package com.alipay.sofa.rpc.auth;

import com.alipay.sofa.rpc.cache.ProviderAuthIdentityCache;
import com.alipay.sofa.rpc.common.AuthConstants;
import com.alipay.sofa.rpc.config.DrmProviderAuthIdentityConfig;
import com.alipay.sofa.rpc.core.request.SofaRequest;
import com.alipay.sofa.rpc.log.Logger;
import com.alipay.sofa.rpc.log.LoggerFactory;
import com.alipay.sofa.rpc.mist.MistHttpHandler;
import com.alipay.sofa.rpc.model.provider.HttpIdentifyStatusEnum;
import com.alipay.sofa.rpc.model.provider.IdentifyResult;
import com.alipay.sofa.rpc.model.provider.IdentifyStatusEnum;
import com.alipay.sofa.rpc.model.provider.mist.AuthIdentity;
import com.alipay.sofa.rpc.utils.DrmRegisterUtils;
import com.alipay.sofa.rpc.utils.TimeUtils;
import com.google.common.base.Strings;

/* loaded from: input_file:com/alipay/sofa/rpc/auth/AuthVerification.class */
public class AuthVerification {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthVerification.class);
    private final DrmProviderAuthIdentityConfig drmProviderAuthIdentityConfig;
    private final ProviderAuthIdentityCache providerAuthIdentityCache;
    private final MistHttpHandler mistHttpHandler;

    /* loaded from: input_file:com/alipay/sofa/rpc/auth/AuthVerification$SingletonClassInstance.class */
    private static class SingletonClassInstance {
        private static AuthVerification INSTANCE = new AuthVerification();

        private SingletonClassInstance() {
        }
    }

    private AuthVerification() {
        this.drmProviderAuthIdentityConfig = registerDrmResource();
        this.mistHttpHandler = new MistHttpHandler();
        this.providerAuthIdentityCache = new ProviderAuthIdentityCache(this.drmProviderAuthIdentityConfig);
    }

    public static AuthVerification getInstance() {
        return SingletonClassInstance.INSTANCE;
    }

    public boolean isIdentify() {
        return this.drmProviderAuthIdentityConfig != null && this.drmProviderAuthIdentityConfig.isEnabledBoolean();
    }

    public IdentifyResult identify(SofaRequest sofaRequest) {
        IdentifyResult identifyResult = new IdentifyResult();
        try {
            if (!isIdentify()) {
                return identifyResult.setStatus(IdentifyStatusEnum.IGNORE);
            }
            Object requestProp = sofaRequest.getRequestProp(AuthConstants.REQUEST_PROP_TOKEN_KEY);
            if (requestProp == null || Strings.isNullOrEmpty(requestProp.toString())) {
                return identifyResult.setStatus(IdentifyStatusEnum.REJECT);
            }
            String obj = requestProp.toString();
            parseIdentityStatus(this.providerAuthIdentityCache.getAuthIdentity(obj), identifyResult);
            if (identifyResult.getStatus() != null) {
                return identifyResult;
            }
            AuthIdentity verifyIdentityByMist = this.mistHttpHandler.verifyIdentityByMist(obj, 0);
            this.providerAuthIdentityCache.storeAuthIdentity(obj, verifyIdentityByMist);
            parseIdentityStatus(verifyIdentityByMist, identifyResult);
            if (identifyResult.getStatus() == null) {
                identifyResult.setStatus(IdentifyStatusEnum.IGNORE);
            }
            return identifyResult;
        } catch (Throwable th) {
            LOGGER.error("verify token error. ignore this token. rpc auth success.", th);
            return identifyResult;
        }
    }

    public boolean isForceAuthIdentify() {
        return this.drmProviderAuthIdentityConfig.isForceAuthIdentifyBoolean();
    }

    private void parseIdentityStatus(AuthIdentity authIdentity, IdentifyResult identifyResult) {
        if (authIdentity != null) {
            if (HttpIdentifyStatusEnum.ERROR == authIdentity.getStatus()) {
                identifyResult.setStatus(IdentifyStatusEnum.IGNORE);
            }
            if (HttpIdentifyStatusEnum.FAIL == authIdentity.getStatus()) {
                identifyResult.setStatus(IdentifyStatusEnum.REJECT);
            }
            if (validateExp(authIdentity)) {
                identifyResult.setStatus(IdentifyStatusEnum.SUCCESS);
                identifyResult.setAppName(authIdentity.getIdentity().getAppname());
            }
        }
    }

    private boolean validateExp(AuthIdentity authIdentity) {
        return (authIdentity == null || HttpIdentifyStatusEnum.SUCCESS != authIdentity.getStatus() || authIdentity.getJwtSvid() == null || authIdentity.getJwtSvid().getClaims() == null || authIdentity.getJwtSvid().getClaims().getExp() < TimeUtils.getCurrentTimeSeconds()) ? false : true;
    }

    private DrmProviderAuthIdentityConfig registerDrmResource() {
        DrmProviderAuthIdentityConfig drmProviderAuthIdentityConfig = new DrmProviderAuthIdentityConfig();
        DrmRegisterUtils.registerDrmResource(drmProviderAuthIdentityConfig);
        return drmProviderAuthIdentityConfig;
    }

    ProviderAuthIdentityCache getProviderAuthIdentityCache() {
        return this.providerAuthIdentityCache;
    }

    static void setInstanceOnlyForTest() {
        AuthVerification unused = SingletonClassInstance.INSTANCE = new AuthVerification();
    }
}
