package com.alipay.easysdk.kms.aliyun;

import com.alipay.easysdk.kms.aliyun.credentials.AccessKeyCredentials;
import com.alipay.easysdk.kms.aliyun.credentials.BasicSessionCredentials;
import com.alipay.easysdk.kms.aliyun.credentials.ICredentials;
import com.alipay.easysdk.kms.aliyun.credentials.provider.CredentialsProviderFactory;
import com.alipay.easysdk.kms.aliyun.credentials.provider.EcsRamRoleCredentialsProvider;
import com.alipay.easysdk.kms.aliyun.credentials.provider.ICredentialsProvider;
import com.alipay.easysdk.kms.aliyun.credentials.provider.RamRoleArnCredentialsProvider;
import com.alipay.easysdk.kms.aliyun.credentials.provider.StaticCredentialsProvider;
import com.alipay.easysdk.kms.aliyun.credentials.utils.CredentialType;
import com.alipay.easysdk.kms.aliyun.models.RuntimeOptions;
import com.aliyun.tea.Tea;
import com.aliyun.tea.TeaConverter;
import com.aliyun.tea.TeaException;
import com.aliyun.tea.TeaModel;
import com.aliyun.tea.TeaPair;
import com.aliyun.tea.TeaRequest;
import com.aliyun.tea.TeaResponse;
import com.aliyun.tea.TeaRetryableException;
import com.aliyun.tea.TeaUnretryableException;
import com.aliyun.tea.ValidateException;
import com.aliyun.tea.utils.StringUtils;
import com.google.gson.Gson;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.SimpleTimeZone;
import java.util.UUID;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:com/alipay/easysdk/kms/aliyun/AliyunRpcClient.class */
public class AliyunRpcClient {
    private final String accessKeyId;
    private final String accessKeySecret;
    private final String securityToken;
    private final String roleArn;
    private final String roleName;
    private final String credentialType;
    private final String policy;
    private final String endpoint;
    private final String format = "json";
    private final String signatureMethod = "HMAC-SHA1";
    private final String signatureVersion = "1.0";
    private final ICredentialsProvider credentialsProvider = getCredentialsProvider();

    public AliyunRpcClient(Map<String, Object> map) {
        this.accessKeyId = (String) map.get("aliyunAccessKeyId");
        this.accessKeySecret = (String) map.get("aliyunAccessKeySecret");
        this.securityToken = (String) map.get("aliyunSecurityToken");
        this.roleArn = (String) map.get("aliyunRoleArn");
        this.roleName = (String) map.get("aliyunRoleName");
        this.credentialType = (String) map.get("credentialType");
        this.policy = (String) map.get("aliyunRolePolicy");
        this.endpoint = (String) map.get("kmsEndpoint");
    }

    public static String percentEncode(String str) throws UnsupportedEncodingException {
        if (str != null) {
            return URLEncoder.encode(str, "UTF-8").replace("+", "%20").replace("*", "%2A").replace("%7E", "~");
        }
        return null;
    }

    private static String getSignature(Map<String, String> map, String str, String str2) throws Exception {
        String[] strArr = (String[]) map.keySet().toArray(new String[0]);
        Arrays.sort(strArr);
        StringBuilder sb = new StringBuilder();
        for (String str3 : strArr) {
            if (!StringUtils.isEmpty(map.get(str3))) {
                sb.append("&").append(percentEncode(str3)).append("=").append(percentEncode(map.get(str3)));
            }
        }
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(new SecretKeySpec((str2 + "&").getBytes(StandardCharsets.UTF_8), "HmacSHA1"));
        return Base64.toBase64String(mac.doFinal((str + "&" + percentEncode("/") + "&" + percentEncode(sb.toString().substring(1))).getBytes(StandardCharsets.UTF_8)));
    }

    public static Object parseJSON(String str) {
        return new Gson().fromJson(str, Map.class);
    }

    public static Map<String, Object> assertAsMap(Object obj) {
        if (null == obj || !Map.class.isAssignableFrom(obj.getClass())) {
            throw new RuntimeException("The value is not a object");
        }
        return (Map) obj;
    }

    public static byte[] readAsBytes(InputStream inputStream) throws IOException {
        if (null == inputStream) {
            return new byte[0];
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    public static String readAsString(InputStream inputStream) throws IOException {
        return new String(readAsBytes(inputStream), StandardCharsets.UTF_8);
    }

    public static Object readAsJSON(InputStream inputStream) throws IOException {
        return parseJSON(readAsString(inputStream));
    }

    public static String getTimestamp() {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
        simpleDateFormat.setTimeZone(new SimpleTimeZone(0, "UTC"));
        return simpleDateFormat.format(new Date());
    }

    public static String getNonce() {
        return UUID.randomUUID().toString() + System.currentTimeMillis() + Thread.currentThread().getId();
    }

    public static String toFormString(Map<String, ?> map) throws UnsupportedEncodingException {
        if (null == map) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        for (Map.Entry<String, ?> entry : map.entrySet()) {
            if (!StringUtils.isEmpty(entry.getValue())) {
                if (z) {
                    z = false;
                } else {
                    sb.append("&");
                }
                sb.append(URLEncoder.encode(entry.getKey(), "UTF-8"));
                sb.append("=");
                sb.append(URLEncoder.encode(String.valueOf(entry.getValue()), "UTF-8"));
            }
        }
        return sb.toString();
    }

    public static void validateModel(TeaModel teaModel) throws Exception {
        if (null == teaModel) {
            throw new ValidateException("parameter is not allowed as null");
        }
        teaModel.validate();
    }

    public static Map<String, Object> anyifyMapValue(Map<String, ?> map) {
        HashMap hashMap = new HashMap();
        if (null == map) {
            return null;
        }
        for (Map.Entry<String, ?> entry : map.entrySet()) {
            hashMap.put(entry.getKey(), entry.getValue());
        }
        return hashMap;
    }

    public static boolean is4xx(Number number) {
        return null != number && number.intValue() >= 400 && number.intValue() < 500;
    }

    public static boolean is5xx(Number number) {
        return null != number && number.intValue() >= 500 && number.intValue() < 600;
    }

    public static boolean isUnset(Object obj) {
        return null == obj;
    }

    private ICredentialsProvider getCredentialsProvider() {
        CredentialsProviderFactory credentialsProviderFactory = new CredentialsProviderFactory();
        if (StringUtils.isEmpty(this.credentialType)) {
            return getAccessKeyCredentialsProvider(this.accessKeyId, this.accessKeySecret, credentialsProviderFactory);
        }
        String str = this.credentialType;
        boolean z = -1;
        switch (str.hashCode()) {
            case -1141690108:
                if (str.equals(CredentialType.ACCESS_KEY)) {
                    z = false;
                    break;
                }
                break;
            case -795952619:
                if (str.equals(CredentialType.RAM_ROLE_ARN)) {
                    z = 3;
                    break;
                }
                break;
            case 114226:
                if (str.equals(CredentialType.STS)) {
                    z = true;
                    break;
                }
                break;
            case 1826440545:
                if (str.equals(CredentialType.ECS_RAM_ROLE)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return getAccessKeyCredentialsProvider(this.accessKeyId, this.accessKeySecret, credentialsProviderFactory);
            case true:
                return getStsTokenCredentialsProvider(this.accessKeyId, this.accessKeySecret, this.securityToken, credentialsProviderFactory);
            case true:
                return getEcsRamRoleCredentialsProvider(this.roleName, credentialsProviderFactory);
            case true:
                return getRamRoleArnCredentialsProvider(this.accessKeyId, this.accessKeySecret, this.roleArn, this.policy, credentialsProviderFactory);
            default:
                throw new IllegalArgumentException("The credentialType is not supported");
        }
    }

    private ICredentialsProvider getAccessKeyCredentialsProvider(String str, String str2, CredentialsProviderFactory credentialsProviderFactory) {
        return credentialsProviderFactory.createCredentialsProvider(new StaticCredentialsProvider(new AccessKeyCredentials(str, str2)));
    }

    private ICredentialsProvider getStsTokenCredentialsProvider(String str, String str2, String str3, CredentialsProviderFactory credentialsProviderFactory) {
        return credentialsProviderFactory.createCredentialsProvider(new StaticCredentialsProvider(new BasicSessionCredentials(str, str2, str3)));
    }

    private ICredentialsProvider getEcsRamRoleCredentialsProvider(String str, CredentialsProviderFactory credentialsProviderFactory) {
        if (StringUtils.isEmpty(str)) {
            throw new IllegalArgumentException("The roleName is empty");
        }
        return credentialsProviderFactory.createCredentialsProvider(new EcsRamRoleCredentialsProvider(str));
    }

    private ICredentialsProvider getRamRoleArnCredentialsProvider(String str, String str2, String str3, String str4, CredentialsProviderFactory credentialsProviderFactory) {
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2)) {
            throw new IllegalArgumentException("The accessKeyId or accessKeySecret is empty");
        }
        if (StringUtils.isEmpty(str3)) {
            throw new IllegalArgumentException("The roleArn is empty");
        }
        return credentialsProviderFactory.createCredentialsProvider(new RamRoleArnCredentialsProvider(str, str2, str3, str4));
    }

    public Map<String, Object> doRequest(String str, String str2, String str3, String str4, Map<String, Object> map, Map<String, Object> map2, RuntimeOptions runtimeOptions) throws Exception {
        int backoffTime;
        Map buildMap = TeaConverter.buildMap(new TeaPair[]{new TeaPair("readTimeout", runtimeOptions.readTimeout), new TeaPair("connectTimeout", runtimeOptions.connectTimeout), new TeaPair("retry", TeaConverter.buildMap(new TeaPair[]{new TeaPair("maxAttempts", runtimeOptions.maxAttempts)})), new TeaPair("backoff", TeaConverter.buildMap(new TeaPair[]{new TeaPair("policy", runtimeOptions.backoffPolicy), new TeaPair("period", runtimeOptions.backoffPeriod)})), new TeaPair("ignoreSSL", runtimeOptions.ignoreSSL)});
        long currentTimeMillis = System.currentTimeMillis();
        int i = 0;
        while (Tea.allowRetry((Map) buildMap.get("retry"), i, currentTimeMillis)) {
            if (i > 0 && (backoffTime = Tea.getBackoffTime(buildMap.get("backoff"), i)) > 0) {
                Tea.sleep(backoffTime);
            }
            i++;
            try {
                TeaRequest teaRequest = new TeaRequest();
                teaRequest.protocol = str2;
                teaRequest.method = str3;
                teaRequest.pathname = "/";
                teaRequest.query = TeaConverter.merge(String.class, new Map[]{TeaConverter.buildMap(new TeaPair[]{new TeaPair("Action", str), new TeaPair("Format", this.format), new TeaPair("Timestamp", getTimestamp()), new TeaPair("Version", str4), new TeaPair("SignatureNonce", getNonce())}), map});
                teaRequest.headers = TeaConverter.buildMap(new TeaPair[]{new TeaPair("host", this.endpoint)});
                if (!isUnset(map2)) {
                    teaRequest.body = Tea.toReadable(toFormString(anyifyMapValue(map2)));
                    teaRequest.headers.put("content-type", "application/x-www-form-urlencoded");
                }
                ICredentials credentials = this.credentialsProvider.getCredentials();
                if (credentials == null) {
                    throw new TeaRetryableException();
                }
                teaRequest.query.put("SignatureMethod", this.signatureMethod);
                teaRequest.query.put("SignatureVersion", this.signatureVersion);
                teaRequest.query.put("AccessKeyId", credentials.getAccessKeyId());
                if (!StringUtils.isEmpty(credentials.getSecurityToken())) {
                    teaRequest.query.put("SecurityToken", credentials.getSecurityToken());
                }
                teaRequest.query.put("Signature", getSignature(TeaConverter.merge(String.class, new Map[]{teaRequest.query, map2}), teaRequest.method, credentials.getAccessKeySecret()));
                TeaResponse doAction = Tea.doAction(teaRequest, buildMap);
                Map<String, Object> assertAsMap = assertAsMap(readAsJSON(doAction.body));
                if (is4xx(Integer.valueOf(doAction.statusCode)) || is5xx(Integer.valueOf(doAction.statusCode))) {
                    throw new TeaException(TeaConverter.buildMap(new TeaPair[]{new TeaPair("message", assertAsMap.get("Message")), new TeaPair("data", assertAsMap), new TeaPair("code", assertAsMap.get("Code"))}));
                }
                return assertAsMap;
            } catch (Exception e) {
                if (!Tea.isRetryable(e)) {
                    throw e;
                }
            }
        }
        throw new TeaUnretryableException((TeaRequest) null);
    }
}
