package com.huaweicloud.pangu.dev.sdk.client.iam;

import com.alibaba.fastjson.JSON;
import com.github.benmanes.caffeine.cache.Cache;
import com.huaweicloud.pangu.dev.sdk.api.config.IAMConfig;
import com.huaweicloud.pangu.dev.sdk.client.iam.IAMTokenReq;
import com.huaweicloud.pangu.dev.sdk.exception.PanguDevSDKException;
import com.huaweicloud.pangu.dev.sdk.utils.CacheUtil;
import com.huaweicloud.pangu.dev.sdk.utils.HttpUtil;
import com.huaweicloud.pangu.dev.sdk.utils.SecurityUtil;
import java.io.IOException;
import java.util.Collections;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.Header;
import org.apache.http.ParseException;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicHeader;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huaweicloud/pangu/dev/sdk/client/iam/IAMClient.class */
public class IAMClient {
    private static final Logger log = LoggerFactory.getLogger(IAMClient.class);
    private static final String IDENTITY_METHOD = "password";
    private static final String IDENTITY_METHOD_AK_SK = "hw_ak_sk";
    private IAMConfig iamConfig;

    /* JADX WARN: Type inference failed for: r1v1, types: [com.huaweicloud.pangu.dev.sdk.api.config.IAMConfig] */
    public IAMClient() {
        this(IAMConfig.builder().build());
    }

    public IAMClient(IAMConfig iAMConfig) {
        this.iamConfig = iAMConfig;
    }

    public IAMConfig getIamConfig() {
        return this.iamConfig;
    }

    public String getTokenWithCache() {
        if (this.iamConfig != null && StringUtils.isNotEmpty(this.iamConfig.getXAuthToken())) {
            return this.iamConfig.getXAuthToken();
        }
        Cache<String, Object> cache = CacheUtil.getCache();
        UserToken userToken = (UserToken) cache.get(getCacheKey(), str -> {
            return getToken();
        });
        if (userToken.isExpired()) {
            log.warn("IAM Token is expired!");
            userToken = getToken();
            cache.put(getCacheKey(), userToken);
        }
        log.info("The latest token will be expired at {}", userToken.getIamTokenInfo().getExpiresTime());
        return userToken.getSubjectToken();
    }

    private UserToken getToken() {
        log.info("Get token from IAM");
        CloseableHttpClient httpClient = HttpUtil.getHttpClient(this.iamConfig.getHttpConfig());
        String jSONString = (StringUtils.isNotEmpty(this.iamConfig.getAk()) && StringUtils.isNotEmpty(this.iamConfig.getSk())) ? JSON.toJSONString(getRequestAkSk()) : JSON.toJSONString(getRequest());
        HttpPost httpPost = new HttpPost(getURL());
        httpPost.setHeaders(getHeaders());
        httpPost.setEntity(new StringEntity(jSONString, ContentType.APPLICATION_JSON));
        try {
            CloseableHttpResponse execute = httpClient.execute(httpPost);
            UserToken userToken = (UserToken) JSON.parseObject(EntityUtils.toString(execute.getEntity()), UserToken.class);
            if (!HttpUtil.is2xxSuccessful(execute.getStatusLine().getStatusCode())) {
                log.error("Get IAM token error. Response code: {}, reason: {}", Integer.valueOf(execute.getStatusLine().getStatusCode()), execute.getStatusLine().getReasonPhrase());
                throw new PanguDevSDKException("Get IAM token error");
            }
            Header firstHeader = execute.getFirstHeader("X-Subject-Token");
            if (firstHeader == null) {
                throw new PanguDevSDKException("Get IAM token error: response header is null");
            }
            if (userToken == null) {
                throw new PanguDevSDKException("Get IAM token error: userToken is null");
            }
            userToken.setSubjectToken(firstHeader.getValue());
            return userToken;
        } catch (IOException e) {
            log.error("Get IAM token error");
            throw new PanguDevSDKException("Get IAM token error", e);
        } catch (ParseException e2) {
            log.error("Get IAM token error: Converts entity to string failed: {}", e2.getMessage());
            throw new PanguDevSDKException("Converts entity to string failed", e2);
        } catch (Exception e3) {
            log.error("Get IAM token error");
            throw new PanguDevSDKException("Get IAM token error", e3);
        }
    }

    private Header[] getHeaders() {
        return new Header[]{new BasicHeader("Content-Type", "application/json")};
    }

    private String getURL() {
        String iamUrl = this.iamConfig.getIamUrl();
        if (StringUtils.isBlank(iamUrl)) {
            throw new PanguDevSDKException("IAM url cannot be blank, please set IAM url first!");
        }
        return iamUrl;
    }

    private IAMTokenReq getRequest() {
        return IAMTokenReq.builder().auth(IAMTokenReq.Auth.builder().identity(IAMTokenReq.Auth.Identity.builder().password(IAMTokenReq.Auth.Identity.Password.builder().user(IAMTokenReq.Auth.Identity.Password.User.builder().name(this.iamConfig.getIamUser()).password(this.iamConfig.getIamPwd()).domain(IAMTokenReq.Auth.Identity.Password.User.Domain.builder().name(this.iamConfig.getIamDomain()).build()).build()).build()).methods(Collections.singletonList(IDENTITY_METHOD)).build()).scope(IAMTokenReq.Auth.Scope.builder().project(IAMTokenReq.Auth.Scope.Project.builder().name(this.iamConfig.getProjectName()).build()).build()).build()).build();
    }

    private IAMTokenReq getRequestAkSk() {
        return IAMTokenReq.builder().auth(IAMTokenReq.Auth.builder().identity(IAMTokenReq.Auth.Identity.builder().methods(Collections.singletonList(IDENTITY_METHOD_AK_SK)).hwAkSk(IAMTokenReq.Auth.Identity.HwAkSk.builder().access(IAMTokenReq.Auth.Identity.HwAkSk.Key.builder().key(this.iamConfig.getAk()).build()).secret(IAMTokenReq.Auth.Identity.HwAkSk.Key.builder().key(this.iamConfig.getSk()).build()).build()).build()).scope(IAMTokenReq.Auth.Scope.builder().project(IAMTokenReq.Auth.Scope.Project.builder().name(this.iamConfig.getProjectName()).build()).build()).build()).build();
    }

    private String getCacheKey() {
        return SecurityUtil.getUnionKey(this.iamConfig.getIamDomain(), this.iamConfig.getProjectName(), this.iamConfig.getIamUser());
    }
}
