package com.adobe.testing.s3mock;

import com.adobe.testing.s3mock.dto.ErrorResponse;
import com.adobe.testing.s3mock.store.KmsKeyStore;
import com.adobe.testing.s3mock.util.AwsHttpHeaders;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.converter.xml.MappingJackson2XmlHttpMessageConverter;
import org.springframework.lang.NonNull;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:BOOT-INF/classes/com/adobe/testing/s3mock/KmsValidationFilter.class */
class KmsValidationFilter extends OncePerRequestFilter {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) KmsValidationFilter.class);
    private static final String AWS_KMS = "aws:kms";
    private final KmsKeyStore keystore;
    private final MappingJackson2XmlHttpMessageConverter messageConverter;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KmsValidationFilter(KmsKeyStore kmsKeyStore, MappingJackson2XmlHttpMessageConverter mappingJackson2XmlHttpMessageConverter) {
        this.keystore = kmsKeyStore;
        this.messageConverter = mappingJackson2XmlHttpMessageConverter;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(@NonNull HttpServletRequest httpServletRequest, @NonNull HttpServletResponse httpServletResponse, @NonNull FilterChain filterChain) throws ServletException, IOException {
        try {
            LOG.debug("Checking KMS key, if present.");
            String header = httpServletRequest.getHeader("x-amz-server-side-encryption");
            String header2 = httpServletRequest.getHeader(AwsHttpHeaders.X_AMZ_SERVER_SIDE_ENCRYPTION_AWS_KMS_KEY_ID);
            if (AWS_KMS.equals(header) && !StringUtils.isBlank(header2) && !this.keystore.validateKeyId(header2)) {
                LOG.info("Received invalid KMS key ID {}. Sending error response.", header2);
                httpServletRequest.getInputStream().close();
                httpServletResponse.setStatus(HttpStatus.BAD_REQUEST.value());
                httpServletResponse.setHeader("Content-Type", "application/xml");
                this.messageConverter.getObjectMapper().writeValue(httpServletResponse.getOutputStream(), new ErrorResponse("KMS.NotFoundException", "Key ID " + header2 + " does not exist!", null, null));
                httpServletResponse.flushBuffer();
            } else if (AWS_KMS.equals(header) && !StringUtils.isBlank(header2) && this.keystore.validateKeyId(header2)) {
                LOG.info("Received valid KMS key ID {}.", header2);
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } else {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
            LOG.debug("Finished checking KMS key.");
        } catch (Throwable th) {
            LOG.debug("Finished checking KMS key.");
            throw th;
        }
    }
}
