package com.huawei.bigdata.om.web.controller;

import com.huawei.bigdata.om.acs.api.model.security.acs.OrderEnum;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.ListUserRequest;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.ListUserResponse;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.User;
import com.huawei.bigdata.om.client.Client;
import com.huawei.bigdata.om.client.ClientProvider;
import com.huawei.bigdata.om.client.ClientProviderFactory;
import com.huawei.bigdata.om.common.utils.FileUtil;
import com.huawei.bigdata.om.common.utils.StringHelper;
import com.huawei.bigdata.om.northbound.snmp.constdefinition.ConstDefinition;
import com.huawei.bigdata.om.web.client.SecurityClient;
import com.huawei.bigdata.om.web.client.WebContext;
import com.huawei.bigdata.om.web.model.proto.RESTResponse;
import com.huawei.bigdata.om.web.model.security.user.AuthenAccount;
import com.huawei.bigdata.om.web.model.security.user.AuthenAccountRequest;
import com.huawei.bigdata.om.web.model.security.user.AuthenAccountResponse;
import com.huawei.bigdata.om.web.util.ApplicationConfiguration;
import com.huawei.bigdata.om.web.util.WebUtils;
import java.text.Normalizer;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.configuration2.Configuration;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.context.annotation.DependsOn;
import org.springframework.stereotype.Service;
import org.springframework.web.client.RestTemplate;

@DependsOn({"restTemplate"})
@Service
/* loaded from: input_file:com/huawei/bigdata/om/web/controller/DockWith4AClient.class */
public class DockWith4AClient {
    public static final String NOT_DEFUALT_USER = "1";
    private static final String CONFIGURATION_BEAN_NAME = "configuration";
    private static final String CLIENT_PROVIDER_FACTORY_BEAN_NAME = "clientProviderFactory";
    private static final String HUMAN_USER = "0";
    private static final String DOCK4A_WHITE_IP_PROFILE = "dock4A_white_ip.properties";
    private static final int USER_NUM_MAX = 1000;
    private static final String SYN_FLAG = "syn";
    private static final String OPER_SUCCESS = "0";
    private static final String OPER_FAILED = "1";
    private static final String COMMA = ",";
    private static final String SEMICOLON = ";";
    private static final String UNKNOWN = "unknown";
    private static final String NULL = "null";
    private static final String ALLOWED_IP_LIST_PROP = "allowed_ip_list";
    private static final String ALLOWED_SWITCH = "allowed_switch";
    private static final String ON_STATE = "on";
    private static Properties load4AProperties;

    @Autowired
    private ApplicationContext applicationContext;

    @Autowired
    private RestTemplate restTemplate;
    private static final Logger LOG = LoggerFactory.getLogger(DockWith4AClient.class);
    private static final String CONFIG_FILE_DIR = System.getenv(ConstDefinition.OM_TOMCAT_HOME) + "/webapps/web/WEB-INF/classes/config/";

    public static Properties get4AProperties() {
        if (load4AProperties == null) {
            load4AProperties = FileUtil.loadProperties(CONFIG_FILE_DIR + DOCK4A_WHITE_IP_PROFILE);
        }
        return load4AProperties;
    }

    private SecurityClient createSecurityClient(HttpServletRequest httpServletRequest) {
        if (this.applicationContext == null || this.restTemplate == null) {
            LOG.error("ApplicationContext or RestTemplate is null.");
            return null;
        }
        Configuration configuration = (Configuration) this.applicationContext.getBean(CONFIGURATION_BEAN_NAME, Configuration.class);
        WebContext webContext = new WebContext();
        webContext.setConfiguration(configuration);
        webContext.setPrincipal(httpServletRequest.getUserPrincipal());
        webContext.setServletContext(httpServletRequest.getServletContext());
        ClientProvider newClientProvider = ((ClientProviderFactory) this.applicationContext.getBean(CLIENT_PROVIDER_FACTORY_BEAN_NAME, ClientProviderFactory.class)).newClientProvider(webContext);
        AnnotationConfigApplicationContext annotationConfigApplicationContext = new AnnotationConfigApplicationContext(new Class[]{ApplicationConfiguration.class});
        LOG.info("Controller url is {}.", annotationConfigApplicationContext.getEnvironment().getProperty(WebUtils.CONTROLLER_URL));
        String property = annotationConfigApplicationContext.getEnvironment().getProperty("acs.rest.server.url");
        LOG.info("Acs url is {}.", property);
        Client newClient = newClientProvider.newClient(property);
        String property2 = annotationConfigApplicationContext.getEnvironment().getProperty("aos.rest.server.url");
        LOG.info("Aos url is {}.", property2);
        SecurityClient securityClient = new SecurityClient(newClient, newClientProvider.newClient(property2));
        securityClient.setClientProvider(newClientProvider);
        securityClient.setAcsurl(property);
        securityClient.setAosurl(property2);
        securityClient.setClientContext(webContext);
        securityClient.setRestTemplate(this.restTemplate);
        return securityClient;
    }

    public AuthenAccountResponse handleAccounts(HttpServletRequest httpServletRequest, AuthenAccountRequest authenAccountRequest) {
        AuthenAccountResponse authenAccountResponse = new AuthenAccountResponse();
        handleAccuntsCheck(httpServletRequest, authenAccountRequest, authenAccountResponse);
        SecurityClient createSecurityClient = createSecurityClient(httpServletRequest);
        if ("1".equals(authenAccountResponse.getRsp())) {
            return authenAccountResponse;
        }
        if (createSecurityClient == null) {
            authenAccountResponse.setRsp("1");
            authenAccountResponse.setErrmsg("The service is not available because of the new security client is unavailable.");
            return authenAccountResponse;
        }
        authenAccountResponse.setRsp("0");
        synAccounts(createSecurityClient, authenAccountRequest, authenAccountResponse);
        return authenAccountResponse;
    }

    private void synAccounts(SecurityClient securityClient, AuthenAccountRequest authenAccountRequest, AuthenAccountResponse authenAccountResponse) {
        LOG.debug("Test junit.");
        ListUserRequest listUserRequest = new ListUserRequest(0, 1000, "0", "1");
        listUserRequest.setLan("en-us");
        listUserRequest.setOrder(OrderEnum.DEFAULT);
        listUserRequest.setOrderBy("");
        listUserRequest.setFilter("");
        RESTResponse<ListUserResponse> queryUserList = securityClient.queryUserList(listUserRequest);
        if (queryUserList.getErrorCode() == 0) {
            authenAccountResponse.setRsp("0");
        } else {
            authenAccountResponse.setRsp("1");
            authenAccountResponse.setErrmsg(queryUserList.getErrorDescription());
        }
        if (queryUserList.getResObj() == null || queryUserList.getResObj().getUsers() == null) {
            LOG.error("Acs return null.");
            authenAccountResponse.setRsp("1");
            authenAccountResponse.setErrmsg("Cannot get any user from Acs.");
        } else {
            for (User user : queryUserList.getResObj().getUsers()) {
                AuthenAccount authenAccount = new AuthenAccount();
                authenAccount.setUserName(user.getUserName());
                authenAccountResponse.getAccount().add(authenAccount);
            }
        }
    }

    private void handleAccuntsCheck(HttpServletRequest httpServletRequest, AuthenAccountRequest authenAccountRequest, AuthenAccountResponse authenAccountResponse) {
        if (httpServletRequest == null || httpServletRequest.getServletContext() == null) {
            LOG.error("The HttpServletRequest is invalid.");
            authenAccountResponse.setRsp("1");
            authenAccountResponse.setErrmsg("The HttpServletRequest is invalid.");
        } else {
            checkRequestIp(httpServletRequest, authenAccountResponse);
            if ("0".equals(authenAccountResponse.getRsp())) {
                checkAuthenAccountRequest(authenAccountRequest, authenAccountResponse);
                LOG.info("Handle accounts action={}, time={}.", StringHelper.replaceBlank(authenAccountRequest.getAction()), StringHelper.replaceBlank(authenAccountRequest.getTimestamp()));
            }
        }
    }

    private void checkRequestIp(HttpServletRequest httpServletRequest, AuthenAccountResponse authenAccountResponse) {
        String parseRealIPAddr = parseRealIPAddr(httpServletRequest);
        LOG.info("HttpServletRequest is from realIp={}.", StringHelper.replaceBlank(parseRealIPAddr));
        if (StringUtils.isEmpty(parseRealIPAddr)) {
            LOG.error("Cannot get the request ipAddress.");
            authenAccountResponse.setRsp("1");
            authenAccountResponse.setErrmsg("Cannot get the request ipAddress.");
            return;
        }
        if (get4AProperties() == null) {
            LOG.error("Authenticate the request failed, due to failed to load property file.");
            authenAccountResponse.setRsp("1");
            authenAccountResponse.setErrmsg("Authenticate the request failed, due to failed to load property file.");
            return;
        }
        String property = load4AProperties.getProperty(ALLOWED_SWITCH);
        if (StringUtils.isEmpty(property) || !StringUtils.equalsIgnoreCase(property, ON_STATE)) {
            LOG.error("Authenticate the request failed, because this request is not permitted.");
            authenAccountResponse.setRsp("1");
            authenAccountResponse.setErrmsg("Authenticate the request failed, because this request is not permitted.");
            return;
        }
        String property2 = load4AProperties.getProperty(ALLOWED_IP_LIST_PROP);
        if (property2 == null) {
            LOG.error("Authenticate the request failed, due to cannot get any authorization information.");
            authenAccountResponse.setRsp("1");
            authenAccountResponse.setErrmsg("Authenticate the request failed, due to cannot get any authorization information.");
            return;
        }
        String[] split = StringUtils.split(Normalizer.normalize(property2, Normalizer.Form.NFKC).trim(), ";");
        if (split == null || split.length < 1) {
            LOG.error("Authenticate the request failed, due to cannot get any authorization information.");
            authenAccountResponse.setRsp("1");
            authenAccountResponse.setErrmsg("Authenticate the request failed, due to cannot get any authorization information.");
            return;
        }
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= split.length) {
                break;
            }
            String str = split[i];
            if (StringUtils.isNotEmpty(str) && parseRealIPAddr.equalsIgnoreCase(str.trim())) {
                z = true;
                break;
            }
            i++;
        }
        if (z) {
            return;
        }
        LOG.error("ip={} handle accounts failed, due to it is not authorized.", StringHelper.replaceBlank(parseRealIPAddr));
        authenAccountResponse.setRsp("1");
        authenAccountResponse.setErrmsg("Request is not authorized.");
    }

    private String parseRealIPAddr(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("x-forwarded-for");
        if (header == null || header.length() == 0 || UNKNOWN.equalsIgnoreCase(header) || "null".equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("Proxy-Client-IP");
            if (header == null || header.length() == 0 || UNKNOWN.equalsIgnoreCase(header) || "null".equalsIgnoreCase(header)) {
                header = httpServletRequest.getHeader("WL-Proxy-Client-IP");
            }
            if (header == null || header.length() == 0 || UNKNOWN.equalsIgnoreCase(header) || "null".equalsIgnoreCase(header)) {
                header = httpServletRequest.getRemoteAddr();
            }
        } else {
            String[] split = StringUtils.split(header, ",");
            if (split != null && split.length > 0) {
                int i = 0;
                while (true) {
                    if (i >= split.length) {
                        break;
                    }
                    String str = split[i];
                    if (StringUtils.isNotEmpty(str) && !UNKNOWN.equalsIgnoreCase(str.trim())) {
                        header = str;
                        break;
                    }
                    i++;
                }
            }
        }
        if (!WebUtils.checkIp(header)) {
            header = "invalid ip";
        }
        return header;
    }

    private void checkAuthenAccountRequest(AuthenAccountRequest authenAccountRequest, AuthenAccountResponse authenAccountResponse) {
        if (authenAccountRequest == null) {
            LOG.error("The parameter is null.");
            authenAccountResponse.setRsp("1");
            authenAccountResponse.setErrmsg("Invalid input param.");
            return;
        }
        authenAccountResponse.setAction(authenAccountRequest.getAction());
        if (!SYN_FLAG.equals(authenAccountRequest.getAction())) {
            LOG.error("The action is invalid.");
            authenAccountResponse.setRsp("1");
            authenAccountResponse.setErrmsg("Invalid input param of action.");
        } else {
            try {
                new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").parse(authenAccountRequest.getTimestamp());
            } catch (ParseException e) {
                LOG.error("The timestamp is invalid.");
                authenAccountResponse.setRsp("1");
                authenAccountResponse.setErrmsg("Invalid input param of timestamp.");
            }
        }
    }
}
