package com.openshift.internal.restclient.authorization;

import com.openshift.restclient.IClient;
import com.openshift.restclient.ISSLCertificateCallback;
import com.openshift.restclient.NoopSSLCertificateCallback;
import com.openshift.restclient.OpenShiftException;
import com.openshift.restclient.authorization.IAuthorizationClient;
import com.openshift.restclient.authorization.IAuthorizationContext;
import com.openshift.restclient.authorization.IAuthorizationDetails;
import com.openshift.restclient.authorization.IAuthorizationStrategy;
import com.openshift.restclient.authorization.ResourceForbiddenException;
import com.openshift.restclient.authorization.TokenAuthorizationStrategy;
import com.openshift.restclient.authorization.UnauthorizedException;
import java.io.Closeable;
import java.io.IOException;
import java.net.ProxySelector;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.SystemDefaultRoutePlanner;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;

/* loaded from: input_file:lib/openshift-restclient-java.jar:com/openshift/internal/restclient/authorization/AuthorizationClient.class */
public class AuthorizationClient implements IAuthorizationClient {
    private static final Logger LOG = LoggerFactory.getLogger(IAuthorizationClient.class);
    private static final int TIMEOUT = 10000;
    private SSLContext sslContext;
    private X509HostnameVerifier hostnameVerifier = new AllowAllHostnameVerifier();
    private IClient openshiftClient;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/openshift-restclient-java.jar:com/openshift/internal/restclient/authorization/AuthorizationClient$CallbackTrustManager.class */
    public static class CallbackTrustManager implements X509TrustManager {
        private X509TrustManager trustManager;
        private ISSLCertificateCallback callback;

        private CallbackTrustManager(X509TrustManager x509TrustManager, ISSLCertificateCallback iSSLCertificateCallback) throws NoSuchAlgorithmException, KeyStoreException {
            this.trustManager = x509TrustManager;
            this.callback = iSSLCertificateCallback;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.trustManager.getAcceptedIssuers();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                this.trustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                if (!this.callback.allowCertificate(x509CertificateArr)) {
                    throw e;
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.trustManager.checkServerTrusted(x509CertificateArr, str);
        }
    }

    public AuthorizationClient(IClient iClient) {
        this.openshiftClient = iClient;
        setSSLCertificateCallback(new NoopSSLCertificateCallback());
    }

    @Override // com.openshift.restclient.authorization.IAuthorizationClient
    public IAuthorizationDetails getAuthorizationDetails(String str) {
        try {
            getContextUsingCredentials(str, null);
            return new AuthorizationDetails(String.format("%s/oauth/token/request", str));
        } catch (UnauthorizedException e) {
            return e.getAuthorizationDetails();
        }
    }

    @Override // com.openshift.restclient.authorization.IAuthorizationClient
    public IAuthorizationContext getContext(String str) {
        OpenShiftCredentialsProvider openShiftCredentialsProvider = new OpenShiftCredentialsProvider();
        this.openshiftClient.getAuthorizationStrategy().accept(openShiftCredentialsProvider);
        IAuthorizationStrategy authorizationStrategy = this.openshiftClient.getAuthorizationStrategy();
        try {
            try {
                String token = openShiftCredentialsProvider.getToken();
                this.openshiftClient.setAuthorizationStrategy(new TokenAuthorizationStrategy(token));
                AuthorizationContext authorizationContext = new AuthorizationContext(token, null, this.openshiftClient.getCurrentUser(), openShiftCredentialsProvider.getScheme());
                this.openshiftClient.setAuthorizationStrategy(authorizationStrategy);
                return authorizationContext;
            } catch (ResourceForbiddenException e) {
                this.openshiftClient.setAuthorizationStrategy(authorizationStrategy);
                return getContextUsingCredentials(str, openShiftCredentialsProvider);
            } catch (UnauthorizedException e2) {
                this.openshiftClient.setAuthorizationStrategy(authorizationStrategy);
                IAuthorizationContext contextUsingCredentials = getContextUsingCredentials(str, openShiftCredentialsProvider);
                this.openshiftClient.setAuthorizationStrategy(authorizationStrategy);
                return contextUsingCredentials;
            }
        } catch (Throwable th) {
            this.openshiftClient.setAuthorizationStrategy(authorizationStrategy);
            throw th;
        }
    }

    private IAuthorizationContext getContextUsingCredentials(String str, CredentialsProvider credentialsProvider) {
        Closeable closeable = null;
        CloseableHttpClient closeableHttpClient = null;
        try {
            try {
                try {
                    OpenShiftAuthorizationRedirectStrategy openShiftAuthorizationRedirectStrategy = new OpenShiftAuthorizationRedirectStrategy(this.openshiftClient);
                    closeableHttpClient = HttpClients.custom().setRedirectStrategy(openShiftAuthorizationRedirectStrategy).setRoutePlanner(new SystemDefaultRoutePlanner(ProxySelector.getDefault())).setHostnameVerifier(this.hostnameVerifier).setDefaultCredentialsProvider(credentialsProvider).setSslcontext(this.sslContext).setDefaultRequestConfig(RequestConfig.custom().setSocketTimeout(10000).setConnectTimeout(10000).setConnectionRequestTimeout(10000).setStaleConnectionCheckEnabled(true).build()).build();
                    HttpGet httpGet = new HttpGet(new URIBuilder(String.format("%s/oauth/authorize", str)).addParameter("response_type", "token").addParameter("client_id", "openshift-challenging-client").build());
                    httpGet.addHeader("X-CSRF-Token", CustomBooleanEditor.VALUE_1);
                    closeable = closeableHttpClient.execute((HttpUriRequest) httpGet);
                    IAuthorizationContext authorizationContext = openShiftAuthorizationRedirectStrategy.getAuthorizationContext();
                    close(closeable);
                    close(closeableHttpClient);
                    return authorizationContext;
                } catch (URISyntaxException e) {
                    throw new OpenShiftException(e, String.format("Unvalid URI while trying to get an authorization context for server %s", str), new Object[0]);
                }
            } catch (ClientProtocolException e2) {
                throw new OpenShiftException(e2, String.format("Client protocol exception while trying to get authorization context for server %s", str), new Object[0]);
            } catch (IOException e3) {
                throw new OpenShiftException(e3, String.format("%s while trying to get an authorization context for server %s", e3.getClass().getName(), str), new Object[0]);
            }
        } catch (Throwable th) {
            close(closeable);
            close(closeableHttpClient);
            throw th;
        }
    }

    private void close(Closeable closeable) {
        if (closeable == null) {
            return;
        }
        try {
            closeable.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    @Override // com.openshift.restclient.authorization.IAuthorizationClient
    public void setSSLCertificateCallback(ISSLCertificateCallback iSSLCertificateCallback) {
        X509TrustManager x509TrustManager = null;
        if (iSSLCertificateCallback != null) {
            x509TrustManager = createCallbackTrustManager(iSSLCertificateCallback);
        }
        try {
            this.sslContext = SSLContext.getInstance("TLS");
            this.sslContext.init(null, new TrustManager[]{x509TrustManager}, null);
        } catch (KeyManagementException e) {
            LOG.warn("Could not install trust manager callback", (Throwable) e);
            this.sslContext = null;
        } catch (NoSuchAlgorithmException e2) {
            LOG.warn("Could not install trust manager callback", (Throwable) e2);
            this.sslContext = null;
        }
    }

    private X509TrustManager createCallbackTrustManager(ISSLCertificateCallback iSSLCertificateCallback) {
        X509TrustManager x509TrustManager = null;
        try {
            x509TrustManager = getCurrentTrustManager();
            if (x509TrustManager == null) {
                LOG.warn("Could not install trust manager callback, no trustmanager was found.");
            } else {
                x509TrustManager = new CallbackTrustManager(x509TrustManager, iSSLCertificateCallback);
            }
        } catch (GeneralSecurityException e) {
            LOG.warn("Could not install trust manager callback.", (Throwable) e);
        }
        return x509TrustManager;
    }

    private X509TrustManager getCurrentTrustManager() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        X509TrustManager x509TrustManager = null;
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        int length = trustManagers.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            TrustManager trustManager = trustManagers[i];
            if (trustManager instanceof X509TrustManager) {
                x509TrustManager = (X509TrustManager) trustManager;
                break;
            }
            i++;
        }
        return x509TrustManager;
    }
}
