package com.huawei.cloudtable.hbase.rest.filter.token.consts;

import com.huawei.cloudtable.hbase.rest.filter.token.enums.ErrorCode;
import com.huawei.cloudtable.hbase.rest.filter.token.exceptions.GetSignCertFailedException;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Properties;
import javax.net.ssl.SSLHandshakeException;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.security.UserProviderExtend;
import org.apache.hadoop.hbase.security.common.IAMAuthCommonUtils;
import org.apache.hadoop.hbase.security.token.AKSKRequestInfo;
import org.apache.hadoop.hbase.security.token.AKSKTokenCommonUtil;
import org.apache.hadoop.hbase.security.token.AkSkInfo;
import org.apache.hadoop.hbase.security.token.web.AKSKWebTokenCommonUtil;
import org.apache.hadoop.security.token.Token;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/cloudtable/hbase/rest/filter/token/consts/CloudTableConfig.class */
public class CloudTableConfig {
    public static final String IP_SEPERATOR = ",";
    public static final String KEY_IAM_ENDPOINT = "cloudtable.rest.iam.endpoint";
    public static final String KEY_IAM_CA_PD = "cloudtable.rest.iam.capd";
    public static final String KEY_IAM = "cloudtable.rest.iam";
    public static final String KEY_SECURITY_AUTHENTICATION = "hbase.security.authentication";
    public static final String SECURITY_AUTHENTICATION_AKSK = "digest";
    public static final String SECURITY_AUTHENTICATION_TOKEN = "token";
    private static final String HBASE_SUPERUSER = "hbase.superuser";
    public static String projectId;
    public static String projectName;
    public static String[] IAM_ENDPOINT_LIST;
    public static String IAM_CA_PD;
    public static String AUTHENTICATION;
    private static final Logger logger = LoggerFactory.getLogger(CloudTableConfig.class);
    public static Boolean IAM_SWITCH = Boolean.TRUE;
    private static List superUserList = new ArrayList();
    private static Configuration configuration = null;

    /* JADX INFO: Access modifiers changed from: protected */
    public void initConfig() {
        initConfigs();
        initProjectInfo();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initConfig(Configuration configuration2) {
        initConfigs(configuration2);
        initProjectInfo();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initConfig(Properties properties) {
        initConfigs(properties);
        initProjectInfo();
    }

    protected static void initConfigs() {
        configuration = HBaseConfiguration.create();
        initConfigs(configuration);
    }

    protected static void initConfigs(Configuration configuration2) {
        logger.info("initConfigs with configuration enter.");
        IAM_SWITCH = getBoolean(configuration2, KEY_IAM, Boolean.TRUE);
        if (IAM_SWITCH.booleanValue()) {
            if (IAM_ENDPOINT_LIST != null && AUTHENTICATION != null) {
                logger.debug("no need initConfigs");
                return;
            }
            String trimmed = configuration2.getTrimmed(KEY_IAM_ENDPOINT);
            if (null == trimmed || "".equals(trimmed)) {
                throw new IllegalArgumentException("cloudtable.rest.iam.endpoint can not be empty!");
            }
            IAM_ENDPOINT_LIST = trimmed.split(IP_SEPERATOR);
            IAM_CA_PD = configuration2.getTrimmed(KEY_IAM_CA_PD);
            String trimmed2 = configuration2.getTrimmed(KEY_SECURITY_AUTHENTICATION);
            if (StringUtils.isEmpty(trimmed2) || !SECURITY_AUTHENTICATION_AKSK.equalsIgnoreCase(trimmed2)) {
                AUTHENTICATION = SECURITY_AUTHENTICATION_TOKEN;
            } else {
                AUTHENTICATION = SECURITY_AUTHENTICATION_AKSK;
                String trimmed3 = configuration2.getTrimmed(HBASE_SUPERUSER);
                if (StringUtils.isNotEmpty(trimmed3)) {
                    superUserList = Arrays.asList(trimmed3.split(IP_SEPERATOR));
                    logger.info("superUserList:" + superUserList);
                }
            }
            logger.info("AUTHENTICATION:" + AUTHENTICATION);
        }
    }

    protected static void initConfigs(Properties properties) {
        logger.debug("initConfigs with properties enter.");
        IAM_SWITCH = Boolean.valueOf(IAMAuthCommonUtils.getBoolean(properties, KEY_IAM, Boolean.TRUE.booleanValue()));
        if (IAM_SWITCH.booleanValue()) {
            if (IAM_ENDPOINT_LIST != null && AUTHENTICATION != null) {
                logger.info("no need initConfigs");
                return;
            }
            String trimmed = IAMAuthCommonUtils.getTrimmed(properties, KEY_IAM_ENDPOINT);
            if (null == trimmed || "".equals(trimmed)) {
                throw new IllegalArgumentException("cloudtable.rest.iam.endpoint can not be empty!");
            }
            IAM_ENDPOINT_LIST = trimmed.split(IP_SEPERATOR);
            IAM_CA_PD = IAMAuthCommonUtils.getTrimmed(properties, KEY_IAM_CA_PD);
            String trimmed2 = IAMAuthCommonUtils.getTrimmed(properties, KEY_SECURITY_AUTHENTICATION);
            if (StringUtils.isEmpty(trimmed2) || !SECURITY_AUTHENTICATION_AKSK.equalsIgnoreCase(trimmed2)) {
                AUTHENTICATION = SECURITY_AUTHENTICATION_TOKEN;
            } else {
                AUTHENTICATION = SECURITY_AUTHENTICATION_AKSK;
            }
        }
    }

    protected static void initProjectInfo() {
        initProjectId();
        if (SECURITY_AUTHENTICATION_AKSK.equals(AUTHENTICATION)) {
            initProjectName();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void initProjectId() {
        if (StringUtils.isNotEmpty(projectId)) {
            logger.debug("no need initProjectId because projectId is not empty.");
        } else {
            projectId = getStringFromFile("projectid.dat");
            logger.info("The projectid file content:" + projectId);
        }
    }

    protected static void initProjectName() {
        if (StringUtils.isNotEmpty(projectName)) {
            logger.debug("no need initProjectId because projectId is not empty.");
            return;
        }
        try {
            projectName = getStringFromFile("projectname.dat");
            logger.info("The projectname file content:" + projectName);
        } catch (Exception e) {
            logger.info("projectName file is not exist.");
        }
    }

    protected static String getStringFromFile(String str) {
        if (StringUtils.isEmpty(str)) {
            logger.error("param is invalid.");
            return null;
        }
        String str2 = new File("/var/rds/").listFiles(new FileFilter() { // from class: com.huawei.cloudtable.hbase.rest.filter.token.consts.CloudTableConfig.1
            @Override // java.io.FileFilter
            public boolean accept(File file) {
                return file.isDirectory() && file.getName().toLowerCase().startsWith("hbase");
            }
        })[0].getPath() + "/conf/" + str;
        BufferedReader bufferedReader = null;
        StringBuilder sb = new StringBuilder("");
        try {
            try {
                try {
                    bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(str2)));
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        sb.append(readLine);
                    }
                    if (null != bufferedReader) {
                        try {
                            bufferedReader.close();
                        } catch (IOException e) {
                            String str3 = "Close reader IOException:" + str2;
                            logger.error(str3);
                            throw new RuntimeException(str3, e);
                        }
                    }
                    String trim = sb.toString().trim();
                    logger.debug("The projectid file content:" + trim);
                    return trim;
                } catch (IOException e2) {
                    String str4 = "Read file IOException:" + str2;
                    logger.error(str4);
                    throw new RuntimeException(str4, e2);
                }
            } catch (FileNotFoundException e3) {
                String str5 = "Can not find the projectId:" + str2;
                logger.error(str5);
                throw new RuntimeException(str5, e3);
            }
        } catch (Throwable th) {
            if (null != bufferedReader) {
                try {
                    bufferedReader.close();
                } catch (IOException e4) {
                    String str6 = "Close reader IOException:" + str2;
                    logger.error(str6);
                    throw new RuntimeException(str6, e4);
                }
            }
            throw th;
        }
    }

    private static Boolean getBoolean(Configuration configuration2, String str, Boolean bool) {
        String trimmed = configuration2.getTrimmed(str);
        return !StringUtils.isEmpty(trimmed) ? Boolean.valueOf(trimmed) : bool;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ErrorCode handleException(Throwable th) {
        if ((th instanceof SSLHandshakeException) || (th instanceof IOException)) {
            logger.info("Network does not work or something else error !");
            return ErrorCode.INTERNAL_ERROR;
        }
        if (!(th instanceof GetSignCertFailedException)) {
            return ErrorCode.INVALID_TOKEN;
        }
        logger.error("GetSignCertFailedException, Can not decode token.");
        return ErrorCode.INTERNAL_ERROR;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ErrorCode validateAkSk(Properties properties, String str, String str2, AKSKRequestInfo aKSKRequestInfo) {
        String accessKey = aKSKRequestInfo.getAccessKey();
        String userName = aKSKRequestInfo.getUserName();
        logger.debug("validateAkSk enter, accessKey:" + accessKey + ",user:" + userName + ",projectId" + str2);
        if (StringUtils.isEmpty(str)) {
            logger.error("encryptToken is empty.");
            return ErrorCode.INVALID_TOKEN;
        }
        if (StringUtils.isEmpty(accessKey)) {
            return ErrorCode.AK_NOT_NOTFOUND;
        }
        if (StringUtils.isEmpty(str2) || !projectId.equals(str2)) {
            return ErrorCode.PROJECT_ID_NOT_MATCH_TOKEN;
        }
        try {
            if ((isSuperUser(userName, properties) || StringUtils.isNotEmpty(aKSKRequestInfo.getSecurityToken())) && StringUtils.isNotEmpty(projectName)) {
                logger.info("set Project Name");
                aKSKRequestInfo.setProjectName(projectName);
            }
            AkSkInfo retrieveSecretKeyAndProjectFromIAM = AKSKTokenCommonUtil.retrieveSecretKeyAndProjectFromIAM(properties, aKSKRequestInfo);
            if (null == retrieveSecretKeyAndProjectFromIAM) {
                logger.error("retrieveSecretKeyAndProjectFromIAM faild.");
                return ErrorCode.INVALID_TOKEN;
            }
            String projectId2 = retrieveSecretKeyAndProjectFromIAM.getIAMUserInfo().getProjectId();
            if ((isSuperUser(userName, properties) || StringUtils.isNotEmpty(aKSKRequestInfo.getSecurityToken())) && !str2.equals(projectId2)) {
                logger.error("projectID [" + str2 + "] not match with iam projectID:" + projectId2);
                return ErrorCode.PROJECT_ID_NOT_MATCH_TOKEN;
            }
            if (!str.equals(AKSKWebTokenCommonUtil.createPassword(accessKey, retrieveSecretKeyAndProjectFromIAM.getSecret(), userName))) {
                return ErrorCode.INVALID_TOKEN;
            }
            if (null == configuration) {
                return null;
            }
            Token token = StringUtils.isNotEmpty(aKSKRequestInfo.getSecurityToken()) ? UserProviderExtend.getToken(IAMAuthCommonUtils.getTrimmed(properties, "cloudtable.iam.username")) : UserProviderExtend.getAkskToken(userName, accessKey, retrieveSecretKeyAndProjectFromIAM.getSecret(), configuration);
            if (token == null) {
                return null;
            }
            UserProviderExtend.putToken(userName, token);
            logger.info("put token of " + userName);
            return null;
        } catch (Exception e) {
            logger.error("retrievePassword faild.", e);
            return handleException(e.getCause());
        }
    }

    private boolean isSuperUser(String str, Properties properties) {
        if (superUserList == null) {
            superUserList = new ArrayList();
        }
        if (superUserList.size() == 0) {
            String trimmed = IAMAuthCommonUtils.getTrimmed(properties, HBASE_SUPERUSER);
            if (StringUtils.isNotEmpty(trimmed)) {
                superUserList = Arrays.asList(trimmed.split(IP_SEPERATOR));
                logger.info("superUserList:" + superUserList);
            }
        }
        return superUserList.contains(str) && !str.equals(IAMAuthCommonUtils.getTrimmed(properties, "cloudtable.iam.username"));
    }
}
