package org.apache.servicecomb.huaweicloud.servicestage;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.lang3.StringUtils;
import org.apache.servicecomb.config.ConfigUtil;
import org.apache.servicecomb.foundation.auth.AuthHeaderProvider;
import org.apache.servicecomb.foundation.auth.Cipher;
import org.apache.servicecomb.foundation.auth.DefaultCipher;
import org.apache.servicecomb.foundation.auth.ShaAKSKCipher;
import org.apache.servicecomb.foundation.common.utils.SPIServiceUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/servicestage-2.7.9.jar:org/apache/servicecomb/huaweicloud/servicestage/AKSKAuthHeaderProvider.class */
public class AKSKAuthHeaderProvider implements AuthHeaderProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AKSKAuthHeaderProvider.class);
    private static final String CONFIG_AKSK_ENABLED = "servicecomb.credentials.akskEnabled";
    private static final String CONFIG_ACCESS_KEY = "servicecomb.credentials.accessKey";
    private static final String CONFIG_SECRET_KEY = "servicecomb.credentials.secretKey";
    private static final String CONFIG_CIPHER = "servicecomb.credentials.akskCustomCipher";
    private static final String CONFIG_PROJECT = "servicecomb.credentials.project";
    private static final String VALUE_DEFAULT_PROJECT = "default";
    private static final String VALUE_DEFAULT_CIPHER = "default";
    private static final String X_SERVICE_AK = "X-Service-AK";
    private static final String X_SERVICE_SHAAKSK = "X-Service-ShaAKSK";
    private static final String X_SERVICE_PROJECT = "X-Service-Project";
    private final Map<String, String> headers;
    private final Configuration configuration;
    private boolean enabled;
    private final boolean loaded = false;

    public AKSKAuthHeaderProvider() {
        this(ConfigUtil.createLocalConfig());
    }

    public AKSKAuthHeaderProvider(Configuration configuration) {
        this.headers = new HashMap();
        this.loaded = false;
        this.configuration = configuration;
        this.enabled = configuration.getBoolean(CONFIG_AKSK_ENABLED, true);
    }

    @Override // org.apache.servicecomb.foundation.auth.AuthHeaderProvider
    public Map<String, String> authHeaders() {
        if (!this.enabled) {
            return this.headers;
        }
        if (!StringUtils.isEmpty(getAccessKey())) {
            load();
            return this.headers;
        }
        LOGGER.warn("ak sk auth enabled but access key is not configured, disable it at runtime. Config [{}] to false to disable it implicitly.", CONFIG_AKSK_ENABLED);
        this.enabled = false;
        return this.headers;
    }

    private synchronized void load() {
        this.headers.put(X_SERVICE_AK, getAccessKey());
        this.headers.put(X_SERVICE_SHAAKSK, getSecretKey());
        this.headers.put(X_SERVICE_PROJECT, getProject());
    }

    private String getAccessKey() {
        return this.configuration.getString(CONFIG_ACCESS_KEY, "");
    }

    private String getCipher() {
        return this.configuration.getString(CONFIG_CIPHER, "default");
    }

    private String getSecretKey() {
        String str = new String(findCipher().decrypt(this.configuration.getString(CONFIG_SECRET_KEY, "").toCharArray()));
        return ShaAKSKCipher.CIPHER_NAME.equalsIgnoreCase(getCipher()) ? str : sha256Encode(str, getAccessKey());
    }

    private String getProject() {
        String string = this.configuration.getString(CONFIG_PROJECT, "default");
        if (StringUtils.isEmpty(string)) {
            return string;
        }
        try {
            return URLEncoder.encode(string, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            return string;
        }
    }

    private Cipher findCipher() {
        return "default".equals(getCipher()) ? DefaultCipher.getInstance() : (Cipher) SPIServiceUtils.getOrLoadSortedService(Cipher.class).stream().filter(cipher -> {
            return cipher.name().equals(getCipher());
        }).findFirst().orElseThrow(() -> {
            return new IllegalArgumentException("failed to find cipher named " + getCipher());
        });
    }

    public static String sha256Encode(String str, String str2) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(str.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));
            return Hex.encodeHexString(mac.doFinal(str2.getBytes(StandardCharsets.UTF_8)));
        } catch (Exception e) {
            throw new IllegalArgumentException("Can not encode ak sk. Please check the value is correct.", e);
        }
    }
}
