package com.alibaba.schedulerx.worker.security;

import com.alibaba.schedulerx.common.constants.CommonConstants;
import com.alibaba.schedulerx.common.domain.JSONResult;
import com.alibaba.schedulerx.common.util.ConfigUtil;
import com.alibaba.schedulerx.common.util.JsonUtil;
import com.alibaba.schedulerx.shade.com.mashape.unirest.http.HttpResponse;
import com.alibaba.schedulerx.shade.com.mashape.unirest.http.JsonNode;
import com.alibaba.schedulerx.shade.com.mashape.unirest.http.Unirest;
import com.alibaba.schedulerx.shade.com.mashape.unirest.http.exceptions.UnirestException;
import com.alibaba.schedulerx.shade.org.apache.commons.configuration.Configuration;
import com.alibaba.schedulerx.shade.org.apache.commons.lang.StringUtils;
import com.alibaba.schedulerx.worker.domain.WorkerConstants;
import com.alibaba.schedulerx.worker.exception.AuthenticateException;
import com.alibaba.schedulerx.worker.log.LogFactory;
import com.alibaba.schedulerx.worker.log.Logger;
import com.taobao.spas.sdk.client.Constants;
import com.taobao.spas.sdk.client.SpasSdkClientFacade;
import com.taobao.spas.sdk.client.identity.Credentials;
import java.util.HashMap;
import java.util.List;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;

/* loaded from: input_file:com/alibaba/schedulerx/worker/security/AliyunAuthenticator.class */
public class AliyunAuthenticator implements Authenticator {
    private static final String AUTHENTICATE_DAUTH = "authenticate_dauth";
    private static final String AUTHENTICATE_RAM = "authenticate_ram";
    private static final String AUTHENTICATE_STS = "authenticate_sts";
    private static final String AUTHENTICATE_URL = "/worker/v1/appgroup/authenticate";
    private static final Logger LOGGER = LogFactory.getLogger(AliyunAuthenticator.class);

    @Override // com.alibaba.schedulerx.worker.security.Authenticator
    public void authenticate(Configuration configuration, String str, String str2, List<String> list) throws AuthenticateException {
        String accessKey;
        String string;
        String str3;
        String str4 = "";
        if (StringUtils.isNotBlank(configuration.getString(WorkerConstants.ALIYUN_ACESSKEY))) {
            accessKey = configuration.getString(WorkerConstants.ALIYUN_ACESSKEY);
            string = configuration.getString(WorkerConstants.ALIYUN_SECRETKEY);
            str3 = AUTHENTICATE_RAM;
        } else if (StringUtils.isNotBlank(configuration.getString(WorkerConstants.STS_ACESSKEY))) {
            accessKey = configuration.getString(WorkerConstants.STS_ACESSKEY);
            string = configuration.getString(WorkerConstants.STS_SECRETKEY);
            str4 = configuration.getString(WorkerConstants.STS_TOKEN);
            str3 = AUTHENTICATE_STS;
        } else {
            Credentials credential = SpasSdkClientFacade.getCredential();
            accessKey = StringUtils.isNotBlank(credential.getAccessKey()) ? credential.getAccessKey() : "";
            string = StringUtils.isNotBlank(credential.getSecretKey()) ? configuration.getString(WorkerConstants.DAUTH_SECRETKEY) : "";
            str3 = AUTHENTICATE_DAUTH;
            configuration.setProperty(WorkerConstants.WORKER_SOURCE, WorkerConstants.WORKER_SOURCE_EDAS);
        }
        if (StringUtils.isBlank(accessKey)) {
            throw new AuthenticateException("ak is blank");
        }
        if (StringUtils.isBlank(string)) {
            throw new AuthenticateException("sk is blank");
        }
        JSONResult authenticateFromConsole = authenticateFromConsole(accessKey, string, str4, str3, str, str2, StringUtils.join(list, StringArrayPropertyEditor.DEFAULT_SEPARATOR));
        if (authenticateFromConsole == null) {
            throw new AuthenticateException("authenticate result is null");
        }
        if (!authenticateFromConsole.isSuccess() || !((Boolean) authenticateFromConsole.getData()).booleanValue()) {
            throw new AuthenticateException(authenticateFromConsole.getMessage());
        }
    }

    private JSONResult authenticateFromConsole(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        JSONResult geneFailResult = JSONResult.geneFailResult();
        HashMap hashMap = new HashMap();
        hashMap.put("groups", str7);
        hashMap.put(Constants.ACCESS_KEY, str);
        hashMap.put(Constants.SECRET_KEY, str2);
        hashMap.put("secretToken", str3);
        hashMap.put(WorkerConstants.AGENT_NAMESPACE, str5);
        LOGGER.info("ak:{} sk:{} type:{}", str, str2, str4);
        hashMap.put("type", str4);
        if (StringUtils.isNotBlank(str6)) {
            hashMap.put("namespaceSource", str6);
        }
        String string = ConfigUtil.getWorkerConfig().getString("domainName");
        if (StringUtils.isNotBlank(string)) {
            String str8 = CommonConstants.HTTP_PREFIX + string + AUTHENTICATE_URL;
            try {
                HttpResponse<JsonNode> asJson = Unirest.post(str8).fields(hashMap).asJson();
                if (asJson != null) {
                    geneFailResult = (JSONResult) JsonUtil.fromJson(asJson.getBody().toString(), JSONResult.class);
                }
            } catch (UnirestException e) {
                LOGGER.error("groupIds: {} authenticate error, url={}", str7, str8, e);
            }
        }
        return geneFailResult;
    }
}
