package com.alibaba.tesla.appmanager.client;

import com.alibaba.fastjson.JSONObject;
import com.alibaba.tesla.appmanager.client.lib.OAuth2Client;
import com.alibaba.tesla.appmanager.client.lib.OAuth2Exception;
import com.alibaba.tesla.appmanager.client.lib.OAuth2Response;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.tomcat.util.net.Constants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/appmanager-auth-client-1.0.4.jar:com/alibaba/tesla/appmanager/client/AppManagerClient.class */
public class AppManagerClient {
    private volatile OkHttpClient internalHttpClient;
    private volatile String internalAuthToken;
    private volatile Long internalExpiresAt;
    private static final int CONNECT_TIMEOUT = 10;
    private static final int READ_TIMEOUT = 60;
    private static final int WRITE_TIMEOUT = 60;
    private static final int CALL_TIMEOUT = 60;
    private static final int TOLERATION_SECONDS = 300;
    private String endpoint;
    private String username;
    private String password;
    private String clientId;
    private String clientSecret;
    private static final SSLContext TRUST_ALL_SSL_CONTEXT;
    private static final SSLSocketFactory trustAllSslSocketFactory;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AppManagerClient.class);
    private static final TrustManager[] TRUST_ALL_CERTS = {new X509TrustManager() { // from class: com.alibaba.tesla.appmanager.client.AppManagerClient.1
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }};

    public AppManagerClient(String str, String str2, String str3, String str4, String str5) {
        this.endpoint = str;
        this.username = str2;
        this.password = str3;
        this.clientId = str4;
        this.clientSecret = str5;
    }

    private OkHttpClient getHttpClient() {
        if (this.internalHttpClient == null) {
            synchronized (AppManagerClient.class) {
                if (this.internalHttpClient == null) {
                    OkHttpClient.Builder builder = new OkHttpClient.Builder();
                    setBuilder(builder);
                    this.internalHttpClient = builder.build();
                }
            }
        }
        return this.internalHttpClient;
    }

    private boolean validAccessToken() {
        return this.internalExpiresAt != null && System.currentTimeMillis() <= this.internalExpiresAt.longValue() - 300000;
    }

    public void refreshAccessToken(boolean z) {
        if (z || !validAccessToken()) {
            OkHttpClient httpClient = getHttpClient();
            if (StringUtils.isEmpty(this.username) || StringUtils.isEmpty(this.password) || StringUtils.isEmpty(this.clientId) || StringUtils.isEmpty(this.clientSecret)) {
                return;
            }
            if (this.endpoint.endsWith("/")) {
                this.endpoint = this.endpoint.substring(0, this.endpoint.length() - 1);
            }
            try {
                OAuth2Response requestAccessToken = new OAuth2Client.Builder(this.username, this.password, this.clientId, this.clientSecret, String.format("%s/oauth/token", this.endpoint)).okHttpClient(httpClient).scope(Constants.SSL_PROTO_ALL).build().requestAccessToken();
                if (!requestAccessToken.isSuccessful()) {
                    log.error("cannot get auth token|response={}", requestAccessToken.getBody());
                    return;
                }
                this.internalAuthToken = requestAccessToken.getAccessToken();
                this.internalExpiresAt = requestAccessToken.getExpiresAt();
                log.info("action=appmanagerRefreshAccessToken|token={}|expiresAt={}", this.internalAuthToken, this.internalExpiresAt);
            } catch (IOException e) {
                log.error("cannot get auth token|exception={}", ExceptionUtils.getStackTrace(e));
            }
        }
    }

    public Response sendRequestSimple(Request.Builder builder) throws IOException {
        OkHttpClient httpClient = getHttpClient();
        refreshAccessToken(false);
        return httpClient.newCall(!StringUtils.isEmpty(this.internalAuthToken) ? builder.header("Authorization", "Bearer " + this.internalAuthToken).build() : builder.header("X-EmpId", "SYSTEM").build()).execute();
    }

    public JSONObject sendRequest(Request.Builder builder) throws IOException {
        OkHttpClient httpClient = getHttpClient();
        refreshAccessToken(false);
        Response execute = httpClient.newCall(!StringUtils.isEmpty(this.internalAuthToken) ? builder.header("Authorization", "Bearer " + this.internalAuthToken).build() : builder.header("X-EmpId", "SYSTEM").build()).execute();
        ResponseBody body = execute.body();
        if (body == null) {
            throw new OAuth2Exception("cannot sync to external environment, null response");
        }
        String string = body.string();
        if (execute.code() != 200) {
            throw new OAuth2Exception(String.format("send request failed, http status not 200|response=%s", string));
        }
        try {
            JSONObject parseObject = JSONObject.parseObject(string);
            if (parseObject.getIntValue("code") != 200) {
                throw new OAuth2Exception(String.format("send request failed, response code not 200|response=%s", string));
            }
            return parseObject;
        } catch (Exception e) {
            throw new OAuth2Exception(String.format("send request failed, response not json|response=%s", string));
        }
    }

    private void setBuilder(OkHttpClient.Builder builder) {
        builder.connectTimeout(10L, TimeUnit.SECONDS);
        builder.readTimeout(60L, TimeUnit.SECONDS);
        builder.writeTimeout(60L, TimeUnit.SECONDS);
        builder.callTimeout(60L, TimeUnit.SECONDS);
        builder.sslSocketFactory(trustAllSslSocketFactory, (X509TrustManager) TRUST_ALL_CERTS[0]);
        builder.hostnameVerifier((str, sSLSession) -> {
            return true;
        });
    }

    static {
        try {
            TRUST_ALL_SSL_CONTEXT = SSLContext.getInstance("SSL");
            TRUST_ALL_SSL_CONTEXT.init(null, TRUST_ALL_CERTS, new SecureRandom());
            trustAllSslSocketFactory = TRUST_ALL_SSL_CONTEXT.getSocketFactory();
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
}
