package org.glassfish.jersey.client.authentication;

import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.logging.Logger;
import javax.ws.rs.ProcessingException;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.client.ClientRequestFilter;
import javax.ws.rs.client.ClientResponseContext;
import javax.ws.rs.client.ClientResponseFilter;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.Invocation;
import javax.ws.rs.core.Configuration;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.glassfish.jersey.client.ClientProperties;
import org.glassfish.jersey.client.authentication.HttpAuthenticationFeature;
import org.glassfish.jersey.client.internal.LocalizationMessages;
import org.glassfish.jersey.internal.util.PropertiesHelper;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-107.zip:modules/system/layers/fuse/net/sf/ehcache/main/ehcache-2.9.1.jar:rest-management-private-classpath/org/glassfish/jersey/client/authentication/HttpAuthenticationFilter.class_terracotta */
public class HttpAuthenticationFilter implements ClientRequestFilter, ClientResponseFilter {
    private static final String REQUEST_PROPERTY_FILTER_REUSED = "org.glassfish.jersey.client.authentication.HttpAuthenticationFilter.reused";
    private static final String REQUEST_PROPERTY_OPERATION = "org.glassfish.jersey.client.authentication.HttpAuthenticationFilter.operation";
    private final HttpAuthenticationFeature.Mode mode;
    private final Map<String, Type> uriCache;
    private final DigestAuthenticator digestAuth;
    private final BasicAuthenticator basicAuth;
    private static final int MAXIMUM_DIGEST_CACHE_SIZE = 10000;
    private static final Logger LOGGER = Logger.getLogger(HttpAuthenticationFilter.class.getName());
    static final Charset CHARACTER_SET = Charset.forName("iso-8859-1");

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-107.zip:modules/system/layers/fuse/net/sf/ehcache/main/ehcache-2.9.1.jar:rest-management-private-classpath/org/glassfish/jersey/client/authentication/HttpAuthenticationFilter$Credentials.class_terracotta */
    public static class Credentials {
        private final String username;
        private final byte[] password;

        /* JADX INFO: Access modifiers changed from: package-private */
        public Credentials(String str, byte[] bArr) {
            this.username = str;
            this.password = bArr;
        }

        Credentials(String str, String str2) {
            this.username = str;
            this.password = str2 == null ? null : str2.getBytes(HttpAuthenticationFilter.CHARACTER_SET);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public String getUsername() {
            return this.username;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public byte[] getPassword() {
            return this.password;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-107.zip:modules/system/layers/fuse/net/sf/ehcache/main/ehcache-2.9.1.jar:rest-management-private-classpath/org/glassfish/jersey/client/authentication/HttpAuthenticationFilter$Type.class_terracotta */
    public enum Type {
        BASIC,
        DIGEST
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpAuthenticationFilter(HttpAuthenticationFeature.Mode mode, Credentials credentials, Credentials credentials2, Configuration configuration) {
        int maximumCacheLimit = getMaximumCacheLimit(configuration);
        final int i = maximumCacheLimit * 2;
        this.uriCache = Collections.synchronizedMap(new LinkedHashMap<String, Type>(i) { // from class: org.glassfish.jersey.client.authentication.HttpAuthenticationFilter.1
            private static final long serialVersionUID = 1946245645415625L;

            @Override // java.util.LinkedHashMap
            protected boolean removeEldestEntry(Map.Entry<String, Type> entry) {
                return size() > i;
            }
        });
        this.mode = mode;
        switch (mode) {
            case BASIC_PREEMPTIVE:
            case BASIC_NON_PREEMPTIVE:
                this.basicAuth = new BasicAuthenticator(credentials);
                this.digestAuth = null;
                return;
            case DIGEST:
                this.basicAuth = null;
                this.digestAuth = new DigestAuthenticator(credentials2, maximumCacheLimit);
                return;
            case UNIVERSAL:
                this.basicAuth = new BasicAuthenticator(credentials);
                this.digestAuth = new DigestAuthenticator(credentials2, maximumCacheLimit);
                return;
            default:
                throw new IllegalStateException("Not implemented.");
        }
    }

    private int getMaximumCacheLimit(Configuration configuration) {
        int intValue = ((Integer) PropertiesHelper.getValue((Map<String, ?>) configuration.getProperties(), ClientProperties.DIGESTAUTH_URI_CACHE_SIZELIMIT, 10000)).intValue();
        if (intValue < 1) {
            intValue = 10000;
        }
        return intValue;
    }

    @Override // javax.ws.rs.client.ClientRequestFilter
    public void filter(ClientRequestContext clientRequestContext) throws IOException {
        Type type;
        if ("true".equals(clientRequestContext.getProperty(REQUEST_PROPERTY_FILTER_REUSED)) || clientRequestContext.getHeaders().containsKey("Authorization")) {
            return;
        }
        Type type2 = null;
        if (this.mode == HttpAuthenticationFeature.Mode.BASIC_PREEMPTIVE) {
            this.basicAuth.filterRequest(clientRequestContext);
            type2 = Type.BASIC;
        } else if (this.mode != HttpAuthenticationFeature.Mode.BASIC_NON_PREEMPTIVE) {
            if (this.mode == HttpAuthenticationFeature.Mode.DIGEST) {
                if (this.digestAuth.filterRequest(clientRequestContext)) {
                    type2 = Type.DIGEST;
                }
            } else if (this.mode == HttpAuthenticationFeature.Mode.UNIVERSAL && (type = this.uriCache.get(getCacheKey(clientRequestContext))) != null) {
                clientRequestContext.setProperty(REQUEST_PROPERTY_OPERATION, type);
                if (type == Type.BASIC) {
                    this.basicAuth.filterRequest(clientRequestContext);
                    type2 = Type.BASIC;
                } else if (type == Type.DIGEST && this.digestAuth.filterRequest(clientRequestContext)) {
                    type2 = Type.DIGEST;
                }
            }
        }
        if (type2 != null) {
            clientRequestContext.setProperty(REQUEST_PROPERTY_OPERATION, type2);
        }
    }

    @Override // javax.ws.rs.client.ClientResponseFilter
    public void filter(ClientRequestContext clientRequestContext, ClientResponseContext clientResponseContext) throws IOException {
        boolean z;
        if ("true".equals(clientRequestContext.getProperty(REQUEST_PROPERTY_FILTER_REUSED))) {
            return;
        }
        Type type = null;
        if (clientResponseContext.getStatus() == Response.Status.UNAUTHORIZED.getStatusCode()) {
            String first = clientResponseContext.getHeaders().getFirst("WWW-Authenticate");
            if (first != null) {
                String upperCase = first.trim().toUpperCase();
                if (upperCase.startsWith("BASIC")) {
                    type = Type.BASIC;
                } else if (!upperCase.startsWith("DIGEST")) {
                    return;
                } else {
                    type = Type.DIGEST;
                }
            }
            z = true;
        } else {
            z = false;
        }
        if (this.mode == HttpAuthenticationFeature.Mode.BASIC_PREEMPTIVE) {
            return;
        }
        if (this.mode == HttpAuthenticationFeature.Mode.BASIC_NON_PREEMPTIVE) {
            if (z && type == Type.BASIC) {
                this.basicAuth.filterResponseAndAuthenticate(clientRequestContext, clientResponseContext);
                return;
            }
            return;
        }
        if (this.mode == HttpAuthenticationFeature.Mode.DIGEST) {
            if (z && type == Type.DIGEST) {
                this.digestAuth.filterResponse(clientRequestContext, clientResponseContext);
                return;
            }
            return;
        }
        if (this.mode == HttpAuthenticationFeature.Mode.UNIVERSAL) {
            Type type2 = (Type) clientRequestContext.getProperty(REQUEST_PROPERTY_OPERATION);
            if (type2 != null) {
                updateCache(clientRequestContext, !z, type2);
            }
            if (z) {
                boolean z2 = false;
                if (type == Type.BASIC) {
                    z2 = this.basicAuth.filterResponseAndAuthenticate(clientRequestContext, clientResponseContext);
                } else if (type == Type.DIGEST) {
                    z2 = this.digestAuth.filterResponse(clientRequestContext, clientResponseContext);
                }
                updateCache(clientRequestContext, z2, type);
            }
        }
    }

    private String getCacheKey(ClientRequestContext clientRequestContext) {
        return clientRequestContext.getUri().toString() + ":" + clientRequestContext.getMethod();
    }

    private void updateCache(ClientRequestContext clientRequestContext, boolean z, Type type) {
        String cacheKey = getCacheKey(clientRequestContext);
        if (z) {
            this.uriCache.put(cacheKey, type);
        } else {
            this.uriCache.remove(cacheKey);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean repeatRequest(ClientRequestContext clientRequestContext, ClientResponseContext clientResponseContext, String str) {
        Client newClient = ClientBuilder.newClient(clientRequestContext.getConfiguration());
        String method = clientRequestContext.getMethod();
        Invocation.Builder request = newClient.target(clientRequestContext.getUri()).request(clientRequestContext.getMediaType());
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        for (Map.Entry<String, Object> entry : clientRequestContext.getHeaders().entrySet()) {
            if (!"Authorization".equals(entry.getKey())) {
                multivaluedHashMap.put((MultivaluedHashMap) entry.getKey(), (String) entry.getValue());
            }
        }
        multivaluedHashMap.add("Authorization", str);
        request.headers(multivaluedHashMap);
        request.property(REQUEST_PROPERTY_FILTER_REUSED, "true");
        Response invoke = (clientRequestContext.getEntity() == null ? request.build(method) : request.build(method, Entity.entity(clientRequestContext.getEntity(), clientRequestContext.getMediaType()))).invoke();
        if (invoke.hasEntity()) {
            clientResponseContext.setEntityStream((InputStream) invoke.readEntity(InputStream.class));
        }
        MultivaluedMap<String, String> headers = clientResponseContext.getHeaders();
        headers.clear();
        headers.putAll(invoke.getStringHeaders());
        clientResponseContext.setStatus(invoke.getStatus());
        return clientResponseContext.getStatus() != Response.Status.UNAUTHORIZED.getStatusCode();
    }

    private static Credentials extractCredentials(ClientRequestContext clientRequestContext, Type type) {
        byte[] bytes;
        String str = null;
        String str2 = null;
        if (type == null) {
            str = HttpAuthenticationFeature.HTTP_AUTHENTICATION_USERNAME;
            str2 = HttpAuthenticationFeature.HTTP_AUTHENTICATION_PASSWORD;
        } else if (type == Type.BASIC) {
            str = HttpAuthenticationFeature.HTTP_AUTHENTICATION_BASIC_USERNAME;
            str2 = HttpAuthenticationFeature.HTTP_AUTHENTICATION_BASIC_PASSWORD;
        } else if (type == Type.DIGEST) {
            str = HttpAuthenticationFeature.HTTP_AUTHENTICATION_DIGEST_USERNAME;
            str2 = HttpAuthenticationFeature.HTTP_AUTHENTICATION_DIGEST_PASSWORD;
        }
        String str3 = (String) clientRequestContext.getProperty(str);
        if (str3 == null || str3.equals("")) {
            return null;
        }
        Object property = clientRequestContext.getProperty(str2);
        if (property instanceof byte[]) {
            bytes = (byte[]) property;
        } else {
            if (!(property instanceof String)) {
                throw new ProcessingException(LocalizationMessages.AUTHENTICATION_CREDENTIALS_REQUEST_PASSWORD_UNSUPPORTED());
            }
            bytes = ((String) property).getBytes(CHARACTER_SET);
        }
        return new Credentials(str3, bytes);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Credentials getCredentials(ClientRequestContext clientRequestContext, Credentials credentials, Type type) {
        Credentials extractCredentials = extractCredentials(clientRequestContext, type);
        if (extractCredentials != null) {
            return extractCredentials;
        }
        Credentials extractCredentials2 = extractCredentials(clientRequestContext, null);
        return extractCredentials2 != null ? extractCredentials2 : credentials;
    }
}
