package com.openshift.internal.restclient.capability.resources;

import com.openshift.internal.restclient.model.ModelNodeBuilder;
import com.openshift.internal.restclient.model.image.ImageStreamImport;
import com.openshift.internal.restclient.model.properties.ResourcePropertyKeys;
import com.openshift.internal.restclient.okhttp.ResponseCodeInterceptor;
import com.openshift.internal.util.JBossDmrExtentions;
import com.openshift.restclient.IClient;
import com.openshift.restclient.IResourceFactory;
import com.openshift.restclient.ResourceKind;
import com.openshift.restclient.capability.resources.IImageStreamImportCapability;
import com.openshift.restclient.http.IHttpConstants;
import com.openshift.restclient.images.DockerImageURI;
import com.openshift.restclient.model.IProject;
import com.openshift.restclient.model.IStatus;
import com.openshift.restclient.model.image.IImageStreamImport;
import java.util.Comparator;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import okhttp3.HttpUrl;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import org.apache.commons.lang.StringUtils;
import org.jboss.dmr.ModelNode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/openshift/internal/restclient/capability/resources/DockerRegistryImageStreamImportCapability.class */
public class DockerRegistryImageStreamImportCapability implements IImageStreamImportCapability, IHttpConstants, ResourcePropertyKeys {
    private static final String TOKEN = "token";
    private static final String STATUS_STATUS = "status.status";
    private static final String ID = "id";
    private static final String PARENT = "parent";
    private static final String REALM = "realm";
    private static final Logger LOG = LoggerFactory.getLogger(IImageStreamImportCapability.class);
    private static final String DEFAULT_DOCKER_REGISTRY = "https://registry-1.docker.io/v2";
    private IResourceFactory factory;
    private IProject project;
    private OkHttpClient okClient;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/openshift/internal/restclient/capability/resources/DockerRegistryImageStreamImportCapability$DockerResponse.class */
    public static class DockerResponse {
        public static final String DATA = "data";
        public static final String AUTH = "auth";
        String responseType;
        String data;

        DockerResponse(String str, String str2) {
            this.responseType = str;
            this.data = str2;
        }

        public Object getResponseType() {
            return this.responseType;
        }

        public String getData() {
            return this.data;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/openshift/internal/restclient/capability/resources/DockerRegistryImageStreamImportCapability$ManifestComparator.class */
    public static class ManifestComparator implements Comparator<ModelNode> {
        ManifestComparator() {
        }

        @Override // java.util.Comparator
        public int compare(ModelNode modelNode, ModelNode modelNode2) {
            String asString = modelNode.has(DockerRegistryImageStreamImportCapability.PARENT) ? modelNode.get(DockerRegistryImageStreamImportCapability.PARENT).asString() : null;
            String asString2 = modelNode2.has(DockerRegistryImageStreamImportCapability.PARENT) ? modelNode.get(DockerRegistryImageStreamImportCapability.PARENT).asString() : null;
            if (asString == null && asString2 != null) {
                return -1;
            }
            if (asString != null && asString2 == null) {
                return 1;
            }
            if (asString == null && asString2 == null) {
                return 0;
            }
            String asString3 = modelNode.get(DockerRegistryImageStreamImportCapability.ID).asString();
            String asString4 = modelNode2.get(DockerRegistryImageStreamImportCapability.ID).asString();
            if (asString2.equals(asString3)) {
                return -1;
            }
            return asString.equals(asString4) ? 1 : 0;
        }
    }

    public DockerRegistryImageStreamImportCapability(IProject iProject, IResourceFactory iResourceFactory, IClient iClient) {
        this.factory = iResourceFactory;
        this.project = iProject;
        this.okClient = (OkHttpClient) iClient.adapt(OkHttpClient.class);
        if (this.okClient != null) {
            this.okClient = this.okClient.newBuilder().followRedirects(true).build();
        }
    }

    @Override // com.openshift.restclient.capability.ICapability
    public boolean isSupported() {
        return true;
    }

    @Override // com.openshift.restclient.capability.ICapability
    public String getName() {
        return DockerRegistryImageStreamImportCapability.class.getSimpleName();
    }

    private boolean registryExists(OkHttpClient okHttpClient) throws Exception {
        Response execute = okHttpClient.newCall(new Request.Builder().url(DEFAULT_DOCKER_REGISTRY).header(ResponseCodeInterceptor.X_OPENSHIFT_IGNORE_RCI, "true").build()).execute();
        if (execute == null) {
            return false;
        }
        return execute.code() == 401 || execute.code() == 200;
    }

    private String retrieveAuthToken(OkHttpClient okHttpClient, String str) throws Exception {
        if (!StringUtils.isNotBlank(str)) {
            return null;
        }
        Map<String, String> parseAuthDetails = parseAuthDetails(str);
        if (!parseAuthDetails.containsKey(REALM)) {
            LOG.info("Unable to retrieve authentication token - 'realm' was not found in the authenticate header: " + parseAuthDetails.toString());
            return null;
        }
        Response execute = okHttpClient.newCall(createAuthRequest(parseAuthDetails)).execute();
        LOG.debug("Auth response: " + execute.toString());
        if (execute.code() != 200 || !IHttpConstants.MEDIATYPE_APPLICATION_JSON.equals(execute.headers().get(IHttpConstants.PROPERTY_CONTENT_TYPE))) {
            LOG.info("Unable to retrieve authentication token as response was not OK and/or unexpected content type");
            return null;
        }
        ModelNode fromJSONString = ModelNode.fromJSONString(execute.body().string());
        if (fromJSONString.hasDefined(TOKEN)) {
            return fromJSONString.get(TOKEN).asString();
        }
        LOG.debug("No auth token was found on auth response: " + fromJSONString.toJSONString(false));
        return null;
    }

    private Request createAuthRequest(Map<String, String> map) {
        HttpUrl.Builder newBuilder = HttpUrl.parse(StringUtils.strip(map.get(REALM), "\"")).newBuilder();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (!REALM.equals(entry.getKey())) {
                newBuilder.addQueryParameter(StringUtils.strip(entry.getKey(), "\""), StringUtils.strip(entry.getValue(), "\""));
            }
        }
        Request build = new Request.Builder().url(newBuilder.build()).header(ResponseCodeInterceptor.X_OPENSHIFT_IGNORE_RCI, "true").build();
        LOG.debug("Auth request uri: " + build.url());
        return build;
    }

    private Map<String, String> parseAuthDetails(String str) {
        LOG.debug("Auth details header: " + str);
        HashMap hashMap = new HashMap();
        String[] split = str.split(" ");
        if (split.length == 2 && IHttpConstants.AUTHORIZATION_BEARER.equals(split[0])) {
            for (String str2 : split[1].split(",")) {
                String[] split2 = str2.split("=");
                if (split2.length >= 2) {
                    hashMap.put(split2[0], split2[1]);
                }
            }
        }
        return hashMap;
    }

    private DockerResponse retrieveMetaData(OkHttpClient okHttpClient, String str, DockerImageURI dockerImageURI) throws Exception {
        String format = String.format("%s/%s/%s/manifests/%s", DEFAULT_DOCKER_REGISTRY, StringUtils.defaultIfBlank(dockerImageURI.getUserName(), "library"), dockerImageURI.getName(), dockerImageURI.getTag());
        Request.Builder header = new Request.Builder().url(format).header(ResponseCodeInterceptor.X_OPENSHIFT_IGNORE_RCI, "true");
        if (str != null) {
            header.header(IHttpConstants.PROPERTY_AUTHORIZATION, String.format("%s %s", IHttpConstants.AUTHORIZATION_BEARER, str));
        }
        LOG.debug("retrieveMetaData uri: " + format);
        Response execute = okHttpClient.newCall(header.build()).execute();
        LOG.debug("retrieveMetaData response: " + execute.toString());
        switch (execute.code()) {
            case IHttpConstants.STATUS_OK /* 200 */:
                return new DockerResponse(DockerResponse.DATA, execute.body().string());
            case IHttpConstants.STATUS_UNAUTHORIZED /* 401 */:
                return new DockerResponse(DockerResponse.AUTH, execute.headers().get(IHttpConstants.PROPERTY_WWW_AUTHENTICATE));
            default:
                LOG.info("Unable to retrieve docker meta data: " + execute.toString());
                return null;
        }
    }

    @Override // com.openshift.restclient.capability.resources.IImageStreamImportCapability
    public IImageStreamImport importImageMetadata(DockerImageURI dockerImageURI) {
        if (this.okClient != null) {
            try {
                if (registryExists(this.okClient)) {
                    DockerResponse retrieveMetaData = retrieveMetaData(this.okClient, null, dockerImageURI);
                    if (DockerResponse.AUTH.equals(retrieveMetaData.getResponseType())) {
                        LOG.debug("Unauthorized.  Trying to retrieve token...");
                        retrieveMetaData = retrieveMetaData(this.okClient, retrieveAuthToken(this.okClient, retrieveMetaData.getData()), dockerImageURI);
                    }
                    if (!DockerResponse.DATA.equals(retrieveMetaData.getResponseType())) {
                        LOG.info("Unable to retrieve image metadata from docker registry");
                        return buildErrorResponse(dockerImageURI);
                    }
                    String data = retrieveMetaData.getData();
                    LOG.debug("Raw Docker image metadata: " + data);
                    return buildResponse(data, dockerImageURI);
                }
            } catch (Exception e) {
                LOG.error("Exception while trying to retrieve image metadata from docker", e);
            }
        }
        return buildErrorResponse(dockerImageURI);
    }

    private IImageStreamImport buildErrorResponse(DockerImageURI dockerImageURI) {
        return buildImageStreamImport(dockerImageURI, new ModelNodeBuilder().set(STATUS_STATUS, IStatus.FAILURE).set("status.message", String.format("you may not have access to the Docker image \"%s\"", dockerImageURI.getUriWithoutHost())).set("status.reason", "Unauthorized").set("status.code", IHttpConstants.STATUS_UNAUTHORIZED).build());
    }

    private IImageStreamImport buildResponse(String str, DockerImageURI dockerImageURI) {
        ModelNode findNewestHistoryEntry = findNewestHistoryEntry(ModelNode.fromJSONString(str));
        findNewestHistoryEntry.get("ContainerConfig").set(findNewestHistoryEntry.remove("container_config"));
        return buildImageStreamImport(dockerImageURI, new ModelNodeBuilder().set(STATUS_STATUS, IStatus.SUCCESS).set("tag", dockerImageURI.getTag()).set("image.metadata.name", dockerImageURI.getName()).set(ImageStreamImport.IMAGE_DOCKER_IMAGE_REFERENCE, dockerImageURI.getUriUserNameAndName()).set("image.dockerImageMetadata", findNewestHistoryEntry).set("status.code", IHttpConstants.STATUS_OK).build());
    }

    private ImageStreamImport buildImageStreamImport(DockerImageURI dockerImageURI, ModelNode modelNode) {
        ImageStreamImport imageStreamImport = (ImageStreamImport) this.factory.stub(ResourceKind.IMAGE_STREAM_IMPORT, dockerImageURI.getName(), this.project.getName());
        JBossDmrExtentions.get(imageStreamImport.getNode(), null, ImageStreamImport.STATUS_IMAGES).add(modelNode);
        return imageStreamImport;
    }

    private ModelNode findNewestHistoryEntry(ModelNode modelNode) {
        List list = (List) modelNode.get("history").asList().stream().map(modelNode2 -> {
            return ModelNode.fromJSONString(modelNode2.get("v1Compatibility").asString());
        }).collect(Collectors.toList());
        list.sort(new ManifestComparator());
        ModelNode modelNode3 = (ModelNode) list.get(list.size() - 1);
        LOG.debug("newest history: " + modelNode3.toJSONString(false));
        return modelNode3;
    }
}
