package com.huawei.fusionstage.middleware.dtm.sercurity.aksk.iam;

import com.huawei.fusionstage.middleware.dtm.common.exception.AuthenticateException;
import com.huawei.fusionstage.middleware.dtm.common.logger.DTMLoggerFactory;
import com.huawei.fusionstage.middleware.dtm.sercurity.aksk.ConstantsDef;
import com.huawei.fusionstage.middleware.dtm.sercurity.aksk.cache.MemCacheManager;
import com.huawei.fusionstage.middleware.dtm.sercurity.aksk.http.PaasHttpResponse;
import com.huawei.fusionstage.middleware.dtm.sercurity.aksk.utils.CipherUtil;
import com.huawei.fusionstage.middleware.dtm.sercurity.aksk.utils.HttpUtil;
import com.huawei.fusionstage.middleware.dtm.sercurity.aksk.utils.TimeUtils;
import com.huawei.fusionstage.middleware.dtm.sercurity.aksk.utils.TokenUtils;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.text.ParseException;
import java.util.HashMap;
import java.util.Map;
import org.json.JSONObject;
import org.slf4j.Logger;

/* loaded from: input_file:com/huawei/fusionstage/middleware/dtm/sercurity/aksk/iam/IamAuthcator.class */
public class IamAuthcator implements IAuthcator {
    private static final Logger logger = DTMLoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private static final long CACHE_TIMEOUT = 900000;
    private static final int CACHE_CHECK_INTERVAL = 30000;
    private static final MemCacheManager CACHE_MANAGER = new MemCacheManager(CACHE_TIMEOUT, CACHE_CHECK_INTERVAL, true);
    private static final String TOKEN_HEAD_FIELD = "X-Auth-Token";
    private final String iamEndpoint;

    public IamAuthcator(String str) {
        this.iamEndpoint = str;
    }

    private static String getUserTokenCacheKey(String str, String str2, String str3) {
        return str + str2 + str3;
    }

    private static String getAkTokenCacheKey(String str, String str2) {
        return str + str2;
    }

    private static String getAkCacheKey(String str, String str2) {
        return str + str2;
    }

    @Override // com.huawei.fusionstage.middleware.dtm.sercurity.aksk.iam.IAuthcator
    public IamToken authByPasswd(String str, String str2, String str3, char[] cArr) throws AuthenticateException {
        HashMap hashMap = new HashMap();
        hashMap.put(HttpUtil.CONTENT_TYPE_HEAD_FIELD, HttpUtil.CONTENT_TYPE_JSON_UTF8);
        try {
            PaasHttpResponse postAsyn = HttpUtil.postAsyn(this.iamEndpoint, ConstantsDef.GET_TOKEN, hashMap, (str == null || str.isEmpty()) ? String.format(ConstantsDef.PWD_LOGIN_REQUEST_DOMAIN, str2, String.copyValueOf(cArr), str3, str3) : String.format(ConstantsDef.PWD_LOGIN_REQUEST_PROJECT, str2, String.copyValueOf(cArr), str3, str));
            if (postAsyn.getStatusCode() < 200 || postAsyn.getStatusCode() >= 300) {
                logger.error("login by passwd failed, status:{}, msg:{}", Integer.valueOf(postAsyn.getStatusCode()), postAsyn.getStatusMsg());
                postAsyn.consumeEntity();
                throw new AuthenticateException(String.format("login by passwd failed, status: %d, msg: %s", Integer.valueOf(postAsyn.getStatusCode()), postAsyn.getStatusMsg()));
            }
            IamToken parseToken = parseToken(postAsyn);
            if (parseToken != null && parseToken.getTokenString() != null) {
                return parseToken;
            }
            logger.error("passwd login failed, token is empty");
            throw new AuthenticateException("passwd login failed, token is empty.");
        } catch (Throwable th) {
            logger.error("passwd login failed: {}", th.getMessage());
            throw new AuthenticateException(String.format("passwd login failed: %s", th.getMessage()));
        }
    }

    @Override // com.huawei.fusionstage.middleware.dtm.sercurity.aksk.iam.IAuthcator
    public IamSecretKey getSkByAk(String str, IamAccount iamAccount, boolean z) throws AuthenticateException {
        IamToken tokenByPwd = getTokenByPwd(null, iamAccount, z);
        if (str != null && !str.trim().isEmpty()) {
            return getSkByAk(str, tokenByPwd.getToken(), z);
        }
        logger.error("ak is null or empty");
        throw new AuthenticateException(String.format("ak is null or empty", new Object[0]));
    }

    @Override // com.huawei.fusionstage.middleware.dtm.sercurity.aksk.iam.IAuthcator
    public IamToken getTokenByAk(String str, String str2, String str3, String str4, char[] cArr, boolean z) throws AuthenticateException {
        IamToken iamToken;
        String akTokenCacheKey = getAkTokenCacheKey(str2, str);
        if (z && (iamToken = (IamToken) CACHE_MANAGER.getItem(akTokenCacheKey)) != null && !iamToken.isExpired()) {
            return iamToken;
        }
        IamToken tokenByPwd = getTokenByPwd(null, str3, str4, cArr, z);
        HashMap hashMap = new HashMap();
        hashMap.put(TOKEN_HEAD_FIELD, tokenByPwd.getToken());
        hashMap.put(HttpUtil.CONTENT_TYPE_HEAD_FIELD, HttpUtil.CONTENT_TYPE_JSON_UTF8);
        IamToken loginByAccessKey = loginByAccessKey(str, str2, hashMap);
        if (z) {
            CACHE_MANAGER.addItem(akTokenCacheKey, loginByAccessKey);
            CACHE_MANAGER.addItem(getAkCacheKey(loginByAccessKey.getDomainId(), loginByAccessKey.getUserId()), str2);
        }
        return loginByAccessKey;
    }

    @Override // com.huawei.fusionstage.middleware.dtm.sercurity.aksk.iam.IAuthcator
    public IamToken getTokenByAk(String str, String str2, IamAccount iamAccount, boolean z) throws AuthenticateException {
        IamToken iamToken;
        String akTokenCacheKey = getAkTokenCacheKey(str2, str);
        if (z && (iamToken = (IamToken) CACHE_MANAGER.getItem(akTokenCacheKey)) != null && !iamToken.isExpired()) {
            return iamToken;
        }
        char[] passwd = iamAccount.getPasswd();
        IamToken tokenByAk = getTokenByAk(str, str2, iamAccount.getUserName(), iamAccount.getDomainName(), passwd, z);
        CipherUtil.clearArray(passwd);
        return tokenByAk;
    }

    public IamToken getTokenByPwd(String str, IamAccount iamAccount, boolean z) throws AuthenticateException {
        if (z) {
            IamToken iamToken = (IamToken) CACHE_MANAGER.getItem(getUserTokenCacheKey(str, iamAccount.getUserName(), iamAccount.getDomainName()));
            if (iamToken != null && !iamToken.isExpired()) {
                logger.info("get iam accout token by cache");
                return iamToken;
            }
        }
        char[] passwd = iamAccount.getPasswd();
        IamToken tokenByPwd = getTokenByPwd(str, iamAccount.getUserName(), iamAccount.getDomainName(), passwd, z);
        CipherUtil.clearArray(passwd);
        return tokenByPwd;
    }

    private IamToken getTokenByPwd(String str, String str2, String str3, char[] cArr, boolean z) throws AuthenticateException {
        IamToken authByPasswd;
        if (z) {
            String userTokenCacheKey = getUserTokenCacheKey(str, str2, str3);
            authByPasswd = (IamToken) CACHE_MANAGER.getItem(userTokenCacheKey);
            if (authByPasswd == null || authByPasswd.isExpired()) {
                logger.info("re get iam accout token");
                authByPasswd = authByPasswd(str, str2, str3, cArr);
                CACHE_MANAGER.addItem(userTokenCacheKey, authByPasswd);
            }
        } else {
            authByPasswd = authByPasswd(str, str2, str3, cArr);
        }
        return authByPasswd;
    }

    private IamSecretKey getSkByAk(String str, String str2, boolean z) throws AuthenticateException {
        IamSecretKey iamSecretKey;
        if (z && (iamSecretKey = (IamSecretKey) CACHE_MANAGER.getItem(str)) != null && !iamSecretKey.isExpired()) {
            logger.info("get sk by ak,find in cache");
            return iamSecretKey;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(HttpUtil.CONTENT_TYPE_HEAD_FIELD, HttpUtil.CONTENT_TYPE_JSON_UTF8);
        hashMap.put(TOKEN_HEAD_FIELD, str2);
        try {
            PaasHttpResponse asyn = HttpUtil.getAsyn(this.iamEndpoint, String.format(ConstantsDef.GET_SK, str), hashMap);
            if (asyn.getStatusCode() < 200 || asyn.getStatusCode() >= 300) {
                logger.error("get secret key by access key failed, status: {}, msg: {}", Integer.valueOf(asyn.getStatusCode()), asyn.getStatusMsg());
                asyn.consumeEntity();
                throw new AuthenticateException(String.format("get secret key by access key failed, status: %d, msg: %s", Integer.valueOf(asyn.getStatusCode()), asyn.getStatusMsg()));
            }
            IamSecretKey parseSecretKey = parseSecretKey(asyn);
            if (z) {
                CACHE_MANAGER.addItem(str, parseSecretKey);
            }
            return parseSecretKey;
        } catch (Throwable th) {
            logger.error("get secret key by access key failed: {}", th.getMessage());
            throw new AuthenticateException(String.format("get secret key by access key failed: %s", th.getMessage()));
        }
    }

    private IamSecretKey parseSecretKey(PaasHttpResponse paasHttpResponse) throws ParseException {
        try {
            JSONObject jSONObject = new JSONObject(paasHttpResponse.getResponseBody());
            return new IamSecretKey(jSONObject.getString("access"), jSONObject.getString("secret"), Long.valueOf(TimeUtils.getUTCTime(jSONObject.getString("expires_at"))));
        } catch (IOException e) {
            logger.error("parse secret key failed:{}", e.getMessage());
            throw new ParseException(e.getMessage(), 0);
        }
    }

    private IamToken loginByAccessKey(String str, String str2, Map<String, String> map) throws AuthenticateException {
        try {
            PaasHttpResponse postAsyn = HttpUtil.postAsyn(this.iamEndpoint, ConstantsDef.GET_TOKEN, map, String.format(ConstantsDef.AK_SK_LOGIN_REQUEST, str2, str));
            if (postAsyn.getStatusCode() < 200 || postAsyn.getStatusCode() >= 300) {
                logger.error("login by ak&projectId failed, status: {}, msg: {}", Integer.valueOf(postAsyn.getStatusCode()), postAsyn.getStatusMsg());
                postAsyn.consumeEntity();
                throw new AuthenticateException(String.format("login by ak&projectId failed, status: %d, msg: %s", Integer.valueOf(postAsyn.getStatusCode()), postAsyn.getStatusMsg()));
            }
            IamToken parseToken = parseToken(postAsyn);
            if (parseToken.getTokenString() != null) {
                return parseToken;
            }
            logger.error("accessKey login failed, token is empty.");
            throw new AuthenticateException("accessKey login failed, token is empty.");
        } catch (Exception e) {
            logger.error("accessKey login failed: {}", e.getMessage());
            throw new AuthenticateException(String.format("accessKey login failed: %s", e.getMessage()));
        }
    }

    private IamToken parseToken(PaasHttpResponse paasHttpResponse) throws IOException {
        return TokenUtils.parseToken(paasHttpResponse.getHeader("X-Subject-Token"), new JSONObject(paasHttpResponse.getResponseBody()));
    }
}
