package com.taobao.spas.sdk.svcbase.account;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.taobao.spas.sdk.common.SpasException;
import com.taobao.spas.sdk.common.cache.BatchRefresher;
import com.taobao.spas.sdk.common.cache.ConcurrentLRUCache;
import com.taobao.spas.sdk.common.config.ConfigConstants;
import com.taobao.spas.sdk.common.config.SpasConfigLoader;
import com.taobao.spas.sdk.common.identity.SpasCredential;
import com.taobao.spas.sdk.common.log.SpasLogCode;
import com.taobao.spas.sdk.common.log.SpasRollingLogger;
import com.taobao.spas.sdk.common.sec.DESedeUtils;
import com.taobao.spas.sdk.common.sign.SigningAlgorithm;
import com.taobao.spas.sdk.common.sign.SpasSigner;
import com.taobao.spas.sdk.common.utils.SpasHttpClient;
import com.taobao.spas.sdk.svcbase.SpasSdkServiceBase;
import com.taobao.spas.sdk.svcbase.account.DefaultAccountStore;
import com.taobao.spas.sdk.svcbase.sec.SpasLicenceGetter;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:lib/spas-sdk-svcbase-1.3.0.jar:com/taobao/spas/sdk/svcbase/account/RemoteKeyStore.class */
public class RemoteKeyStore {
    private ConcurrentLRUCache<String, DefaultAccountStore.AppSecret> keyCache;
    private String serverName;
    private RemoteKeyGetter keyGetter;

    /* loaded from: input_file:lib/spas-sdk-svcbase-1.3.0.jar:com/taobao/spas/sdk/svcbase/account/RemoteKeyStore$RemoteKeyGetter.class */
    class RemoteKeyGetter {
        private static final String API_GET_KEY_INFO = "/api/account/v1/getKeyInfo";
        private static final String API_VALIDATE_KEYS = "/api/account/v1/validateKeys";
        private static final String ENCODING = "UTF-8";
        private static final String API_VERSION_1_0 = "1.0";
        private static final String HD_ACCESSKEY = "X-Spas-Access-Key";
        private static final String HD_SIGNATURE = "X-Spas-Sign";
        private static final String RQ_VERSION = "spasVersion";
        private static final String RQ_ALGORITHM = "spasAlgorithm";
        private static final String RQ_TIMESTAMP = "spasTimestamp";
        private static final String RQ_SDKVERSION = "sdkVersion";
        private static final String RQ_ACCESSKEY = "accessKey";
        private static final String RQ_KEYS = "keys";
        private static final String RS_STATUS = "status";
        private static final String RS_CODE = "code";
        private static final String RS_CONTENT = "content";
        private static final String RS_NAME = "name";
        private static final String RS_SECRETKEY = "secretKey";
        private static final String RS_KEYS = "keys";
        String serverHost;
        SpasLicenceGetter licenceGetter;
        SigningAlgorithm algorithm;
        volatile DESedeUtils decoder;
        volatile String serverAk;

        RemoteKeyGetter(String str, SpasLicenceGetter spasLicenceGetter) {
            this.serverHost = str;
            this.licenceGetter = spasLicenceGetter;
            String appProperty = SpasConfigLoader.getAppProperty(RemoteKeyStore.this.serverName, ConfigConstants.ENV_SIGN_ALGORITHM);
            if (appProperty == null || appProperty.trim().isEmpty()) {
                return;
            }
            SigningAlgorithm[] values = SigningAlgorithm.values();
            int length = values.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                SigningAlgorithm signingAlgorithm = values[i];
                if (signingAlgorithm.name().equalsIgnoreCase(appProperty)) {
                    this.algorithm = signingAlgorithm;
                    break;
                }
                i++;
            }
            if (this.algorithm == null) {
                throw new SpasException("Unsupported algorithm " + appProperty);
            }
        }

        DefaultAccountStore.AppSecret getRemoteKeyInfo(String str) {
            SpasCredential credential = this.licenceGetter.getCredential();
            if (credential == null || credential.getAccessKey() == null || credential.getSecretKey() == null) {
                return null;
            }
            if (!credential.getAccessKey().equals(this.serverAk)) {
                synchronized (this) {
                    if (!credential.getAccessKey().equals(this.serverAk)) {
                        this.serverAk = credential.getAccessKey();
                        this.decoder = new DESedeUtils();
                        if (!this.decoder.init(2, credential.getSecretKey())) {
                            SpasRollingLogger.error(SpasLogCode.SPAS0090, RemoteKeyStore.this.serverName, "Failed to initialize key decoder");
                            return null;
                        }
                    }
                }
            }
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(RQ_VERSION, (Object) API_VERSION_1_0);
            jSONObject.put(RQ_TIMESTAMP, (Object) Long.valueOf(System.currentTimeMillis()));
            jSONObject.put(RQ_SDKVERSION, (Object) SpasSdkServiceBase.getVersion());
            jSONObject.put(RQ_ACCESSKEY, (Object) str);
            if (this.algorithm != null) {
                jSONObject.put(RQ_ALGORITHM, (Object) this.algorithm.name());
            }
            String jSONString = jSONObject.toJSONString();
            String sign = this.algorithm != null ? SpasSigner.sign(jSONString, credential.getSecretKey(), this.algorithm) : SpasSigner.sign(jSONString, credential.getSecretKey());
            HashMap hashMap = new HashMap();
            hashMap.put(HD_ACCESSKEY, credential.getAccessKey());
            hashMap.put(HD_SIGNATURE, sign);
            try {
                SpasHttpClient.HttpResult httpPostJson = SpasHttpClient.httpPostJson((this.serverHost.startsWith("http") ? "" : "http://") + this.serverHost + API_GET_KEY_INFO, hashMap, jSONString, ENCODING);
                if (httpPostJson.code != 200) {
                    SpasRollingLogger.error(SpasLogCode.SPAS0133, RemoteKeyStore.this.serverName, "Get key info request return " + httpPostJson.code);
                    return null;
                }
                JSONObject parseObject = JSON.parseObject(httpPostJson.content);
                String string = parseObject.getString(RS_STATUS);
                String string2 = parseObject.getString(RS_CODE);
                if (!"0".equals(string) || !"0".equals(string2)) {
                    SpasRollingLogger.error(SpasLogCode.SPAS0132, RemoteKeyStore.this.serverName, "Get key info failed with status " + string + " code " + string2);
                    return null;
                }
                JSONObject jSONObject2 = parseObject.getJSONObject(RS_CONTENT);
                if (jSONObject2 == null) {
                    SpasRollingLogger.error(SpasLogCode.SPAS0131, RemoteKeyStore.this.serverName, "Get key info response content null");
                    return null;
                }
                String string3 = jSONObject2.getString("name");
                String str2 = null;
                String string4 = jSONObject2.getString(RS_SECRETKEY);
                if (string4 != null && !string4.isEmpty()) {
                    str2 = this.decoder.decrypt(string4);
                }
                return new DefaultAccountStore.AppSecret(string3, str2);
            } catch (Exception e) {
                SpasRollingLogger.error(SpasLogCode.SPAS0130, RemoteKeyStore.this.serverName, "Failed to send get key info request", e);
                return null;
            }
        }

        Set<String> validateRemoteKeys(Set<String> set) {
            if (set == null || set.isEmpty()) {
                return set;
            }
            SpasCredential credential = this.licenceGetter.getCredential();
            if (credential == null || credential.getAccessKey() == null || credential.getSecretKey() == null) {
                return set;
            }
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(RQ_VERSION, (Object) API_VERSION_1_0);
            jSONObject.put(RQ_TIMESTAMP, (Object) Long.valueOf(System.currentTimeMillis()));
            jSONObject.put(RQ_SDKVERSION, (Object) SpasSdkServiceBase.getVersion());
            jSONObject.put("keys", (Object) set);
            if (this.algorithm != null) {
                jSONObject.put(RQ_ALGORITHM, (Object) this.algorithm.name());
            }
            String jSONString = jSONObject.toJSONString();
            String sign = this.algorithm != null ? SpasSigner.sign(jSONString, credential.getSecretKey(), this.algorithm) : SpasSigner.sign(jSONString, credential.getSecretKey());
            HashMap hashMap = new HashMap();
            hashMap.put(HD_ACCESSKEY, credential.getAccessKey());
            hashMap.put(HD_SIGNATURE, sign);
            try {
                SpasHttpClient.HttpResult httpPostJson = SpasHttpClient.httpPostJson((this.serverHost.startsWith("http") ? "" : "http://") + this.serverHost + API_VALIDATE_KEYS, hashMap, jSONString, ENCODING);
                if (httpPostJson.code == 200) {
                    JSONObject parseObject = JSON.parseObject(httpPostJson.content);
                    String string = parseObject.getString(RS_STATUS);
                    String string2 = parseObject.getString(RS_CODE);
                    if ("0".equals(string) && "0".equals(string2)) {
                        JSONObject jSONObject2 = parseObject.getJSONObject(RS_CONTENT);
                        if (jSONObject2 != null) {
                            JSONArray jSONArray = jSONObject2.getJSONArray("keys");
                            HashSet hashSet = new HashSet();
                            if (jSONArray != null) {
                                for (int i = 0; i < jSONArray.size(); i++) {
                                    String string3 = jSONArray.getString(i);
                                    if (string3 != null && !string3.isEmpty()) {
                                        hashSet.add(string3);
                                    }
                                }
                            }
                            return hashSet;
                        }
                        SpasRollingLogger.error(SpasLogCode.SPAS0135, RemoteKeyStore.this.serverName, "Validate keys response content null");
                    } else {
                        SpasRollingLogger.error(SpasLogCode.SPAS0136, RemoteKeyStore.this.serverName, "Validate keys failed with status " + string + " code " + string2);
                    }
                } else {
                    SpasRollingLogger.error(SpasLogCode.SPAS0137, RemoteKeyStore.this.serverName, "Validate keys request return " + httpPostJson.code);
                }
                return set;
            } catch (Exception e) {
                SpasRollingLogger.error(SpasLogCode.SPAS0134, RemoteKeyStore.this.serverName, "Failed to send validate keys request", e);
                return set;
            }
        }
    }

    public RemoteKeyStore(String str, int i, long j, String str2, SpasLicenceGetter spasLicenceGetter) {
        this.serverName = str;
        this.keyGetter = new RemoteKeyGetter(str2, spasLicenceGetter);
        this.keyCache = new ConcurrentLRUCache<>(i, 10L, j, new BatchRefresher<String, DefaultAccountStore.AppSecret>() { // from class: com.taobao.spas.sdk.svcbase.account.RemoteKeyStore.1
            @Override // com.taobao.spas.sdk.common.cache.BatchRefresher
            public Map<String, DefaultAccountStore.AppSecret> batchRefresh(Map<String, DefaultAccountStore.AppSecret> map) {
                HashMap hashMap = new HashMap(map);
                hashMap.keySet().retainAll(RemoteKeyStore.this.keyGetter.validateRemoteKeys(map.keySet()));
                return hashMap;
            }

            @Override // com.taobao.spas.sdk.common.cache.BatchRefresher
            public int getBatchLimit() {
                return 100;
            }
        });
    }

    public DefaultAccountStore.AppSecret getAppSecret(String str) {
        DefaultAccountStore.AppSecret appSecret = this.keyCache.get(str);
        if (appSecret == null) {
            appSecret = this.keyGetter.getRemoteKeyInfo(str);
            if (appSecret != null) {
                this.keyCache.put(str, appSecret);
            }
        }
        return appSecret;
    }
}
