package com.huawei.dlcatalog.credential.services.internal;

import com.huawei.dlcatalog.constant.DLCatalogConstants;
import com.obs.services.internal.security.LimitedTimeSecurityKey;
import com.obs.services.internal.security.SecurityKey;
import com.obs.services.internal.security.SecurityKeyBean;
import java.io.IOException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import mrs.shaded.provider.com.cloud.apigateway.sdk.utils.Client;
import obs.shaded.okhttp3.OkHttpClient;
import obs.shaded.okhttp3.Request;
import obs.shaded.okhttp3.RequestBody;
import obs.shaded.okhttp3.Response;
import org.apache.http.Header;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.util.EntityUtils;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/dlcatalog/credential/services/internal/IamSdkClient.class */
public class IamSdkClient {
    private static final String POST_REQUEST = "POST";
    private static final Logger LOG = LoggerFactory.getLogger(IamSdkClient.class);
    private static OkHttpClient okHttpClient = null;
    private static boolean ignoreSslCertificate = false;

    public static OkHttpClient getClient() {
        return okHttpClient;
    }

    public static void init(boolean z) {
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        if (z) {
            ignoreSslCertificate = true;
            builder = configureToIgnoreCertificate(builder);
        }
        okHttpClient = builder.build();
    }

    private static OkHttpClient.Builder configureToIgnoreCertificate(OkHttpClient.Builder builder) {
        LOG.debug("Ignore Ssl Certificate");
        try {
            TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.huawei.dlcatalog.credential.services.internal.IamSdkClient.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }};
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            builder.sslSocketFactory(sSLContext.getSocketFactory(), (X509TrustManager) trustManagerArr[0]);
            builder.hostnameVerifier(new HostnameVerifier() { // from class: com.huawei.dlcatalog.credential.services.internal.IamSdkClient.2
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return true;
                }
            });
        } catch (Exception e) {
            LOG.warn("Exception while configuring IgnoreSslCertificate" + e, e);
        }
        return builder;
    }

    public LimitedTimeSecurityKey getKeyFromIam(String str, RequestBody requestBody, String str2) {
        try {
            Response execute = okHttpClient.newCall(new Request.Builder().addHeader("X-Auth-Token", str2).url(str).post(requestBody).build()).execute();
            if (!execute.isSuccessful() || execute.body() == null) {
                LOG.warn("Get token form iam failed: " + execute);
                return null;
            }
            String string = execute.body().string();
            try {
                SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS");
                String valueOf = String.valueOf(new JSONObject(String.valueOf(new JSONObject(string).get(DLCatalogConstants.TOKEN_KEY))).get("expires_at"));
                Date parse = simpleDateFormat.parse(valueOf.substring(0, valueOf.length() - 4));
                String header = execute.header("X-Subject-Token");
                LOG.info("responseBody is {}, securityToken is {}", string, header);
                LOG.warn("the xrole will expiry at UTC time : " + parse);
                return new LimitedTimeSecurityKey("accessKey", "secretKey", header, parse);
            } catch (ParseException e) {
                throw new IllegalArgumentException("Date parse failed :" + e.getMessage());
            }
        } catch (IOException e2) {
            LOG.warn("Get token form iam error: " + e2);
            return null;
        }
    }

    public String getTokenFromIam(String str, RequestBody requestBody) {
        try {
            Response execute = okHttpClient.newCall(new Request.Builder().url(str).post(requestBody).build()).execute();
            if (!execute.isSuccessful() || execute.body() == null) {
                LOG.warn("Get token form iam failed: " + execute);
                return null;
            }
            String string = execute.body().string();
            try {
                SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS");
                String valueOf = String.valueOf(new JSONObject(String.valueOf(new JSONObject(string).get(DLCatalogConstants.TOKEN_KEY))).get("expires_at"));
                Date parse = simpleDateFormat.parse(valueOf.substring(0, valueOf.length() - 4));
                String header = execute.header("X-Subject-Token");
                LOG.info("responseBody is {}, securityToken is {}", string, header);
                LOG.warn("the token will expiry at UTC time : " + parse);
                return header;
            } catch (ParseException e) {
                throw new IllegalArgumentException("Date parse failed :" + e.getMessage());
            }
        } catch (IOException e2) {
            LOG.warn("Get token form iam error: " + e2);
            return null;
        }
    }

    public SecurityKey getIamAssumeRoleToken(String str, String str2, String str3, String str4, String str5, String str6) {
        CloseableHttpClient build;
        CloseableHttpResponse execute;
        String obj;
        int statusCode;
        mrs.shaded.provider.com.cloud.apigateway.sdk.utils.Request request = new mrs.shaded.provider.com.cloud.apigateway.sdk.utils.Request();
        try {
            request.setKey(str3);
            request.setSecret(str4);
            request.setMethod(POST_REQUEST);
            request.setUrl(str);
            request.setBody(str5);
            request.addHeader("Content-Type", "application/json;charset=utf8");
            request.addHeader("X-Domain-Id", str6);
            request.addHeader("X-Security-Token", str2);
            CloseableHttpClient closeableHttpClient = null;
            try {
                try {
                    HttpRequestBase sign = Client.sign(request);
                    SSLContext build2 = new SSLContextBuilder().loadTrustMaterial((KeyStore) null, (x509CertificateArr, str7) -> {
                        return true;
                    }).build();
                    PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(RegistryBuilder.create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", new SSLConnectionSocketFactory(build2, (str8, sSLSession) -> {
                        return true;
                    })).build());
                    HttpClientBuilder custom = HttpClients.custom();
                    custom.setSSLContext(build2);
                    custom.setConnectionManager(poolingHttpClientConnectionManager);
                    build = custom.build();
                    execute = build.execute(sign);
                    obj = execute.getStatusLine().toString();
                    statusCode = execute.getStatusLine().getStatusCode();
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            closeableHttpClient.close();
                        } catch (IOException e) {
                            LOG.warn("close client failed: " + e);
                            throw th;
                        }
                    }
                    throw th;
                }
            } catch (Exception e2) {
                LOG.warn("Get iam assume role token failed: " + e2);
                e2.printStackTrace();
                if (0 != 0) {
                    try {
                        closeableHttpClient.close();
                    } catch (IOException e3) {
                        LOG.warn("close client failed: " + e3);
                    }
                }
            }
            if (statusCode < 200 || statusCode > 300) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Get iam assume role token failed: " + execute + "response status: " + obj);
                }
                if (build != null) {
                    try {
                        build.close();
                    } catch (IOException e4) {
                        LOG.warn("close client failed: " + e4);
                    }
                }
                return null;
            }
            String entityUtils = EntityUtils.toString(execute.getEntity(), "UTF-8");
            if (LOG.isDebugEnabled()) {
                LOG.debug("Get iam assume role token: " + entityUtils);
                LOG.debug("Get iam assume role token: " + entityUtils + "response status: " + obj);
            }
            Header[] headers = execute.getHeaders("X-Subject-Token");
            if (headers == null || headers.length != 1) {
                if (build != null) {
                    try {
                        build.close();
                    } catch (IOException e5) {
                        LOG.warn("close client failed: " + e5);
                    }
                }
                LOG.warn("Get iam assume role token failed. return null");
                return null;
            }
            SecurityKey securityKey = new SecurityKey();
            SecurityKeyBean securityKeyBean = new SecurityKeyBean();
            securityKeyBean.setAccessKey("accessKey");
            securityKeyBean.setSecretKey("secretKey");
            securityKeyBean.setSecurityToken(headers[0].getValue());
            securityKeyBean.setExpiresDate(String.valueOf(new JSONObject(String.valueOf(new JSONObject(entityUtils).get(DLCatalogConstants.TOKEN_KEY))).get("expires_at")));
            securityKey.setBean(securityKeyBean);
            if (build != null) {
                try {
                    build.close();
                } catch (IOException e6) {
                    LOG.warn("close client failed: " + e6);
                }
            }
            return securityKey;
        } catch (Exception e7) {
            LOG.warn("Get iam assume role token failed: " + e7);
            return null;
        }
    }
}
