package com.dtyunxi.huieryun.oss.rest;

import com.aliyuncs.DefaultAcsClient;
import com.aliyuncs.http.MethodType;
import com.aliyuncs.http.ProtocolType;
import com.aliyuncs.profile.DefaultProfile;
import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest;
import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;
import com.dtyunxi.huieryun.oss.api.IObjectStorageService;
import com.dtyunxi.huieryun.oss.api.ObjectStorageFactory;
import com.dtyunxi.huieryun.oss.constant.OssConstant;
import com.dtyunxi.huieryun.oss.vo.OssRegistryVo;
import com.dtyunxi.lang.BusinessRuntimeException;
import com.dtyunxi.rest.RestResponse;
import com.dtyunxi.util.JacksonUtil;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import java.util.LinkedHashMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.core.env.Environment;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/v1/huieryun/objectstorage/policy"})
@Api(value = "/v1/huieryun/objectstorage/policy", description = "获取OSS的访问许可")
@RestController
/* loaded from: input_file:com/dtyunxi/huieryun/oss/rest/OssPolicyController.class */
public class OssPolicyController {
    private static Logger logger = LoggerFactory.getLogger(OssPolicyController.class);
    private static final Pattern GET_HOST_FROM_ENDPIONT = Pattern.compile("(http://|https://)?([a-zA-Z\\-0-9]+).([a-zA-Z\\-0-9.]+)");
    private String policy = "{\"Statement\": [{\"Action\": [\"oss:GetObject\",\"oss:PutObject\",\"oss:DeleteObject\",\"oss:ListParts\",\"oss:AbortMultipartUpload\",\"oss:ListObjects\" ],\"Effect\": \"Allow\",\"Resource\": [\"acs:oss:*:*:{{bucketName}}/*\", \"acs:oss:*:*:{{bucketName}}\"]}],\"Version\": \"1\"}";
    private String stsEndPoint = "cn-hangzhou";
    private String stsApiVersion = "2015-04-01";
    private String bucketName = "";
    private String endPoint = "";

    public OssPolicyController(Environment environment) {
    }

    @RequestMapping(value = {"/{appId}/getpolicy"}, method = {RequestMethod.GET})
    @ApiOperation(value = "获取访问配置文件", notes = "获取访问配置文件", response = RestResponse.class)
    public RestResponse<?> applyPolicy(@PathVariable String str, @RequestParam(value = "bucketKey", required = false) String str2) {
        RestResponse<?> restResponse;
        OssRegistryVo ossRegistryVo = null;
        new LinkedHashMap();
        try {
            logger.info("OssConstant.APP_ID:{}, appId:{}", OssConstant.APP_ID, str);
            if (str.equals(OssConstant.APP_ID)) {
                if (StringUtils.isNotEmpty(str2)) {
                    ossRegistryVo = assembleRegistryVo(str2);
                    if (null == ossRegistryVo) {
                        return new RestResponse<>("10001", "bucketKey 错误！");
                    }
                }
                IObjectStorageService createObjectStorage = ObjectStorageFactory.createObjectStorage(OssConstant.registryVo);
                restResponse = new RestResponse<>(ossRegistryVo != null ? createObjectStorage.creatPoliy(ossRegistryVo) : createObjectStorage.creatPoliy());
            } else {
                restResponse = new RestResponse<>("10001", "appId 无效");
            }
            return restResponse;
        } catch (Exception e) {
            logger.error("授权错误,{} ", e.getMessage(), e);
            return new RestResponse<>("500", "授权错误");
        }
    }

    @RequestMapping(value = {"/{appId}/sts"}, method = {RequestMethod.GET})
    @ApiOperation(value = "sts签名接口", notes = "sts签名接口", response = RestResponse.class)
    public RestResponse<?> stsAuth(@PathVariable String str, @RequestParam(value = "bucketKey", required = false) String str2) {
        OssRegistryVo ossRegistryVo = null;
        String endpoint = OssConstant.registryVo.getEndpoint();
        if (!str.equals(OssConstant.APP_ID)) {
            logger.error("仅支持{}的请求", OssConstant.APP_ID);
            return new RestResponse<>("10001", "appId 无效");
        }
        if (StringUtils.isBlank(this.bucketName) || StringUtils.isBlank(this.endPoint) || StringUtils.isNotEmpty(str2)) {
            if (StringUtils.isNotEmpty(str2)) {
                ossRegistryVo = assembleRegistryVo(str2);
                if (null == ossRegistryVo) {
                    return new RestResponse<>("10001", "bucketKey 错误！");
                }
            }
            if (null != ossRegistryVo && StringUtils.isNotEmpty(ossRegistryVo.getEndpoint())) {
                endpoint = ossRegistryVo.getEndpoint();
            }
            Matcher matcher = GET_HOST_FROM_ENDPIONT.matcher(endpoint);
            if (!matcher.find()) {
                throw new BusinessRuntimeException("未从{" + this.endPoint + "}中提取BucketName,及oss节点地址.若静态网站地址为自定义域名请联系相关人员修改代码");
            }
            this.bucketName = matcher.group(2);
            this.endPoint = matcher.group(3);
            this.policy = this.policy.replace("{{bucketName}}", this.bucketName);
        }
        DefaultAcsClient defaultAcsClient = new DefaultAcsClient(DefaultProfile.getProfile(this.stsEndPoint, OssConstant.registryVo.getSubAccessKeyId(), OssConstant.registryVo.getSubAccessKeySecret()));
        AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest();
        assumeRoleRequest.setVersion(this.stsApiVersion);
        assumeRoleRequest.setMethod(MethodType.POST);
        assumeRoleRequest.setProtocol(ProtocolType.HTTPS);
        String roleArn = OssConstant.registryVo != null ? OssConstant.registryVo.getRoleArn() : null;
        if ("ALIYUNOSS".equals(OssConstant.registryVo.getOssType()) && StringUtils.isBlank(roleArn)) {
            logger.error("无法读取stst 所需的角色信息 roleArn. 请确保配置已经配置了该内容.");
        }
        assumeRoleRequest.setRoleArn(roleArn);
        assumeRoleRequest.setRoleSessionName("external-username");
        assumeRoleRequest.setPolicy(this.policy);
        try {
            AssumeRoleResponse acsResponse = defaultAcsClient.getAcsResponse(assumeRoleRequest);
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("accessKeyId", acsResponse.getCredentials().getAccessKeyId());
            linkedHashMap.put("accessKeySecret", acsResponse.getCredentials().getAccessKeySecret());
            linkedHashMap.put("securityToken", acsResponse.getCredentials().getSecurityToken());
            linkedHashMap.put("ossFile", OssConstant.registryVo.getDir());
            linkedHashMap.put("host", endpoint);
            linkedHashMap.put("endPoint", this.endPoint);
            linkedHashMap.put("bucketName", this.bucketName);
            linkedHashMap.put("cdnHost", OssConstant.registryVo.getCdnHost());
            linkedHashMap.put("extProperty", OssConstant.registryVo.getExtProperty() == null ? "" : JacksonUtil.toJson(OssConstant.registryVo.getExtProperty()));
            return new RestResponse<>(linkedHashMap);
        } catch (Exception e) {
            logger.error("授权错误", e);
            return new RestResponse<>("500", "授权错误");
        }
    }

    private OssRegistryVo assembleRegistryVo(String str) {
        OssRegistryVo ossRegistryVo = new OssRegistryVo();
        String str2 = "";
        if (null != OssConstant.registryVo) {
            if (null != OssConstant.registryVo.getExtProperty()) {
                str2 = (String) OssConstant.registryVo.getExtProperty().get(str);
                if (StringUtils.isEmpty(str2)) {
                    return null;
                }
            }
            BeanUtils.copyProperties(OssConstant.registryVo, ossRegistryVo);
        }
        if (null != ossRegistryVo) {
            if (StringUtils.isNotEmpty(ossRegistryVo.getEndpoint()) && StringUtils.isNotEmpty(ossRegistryVo.getBucketName())) {
                ossRegistryVo.setEndpoint(ossRegistryVo.getEndpoint().replaceAll(ossRegistryVo.getBucketName(), str2));
            }
            ossRegistryVo.setBucketName(str2);
        }
        return ossRegistryVo;
    }
}
