package com.openshift.internal.restclient.capability.resources;

import com.openshift.internal.restclient.model.ModelNodeBuilder;
import com.openshift.internal.restclient.model.image.ImageStreamImport;
import com.openshift.internal.restclient.model.properties.ResourcePropertyKeys;
import com.openshift.internal.util.JBossDmrExtentions;
import com.openshift.restclient.IResourceFactory;
import com.openshift.restclient.ResourceKind;
import com.openshift.restclient.capability.resources.IImageStreamImportCapability;
import com.openshift.restclient.http.IHttpConstants;
import com.openshift.restclient.images.DockerImageURI;
import com.openshift.restclient.model.IProject;
import com.openshift.restclient.model.IStatus;
import com.openshift.restclient.model.image.IImageStreamImport;
import java.util.Comparator;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.client.api.ContentResponse;
import org.eclipse.jetty.client.api.Request;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.jboss.dmr.ModelNode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/openshift/internal/restclient/capability/resources/DockerRegistryImageStreamImportCapability.class */
public class DockerRegistryImageStreamImportCapability implements IImageStreamImportCapability, IHttpConstants, ResourcePropertyKeys {
    private static final String TOKEN = "token";
    private static final String STATUS_STATUS = "status.status";
    private static final int TIMEOUT = 10000;
    private static final String ID = "id";
    private static final String PARENT = "parent";
    private static final String REALM = "realm";
    private static final Logger LOG = LoggerFactory.getLogger(IImageStreamImportCapability.class);
    private static final String DEFAULT_DOCKER_REGISTRY = "https://registry-1.docker.io/v2";
    private IResourceFactory factory;
    private IProject project;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/openshift/internal/restclient/capability/resources/DockerRegistryImageStreamImportCapability$DockerResponse.class */
    public static class DockerResponse {
        public static final String DATA = "data";
        public static final String AUTH = "auth";
        String responseType;
        String data;

        DockerResponse(String str, String str2) {
            this.responseType = str;
            this.data = str2;
        }

        public Object getResponseType() {
            return this.responseType;
        }

        public String getData() {
            return this.data;
        }
    }

    public DockerRegistryImageStreamImportCapability(IProject iProject, IResourceFactory iResourceFactory) {
        this.factory = iResourceFactory;
        this.project = iProject;
    }

    @Override // com.openshift.restclient.capability.ICapability
    public boolean isSupported() {
        return true;
    }

    @Override // com.openshift.restclient.capability.ICapability
    public String getName() {
        return DockerRegistryImageStreamImportCapability.class.getSimpleName();
    }

    private boolean registryExists(HttpClient httpClient) throws Exception {
        ContentResponse send = httpClient.newRequest(DEFAULT_DOCKER_REGISTRY).send();
        if (send == null) {
            return false;
        }
        return send.getStatus() == 401 || send.getStatus() == 200;
    }

    private String retrieveAuthToken(HttpClient httpClient, String str) throws Exception {
        if (!StringUtils.isNotBlank(str)) {
            return null;
        }
        Map<String, String> parseAuthDetails = parseAuthDetails(str);
        if (!parseAuthDetails.containsKey(REALM)) {
            LOG.info("Unable to retrieve authentication token - 'realm' was not found in the authenticate header: " + parseAuthDetails.toString());
            return null;
        }
        ContentResponse send = createAuthRequest(httpClient, parseAuthDetails).send();
        LOG.debug("Auth response: " + send.toString());
        if (send.getStatus() != 200 || !send.getHeaders().contains(IHttpConstants.PROPERTY_CONTENT_TYPE, IHttpConstants.MEDIATYPE_APPLICATION_JSON)) {
            LOG.info("Unable to retrieve authentication token as response was not OK and/or unexpected content type");
            return null;
        }
        ModelNode fromJSONString = ModelNode.fromJSONString(send.getContentAsString());
        if (fromJSONString.hasDefined(TOKEN)) {
            return fromJSONString.get(TOKEN).asString();
        }
        LOG.debug("No auth token was found on auth response: " + fromJSONString.toJSONString(false));
        return null;
    }

    private Request createAuthRequest(HttpClient httpClient, Map<String, String> map) {
        Request newRequest = httpClient.newRequest(StringUtils.strip(map.get(REALM), "\""));
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (!REALM.equals(entry.getKey())) {
                newRequest.param(StringUtils.strip(entry.getKey(), "\""), StringUtils.strip(entry.getValue(), "\""));
            }
        }
        LOG.debug("Auth request uri: " + newRequest.getURI());
        return newRequest;
    }

    private Map<String, String> parseAuthDetails(String str) {
        LOG.debug("Auth details header: " + str);
        HashMap hashMap = new HashMap();
        String[] split = str.split(" ");
        if (split.length == 2 && IHttpConstants.AUTHORIZATION_BEARER.equals(split[0])) {
            for (String str2 : split[1].split(",")) {
                String[] split2 = str2.split("=");
                if (split2.length >= 2) {
                    hashMap.put(split2[0], split2[1]);
                }
            }
        }
        return hashMap;
    }

    private DockerResponse retrieveMetaData(HttpClient httpClient, String str, DockerImageURI dockerImageURI) throws Exception {
        String format = String.format("%s/%s/%s/manifests/%s", DEFAULT_DOCKER_REGISTRY, StringUtils.defaultIfBlank(dockerImageURI.getUserName(), "library"), dockerImageURI.getName(), dockerImageURI.getTag());
        Request newRequest = httpClient.newRequest(format);
        if (str != null) {
            newRequest.header(IHttpConstants.PROPERTY_AUTHORIZATION, String.format("%s %s", IHttpConstants.AUTHORIZATION_BEARER, str));
        }
        LOG.debug("retrieveMetaData uri: " + format);
        ContentResponse send = newRequest.send();
        LOG.debug("retrieveMetaData response: " + send.toString());
        switch (send.getStatus()) {
            case IHttpConstants.STATUS_OK /* 200 */:
                return new DockerResponse(DockerResponse.DATA, send.getContentAsString());
            case IHttpConstants.STATUS_UNAUTHORIZED /* 401 */:
                return new DockerResponse(DockerResponse.AUTH, send.getHeaders().get(HttpHeader.WWW_AUTHENTICATE));
            default:
                LOG.info("Unable to retrieve docker meta data: " + send.toString());
                return null;
        }
    }

    @Override // com.openshift.restclient.capability.resources.IImageStreamImportCapability
    public IImageStreamImport importImageMetadata(DockerImageURI dockerImageURI) {
        HttpClient httpClient;
        HttpClient httpClient2 = null;
        try {
            try {
                httpClient = new HttpClient(new SslContextFactory(true));
                httpClient.setConnectTimeout(10000L);
                httpClient.start();
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        httpClient2.stop();
                    } catch (Exception e) {
                        LOG.warn("Exception while trying to stop http client", e);
                    }
                }
                throw th;
            }
        } catch (Exception e2) {
            LOG.error("Exception while trying to retrieve image metadata from docker", e2);
            if (0 != 0) {
                try {
                    httpClient2.stop();
                } catch (Exception e3) {
                    LOG.warn("Exception while trying to stop http client", e3);
                }
            }
        }
        if (!registryExists(httpClient)) {
            if (httpClient != null) {
                try {
                    httpClient.stop();
                } catch (Exception e4) {
                    LOG.warn("Exception while trying to stop http client", e4);
                }
            }
            return buildErrorResponse(dockerImageURI);
        }
        DockerResponse retrieveMetaData = retrieveMetaData(httpClient, null, dockerImageURI);
        if (DockerResponse.AUTH.equals(retrieveMetaData.getResponseType())) {
            LOG.debug("Unauthorized.  Trying to retrieve token...");
            retrieveMetaData = retrieveMetaData(httpClient, retrieveAuthToken(httpClient, retrieveMetaData.getData()), dockerImageURI);
        }
        if (!DockerResponse.DATA.equals(retrieveMetaData.getResponseType())) {
            LOG.info("Unable to retrieve image metadata from docker registry");
            IImageStreamImport buildErrorResponse = buildErrorResponse(dockerImageURI);
            if (httpClient != null) {
                try {
                    httpClient.stop();
                } catch (Exception e5) {
                    LOG.warn("Exception while trying to stop http client", e5);
                }
            }
            return buildErrorResponse;
        }
        String data = retrieveMetaData.getData();
        LOG.debug("Raw Docker image metadata: " + data);
        IImageStreamImport buildResponse = buildResponse(data, dockerImageURI);
        if (httpClient != null) {
            try {
                httpClient.stop();
            } catch (Exception e6) {
                LOG.warn("Exception while trying to stop http client", e6);
            }
        }
        return buildResponse;
    }

    private IImageStreamImport buildErrorResponse(DockerImageURI dockerImageURI) {
        return buildImageStreamImport(dockerImageURI, new ModelNodeBuilder().set(STATUS_STATUS, IStatus.FAILURE).set("status.message", String.format("you may not have access to the Docker image \"%s\"", dockerImageURI.getUriWithoutHost())).set("status.reason", "Unauthorized").set("status.code", IHttpConstants.STATUS_UNAUTHORIZED).build());
    }

    private IImageStreamImport buildResponse(String str, DockerImageURI dockerImageURI) {
        ModelNode findNewestHistoryEntry = findNewestHistoryEntry(ModelNode.fromJSONString(str));
        findNewestHistoryEntry.get("ContainerConfig").set(findNewestHistoryEntry.remove("container_config"));
        return buildImageStreamImport(dockerImageURI, new ModelNodeBuilder().set(STATUS_STATUS, IStatus.SUCCESS).set("tag", dockerImageURI.getTag()).set("image.metadata.name", dockerImageURI.getName()).set(ImageStreamImport.IMAGE_DOCKER_IMAGE_REFERENCE, dockerImageURI.getUriUserNameAndName()).set("image.dockerImageMetadata", findNewestHistoryEntry).build());
    }

    private ImageStreamImport buildImageStreamImport(DockerImageURI dockerImageURI, ModelNode modelNode) {
        ImageStreamImport imageStreamImport = (ImageStreamImport) this.factory.stub(ResourceKind.IMAGE_STREAM_IMPORT, dockerImageURI.getName(), this.project.getName());
        JBossDmrExtentions.get(imageStreamImport.getNode(), null, ImageStreamImport.STATUS_IMAGES).add(modelNode);
        return imageStreamImport;
    }

    private ModelNode findNewestHistoryEntry(ModelNode modelNode) {
        List list = (List) modelNode.get("history").asList().stream().map(modelNode2 -> {
            return ModelNode.fromJSONString(modelNode2.get("v1Compatibility").asString());
        }).collect(Collectors.toList());
        list.sort(new Comparator<ModelNode>() { // from class: com.openshift.internal.restclient.capability.resources.DockerRegistryImageStreamImportCapability.1
            @Override // java.util.Comparator
            public int compare(ModelNode modelNode3, ModelNode modelNode4) {
                String asString = modelNode3.has(DockerRegistryImageStreamImportCapability.PARENT) ? modelNode3.get(DockerRegistryImageStreamImportCapability.PARENT).asString() : null;
                String asString2 = modelNode4.has(DockerRegistryImageStreamImportCapability.PARENT) ? modelNode3.get(DockerRegistryImageStreamImportCapability.PARENT).asString() : null;
                if (asString == null && asString2 != null) {
                    return -1;
                }
                if (asString != null && asString2 == null) {
                    return 1;
                }
                if (asString == null && asString2 == null) {
                    return 0;
                }
                String asString3 = modelNode3.get(DockerRegistryImageStreamImportCapability.ID).asString();
                String asString4 = modelNode4.get(DockerRegistryImageStreamImportCapability.ID).asString();
                if (asString2.equals(asString3)) {
                    return -1;
                }
                return asString.equals(asString4) ? 1 : 0;
            }
        });
        ModelNode modelNode3 = (ModelNode) list.get(0);
        LOG.debug("newest history: " + modelNode3.toJSONString(false));
        return modelNode3;
    }
}
