE_CONFIG);
        return s3Configuration == null || s3Configuration.checksumValidationEnabled();
    }
}
