package com.openshift.internal.restclient.okhttp;

import com.openshift.internal.restclient.DefaultClient;
import com.openshift.internal.restclient.authorization.AuthorizationDetails;
import com.openshift.internal.util.URIUtils;
import com.openshift.restclient.IClient;
import com.openshift.restclient.authorization.IAuthorizationContext;
import com.openshift.restclient.authorization.IAuthorizationDetails;
import com.openshift.restclient.authorization.UnauthorizedException;
import com.openshift.restclient.http.IHttpConstants;
import java.io.IOException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Map;
import okhttp3.Authenticator;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.Route;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/openshift/internal/restclient/okhttp/AuthenticatorInterceptor.class */
public class AuthenticatorInterceptor implements Interceptor, IHttpConstants {
    private static final Logger LOGGER = Logger.getLogger(AuthenticatorInterceptor.class);
    public static final String ACCESS_TOKEN = "access_token";
    private static final String AUTH_ATTEMPTS = "X-OPENSHIFT-AUTH-ATTEMPTS";
    private static final String CSRF_TOKEN = "X-CSRF-Token";
    private static final String ERROR = "error";
    private static final String ERROR_DETAILS = "error_details";
    private IClient client;
    private Collection<IChallengeHandler> challangeHandlers = new ArrayList();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/openshift/internal/restclient/okhttp/AuthenticatorInterceptor$OpenShiftAuthenticator.class */
    public final class OpenShiftAuthenticator implements Authenticator {
        private OpenShiftAuthenticator() {
        }

        public Request authenticate(Route route, Response response) throws IOException {
            if (StringUtils.isNotBlank(response.request().header(AuthenticatorInterceptor.AUTH_ATTEMPTS)) || !StringUtils.isNotBlank(response.header(IHttpConstants.PROPERTY_WWW_AUTHENTICATE))) {
                return null;
            }
            Request createAuthenticationRequest = createAuthenticationRequest(response);
            response.close();
            return createAuthenticationRequest;
        }

        private Request createAuthenticationRequest(Response response) {
            for (IChallengeHandler iChallengeHandler : AuthenticatorInterceptor.this.challangeHandlers) {
                if (!iChallengeHandler.canHandle(response.headers())) {
                    return iChallengeHandler.handleChallenge(response.request().newBuilder().header(AuthenticatorInterceptor.AUTH_ATTEMPTS, "1")).build();
                }
            }
            return null;
        }
    }

    public Response intercept(Interceptor.Chain chain) throws IOException {
        Request request = chain.request();
        String httpUrl = request.url().toString();
        if (isUrlWithoutAuthorization(request, httpUrl)) {
            return chain.proceed(request);
        }
        IAuthorizationContext authorizationContext = this.client.getAuthorizationContext();
        if (StringUtils.isBlank(authorizationContext.getToken())) {
            Response authenticate = authenticate();
            if (authenticate != null) {
                try {
                    if (authenticate.isSuccessful()) {
                        setToken(getToken(authenticate), this.client.getAuthorizationContext());
                        request = new OpenShiftRequestBuilder(request.newBuilder()).acceptJson().authorization(authorizationContext).build();
                        if (authenticate != null) {
                            authenticate.close();
                        }
                    }
                } catch (Throwable th) {
                    if (authenticate != null) {
                        try {
                            authenticate.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
            throw new UnauthorizedException(getAuthorizationDetails(httpUrl), authenticate == null ? null : ResponseCodeInterceptor.getStatus(authenticate.body().string()));
        }
        return chain.proceed(request);
    }

    private boolean isUrlWithoutAuthorization(Request request, String str) {
        return str.endsWith(DefaultClient.PATH_OPENSHIFT_VERSION) || str.endsWith("version") || str.endsWith(DefaultClient.PATH_OAUTH_AUTHORIZATION_SERVER) || request.url().toString().startsWith(this.client.getAuthorizationEndpoint().toString());
    }

    private Response authenticate() throws IOException {
        OkHttpClient okHttpClient = (OkHttpClient) this.client.adapt(OkHttpClient.class);
        if (okHttpClient == null) {
            return null;
        }
        return okHttpClient.newBuilder().authenticator(new OpenShiftAuthenticator()).followRedirects(false).build().newCall(new Request.Builder().addHeader(CSRF_TOKEN, "1").url(new URL(this.client.getAuthorizationEndpoint().toExternalForm() + "?response_type=token&client_id=openshift-challenging-client").toString()).build()).execute();
    }

    private IAuthorizationDetails getAuthorizationDetails(String str) {
        AuthorizationDetails authorizationDetails = null;
        Map<String, String> splitFragment = URIUtils.splitFragment(str);
        if (splitFragment.containsKey(ERROR)) {
            authorizationDetails = new AuthorizationDetails(splitFragment.get(ERROR), splitFragment.get(ERROR_DETAILS));
        }
        return authorizationDetails;
    }

    private String getToken(Response response) {
        String str = null;
        Map<String, String> splitFragment = URIUtils.splitFragment(response.header(IHttpConstants.PROPERTY_LOCATION));
        if (splitFragment.containsKey("access_token")) {
            str = splitFragment.get("access_token");
        }
        return str;
    }

    private void setToken(String str, IAuthorizationContext iAuthorizationContext) {
        if (iAuthorizationContext != null) {
            iAuthorizationContext.setToken(str);
        }
    }

    public void setClient(IClient iClient) {
        this.client = iClient;
        initChallengeHandlers(iClient.getAuthorizationContext());
    }

    private void initChallengeHandlers(IAuthorizationContext iAuthorizationContext) {
        this.challangeHandlers.clear();
        this.challangeHandlers.add(new BasicChallengeHandler(iAuthorizationContext));
    }
}
