package com.huawei.cloudtable.hbase.rest.filter.token.utils.pki;

import com.huawei.cloudtable.hbase.rest.filter.token.consts.CloudTableConfig;
import com.huawei.cloudtable.hbase.rest.filter.token.exceptions.CloudTableException;
import com.huawei.cloudtable.hbase.rest.filter.token.exceptions.GetSignCertFailedException;
import com.huawei.cloudtable.hbase.rest.filter.token.utils.DateTimeHelper;
import com.huawei.cloudtable.hbase.rest.filter.token.utils.RestClient;
import com.huawei.cloudtable.hbase.rest.filter.token.utils.RestResponse;
import com.huawei.cloudtable.hbase.rest.filter.token.utils.cache.OSCacheUtils;
import com.huawei.cloudtable.hbase.rest.filter.token.vo.ResolvedIamToken;
import java.text.ParseException;
import java.util.Calendar;
import java.util.HashMap;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/cloudtable/hbase/rest/filter/token/utils/pki/PkiClient.class */
public class PkiClient {
    public static final String SIGNING_CACHE_KEY = "signingInCache";
    private static final int CACHE_TIMEOUT = 21600;
    public static final String SERVICE_TOKEN_CACHE_KEY = "serviceTokenInCache";
    private static final String URL_SIGNING_SUFFIX = "/v3/OS-SIMPLE-CERT/certificates";
    private static final String[] URL_SIGNING_LIST = CloudTableConfig.IAM_ENDPOINT_LIST;
    private static final Logger logger = LoggerFactory.getLogger(PkiClient.class);
    private static final Long K_LONG = 1000L;
    private static String curActiveSigningIp = URL_SIGNING_LIST[0];

    public static String checkPKIToken(String str, String str2) throws CloudTableException {
        String decodeToken;
        if (StringUtils.isBlank(str) || null == (decodeToken = Decoder.decodeToken(str, getSigning()))) {
            return null;
        }
        String replace = ((ResolvedIamToken) RestClient.convertJson2Type(decodeToken, ResolvedIamToken.class)).getToken().getExpires_at().replace("T", " ").replace("Z", "");
        String substring = replace.substring(0, replace.indexOf("."));
        String substring2 = replace.substring(replace.indexOf(".") + 1);
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        try {
            calendar.setTime(DateTimeHelper.parseDate(substring, DateTimeHelper.FORMAT_YMD_HMS));
            calendar2.setTime(DateTimeHelper.getUTCTime());
            if ((calendar.getTimeInMillis() * K_LONG.longValue()) + Long.parseLong(substring2) > calendar2.getTimeInMillis() * K_LONG.longValue()) {
                return decodeToken;
            }
            logger.info("Token is expired. ");
            return null;
        } catch (ParseException e) {
            logger.error(" Check token expired time fail." + e);
            return null;
        }
    }

    public static String getSigning() throws CloudTableException {
        synchronized (PkiClient.class) {
            String str = (String) OSCacheUtils.getFormCache(SIGNING_CACHE_KEY);
            if (null != str) {
                return str;
            }
            String tryGetSigningFromIps = tryGetSigningFromIps();
            OSCacheUtils.putToCache(SIGNING_CACHE_KEY, tryGetSigningFromIps, CACHE_TIMEOUT);
            return tryGetSigningFromIps;
        }
    }

    public static String tryGetSigningFromIps() throws CloudTableException {
        String doGetSigning;
        String doGetSigning2 = doGetSigning(curActiveSigningIp);
        if (null != doGetSigning2) {
            return doGetSigning2;
        }
        for (String str : URL_SIGNING_LIST) {
            if (!str.equals(curActiveSigningIp) && null != (doGetSigning = doGetSigning(str))) {
                curActiveSigningIp = str;
                return doGetSigning;
            }
        }
        throw new CloudTableException(new GetSignCertFailedException("Get certificate failed !"));
    }

    public static String doGetSigning(String str) {
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        try {
            RestResponse restResponse = RestClient.get(str + URL_SIGNING_SUFFIX, new HashMap());
            int httpStatusCode = restResponse.getHttpStatusCode();
            if (httpStatusCode == 200 || httpStatusCode == 202) {
                return restResponse.getBody();
            }
            logger.info("Get certificate failed ! Will try the next ip! respCode:{}   ErrorMsg:{}", Integer.valueOf(httpStatusCode), restResponse.getBody());
            return null;
        } catch (CloudTableException e) {
            logger.info("Get certificate failed ! Will try the next ip !", e);
            return null;
        }
    }
}
