package com.huaweicloud.common.transport;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.eventbus.Subscribe;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
import com.huaweicloud.common.disovery.ServiceCenterUtils;
import com.huaweicloud.common.event.EventManager;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import javax.ws.rs.core.Response;
import org.apache.servicecomb.foundation.auth.AuthHeaderProvider;
import org.apache.servicecomb.service.center.client.OperationEvents;
import org.apache.servicecomb.service.center.client.ServiceCenterClient;
import org.apache.servicecomb.service.center.client.model.RbacTokenRequest;
import org.apache.servicecomb.service.center.client.model.RbacTokenResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/huaweicloud/common/transport/RBACRequestAuthHeaderProvider.class */
public class RBACRequestAuthHeaderProvider implements AuthHeaderProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(RBACRequestAuthHeaderProvider.class);
    public static final String INVALID_TOKEN = "invalid";
    private static final String UN_AUTHORIZED_CODE_HALF_OPEN = "401302";
    public static final String CACHE_KEY = "token";
    public static final String AUTH_HEADER = "Authorization";
    private static final long TOKEN_REFRESH_TIME_IN_SECONDS = 1200000;
    private DiscoveryBootstrapProperties discoveryProperties;
    private ServiceCombSSLProperties serviceCombSSLProperties;
    private ServiceCombRBACProperties serviceCombRBACProperties;
    private ExecutorService executorService;
    private LoadingCache<String, String> cache;
    private String lastErrorCode = UN_AUTHORIZED_CODE_HALF_OPEN;
    private int lastStatusCode = 401;

    public RBACRequestAuthHeaderProvider(DiscoveryBootstrapProperties discoveryBootstrapProperties, ServiceCombSSLProperties serviceCombSSLProperties, ServiceCombRBACProperties serviceCombRBACProperties) {
        this.discoveryProperties = discoveryBootstrapProperties;
        this.serviceCombSSLProperties = serviceCombSSLProperties;
        this.serviceCombRBACProperties = serviceCombRBACProperties;
        EventManager.getEventBus().register(this);
        if (enabled()) {
            this.executorService = Executors.newFixedThreadPool(1, runnable -> {
                return new Thread(runnable, "rbac-executor");
            });
            this.cache = CacheBuilder.newBuilder().maximumSize(1L).refreshAfterWrite(refreshTime(), TimeUnit.MILLISECONDS).build(new CacheLoader<String, String>() { // from class: com.huaweicloud.common.transport.RBACRequestAuthHeaderProvider.1
                public String load(String str) throws Exception {
                    return RBACRequestAuthHeaderProvider.this.createHeaders();
                }

                public ListenableFuture<String> reload(String str, String str2) throws Exception {
                    return Futures.submit(() -> {
                        return RBACRequestAuthHeaderProvider.this.createHeaders();
                    }, RBACRequestAuthHeaderProvider.this.executorService);
                }
            });
        }
    }

    @Subscribe
    public void onNotPermittedEvent(OperationEvents.UnAuthorizedOperationEvent unAuthorizedOperationEvent) {
        this.executorService.submit(this::retryRefresh);
    }

    protected String createHeaders() {
        LOGGER.info("start to create RBAC headers");
        RbacTokenResponse callCreateHeaders = callCreateHeaders();
        this.lastErrorCode = callCreateHeaders.getErrorCode();
        this.lastStatusCode = callCreateHeaders.getStatusCode();
        if (Response.Status.UNAUTHORIZED.getStatusCode() == callCreateHeaders.getStatusCode() || Response.Status.FORBIDDEN.getStatusCode() == callCreateHeaders.getStatusCode()) {
            LOGGER.warn("username or password may be wrong, stop trying to query tokens.");
            return INVALID_TOKEN;
        }
        if (Response.Status.NOT_FOUND.getStatusCode() == callCreateHeaders.getStatusCode()) {
            LOGGER.warn("service center do not support RBAC token, you should not config account info");
            return INVALID_TOKEN;
        }
        LOGGER.info("refresh token successfully {}", Integer.valueOf(callCreateHeaders.getStatusCode()));
        return callCreateHeaders.getToken();
    }

    protected RbacTokenResponse callCreateHeaders() {
        ServiceCenterClient serviceCenterClient = ServiceCenterUtils.serviceCenterClient(this.discoveryProperties, this.serviceCombSSLProperties, Collections.emptyList());
        RbacTokenRequest rbacTokenRequest = new RbacTokenRequest();
        rbacTokenRequest.setName(this.serviceCombRBACProperties.getName());
        rbacTokenRequest.setPassword(this.serviceCombRBACProperties.getPassword());
        return serviceCenterClient.queryToken(rbacTokenRequest);
    }

    protected long refreshTime() {
        return TOKEN_REFRESH_TIME_IN_SECONDS;
    }

    public Map<String, String> authHeaders() {
        if (!enabled()) {
            return Collections.emptyMap();
        }
        try {
            String str = (String) this.cache.get(CACHE_KEY);
            if (!StringUtils.isEmpty(str)) {
                HashMap hashMap = new HashMap(1);
                hashMap.put(AUTH_HEADER, "Bearer " + str);
                return hashMap;
            }
        } catch (Exception e) {
            LOGGER.error("Get auth headers failed", e);
        }
        return Collections.emptyMap();
    }

    private boolean enabled() {
        return (StringUtils.isEmpty(this.serviceCombRBACProperties.getName()) || StringUtils.isEmpty(this.serviceCombRBACProperties.getPassword())) ? false : true;
    }

    private void retryRefresh() {
        if (Response.Status.UNAUTHORIZED.getStatusCode() == this.lastStatusCode && UN_AUTHORIZED_CODE_HALF_OPEN.equals(this.lastErrorCode)) {
            this.cache.refresh(this.discoveryProperties.getServiceName());
        }
    }
}
