package com.taobao.spas.sdk.service.auth;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.taobao.spas.sdk.common.SpasException;
import com.taobao.spas.sdk.common.config.ConfigConstants;
import com.taobao.spas.sdk.common.config.SpasConfigLoader;
import com.taobao.spas.sdk.common.identity.SpasCredential;
import com.taobao.spas.sdk.common.identity.SpasCredentialLoader;
import com.taobao.spas.sdk.common.log.SpasLogCode;
import com.taobao.spas.sdk.common.log.SpasLogger;
import com.taobao.spas.sdk.common.sec.DESedeUtils;
import com.taobao.spas.sdk.common.sign.SigningAlgorithm;
import com.taobao.spas.sdk.common.sign.SpasSigner;
import com.taobao.spas.sdk.common.utils.SpasHttpClient;
import com.taobao.spas.sdk.common.utils.SpasHttpUtils;
import com.taobao.spas.sdk.svcbase.Constants;
import com.taobao.spas.sdk.svcbase.SpasSdkServiceBase;
import com.taobao.spas.sdk.svcbase.conf.DiamondFactory;
import com.taobao.spas.sdk.svcbase.sec.SpasLicence;
import com.taobao.spas.sdk.svcbase.sec.SpasLicenceGetter;
import java.io.IOException;
import java.util.HashMap;

/* loaded from: input_file:lib/spas-sdk-service-1.3.0.jar:com/taobao/spas/sdk/service/auth/ServiceLicenceGetter.class */
public class ServiceLicenceGetter implements SpasLicenceGetter {
    private static final String ENCODING = "UTF-8";
    private static final String API_VERSION_1_0 = "1.0";
    private static final String HD_ACCESSKEY = "X-Spas-Access-Key";
    private static final String HD_SIGNATURE = "X-Spas-Sign";
    private static final String RQ_VERSION = "spasVersion";
    private static final String RQ_ALGORITHM = "spasAlgorithm";
    private static final String RQ_TIMESTAMP = "spasTimestamp";
    private static final String RQ_SDKVERSION = "sdkVersion";
    private static final String RQ_ACCESSKEY = "accessKey";
    private static final String RQ_GROUPNAME = "groupName";
    private static final String RS_STATUS = "status";
    private static final String RS_CODE = "code";
    private static final String RS_MESSAGE = "message";
    private static final String RS_CONTENT = "content";
    private static final String RS_SECKEY = "secKey";
    private static final String RS_APPINFO = "appInfo";
    private String serverName;
    private SpasCredentialLoader credentialLoader;
    private SigningAlgorithm algorithm;
    private boolean strict;
    private String authUrl;

    public ServiceLicenceGetter(String str, final String str2, final String str3) {
        this.serverName = str;
        this.credentialLoader = new SpasCredentialLoader() { // from class: com.taobao.spas.sdk.service.auth.ServiceLicenceGetter.1
            @Override // com.taobao.spas.sdk.common.identity.SpasCredentialLoader
            public SpasCredential getCredential() {
                return new SpasCredential() { // from class: com.taobao.spas.sdk.service.auth.ServiceLicenceGetter.1.1
                    @Override // com.taobao.spas.sdk.common.identity.SpasCredential
                    public String getAccessKey() {
                        return str2;
                    }

                    @Override // com.taobao.spas.sdk.common.identity.SpasCredential
                    public String getSecretKey() {
                        return str3;
                    }
                };
            }
        };
        loadProperties();
    }

    public ServiceLicenceGetter(String str, SpasCredentialLoader spasCredentialLoader) {
        this.serverName = str;
        this.credentialLoader = spasCredentialLoader;
        loadProperties();
    }

    private void loadProperties() {
        this.strict = "Y".equalsIgnoreCase(SpasConfigLoader.getAppProperty(this.serverName, ConfigConstants.ENV_AUTH_STRICT));
        String appProperty = SpasConfigLoader.getAppProperty(this.serverName, ConfigConstants.ENV_SIGN_ALGORITHM);
        if (appProperty == null || appProperty.trim().isEmpty()) {
            return;
        }
        SigningAlgorithm[] values = SigningAlgorithm.values();
        int length = values.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            SigningAlgorithm signingAlgorithm = values[i];
            if (signingAlgorithm.name().equalsIgnoreCase(appProperty)) {
                this.algorithm = signingAlgorithm;
                break;
            }
            i++;
        }
        if (this.algorithm == null) {
            throw new SpasException("Unsupported algorithm " + appProperty);
        }
    }

    @Override // com.taobao.spas.sdk.svcbase.sec.SpasLicenceGetter
    public SpasLicence getLicence() throws SpasException {
        if (this.serverName == null || this.serverName.trim().isEmpty() || this.credentialLoader == null) {
            SpasLogger.error(SpasLogCode.SPAS0086, this.serverName, "Get licence missing required parameter");
            throw new SpasException("Get licence missing required parameter");
        }
        if (this.authUrl == null || this.authUrl.trim().isEmpty()) {
            try {
                this.authUrl = DiamondFactory.getDiamond(this.serverName).getConfig(Constants.SPAS_AUTH_URL, Constants.SPAS_INFO_GROUP, Constants.DIAMOND_TIME_OUT);
                if (this.authUrl == null || this.authUrl.trim().isEmpty()) {
                    SpasLogger.error(SpasLogCode.SPAS0087, this.serverName, "Failed to get authentication url");
                    throw new SpasException("Failed to get authentication url");
                }
                if (SpasHttpUtils.isHttpsEnabled() && this.authUrl.startsWith("http://")) {
                    this.authUrl = "https://" + this.authUrl.substring("http://".length());
                }
            } catch (IOException e) {
                SpasLogger.error(SpasLogCode.SPAS0087, this.serverName, "Failed to get authentication url", e);
                throw new SpasException("Failed to get authentication url", e);
            }
        }
        SpasCredential credential = this.credentialLoader.getCredential();
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(RQ_VERSION, (Object) API_VERSION_1_0);
        jSONObject.put(RQ_TIMESTAMP, (Object) Long.valueOf(System.currentTimeMillis()));
        jSONObject.put(RQ_SDKVERSION, (Object) SpasSdkServiceBase.getVersion());
        jSONObject.put(RQ_ACCESSKEY, (Object) credential.getAccessKey());
        jSONObject.put(RQ_GROUPNAME, (Object) this.serverName);
        if (this.algorithm != null) {
            jSONObject.put(RQ_ALGORITHM, (Object) this.algorithm.name());
        }
        String jSONString = jSONObject.toJSONString();
        String sign = this.algorithm != null ? SpasSigner.sign(jSONString, credential.getSecretKey(), this.algorithm) : SpasSigner.sign(jSONString, credential.getSecretKey());
        HashMap hashMap = new HashMap();
        hashMap.put(HD_ACCESSKEY, credential.getAccessKey());
        hashMap.put(HD_SIGNATURE, sign);
        try {
            SpasHttpClient.HttpResult httpPostJson = SpasHttpClient.httpPostJson(this.authUrl, hashMap, jSONString, ENCODING);
            if (httpPostJson.code != 200) {
                SpasLogger.error(SpasLogCode.SPAS0094, this.serverName, "Authentication request return " + httpPostJson.code);
                throw new SpasException("Authentication request return " + httpPostJson.code);
            }
            JSONObject parseObject = JSON.parseObject(httpPostJson.content);
            String string = parseObject.getString(RS_STATUS);
            String string2 = parseObject.getString(RS_CODE);
            String string3 = parseObject.getString(RS_MESSAGE);
            if (!"0".equals(string) || !"0".equals(string2)) {
                SpasLogger.error(SpasLogCode.SPAS0093, this.serverName, "Authentication failed with status:" + string + " code:" + string2 + " message:" + string3);
                throw new SpasException("Authentication failed with status:" + string + " code:" + string2 + " message:" + string3);
            }
            JSONObject jSONObject2 = parseObject.getJSONObject(RS_CONTENT);
            if (jSONObject2 == null) {
                SpasLogger.error(SpasLogCode.SPAS0092, this.serverName, "Authentication response content is null");
                throw new SpasException("Authentication response content is null");
            }
            String string4 = jSONObject2.getString(RS_APPINFO);
            if (string4 == null || string4.isEmpty()) {
                SpasLogger.error(SpasLogCode.SPAS0088, this.serverName, "Missing license code in authentication response");
                throw new SpasException("Missing license code in authentication response");
            }
            String string5 = jSONObject2.getString(RS_SECKEY);
            if (string5 == null || string5.isEmpty()) {
                SpasLogger.error(SpasLogCode.SPAS0089, this.serverName, "Missing decrypt key in authentication response");
                throw new SpasException("Missing decrypt key in authentication response");
            }
            DESedeUtils dESedeUtils = new DESedeUtils();
            if (!dESedeUtils.init(2, credential.getSecretKey())) {
                SpasLogger.error(SpasLogCode.SPAS0090, this.serverName, "Failed to initialize key decoder");
                throw new SpasException("Failed to initialize key decoder");
            }
            String decrypt = dESedeUtils.decrypt(string5);
            if (decrypt != null) {
                return new SpasLicence(string4, decrypt);
            }
            SpasLogger.error(SpasLogCode.SPAS0091, this.serverName, "Failed to decrypt decrypt key");
            throw new SpasException("Failed to decrypt decrypt key");
        } catch (Exception e2) {
            SpasLogger.error(SpasLogCode.SPAS0035, this.serverName, "Failed to send authentication request", e2);
            if (this.strict) {
                throw new SpasException("Failed to send authentication request", e2);
            }
            return null;
        }
    }

    @Override // com.taobao.spas.sdk.svcbase.sec.SpasLicenceGetter
    public SpasCredential getCredential() {
        if (this.credentialLoader != null) {
            return this.credentialLoader.getCredential();
        }
        return null;
    }
}
