package com.alibaba.nacos.client.auth.ram.injector;

import com.alibaba.nacos.api.exception.NacosException;
import com.alibaba.nacos.api.exception.runtime.NacosRuntimeException;
import com.alibaba.nacos.client.auth.ram.RamContext;
import com.alibaba.nacos.client.auth.ram.identify.StsConfig;
import com.alibaba.nacos.client.auth.ram.identify.StsCredential;
import com.alibaba.nacos.client.auth.ram.utils.SpasAdapter;
import com.alibaba.nacos.client.config.impl.ConfigHttpClientManager;
import com.alibaba.nacos.client.utils.LogUtils;
import com.alibaba.nacos.common.http.HttpRestResult;
import com.alibaba.nacos.common.http.param.Header;
import com.alibaba.nacos.common.http.param.Query;
import com.alibaba.nacos.common.utils.JacksonUtils;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.plugin.auth.api.LoginIdentityContext;
import com.alibaba.nacos.plugin.auth.api.RequestResource;
import com.fasterxml.jackson.core.type.TypeReference;
import java.util.Map;
import org.slf4j.Logger;

/* loaded from: input_file:com/alibaba/nacos/client/auth/ram/injector/ConfigResourceInjector.class */
public class ConfigResourceInjector extends AbstractResourceInjector {
    private static final Logger LOGGER = LogUtils.logger(ConfigResourceInjector.class);
    private static final String SECURITY_TOKEN_HEADER = "Spas-SecurityToken";
    private static final String ACCESS_KEY_HEADER = "Spas-AccessKey";
    private static final String DEFAULT_RESOURCE = "";
    private StsCredential stsCredential;

    @Override // com.alibaba.nacos.client.auth.ram.injector.AbstractResourceInjector
    public void doInject(RequestResource requestResource, RamContext ramContext, LoginIdentityContext loginIdentityContext) {
        String accessKey = ramContext.getAccessKey();
        String secretKey = ramContext.getSecretKey();
        if (StsConfig.getInstance().isStsOn()) {
            StsCredential stsCredential = getStsCredential();
            accessKey = stsCredential.getAccessKeyId();
            secretKey = stsCredential.getAccessKeySecret();
            loginIdentityContext.setParameter(SECURITY_TOKEN_HEADER, stsCredential.getSecurityToken());
        }
        if (StringUtils.isNotEmpty(accessKey) && StringUtils.isNotBlank(secretKey)) {
            loginIdentityContext.setParameter(ACCESS_KEY_HEADER, accessKey);
        }
        Map<String, String> signHeaders = SpasAdapter.getSignHeaders(getResource(requestResource.getNamespace(), requestResource.getGroup()), secretKey);
        if (signHeaders == null || signHeaders.isEmpty()) {
            return;
        }
        loginIdentityContext.setParameters(signHeaders);
    }

    private StsCredential getStsCredential() {
        if (StsConfig.getInstance().isCacheSecurityCredentials() && this.stsCredential != null) {
            if (this.stsCredential.getExpiration().getTime() - System.currentTimeMillis() > StsConfig.getInstance().getTimeToRefreshInMillisecond()) {
                return this.stsCredential;
            }
        }
        this.stsCredential = (StsCredential) JacksonUtils.toObj(getStsResponse(), new TypeReference<StsCredential>() { // from class: com.alibaba.nacos.client.auth.ram.injector.ConfigResourceInjector.1
        });
        LOGGER.info("[getSTSCredential] code:{}, accessKeyId:{}, lastUpdated:{}, expiration:{}", new Object[]{this.stsCredential.getCode(), this.stsCredential.getAccessKeyId(), this.stsCredential.getLastUpdated(), this.stsCredential.getExpiration()});
        return this.stsCredential;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static String getStsResponse() {
        String securityCredentials = StsConfig.getInstance().getSecurityCredentials();
        if (securityCredentials != null) {
            return securityCredentials;
        }
        String securityCredentialsUrl = StsConfig.getInstance().getSecurityCredentialsUrl();
        try {
            HttpRestResult httpRestResult = ConfigHttpClientManager.getInstance().getNacosRestTemplate().get(securityCredentialsUrl, Header.EMPTY, Query.EMPTY, String.class);
            if (httpRestResult.ok()) {
                return (String) httpRestResult.getData();
            }
            LOGGER.error("can not get security credentials, securityCredentialsUrl: {}, responseCode: {}, response: {}", new Object[]{securityCredentialsUrl, Integer.valueOf(httpRestResult.getCode()), httpRestResult.getMessage()});
            throw new NacosRuntimeException(NacosException.SERVER_ERROR, "can not get security credentials, responseCode: " + httpRestResult.getCode() + ", response: " + httpRestResult.getMessage());
        } catch (Exception e) {
            LOGGER.error("can not get security credentials", e);
            throw new NacosRuntimeException(NacosException.SERVER_ERROR, e);
        }
    }

    private String getResource(String str, String str2) {
        return (StringUtils.isNotBlank(str) && StringUtils.isNotBlank(str2)) ? str + "+" + str2 : StringUtils.isNotBlank(str2) ? str2 : StringUtils.isNotBlank(str) ? str : "";
    }
}
