package com.alibaba.schedulerx.worker.security;

import com.alibaba.schedulerx.common.constants.CommonConstants;
import com.alibaba.schedulerx.common.domain.JSONResult;
import com.alibaba.schedulerx.common.util.ConfigUtil;
import com.alibaba.schedulerx.common.util.JsonUtil;
import com.alibaba.schedulerx.shade.com.google.common.collect.Maps;
import com.alibaba.schedulerx.shade.com.mashape.unirest.http.HttpResponse;
import com.alibaba.schedulerx.shade.com.mashape.unirest.http.JsonNode;
import com.alibaba.schedulerx.shade.com.mashape.unirest.http.Unirest;
import com.alibaba.schedulerx.shade.com.mashape.unirest.http.exceptions.UnirestException;
import com.alibaba.schedulerx.shade.com.taobao.spas.sdk.client.Constants;
import com.alibaba.schedulerx.shade.com.taobao.spas.sdk.client.SpasSdkClientFacade;
import com.alibaba.schedulerx.shade.com.taobao.spas.sdk.client.identity.Credentials;
import com.alibaba.schedulerx.shade.org.apache.commons.configuration.Configuration;
import com.alibaba.schedulerx.shade.org.apache.commons.lang.StringUtils;
import com.alibaba.schedulerx.worker.domain.WorkerConstants;
import com.alibaba.schedulerx.worker.exception.AuthenticateException;
import com.alibaba.schedulerx.worker.log.LogFactory;
import com.alibaba.schedulerx.worker.log.Logger;
import java.util.HashMap;
import java.util.List;

/* loaded from: input_file:com/alibaba/schedulerx/worker/security/AliyunAuthenticator.class */
public class AliyunAuthenticator implements Authenticator {
    private static final String AUTHENTICATE_DEFAULT = "authenticate_default";
    private static final String AUTHENTICATE_DAUTH = "authenticate_dauth";
    private static final String AUTHENTICATE_RAM = "authenticate_ram";
    private static final String AUTHENTICATE_STS = "authenticate_sts";
    private static final String AUTHENTICATE_URL = "/worker/v1/appgroup/authenticate";
    private static final Logger LOGGER = LogFactory.getLogger(AliyunAuthenticator.class);

    @Override // com.alibaba.schedulerx.worker.security.Authenticator
    public void authenticate(Configuration configuration, String str, String str2, List<String> list) throws AuthenticateException {
        String accessKey;
        String secretKey;
        JSONResult geneFailResult = JSONResult.geneFailResult();
        String[] stringArray = configuration.getStringArray(WorkerConstants.APP_KEY);
        HashMap newHashMap = Maps.newHashMap();
        if (StringUtils.isNotBlank(str)) {
            newHashMap.put(WorkerConstants.AGENT_NAMESPACE, str);
        }
        if (StringUtils.isNotBlank(str2)) {
            newHashMap.put("namespaceSource", str2);
        }
        newHashMap.put("groups", StringUtils.join(list, ","));
        if (stringArray == null || stringArray.length <= 0) {
            if (StringUtils.isNotBlank(configuration.getString(WorkerConstants.ALIYUN_ACESSKEY))) {
                accessKey = configuration.getString(WorkerConstants.ALIYUN_ACESSKEY);
                secretKey = configuration.getString(WorkerConstants.ALIYUN_SECRETKEY);
                newHashMap.put("type", AUTHENTICATE_RAM);
            } else if (StringUtils.isNotBlank(configuration.getString(WorkerConstants.STS_ACESSKEY))) {
                accessKey = configuration.getString(WorkerConstants.STS_ACESSKEY);
                secretKey = configuration.getString(WorkerConstants.STS_SECRETKEY);
                newHashMap.put("secretToken", configuration.getString(WorkerConstants.STS_TOKEN));
                newHashMap.put("type", AUTHENTICATE_STS);
            } else {
                Credentials credential = SpasSdkClientFacade.getCredential();
                accessKey = StringUtils.isNotBlank(credential.getAccessKey()) ? credential.getAccessKey() : "";
                secretKey = StringUtils.isNotBlank(credential.getSecretKey()) ? credential.getSecretKey() : "";
                configuration.setProperty(WorkerConstants.WORKER_SOURCE, WorkerConstants.WORKER_SOURCE_EDAS);
                newHashMap.put("type", AUTHENTICATE_DAUTH);
            }
            if (StringUtils.isBlank(accessKey)) {
                throw new AuthenticateException("ak is blank");
            }
            if (StringUtils.isBlank(secretKey)) {
                throw new AuthenticateException("sk is blank");
            }
            newHashMap.put(Constants.ACCESS_KEY, accessKey);
            newHashMap.put(Constants.SECRET_KEY, secretKey);
        } else {
            newHashMap.put(Constants.ACCESS_KEY, StringUtils.join(stringArray, ","));
            newHashMap.put("type", AUTHENTICATE_DEFAULT);
        }
        String string = ConfigUtil.getWorkerConfig().getString("domainName");
        if (StringUtils.isNotBlank(string)) {
            String str3 = CommonConstants.HTTP_PREFIX + string + AUTHENTICATE_URL;
            try {
                HttpResponse<JsonNode> asJson = Unirest.post(str3).fields(newHashMap).asJson();
                if (asJson != null) {
                    geneFailResult = (JSONResult) JsonUtil.fromJson(asJson.getBody().toString(), JSONResult.class);
                }
            } catch (UnirestException e) {
                LOGGER.error("groupIds: {} authenticate error, url={}", list, str3, e);
            } catch (Exception e2) {
                LOGGER.error("groupIds: {} authenticate error, url={}", list, str3, e2);
            }
        }
        if (geneFailResult == null) {
            throw new AuthenticateException("authenticate result is null");
        }
        if (!geneFailResult.isSuccess() || !((Boolean) geneFailResult.getData()).booleanValue()) {
            throw new AuthenticateException(geneFailResult.getMessage());
        }
    }
}
