package com.huawei.cloudtable.hbase.rest.filter.token.utils;

import com.google.gson.Gson;
import com.huawei.cloudtable.hbase.rest.filter.token.consts.CloudTableConfig;
import com.huawei.cloudtable.hbase.rest.filter.token.enums.ErrorCode;
import com.huawei.cloudtable.hbase.rest.filter.token.enums.IamProxyReturnCode;
import com.huawei.cloudtable.hbase.rest.filter.token.exceptions.CloudTableException;
import com.huawei.cloudtable.hbase.rest.filter.token.utils.pki.PkiClient;
import com.huawei.cloudtable.hbase.rest.filter.token.vo.IamTokenRsp;
import com.huawei.cloudtable.hbase.rest.filter.token.vo.ResolvedIamToken;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/huawei/cloudtable/hbase/rest/filter/token/utils/IamTokenValidate.class */
public class IamTokenValidate {
    private static final int MAX_TOKEN = 10240;
    private static final Logger logger = Logger.getLogger(IamTokenValidate.class);
    private static IamTokenRsp iamTokenRsp = null;
    private static boolean flag = false;

    public static void setFlag(boolean z, IamTokenRsp iamTokenRsp2) {
        iamTokenRsp = iamTokenRsp2;
        flag = z;
    }

    public static IamTokenRsp resolveTokenByIam(String str) throws CloudTableException {
        Logger.getLogger(IamTokenValidate.class).debug("begin decryptToken ......");
        IamTokenRsp iamTokenRsp2 = new IamTokenRsp();
        String checkPKIToken = PkiClient.checkPKIToken(str, "");
        if (StringUtils.isEmpty(checkPKIToken)) {
            logger.error("tokenInfo is empty, failed to resolve token.");
            iamTokenRsp2.setHttpStatusCode(IamProxyReturnCode.INTERNEL_FAILURE);
            return iamTokenRsp2;
        }
        if (flag) {
            return iamTokenRsp;
        }
        ResolvedIamToken resolvedIamToken = (ResolvedIamToken) new Gson().fromJson(checkPKIToken, ResolvedIamToken.class);
        iamTokenRsp2.setHttpStatusCode(IamProxyReturnCode.RESOLVED_OK);
        iamTokenRsp2.setIamToken(resolvedIamToken);
        return iamTokenRsp2;
    }

    public static boolean verifyTokenFormat(String str) {
        return !StringUtils.isEmpty(str) && str.length() <= MAX_TOKEN;
    }

    public static ErrorCode verifyTokenDetails(IamTokenRsp iamTokenRsp2, String str) {
        if (iamTokenRsp2 == null) {
            return ErrorCode.INVALID_TOKEN;
        }
        IamRspVerifier iamRspVerifier = new IamRspVerifier(iamTokenRsp2);
        if (iamRspVerifier.illegal()) {
            return ErrorCode.INVALID_TOKEN;
        }
        String id = iamTokenRsp2.getIamToken().getToken().getProject().getId();
        if (StringUtils.isEmpty(str) || !str.equals(id) || !CloudTableConfig.projectId.equals(id)) {
            return ErrorCode.PROJECT_ID_NOT_MATCH_TOKEN;
        }
        if (iamRspVerifier.isRoleCannotAccess()) {
            return ErrorCode.ACCOUNT_HAS_NO_PRIV;
        }
        return null;
    }
}
