package com.huawei.fusionstage.middleware.dtm.sercurity.aksk.utils;

import com.huawei.fusionstage.middleware.dtm.common.exception.AuthenticateException;
import com.huawei.fusionstage.middleware.dtm.common.util.FileUtils;
import com.huawei.fusionstage.middleware.dtm.sercurity.aksk.ConstantsDef;
import com.huawei.fusionstage.middleware.dtm.sercurity.aksk.iam.IamRole;
import com.huawei.fusionstage.middleware.dtm.sercurity.aksk.iam.IamToken;
import java.io.IOException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;
import java.util.concurrent.ConcurrentHashMap;
import javax.xml.bind.DatatypeConverter;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: input_file:com/huawei/fusionstage/middleware/dtm/sercurity/aksk/utils/TokenUtils.class */
public class TokenUtils {
    private static final Set<String> MATCH_ROLE_SET = new HashSet();
    private static Map<String, String> signPemFileCache = new ConcurrentHashMap();

    public static void checkRole(List<IamRole> list) throws AuthenticateException {
        Iterator<IamRole> it = list.iterator();
        while (it.hasNext()) {
            if (MATCH_ROLE_SET.contains(it.next().getName())) {
                return;
            }
        }
        throw new AuthenticateException("check token role failed");
    }

    public static void checkRole(JSONObject jSONObject) throws AuthenticateException {
        JSONArray jSONArray = jSONObject.getJSONObject(ConstantsDef.TOKEN).getJSONArray("roles");
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject2 = jSONArray.getJSONObject(i);
            arrayList.add(new IamRole(jSONObject2.getString("id"), jSONObject2.getString("name")));
        }
        checkRole(arrayList);
    }

    public static void checkProjectId(String str, String str2) throws AuthenticateException {
        if (!str2.equals(str)) {
            throw new AuthenticateException("check projectId failed");
        }
    }

    public static void checkDtmAppName(String str, String str2, String str3) throws AuthenticateException {
        if (!Arrays.asList(str.split(",")).contains(str3)) {
            throw new AuthenticateException("project:" + str2 + " not contain dtmappname:" + str3);
        }
    }

    public static boolean checkPkiTokenInCache(Map<String, JSONObject> map, String str) throws AuthenticateException {
        if (!map.containsKey(str) || isExpired(map.get(str))) {
            return false;
        }
        checkRole(map.get(str));
        return true;
    }

    public static boolean isExpired(JSONObject jSONObject) {
        JSONObject jSONObject2;
        String string;
        if (jSONObject == null || (jSONObject2 = jSONObject.getJSONObject(ConstantsDef.TOKEN)) == null || (string = jSONObject2.getString("expires_at")) == null) {
            return true;
        }
        try {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat(ConstantsDef.UTC_TIME_FORMAT);
            simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
            return Long.valueOf(System.currentTimeMillis()).longValue() > Long.valueOf(simpleDateFormat.parse(string).getTime()).longValue();
        } catch (ParseException e) {
            return true;
        }
    }

    public static IamToken parseToken(String str, JSONObject jSONObject) {
        JSONObject jSONObject2 = jSONObject.getJSONObject(ConstantsDef.TOKEN);
        String string = jSONObject2.getString("expires_at");
        String string2 = jSONObject2.getString("issued_at");
        String string3 = jSONObject2.getJSONObject("user").getString("id");
        String string4 = jSONObject2.getJSONObject("user").getString("name");
        JSONObject jSONObject3 = jSONObject2.getJSONObject("user").has("OS-FEDERATION") ? jSONObject2.getJSONObject("user").getJSONObject("OS-FEDERATION") : null;
        String string5 = jSONObject2.has("project") ? jSONObject2.getJSONObject("project").getString("id") : null;
        String string6 = jSONObject2.getJSONObject("user").getJSONObject("domain").getString("id");
        String string7 = jSONObject2.getJSONObject("user").getJSONObject("domain").getString("name");
        JSONArray jSONArray = jSONObject2.getJSONArray("roles");
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject4 = jSONArray.getJSONObject(i);
            arrayList.add(new IamRole(jSONObject4.getString("id"), jSONObject4.getString("name")));
        }
        return new IamToken(str, Long.valueOf(DatatypeConverter.parseDateTime(string).getTimeInMillis()), Long.valueOf(DatatypeConverter.parseDateTime(string2).getTimeInMillis()), string3, string5, string6, string7, arrayList).setUserName(string4).setFederation(jSONObject3);
    }

    public static String decodeToken(String str, String str2, boolean z) throws AuthenticateException {
        String str3 = signPemFileCache.get(str2);
        if (z || StringUtils.isEmpty(str3)) {
            try {
                str3 = FileUtils.readFile(str2);
                signPemFileCache.put(str2, str3);
            } catch (IOException e) {
                throw new AuthenticateException("read file failed");
            }
        }
        String decodeToken = PkiParse.decodeToken(str, str3);
        if (StringUtils.isEmpty(decodeToken)) {
            throw new AuthenticateException("decode token failed, result is null");
        }
        return decodeToken;
    }

    static {
        MATCH_ROLE_SET.add(ConstantsDef.TE_ADMIN);
        MATCH_ROLE_SET.add(ConstantsDef.TE_BUZZ);
        MATCH_ROLE_SET.add(ConstantsDef.TE_DEV);
        MATCH_ROLE_SET.add(ConstantsDef.TE_OPR);
        MATCH_ROLE_SET.add(ConstantsDef.OP_SERVICE);
        MATCH_ROLE_SET.add(ConstantsDef.SECU_ADMIN);
        MATCH_ROLE_SET.add(ConstantsDef.SVCSTG_OPR);
        MATCH_ROLE_SET.add(ConstantsDef.SVCSTG_ADM);
        MATCH_ROLE_SET.add(ConstantsDef.SVCSTG_DEV);
    }
}
