package org.apache.dubbo.auth;

import org.apache.dubbo.auth.exception.AccessKeyNotFoundException;
import org.apache.dubbo.auth.exception.RpcAuthenticationException;
import org.apache.dubbo.auth.model.AccessKeyPair;
import org.apache.dubbo.auth.spi.AccessKeyStorage;
import org.apache.dubbo.auth.spi.Authenticator;
import org.apache.dubbo.auth.utils.SignatureUtils;
import org.apache.dubbo.common.URL;
import org.apache.dubbo.common.utils.StringUtils;
import org.apache.dubbo.rpc.Invocation;
import org.apache.dubbo.rpc.model.ApplicationModel;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/dubbo-3.1.7.jar:org/apache/dubbo/auth/AccessKeyAuthenticator.class
 */
/* loaded from: input_file:WEB-INF/lib/dubbo-3.0.4.jar:org/apache/dubbo/auth/AccessKeyAuthenticator.class */
public class AccessKeyAuthenticator implements Authenticator {
    private ApplicationModel applicationModel;

    public AccessKeyAuthenticator(ApplicationModel applicationModel) {
        this.applicationModel = applicationModel;
    }

    @Override // org.apache.dubbo.auth.spi.Authenticator
    public void sign(Invocation invocation, URL url) {
        String valueOf = String.valueOf(System.currentTimeMillis());
        String application = url.getApplication();
        AccessKeyPair accessKeyPair = getAccessKeyPair(invocation, url);
        invocation.setAttachment(Constants.REQUEST_SIGNATURE_KEY, getSignature(url, invocation, accessKeyPair.getSecretKey(), valueOf));
        invocation.setAttachment("timestamp", valueOf);
        invocation.setAttachment(Constants.AK_KEY, accessKeyPair.getAccessKey());
        invocation.setAttachment("consumer", application);
    }

    @Override // org.apache.dubbo.auth.spi.Authenticator
    public void authenticate(Invocation invocation, URL url) throws RpcAuthenticationException {
        String valueOf = String.valueOf(invocation.getAttachment(Constants.AK_KEY));
        String valueOf2 = String.valueOf(invocation.getAttachment("timestamp"));
        String valueOf3 = String.valueOf(invocation.getAttachment(Constants.REQUEST_SIGNATURE_KEY));
        String valueOf4 = String.valueOf(invocation.getAttachment("consumer"));
        if (StringUtils.isEmpty(valueOf) || StringUtils.isEmpty(valueOf4) || StringUtils.isEmpty(valueOf2) || StringUtils.isEmpty(valueOf3)) {
            throw new RpcAuthenticationException("Failed to authenticate, maybe consumer not enable the auth");
        }
        try {
            if (!getSignature(url, invocation, getAccessKeyPair(invocation, url).getSecretKey(), valueOf2).equals(valueOf3)) {
                throw new RpcAuthenticationException("Failed to authenticate, signature is not correct");
            }
        } catch (Exception e) {
            throw new RpcAuthenticationException("Failed to authenticate , can't load the accessKeyPair", e);
        }
    }

    AccessKeyPair getAccessKeyPair(Invocation invocation, URL url) {
        try {
            AccessKeyPair accessKey = ((AccessKeyStorage) this.applicationModel.getExtensionLoader(AccessKeyStorage.class).getExtension(url.getParameter(Constants.ACCESS_KEY_STORAGE_KEY, Constants.DEFAULT_ACCESS_KEY_STORAGE))).getAccessKey(url, invocation);
            if (accessKey == null || StringUtils.isEmpty(accessKey.getAccessKey()) || StringUtils.isEmpty(accessKey.getSecretKey())) {
                throw new AccessKeyNotFoundException("AccessKeyId or secretAccessKey not found");
            }
            return accessKey;
        } catch (Exception e) {
            throw new RuntimeException("Can't load the AccessKeyPair from accessKeyStorage", e);
        }
    }

    String getSignature(URL url, Invocation invocation, String str, String str2) {
        boolean parameter = url.getParameter(Constants.PARAMETER_SIGNATURE_ENABLE_KEY, false);
        String format = String.format(Constants.SIGNATURE_STRING_FORMAT, url.getColonSeparatedKey(), invocation.getMethodName(), str, str2);
        return parameter ? SignatureUtils.sign(invocation.getArguments(), format, str) : SignatureUtils.sign(format, str);
    }
}
