package org.apache.servicecomb.serviceregistry.auth;

import com.google.common.annotations.VisibleForTesting;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import org.apache.servicecomb.foundation.auth.Cipher;
import org.apache.servicecomb.foundation.auth.DefaultCipher;
import org.apache.servicecomb.foundation.bootstrap.BootStrapService;
import org.apache.servicecomb.foundation.common.utils.SPIServiceUtils;
import org.apache.servicecomb.foundation.ssl.SSLCustom;
import org.apache.servicecomb.foundation.ssl.SSLOption;
import org.apache.servicecomb.http.client.auth.DefaultRequestAuthHeaderProvider;
import org.apache.servicecomb.http.client.common.HttpConfiguration;
import org.apache.servicecomb.service.center.client.AddressManager;
import org.apache.servicecomb.service.center.client.ServiceCenterClient;
import org.apache.servicecomb.serviceregistry.config.ServiceRegistryConfig;
import org.springframework.core.env.Environment;

/* loaded from: input_file:org/apache/servicecomb/serviceregistry/auth/RBACBootStrapService.class */
public class RBACBootStrapService implements BootStrapService {
    private static final String RBAC_ADDRESS = "servicecomb.service.registry.address";
    public static final String DEFAULT_REGISTRY_NAME = "default";
    public static final String RBAC_ENABLED = "servicecomb.credentials.rbac.enabled";
    public static final String ACCOUNT_NAME_KEY = "servicecomb.credentials.account.name";
    public static final String PASSWORD_KEY = "servicecomb.credentials.account.password";
    public static final String CIPHER_KEY = "servicecomb.credentials.cipher";

    public void startup(Environment environment) {
        if (getBooleanProperty(environment, false, RBAC_ENABLED)) {
            AddressManager createAddressManager = createAddressManager(environment);
            HttpConfiguration.SSLProperties createSSLProperties = createSSLProperties(environment, "sc.consumer");
            createSSLProperties.setEnabled(createAddressManager.sslEnabled());
            ServiceCenterClient serviceCenterClient = new ServiceCenterClient(createAddressManager, createSSLProperties, new DefaultRequestAuthHeaderProvider(), getTenantName(environment), new HashMap(0));
            HashMap hashMap = new HashMap(1);
            hashMap.put("default", serviceCenterClient);
            TokenCacheManager.getInstance().setServiceCenterClients(hashMap);
            TokenCacheManager.getInstance().addTokenCache("default", getStringProperty(environment, null, ACCOUNT_NAME_KEY), getStringProperty(environment, null, PASSWORD_KEY), getCipher(getStringProperty(environment, "default", CIPHER_KEY)));
        }
    }

    @VisibleForTesting
    Cipher getCipher(String str) {
        return "default".equals(str) ? DefaultCipher.getInstance() : (Cipher) SPIServiceUtils.getOrLoadSortedService(Cipher.class).stream().filter(cipher -> {
            return cipher.name().equals(str);
        }).findFirst().orElseThrow(() -> {
            return new IllegalArgumentException("failed to find cipher named " + str);
        });
    }

    private AddressManager createAddressManager(Environment environment) {
        return new AddressManager(getTenantName(environment), getRBACAddressList(environment));
    }

    private HttpConfiguration.SSLProperties createSSLProperties(Environment environment, String str) {
        HttpConfiguration.SSLProperties sSLProperties = new HttpConfiguration.SSLProperties();
        SSLOption sSLOption = new SSLOption();
        sSLOption.setEngine(getStringProperty(environment, SSLOption.DEFAULT_OPTION.getEngine(), "ssl." + str + ".engine", "ssl.engine"));
        sSLOption.setProtocols(getStringProperty(environment, SSLOption.DEFAULT_OPTION.getProtocols(), "ssl." + str + ".protocols", "ssl.protocols"));
        sSLOption.setCiphers(getStringProperty(environment, SSLOption.DEFAULT_OPTION.getCiphers(), "ssl." + str + ".ciphers", "ssl.ciphers"));
        sSLOption.setAuthPeer(getBooleanProperty(environment, SSLOption.DEFAULT_OPTION.isAuthPeer(), "ssl." + str + ".authPeer", "ssl.authPeer"));
        sSLOption.setCheckCNHost(getBooleanProperty(environment, SSLOption.DEFAULT_OPTION.isCheckCNHost(), "ssl." + str + ".checkCN.host", "ssl.checkCN.host"));
        sSLOption.setCheckCNWhite(getBooleanProperty(environment, SSLOption.DEFAULT_OPTION.isCheckCNWhite(), "ssl." + str + ".checkCN.white", "ssl.checkCN.white"));
        sSLOption.setCheckCNWhiteFile(getStringProperty(environment, SSLOption.DEFAULT_OPTION.getCiphers(), "ssl." + str + ".checkCN.white.file", "ssl.checkCN.white.file"));
        sSLOption.setAllowRenegociate(getBooleanProperty(environment, SSLOption.DEFAULT_OPTION.isAllowRenegociate(), "ssl." + str + ".allowRenegociate", "ssl.allowRenegociate"));
        sSLOption.setStorePath(getStringProperty(environment, SSLOption.DEFAULT_OPTION.getStorePath(), "ssl." + str + ".storePath", "ssl.storePath"));
        sSLOption.setClientAuth(getStringProperty(environment, SSLOption.DEFAULT_OPTION.getClientAuth(), "ssl." + str + ".clientAuth", "ssl.clientAuth"));
        sSLOption.setTrustStore(getStringProperty(environment, SSLOption.DEFAULT_OPTION.getTrustStore(), "ssl." + str + ".trustStore", "ssl.trustStore"));
        sSLOption.setTrustStoreType(getStringProperty(environment, SSLOption.DEFAULT_OPTION.getTrustStoreType(), "ssl." + str + ".trustStoreType", "ssl.trustStoreType"));
        sSLOption.setTrustStoreValue(getStringProperty(environment, SSLOption.DEFAULT_OPTION.getTrustStoreValue(), "ssl." + str + ".trustStoreValue", "ssl.trustStoreValue"));
        sSLOption.setKeyStore(getStringProperty(environment, SSLOption.DEFAULT_OPTION.getKeyStore(), "ssl." + str + ".keyStore", "ssl.keyStore"));
        sSLOption.setKeyStoreType(getStringProperty(environment, SSLOption.DEFAULT_OPTION.getKeyStoreType(), "ssl." + str + ".keyStoreType", "ssl.keyStoreType"));
        sSLOption.setKeyStoreValue(getStringProperty(environment, SSLOption.DEFAULT_OPTION.getKeyStoreValue(), "ssl." + str + ".keyStoreValue", "ssl.keyStoreValue"));
        sSLOption.setCrl(getStringProperty(environment, SSLOption.DEFAULT_OPTION.getCrl(), "ssl." + str + ".crl", "ssl.crl"));
        sSLOption.setSslCustomClass(getStringProperty(environment, null, "ssl." + str + ".sslCustomClass", "ssl.sslCustomClass"));
        sSLProperties.setSslOption(sSLOption);
        sSLProperties.setSslCustom(SSLCustom.createSSLCustom(sSLOption.getSslCustomClass()));
        return sSLProperties;
    }

    private String getStringProperty(Environment environment, String str, String... strArr) {
        for (String str2 : strArr) {
            if (environment.getProperty(str2) != null) {
                return environment.getProperty(str2);
            }
        }
        return str;
    }

    private boolean getBooleanProperty(Environment environment, boolean z, String... strArr) {
        for (String str : strArr) {
            if (environment.getProperty(str) != null) {
                return Boolean.parseBoolean(environment.getProperty(str));
            }
        }
        return z;
    }

    private String getTenantName(Environment environment) {
        return environment.getProperty(ServiceRegistryConfig.TENANT_NAME, "default");
    }

    private List<String> getRBACAddressList(Environment environment) {
        return Arrays.asList(environment.getProperty(RBAC_ADDRESS, "http://127.0.0.1:30100)").split(","));
    }
}
