package jdk.internal.net.http;

import java.io.IOException;
import java.net.Authenticator;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.PasswordAuthentication;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.http.HttpHeaders;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Objects;
import java.util.WeakHashMap;
import jdk.internal.net.http.common.Log;
import jdk.internal.net.http.common.Utils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.net.http/jdk/internal/net/http/AuthenticationFilter.class */
public class AuthenticationFilter implements HeaderFilter {
    volatile MultiExchange<?> exchange;
    static final int DEFAULT_RETRY_LIMIT = 3;
    static final int UNAUTHORIZED = 401;
    static final int PROXY_UNAUTHORIZED = 407;
    private static final Base64.Encoder encoder = Base64.getEncoder();
    static final int retry_limit = Utils.getIntegerNetProperty("jdk.httpclient.auth.retrylimit", 3);
    private static final String BASIC_DUMMY = "Basic " + Base64.getEncoder().encodeToString("o:o".getBytes(StandardCharsets.ISO_8859_1));
    static final WeakHashMap<HttpClientImpl, Cache> caches = new WeakHashMap<>();

    /* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.net.http/jdk/internal/net/http/AuthenticationFilter$AuthInfo.class */
    static class AuthInfo {
        final boolean fromcache;
        final String scheme;
        int retries;
        PasswordAuthentication credentials;
        CacheEntry cacheEntry;
        static final /* synthetic */ boolean $assertionsDisabled;

        AuthInfo(boolean z, String str, PasswordAuthentication passwordAuthentication) {
            this.fromcache = z;
            this.scheme = str;
            this.credentials = passwordAuthentication;
            this.retries = 1;
        }

        AuthInfo(boolean z, String str, PasswordAuthentication passwordAuthentication, CacheEntry cacheEntry) {
            this(z, str, passwordAuthentication);
            if (!$assertionsDisabled && passwordAuthentication != null && (cacheEntry == null || cacheEntry.value != null)) {
                throw new AssertionError();
            }
            this.cacheEntry = cacheEntry;
        }

        AuthInfo retryWithCredentials(PasswordAuthentication passwordAuthentication) {
            AuthInfo authInfo = this.fromcache ? new AuthInfo(false, this.scheme, passwordAuthentication) : this;
            authInfo.credentials = (PasswordAuthentication) Objects.requireNonNull(passwordAuthentication);
            authInfo.retries = this.retries;
            return authInfo;
        }

        static {
            $assertionsDisabled = !AuthenticationFilter.class.desiredAssertionStatus();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.net.http/jdk/internal/net/http/AuthenticationFilter$Cache.class */
    public static final class Cache {
        final LinkedList<CacheEntry> entries = new LinkedList<>();

        Cache() {
        }

        synchronized CacheEntry get(URI uri, boolean z) {
            Iterator<CacheEntry> it = this.entries.iterator2();
            while (it.hasNext()) {
                CacheEntry next = it.next();
                if (next.equalsKey(uri, z)) {
                    return next;
                }
            }
            return null;
        }

        private static boolean equalsIgnoreCase(String str, String str2) {
            return str == str2 || (str != null && str.equalsIgnoreCase(str2));
        }

        synchronized void remove(String str, URI uri, boolean z) {
            Iterator<CacheEntry> it = this.entries.iterator2();
            while (it.hasNext()) {
                CacheEntry next = it.next();
                if (equalsIgnoreCase(next.scheme, str) && next.equalsKey(uri, z)) {
                    it.remove();
                }
            }
        }

        synchronized void remove(CacheEntry cacheEntry) {
            this.entries.remove(cacheEntry);
        }

        synchronized void store(String str, URI uri, boolean z, PasswordAuthentication passwordAuthentication) {
            remove(str, uri, z);
            this.entries.add(new CacheEntry(str, uri, z, passwordAuthentication));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.net.http/jdk/internal/net/http/AuthenticationFilter$CacheEntry.class */
    public static final class CacheEntry {
        final String root;
        final String scheme;
        final boolean proxy;
        final PasswordAuthentication value;

        CacheEntry(String str, URI uri, boolean z, PasswordAuthentication passwordAuthentication) {
            this.scheme = str;
            this.root = AuthenticationFilter.normalize(uri, true).toString();
            this.proxy = z;
            this.value = passwordAuthentication;
        }

        public PasswordAuthentication value() {
            return this.value;
        }

        public boolean equalsKey(URI uri, boolean z) {
            if (this.proxy != z) {
                return false;
            }
            return String.valueOf(AuthenticationFilter.normalize(uri, false)).startsWith(this.root);
        }
    }

    private PasswordAuthentication getCredentials(String str, boolean z, HttpRequestImpl httpRequestImpl) throws IOException {
        String host;
        int port;
        String scheme;
        Authenticator orElseThrow = this.exchange.client().authenticator().orElseThrow(() -> {
            return new IOException("No authenticator set");
        });
        URI uri = httpRequestImpl.uri();
        HeaderParser headerParser = new HeaderParser(str);
        String findKey = headerParser.findKey(0);
        String findValue = headerParser.findValue("realm");
        Authenticator.RequestorType requestorType = z ? Authenticator.RequestorType.PROXY : Authenticator.RequestorType.SERVER;
        URL url = toURL(uri, httpRequestImpl.method(), z);
        if (!z || httpRequestImpl.proxy() == null) {
            host = uri.getHost();
            port = uri.getPort();
            scheme = uri.getScheme();
        } else {
            InetSocketAddress proxy = httpRequestImpl.proxy();
            host = proxy.getHostString();
            port = proxy.getPort();
            scheme = "http";
        }
        return orElseThrow.requestPasswordAuthenticationInstance(host, null, port, scheme, findValue, findKey, url, requestorType);
    }

    private URL toURL(URI uri, String str, boolean z) throws MalformedURLException {
        if (z && "CONNECT".equalsIgnoreCase(str) && "socket".equalsIgnoreCase(uri.getScheme())) {
            return null;
        }
        return uri.toURL();
    }

    private URI getProxyURI(HttpRequestImpl httpRequestImpl) {
        InetSocketAddress proxy = httpRequestImpl.proxy();
        if (proxy == null) {
            return null;
        }
        try {
            return new URI("proxy." + httpRequestImpl.uri().getScheme(), null, proxy.getHostString(), proxy.getPort(), "/", null, null);
        } catch (URISyntaxException e) {
            throw new InternalError(e);
        }
    }

    @Override // jdk.internal.net.http.HeaderFilter
    public void request(HttpRequestImpl httpRequestImpl, MultiExchange<?> multiExchange) throws IOException {
        CacheEntry cacheEntry;
        URI proxyURI;
        CacheEntry cacheEntry2;
        Cache cache = getCache(multiExchange);
        this.exchange = multiExchange;
        if (this.exchange.proxyauth == null && (proxyURI = getProxyURI(httpRequestImpl)) != null && (cacheEntry2 = cache.get(proxyURI, true)) != null) {
            this.exchange.proxyauth = new AuthInfo(true, cacheEntry2.scheme, null, cacheEntry2);
            addBasicCredentials(httpRequestImpl, true, cacheEntry2.value);
        }
        if (this.exchange.serverauth != null || (cacheEntry = cache.get(httpRequestImpl.uri(), false)) == null) {
            return;
        }
        this.exchange.serverauth = new AuthInfo(true, cacheEntry.scheme, null, cacheEntry);
        addBasicCredentials(httpRequestImpl, false, cacheEntry.value);
    }

    private static void addBasicCredentials(HttpRequestImpl httpRequestImpl, boolean z, PasswordAuthentication passwordAuthentication) {
        String str = z ? "Proxy-Authorization" : "Authorization";
        StringBuilder sb = new StringBuilder(128);
        sb.append(passwordAuthentication.getUserName()).append(':').append(passwordAuthentication.getPassword());
        String str2 = "Basic " + encoder.encodeToString(sb.toString().getBytes(StandardCharsets.ISO_8859_1));
        if (z) {
            if (httpRequestImpl.isConnect()) {
                if (!Utils.PROXY_TUNNEL_FILTER.test(str, str2)) {
                    Log.logError("{0} disabled", str);
                    return;
                }
            } else if (httpRequestImpl.proxy() != null && !Utils.PROXY_FILTER.test(str, str2)) {
                Log.logError("{0} disabled", str);
                return;
            }
        }
        httpRequestImpl.setSystemHeader(str, str2);
    }

    @Override // jdk.internal.net.http.HeaderFilter
    public HttpRequestImpl response(Response response) throws IOException {
        Cache cache = getCache(this.exchange);
        int statusCode = response.statusCode();
        HttpHeaders headers = response.headers();
        HttpRequestImpl request = response.request();
        if (statusCode != 407) {
            if (this.exchange.proxyauth != null && !this.exchange.proxyauth.fromcache) {
                AuthInfo authInfo = this.exchange.proxyauth;
                URI proxyURI = getProxyURI(request);
                if (proxyURI != null) {
                    this.exchange.proxyauth = null;
                    cache.store(authInfo.scheme, proxyURI, true, authInfo.credentials);
                }
            }
            if (statusCode != 401) {
                if (this.exchange.serverauth == null || this.exchange.serverauth.fromcache) {
                    return null;
                }
                AuthInfo authInfo2 = this.exchange.serverauth;
                cache.store(authInfo2.scheme, request.uri(), false, authInfo2.credentials);
                return null;
            }
        }
        boolean z = statusCode == 407;
        String str = z ? "Proxy-Authenticate" : "WWW-Authenticate";
        String orElse = headers.firstValue(str).orElse(null);
        if (orElse == null) {
            if (this.exchange.client().authenticator().isPresent()) {
                throw new IOException(str + " header missing for response code " + statusCode);
            }
            return null;
        }
        if (!new HeaderParser(orElse).findKey(0).equalsIgnoreCase("Basic")) {
            return null;
        }
        if (z) {
            if (response.isConnectResponse) {
                if (!Utils.PROXY_TUNNEL_FILTER.test("Proxy-Authorization", BASIC_DUMMY)) {
                    Log.logError("{0} disabled", "Proxy-Authorization");
                    return null;
                }
            } else if (request.proxy() != null && !Utils.PROXY_FILTER.test("Proxy-Authorization", BASIC_DUMMY)) {
                Log.logError("{0} disabled", "Proxy-Authorization");
                return null;
            }
        }
        AuthInfo authInfo3 = z ? this.exchange.proxyauth : this.exchange.serverauth;
        if (authInfo3 == null) {
            if (!this.exchange.client().authenticator().isPresent()) {
                return null;
            }
            PasswordAuthentication credentials = getCredentials(orElse, z, request);
            if (credentials == null) {
                throw new IOException("No credentials provided");
            }
            AuthInfo authInfo4 = new AuthInfo(false, "Basic", credentials);
            if (z) {
                this.exchange.proxyauth = authInfo4;
            } else {
                this.exchange.serverauth = authInfo4;
            }
            HttpRequestImpl newInstanceForAuthentication = HttpRequestImpl.newInstanceForAuthentication(request);
            addBasicCredentials(newInstanceForAuthentication, z, credentials);
            return newInstanceForAuthentication;
        }
        if (authInfo3.retries > retry_limit) {
            throw new IOException("too many authentication attempts. Limit: " + Integer.toString(retry_limit));
        }
        if (authInfo3.fromcache) {
            cache.remove(authInfo3.cacheEntry);
        }
        if (!this.exchange.client().authenticator().isPresent()) {
            return null;
        }
        PasswordAuthentication credentials2 = getCredentials(orElse, z, request);
        if (credentials2 == null) {
            throw new IOException("No credentials provided");
        }
        AuthInfo retryWithCredentials = authInfo3.retryWithCredentials(credentials2);
        if (z) {
            this.exchange.proxyauth = retryWithCredentials;
        } else {
            this.exchange.serverauth = retryWithCredentials;
        }
        HttpRequestImpl newInstanceForAuthentication2 = HttpRequestImpl.newInstanceForAuthentication(request);
        addBasicCredentials(newInstanceForAuthentication2, z, retryWithCredentials.credentials);
        retryWithCredentials.retries++;
        return newInstanceForAuthentication2;
    }

    static synchronized Cache getCache(MultiExchange<?> multiExchange) {
        HttpClientImpl client = multiExchange.client();
        Cache cache = caches.get(client);
        if (cache == null) {
            cache = new Cache();
            caches.put(client, cache);
        }
        return cache;
    }

    static URI normalize(URI uri, boolean z) {
        String path = uri.getPath();
        if (path != null && !path.isEmpty()) {
            return (z || !"/".equals(path)) ? uri.resolve(".") : uri;
        }
        try {
            return new URI(uri.getScheme(), uri.getAuthority(), "/", null, null);
        } catch (URISyntaxException e) {
            throw new InternalError(e);
        }
    }
}
