package com.huaweicloud.sdk.core.auth;

import com.huaweicloud.sdk.core.Constants;
import com.huaweicloud.sdk.core.HcClient;
import com.huaweicloud.sdk.core.exception.SdkException;
import com.huaweicloud.sdk.core.http.HttpClient;
import com.huaweicloud.sdk.core.http.HttpRequest;
import com.huaweicloud.sdk.core.internal.Iam;
import com.huaweicloud.sdk.core.internal.InnerIamMeta;
import com.huaweicloud.sdk.core.internal.model.CreateTokenWithIdTokenResponse;
import com.huaweicloud.sdk.core.internal.model.KeystoneCreateProjectRequest;
import com.huaweicloud.sdk.core.internal.model.KeystoneCreateProjectResponse;
import com.huaweicloud.sdk.core.internal.model.KeystoneListAuthDomainsRequest;
import com.huaweicloud.sdk.core.internal.model.KeystoneListAuthDomainsResponse;
import com.huaweicloud.sdk.core.internal.model.KeystoneListProjectsRequest;
import com.huaweicloud.sdk.core.internal.model.KeystoneListProjectsResponse;
import com.huaweicloud.sdk.core.internal.model.KeystoneListRegionsRequest;
import com.huaweicloud.sdk.core.internal.model.KeystoneListRegionsResponse;
import com.huaweicloud.sdk.core.internal.model.Project;
import com.huaweicloud.sdk.core.utils.StringUtils;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huaweicloud/sdk/core/auth/BasicCredentials.class */
public class BasicCredentials extends AbstractCredentials<BasicCredentials> {
    private String projectId;

    public String getProjectId() {
        return this.projectId;
    }

    public void setProjectId(String str) {
        this.projectId = str;
    }

    public BasicCredentials withProjectId(String str) {
        this.projectId = str;
        return this;
    }

    Map<String, Object> getPathParams() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (Objects.nonNull(this.projectId)) {
            linkedHashMap.put(Constants.PROJECT_ID, this.projectId);
        }
        return linkedHashMap;
    }

    @Override // com.huaweicloud.sdk.core.auth.ICredential
    public CompletableFuture<ICredential> processAuthParams(HcClient hcClient, String str) {
        return CompletableFuture.supplyAsync(() -> {
            if (!StringUtils.isEmpty(getIdpId()) || !StringUtils.isEmpty(getIdTokenFile())) {
                if (StringUtils.isEmpty(getIdpId())) {
                    throw new SdkException("idpId is required when using idpId&idTokenFile");
                }
                if (StringUtils.isEmpty(getIdTokenFile())) {
                    throw new SdkException("idTokenFile is required when using idpId&idTokenFile");
                }
                if (StringUtils.isEmpty(this.projectId)) {
                    throw new SdkException("projectId is required when using idpId&idTokenFile");
                }
            }
            if (!StringUtils.isEmpty(this.projectId)) {
                return this;
            }
            String str2 = getAk() + str;
            if (Objects.nonNull(AuthCache.getAuth(str2)) && !StringUtils.isEmpty(AuthCache.getAuth(str2))) {
                this.projectId = AuthCache.getAuth(str2);
                return this;
            }
            String usedIamEndpoint = getUsedIamEndpoint();
            HcClient overrideEndpoints = hcClient.overrideEndpoints(Collections.singletonList(usedIamEndpoint));
            Function<HttpRequest, Boolean> derivedPredicate = getDerivedPredicate();
            setDerivedPredicate(null);
            Logger logger = LoggerFactory.getLogger(hcClient.getClass());
            logger.info("project id of region '{}' not found in BasicCredentials, trying to obtain project id from IAM service: {}", str, usedIamEndpoint);
            KeystoneListProjectsResponse keystoneListProjectsResponse = (KeystoneListProjectsResponse) overrideEndpoints.syncInvokeHttp(new KeystoneListProjectsRequest().withName(str), InnerIamMeta.KEYSTONE_LIST_PROJECTS);
            if (Objects.isNull(keystoneListProjectsResponse)) {
                throw new SdkException(Constants.ErrorMessage.NO_PROJECT_ID_FOUND);
            }
            List<Project> projects = keystoneListProjectsResponse.getProjects();
            if (projects.size() == 1) {
                this.projectId = projects.get(0).getId();
            } else {
                if (projects.size() >= 1) {
                    throw new SdkException(String.format(Locale.ROOT, "multiple project ids found: [%s], please specify one when initializing the credentials, BasicCredentials cred = new BasicCredentials().withAk(ak).withSk(sk).withProjectId(projectId)", (String) projects.stream().map((v0) -> {
                        return v0.getId();
                    }).collect(Collectors.joining(","))));
                }
                this.projectId = keystoneCreateProject(overrideEndpoints, str);
            }
            logger.info("success to obtain project id of region '{}': {}", str, this.projectId);
            AuthCache.putAuth(str2, this.projectId);
            setDerivedPredicate(derivedPredicate);
            return this;
        }, hcClient.getHttpConfig().getExecutorService());
    }

    private String keystoneCreateProject(HcClient hcClient, String str) {
        List<String> supportedRegions = getSupportedRegions(hcClient);
        if (Objects.isNull(supportedRegions) || supportedRegions.size() == 0) {
            throw new SdkException("failed to list regions");
        }
        if (!supportedRegions.contains(str)) {
            throw new SdkException("the region input is not supported to create project automatically");
        }
        String domainId = getDomainId(hcClient);
        if (StringUtils.isEmpty(domainId)) {
            throw new SdkException(Constants.ErrorMessage.NO_DOMAIN_ID_FOUND);
        }
        return getCreateProjectId(hcClient, str, domainId);
    }

    private List<String> getSupportedRegions(HcClient hcClient) {
        KeystoneListRegionsResponse keystoneListRegionsResponse = (KeystoneListRegionsResponse) hcClient.syncInvokeHttp(new KeystoneListRegionsRequest(), InnerIamMeta.KEYSTONE_LIST_REGIONS);
        if (Objects.isNull(keystoneListRegionsResponse)) {
            throw new SdkException("failed to list all regions");
        }
        return (List) keystoneListRegionsResponse.getRegions().stream().map(region -> {
            if ("public".equals(region.getType())) {
                return region.getId();
            }
            return null;
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
    }

    private String getDomainId(HcClient hcClient) {
        KeystoneListAuthDomainsResponse keystoneListAuthDomainsResponse = (KeystoneListAuthDomainsResponse) hcClient.syncInvokeHttp(new KeystoneListAuthDomainsRequest(), InnerIamMeta.KEYSTONE_LIST_AUTH_DOMAINS);
        if (Objects.isNull(keystoneListAuthDomainsResponse)) {
            throw new SdkException(Constants.ErrorMessage.NO_DOMAIN_ID_FOUND);
        }
        return keystoneListAuthDomainsResponse.getDomains().get(0).getId();
    }

    private String getCreateProjectId(HcClient hcClient, String str, String str2) {
        KeystoneCreateProjectResponse keystoneCreateProjectResponse = (KeystoneCreateProjectResponse) hcClient.overrideCredential(new GlobalCredentials().withAk(getAk()).withSk(getSk()).withDomainId(str2)).syncInvokeHttp(new KeystoneCreateProjectRequest().withBody(keystoneCreateProjectRequestBody -> {
            keystoneCreateProjectRequestBody.withProject(keystoneCreateProjectOption -> {
                keystoneCreateProjectOption.withName(str);
                keystoneCreateProjectOption.withDomainId(str2);
            });
        }), InnerIamMeta.KEYSTONE_CREATE_PROJECT);
        if (Objects.isNull(keystoneCreateProjectResponse.getProject())) {
            throw new SdkException("failed to create project");
        }
        return keystoneCreateProjectResponse.getProject().getId();
    }

    @Override // com.huaweicloud.sdk.core.auth.ICredential
    public CompletableFuture<HttpRequest> processAuthRequest(HttpRequest httpRequest, HttpClient httpClient) {
        return CompletableFuture.completedFuture(syncProcessAuthRequest(httpRequest, httpClient));
    }

    @Override // com.huaweicloud.sdk.core.auth.ICredential
    public HttpRequest syncProcessAuthRequest(HttpRequest httpRequest, HttpClient httpClient) {
        HttpRequest.HttpRequestBuilder addAutoFilledPathParam = httpRequest.builder().addAutoFilledPathParam(getPathParams());
        if (needUpdateAuthToken()) {
            updateAuthTokenByIdToken(httpClient);
        } else if (needUpdateSecurityToken()) {
            updateSecurityTokenFromMetadata();
        }
        if (Objects.nonNull(getProjectId())) {
            addAutoFilledPathParam.addHeader(Constants.X_PROJECT_ID, this.projectId);
        }
        if (Objects.nonNull(this.authToken)) {
            addAutoFilledPathParam.addHeader(Constants.X_AUTH_TOKEN, this.authToken);
            return addAutoFilledPathParam.build();
        }
        if (Objects.nonNull(getSecurityToken())) {
            addAutoFilledPathParam.addHeader(Constants.X_SECURITY_TOKEN, getSecurityToken());
        }
        if (Objects.nonNull(httpRequest.getContentType()) && !httpRequest.getContentType().startsWith(Constants.MEDIATYPE.APPLICATION_JSON) && !httpRequest.getContentType().startsWith(Constants.MEDIATYPE.APPLICATION_BSON)) {
            addAutoFilledPathParam.addHeader(Constants.X_SDK_CONTENT_SHA256, Constants.UNSIGNED_PAYLOAD);
        }
        addAutoFilledPathParam.addHeaders(isDerivedAuth(httpRequest) ? DerivedAKSKSigner.getInstance().sign(addAutoFilledPathParam.build(), this) : AKSKSignerFactory.getSigner(httpRequest.getSigningAlgorithm()).sign(addAutoFilledPathParam.build(), this));
        return addAutoFilledPathParam.build();
    }

    @Override // com.huaweicloud.sdk.core.auth.AbstractCredentials
    public void processDerivedAuthParams(String str, String str2) {
        if (this.derivedAuthServiceName == null) {
            this.derivedAuthServiceName = str;
        }
        if (this.regionId == null) {
            this.regionId = str2;
        }
    }

    @Override // com.huaweicloud.sdk.core.auth.AbstractCredentials
    protected void updateAuthTokenByIdToken(HttpClient httpClient) {
        CreateTokenWithIdTokenResponse createTokenWithIdToken = Iam.createTokenWithIdToken(httpClient, Iam.getProjectTokenWithIdTokenRequest(getUsedIamEndpoint(), getIdpId(), getIdToken(), this.projectId));
        this.authToken = createTokenWithIdToken.getSubjectToken();
        try {
            this.expiredAt = Long.valueOf(new SimpleDateFormat(Iam.EXPIRED_DATE_FORMAT).parse(createTokenWithIdToken.getToken().getExpiresAt().replace("000Z", "Z")).getTime());
        } catch (ParseException e) {
            throw new SdkException(e);
        }
    }

    @Override // com.huaweicloud.sdk.core.auth.ICredential
    public BasicCredentials deepClone() {
        BasicCredentials withSecurityToken = new BasicCredentials().withProjectId(this.projectId).withAk(getAk()).withSk(getSk()).withIdpId(getIdpId()).withIdTokenFile(getIdTokenFile()).withDerivedPredicate(getDerivedPredicate()).withIamEndpoint(getIamEndpoint()).withSecurityToken(getSecurityToken());
        withSecurityToken.processDerivedAuthParams(this.derivedAuthServiceName, this.regionId);
        return withSecurityToken;
    }
}
