package com.huaweicloud.governance.authentication.consumer;

import com.huaweicloud.common.context.InvocationContext;
import com.huaweicloud.governance.authentication.Const;
import com.huaweicloud.governance.authentication.RsaAuthenticationToken;
import com.huaweicloud.governance.authentication.UnAuthorizedException;
import com.huaweicloud.servicecomb.discovery.registry.ServiceCombRegistration;
import java.security.PrivateKey;
import java.util.Optional;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.servicecomb.foundation.common.utils.RSAUtils;
import org.apache.servicecomb.foundation.token.RSAKeypair4Auth;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huaweicloud/governance/authentication/consumer/RSAConsumerTokenManager.class */
public class RSAConsumerTokenManager {
    private static final Logger LOGGER = LoggerFactory.getLogger(RSAConsumerTokenManager.class);
    private final Object lock = new Object();
    private RsaAuthenticationToken token;
    private final ServiceCombRegistration registration;

    public RSAConsumerTokenManager(ServiceCombRegistration serviceCombRegistration) {
        this.registration = serviceCombRegistration;
    }

    public String getToken() {
        if (isExpired(this.token)) {
            synchronized (this.lock) {
                if (isExpired(this.token)) {
                    return createToken();
                }
            }
        }
        return this.token.format();
    }

    public String createToken() {
        PrivateKey privateKey = RSAKeypair4Auth.INSTANCE.getPrivateKey();
        String instanceId = this.registration.getMicroserviceInstance().getInstanceId();
        String serviceId = this.registration.getMicroservice().getServiceId();
        if (instanceId == null || serviceId == null) {
            LOGGER.error("service not ready when create token.");
            return null;
        }
        try {
            String format = String.format("%s@%s@%s@%s", instanceId, serviceId, Long.valueOf(System.currentTimeMillis()), RandomStringUtils.randomAlphanumeric(128));
            this.token = RsaAuthenticationToken.fromStr(String.format("%s@%s", format, RSAUtils.sign(format, privateKey)));
            return this.token.format();
        } catch (Exception e) {
            LOGGER.error("create token error", e);
            return null;
        }
    }

    public boolean isExpired(RsaAuthenticationToken rsaAuthenticationToken) {
        if (null == rsaAuthenticationToken) {
            return true;
        }
        return System.currentTimeMillis() > (rsaAuthenticationToken.getGenerateTime() + RsaAuthenticationToken.TOKEN_ACTIVE_TIME) - 900000;
    }

    public void setToken(InvocationContext invocationContext) {
        Optional ofNullable = Optional.ofNullable(getToken());
        if (!ofNullable.isPresent()) {
            throw new UnAuthorizedException("auth token is not properly configured yet.");
        }
        invocationContext.putContext(Const.AUTH_TOKEN, (String) ofNullable.get());
    }
}
