package com.huawei.mpc.service;

import com.huawei.mpc.client.MpcClient;
import com.huawei.mpc.common.exception.MpcException;
import com.huawei.mpc.common.util.DateUtil;
import com.huawei.mpc.common.util.ErrorEnum;
import com.huawei.mpc.retrofit.model.AuthObj;
import com.huawei.mpc.retrofit.model.CredentialReq;
import com.huawei.mpc.retrofit.model.TemporaryCredential;
import com.huawei.mpc.retrofit.model.Token;
import com.huawei.mpc.retrofit.model.TokenCache;
import com.huawei.mpc.retrofit.util.RetrofitUtil;
import java.time.Duration;
import java.util.Arrays;
import okhttp3.ResponseBody;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import retrofit2.Response;

/* loaded from: input_file:com/huawei/mpc/service/IamService.class */
public class IamService extends BaseService {
    private TokenCache tokenCache = new TokenCache();
    public static IamService instance = null;
    private static final Logger LOGGER = LoggerFactory.getLogger(BaseService.class);

    public static IamService getInstance() {
        if (null == instance) {
            instance = new IamService();
        }
        return instance;
    }

    public String getTokenStr(MpcClient mpcClient) {
        AuthObj buildAuthBean = buildAuthBean(mpcClient.getMpcConfig().getUsername(), mpcClient.getMpcConfig().getPassword(), mpcClient.getMpcConfig().getDomainName(), mpcClient);
        if (this.tokenCache.getToken() == null || this.tokenCache.getTokenStr() == null) {
            return getTokenFromIam(buildAuthBean, mpcClient);
        }
        if (Duration.between(DateUtil.getUtcTime(), this.tokenCache.getToken().getExpiresTime()).toMinutes() >= 10) {
            return this.tokenCache.getTokenStr();
        }
        LOGGER.error("token of iam is outdated , try to get new one");
        return getTokenFromIam(buildAuthBean, mpcClient);
    }

    private String getTokenFromIam(AuthObj authObj, MpcClient mpcClient) {
        String str;
        Token token;
        Response execute;
        try {
            execute = RetrofitUtil.getIamApi(mpcClient.getMpcConfig().getIamEndPoint(), mpcClient.getClientConfig()).getToken(authObj).execute();
            str = execute.headers().get("X-Subject-Token");
        } catch (Exception e) {
            LOGGER.debug("get token from iam error ", e);
            str = null;
            token = null;
        }
        if (execute.errorBody() != null) {
            String string = execute.errorBody().string();
            LOGGER.error("get token failed from iam ,errorMessage is {}", string);
            throw new MpcException(string);
        }
        token = (Token) gson.fromJson(((ResponseBody) execute.body()).string(), Token.class);
        if (token != null) {
            this.tokenCache.setToken(token);
            this.tokenCache.setTokenStr(str);
        }
        return str;
    }

    public TemporaryCredential requestTemporaryCredential(String str, String str2, String str3, int i, MpcClient mpcClient) {
        if (i <= 900 || i >= 86400) {
            throw new MpcException("Duration needs to be 15 minutes to 24 hours");
        }
        TemporaryCredential temporaryCredential = new TemporaryCredential();
        try {
            String tokenFromIam = getTokenFromIam(buildAuthBean(str, str2, str3, mpcClient), mpcClient);
            CredentialReq credentialReq = new CredentialReq();
            CredentialReq.AuthBean.IdentityBean.TokenBean tokenBean = new CredentialReq.AuthBean.IdentityBean.TokenBean();
            tokenBean.setDurationseconds(i + "");
            tokenBean.setId(tokenFromIam);
            credentialReq.getAuth().getIdentity().setToken(tokenBean);
            return (TemporaryCredential) requestToMpc(null, RetrofitUtil.getIamApi(mpcClient.getMpcConfig().getIamEndPoint(), mpcClient.getClientConfig()).getCredential(credentialReq, tokenFromIam), TemporaryCredential.class);
        } catch (Exception e) {
            temporaryCredential.setRequestStatus("FAILED");
            temporaryCredential.setErrorCode(ErrorEnum.SERVER_INTERNAL_ERROR.getCode());
            temporaryCredential.setErrorMsg(e.getMessage());
            return temporaryCredential;
        }
    }

    private AuthObj buildAuthBean(String str, String str2, String str3, MpcClient mpcClient) {
        AuthObj authObj = new AuthObj();
        AuthObj.AuthBean authBean = new AuthObj.AuthBean();
        AuthObj.AuthBean.ScopeBean scopeBean = new AuthObj.AuthBean.ScopeBean();
        AuthObj.AuthBean.ScopeBean.Project project = new AuthObj.AuthBean.ScopeBean.Project();
        project.setId(mpcClient.getMpcConfig().getProjectId());
        scopeBean.setProject(project);
        AuthObj.AuthBean.IdentityBean identityBean = new AuthObj.AuthBean.IdentityBean();
        identityBean.setMethods(Arrays.asList("password"));
        AuthObj.AuthBean.IdentityBean.PasswordBean passwordBean = new AuthObj.AuthBean.IdentityBean.PasswordBean();
        AuthObj.AuthBean.IdentityBean.PasswordBean.UserBean userBean = new AuthObj.AuthBean.IdentityBean.PasswordBean.UserBean();
        userBean.setName(str);
        userBean.setPassword(str2);
        passwordBean.setUser(userBean);
        identityBean.setPassword(passwordBean);
        AuthObj.AuthBean.IdentityBean.PasswordBean.UserBean.DomainBean domainBean = new AuthObj.AuthBean.IdentityBean.PasswordBean.UserBean.DomainBean();
        domainBean.setName(str3);
        userBean.setDomain(domainBean);
        authBean.setIdentity(identityBean);
        authBean.setScope(scopeBean);
        authObj.setAuth(authBean);
        return authObj;
    }
}
