package org.apache.servicecomb.serviceregistry.auth;

import java.time.Clock;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import javax.annotation.Nonnull;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.servicecomb.foundation.auth.Cipher;
import org.apache.servicecomb.foundation.common.concurrency.SuppressedRunnableWrapper;
import org.apache.servicecomb.foundation.common.concurrent.ConcurrentHashMapEx;
import org.apache.servicecomb.foundation.common.utils.TimeUtils;
import org.apache.servicecomb.service.center.client.ServiceCenterClient;
import org.apache.servicecomb.service.center.client.model.RbacTokenRequest;
import org.apache.servicecomb.service.center.client.model.RbacTokenResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/servicecomb/serviceregistry/auth/TokenCacheManager.class */
public final class TokenCacheManager {
    private static final Logger LOGGER = LoggerFactory.getLogger(TokenCacheManager.class);
    private static final TokenCacheManager INSTANCE = new TokenCacheManager();
    private Clock clock = TimeUtils.getSystemDefaultZoneClock();
    private ScheduledExecutorService tokenCacheWorker = Executors.newScheduledThreadPool(2, new ThreadFactory() { // from class: org.apache.servicecomb.serviceregistry.auth.TokenCacheManager.1
        private final AtomicInteger threadIndexer = new AtomicInteger();

        @Override // java.util.concurrent.ThreadFactory
        public Thread newThread(@Nonnull Runnable runnable) {
            Thread thread = new Thread(runnable, "auth-token-cache-" + this.threadIndexer.getAndIncrement());
            thread.setDaemon(true);
            return thread;
        }
    });
    private Map<String, TokenCache> tokenCacheMap = new ConcurrentHashMapEx();
    private Map<String, ServiceCenterClient> serviceCenterClients;

    /* loaded from: input_file:org/apache/servicecomb/serviceregistry/auth/TokenCacheManager$TokenCache.class */
    public class TokenCache {
        private final String registryName;
        private final String accountName;
        private final String password;
        private final Clock clock;
        private String token;
        private long nextRefreshTime;
        private long tokenLife = TimeUnit.MINUTES.toMillis(28);
        private ScheduledExecutorService tokenCacheWorker;
        private Cipher cipher;

        public TokenCache(String str, String str2, String str3, Cipher cipher, Clock clock) {
            this.registryName = str;
            this.accountName = str2;
            this.password = str3;
            this.cipher = cipher;
            this.clock = clock;
        }

        public String getToken() {
            return this.token == null ? "" : this.token;
        }

        public void setTokenCacheWorker(ScheduledExecutorService scheduledExecutorService) {
            Objects.requireNonNull(scheduledExecutorService, "input tokenCacheWorker is null");
            if (this.tokenCacheWorker != null) {
                throw new IllegalStateException("tokenCacheWorker already set!");
            }
            this.tokenCacheWorker = scheduledExecutorService;
            startTokenRefreshTask();
        }

        private void startTokenRefreshTask() {
            this.tokenCacheWorker.scheduleAtFixedRate(new SuppressedRunnableWrapper(() -> {
                if (isTokenOutdated()) {
                    refreshToken();
                }
            }), 1L, 5L, TimeUnit.SECONDS);
        }

        private boolean isTokenOutdated() {
            return this.clock.millis() > this.nextRefreshTime;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void refreshToken() {
            ServiceCenterClient serviceCenterClient = (ServiceCenterClient) TokenCacheManager.this.serviceCenterClients.get(this.registryName);
            RbacTokenRequest rbacTokenRequest = new RbacTokenRequest();
            rbacTokenRequest.setName(new String(this.cipher.decrypt(this.accountName.toCharArray())));
            rbacTokenRequest.setPassword(new String(this.cipher.decrypt(this.password.toCharArray())));
            RbacTokenResponse queryToken = serviceCenterClient.queryToken(rbacTokenRequest);
            TokenCacheManager.LOGGER.info("refresh token successfully {}", Integer.valueOf(queryToken.getStatusCode()));
            if (StringUtils.isEmpty(this.token)) {
                if (Response.Status.UNAUTHORIZED.getStatusCode() == queryToken.getStatusCode()) {
                    TokenCacheManager.LOGGER.warn("username or password may be wrong!");
                    this.tokenCacheWorker.shutdown();
                } else if (Response.Status.NOT_FOUND.getStatusCode() == queryToken.getStatusCode()) {
                    TokenCacheManager.LOGGER.warn("service center do not support rbac token, you should not config account info");
                    this.tokenCacheWorker.shutdown();
                }
            }
            this.token = queryToken.getToken();
            this.nextRefreshTime = this.clock.millis() + this.tokenLife;
        }
    }

    public static TokenCacheManager getInstance() {
        return INSTANCE;
    }

    private TokenCacheManager() {
    }

    public void setServiceCenterClients(Map<String, ServiceCenterClient> map) {
        this.serviceCenterClients = map;
    }

    public void addTokenCache(String str, String str2, String str3, Cipher cipher) {
        Objects.requireNonNull(str, "registryName should not be null!");
        if (this.tokenCacheMap.containsKey(str)) {
            LOGGER.warn("duplicate token cache registration for serviceRegistry[{}]", str);
            return;
        }
        TokenCache tokenCache = new TokenCache(str, str2, str3, cipher, this.clock);
        tokenCache.setTokenCacheWorker(this.tokenCacheWorker);
        this.tokenCacheMap.put(str, tokenCache);
        tokenCache.refreshToken();
    }

    public String getToken(String str) {
        return (String) Optional.ofNullable(this.tokenCacheMap.get(str)).map((v0) -> {
            return v0.getToken();
        }).orElse("");
    }
}
