package io.bitsensor.plugins.shaded.org.asynchttpclient.netty.handler.intercept;

import io.bitsensor.plugins.shaded.io.netty.channel.Channel;
import io.bitsensor.plugins.shaded.io.netty.handler.codec.http.DefaultHttpHeaders;
import io.bitsensor.plugins.shaded.io.netty.handler.codec.http.HttpHeaders;
import io.bitsensor.plugins.shaded.io.netty.handler.codec.http.HttpRequest;
import io.bitsensor.plugins.shaded.io.netty.handler.codec.http.HttpResponse;
import io.bitsensor.plugins.shaded.org.asynchttpclient.Dsl;
import io.bitsensor.plugins.shaded.org.asynchttpclient.Realm;
import io.bitsensor.plugins.shaded.org.asynchttpclient.Request;
import io.bitsensor.plugins.shaded.org.asynchttpclient.RequestBuilder;
import io.bitsensor.plugins.shaded.org.asynchttpclient.netty.NettyResponseFuture;
import io.bitsensor.plugins.shaded.org.asynchttpclient.netty.channel.ChannelManager;
import io.bitsensor.plugins.shaded.org.asynchttpclient.netty.channel.ChannelState;
import io.bitsensor.plugins.shaded.org.asynchttpclient.netty.request.NettyRequestSender;
import io.bitsensor.plugins.shaded.org.asynchttpclient.ntlm.NtlmEngine;
import io.bitsensor.plugins.shaded.org.asynchttpclient.proxy.ProxyServer;
import io.bitsensor.plugins.shaded.org.asynchttpclient.spnego.SpnegoEngine;
import io.bitsensor.plugins.shaded.org.asynchttpclient.spnego.SpnegoEngineException;
import io.bitsensor.plugins.shaded.org.asynchttpclient.util.AuthenticatorUtils;
import io.bitsensor.plugins.shaded.org.asynchttpclient.util.HttpConstants;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/apiconnector-bitsensor-2.2.0.jar:io/bitsensor/plugins/shaded/org/asynchttpclient/netty/handler/intercept/ProxyUnauthorized407Interceptor.class */
public class ProxyUnauthorized407Interceptor {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) ProxyUnauthorized407Interceptor.class);
    private final ChannelManager channelManager;
    private final NettyRequestSender requestSender;

    public ProxyUnauthorized407Interceptor(ChannelManager channelManager, NettyRequestSender nettyRequestSender) {
        this.channelManager = channelManager;
        this.requestSender = nettyRequestSender;
    }

    public boolean exitAfterHandling407(Channel channel, NettyResponseFuture<?> nettyResponseFuture, HttpResponse httpResponse, Request request, int i, ProxyServer proxyServer, HttpRequest httpRequest) {
        if (nettyResponseFuture.getInProxyAuth().getAndSet(true)) {
            LOGGER.info("Can't handle 407 as auth was already performed");
            return false;
        }
        Realm proxyRealm = nettyResponseFuture.getProxyRealm();
        if (proxyRealm == null) {
            LOGGER.info("Can't handle 407 as there's no proxyRealm");
            return false;
        }
        List<String> all = httpResponse.headers().getAll("Proxy-Authenticate");
        if (all.isEmpty()) {
            LOGGER.info("Can't handle 407 as response doesn't contain Proxy-Authenticate headers");
            return false;
        }
        nettyResponseFuture.setChannelState(ChannelState.NEW);
        HttpHeaders add = new DefaultHttpHeaders(false).add(request.getHeaders());
        switch (proxyRealm.getScheme()) {
            case BASIC:
                if (AuthenticatorUtils.getHeaderWithPrefix(all, "Basic") != null) {
                    if (!proxyRealm.isUsePreemptiveAuth()) {
                        nettyResponseFuture.setProxyRealm(Dsl.realm(proxyRealm).setUsePreemptiveAuth(true).build());
                        break;
                    } else {
                        LOGGER.info("Can't handle 407 with Basic realm as auth was preemptive and already performed");
                        return false;
                    }
                } else {
                    LOGGER.info("Can't handle 407 with Basic realm as Proxy-Authenticate headers don't match");
                    return false;
                }
            case DIGEST:
                String headerWithPrefix = AuthenticatorUtils.getHeaderWithPrefix(all, "Digest");
                if (headerWithPrefix != null) {
                    nettyResponseFuture.setProxyRealm(Dsl.realm(proxyRealm).setUri(request.getUri()).setMethodName(request.getMethod()).setUsePreemptiveAuth(true).parseProxyAuthenticateHeader(headerWithPrefix).build());
                    break;
                } else {
                    LOGGER.info("Can't handle 407 with Digest realm as Proxy-Authenticate headers don't match");
                    return false;
                }
            case NTLM:
                String headerWithPrefix2 = AuthenticatorUtils.getHeaderWithPrefix(all, "NTLM");
                if (headerWithPrefix2 != null) {
                    ntlmProxyChallenge(headerWithPrefix2, request, add, proxyRealm, nettyResponseFuture);
                    nettyResponseFuture.setProxyRealm(Dsl.realm(proxyRealm).setUsePreemptiveAuth(true).build());
                    break;
                } else {
                    LOGGER.info("Can't handle 407 with NTLM realm as Proxy-Authenticate headers don't match");
                    return false;
                }
            case KERBEROS:
            case SPNEGO:
                if (AuthenticatorUtils.getHeaderWithPrefix(all, "Negotiate") == null) {
                    LOGGER.info("Can't handle 407 with Kerberos or Spnego realm as Proxy-Authenticate headers don't match");
                    return false;
                }
                try {
                    kerberosProxyChallenge(channel, all, request, proxyServer, proxyRealm, add, nettyResponseFuture);
                    break;
                } catch (SpnegoEngineException e) {
                    String headerWithPrefix3 = AuthenticatorUtils.getHeaderWithPrefix(all, "NTLM");
                    if (headerWithPrefix3 == null) {
                        this.requestSender.abort(channel, nettyResponseFuture, e);
                        return false;
                    }
                    LOGGER.warn("Kerberos/Spnego proxy auth failed, proceeding with NTLM");
                    ntlmProxyChallenge(headerWithPrefix3, request, add, proxyRealm, nettyResponseFuture);
                    nettyResponseFuture.setProxyRealm(Dsl.realm(proxyRealm).setScheme(Realm.AuthScheme.NTLM).setUsePreemptiveAuth(true).build());
                    break;
                }
            default:
                throw new IllegalStateException("Invalid Authentication scheme " + proxyRealm.getScheme());
        }
        RequestBuilder headers = new RequestBuilder(nettyResponseFuture.getCurrentRequest()).setHeaders(add);
        if (nettyResponseFuture.getCurrentRequest().getUri().isSecured()) {
            headers.setMethod(HttpConstants.Methods.CONNECT);
        }
        Request build = headers.build();
        LOGGER.debug("Sending proxy authentication to {}", request.getUri());
        if (!nettyResponseFuture.isKeepAlive() || HttpHeaders.isTransferEncodingChunked(httpRequest) || HttpHeaders.isTransferEncodingChunked(httpResponse)) {
            this.channelManager.closeChannel(channel);
            this.requestSender.sendNextRequest(build, nettyResponseFuture);
            return true;
        }
        nettyResponseFuture.setConnectAllowed(true);
        nettyResponseFuture.setReuseChannel(true);
        this.requestSender.drainChannelAndExecuteNextRequest(channel, nettyResponseFuture, build);
        return true;
    }

    private void kerberosProxyChallenge(Channel channel, List<String> list, Request request, ProxyServer proxyServer, Realm realm, HttpHeaders httpHeaders, NettyResponseFuture<?> nettyResponseFuture) throws SpnegoEngineException {
        httpHeaders.set("Proxy-Authorization", (Object) ("Negotiate " + SpnegoEngine.instance().generateToken(proxyServer.getHost())));
    }

    private void ntlmProxyChallenge(String str, Request request, HttpHeaders httpHeaders, Realm realm, NettyResponseFuture<?> nettyResponseFuture) {
        if (str.equals("NTLM")) {
            httpHeaders.set("Proxy-Authorization", (Object) ("NTLM " + NtlmEngine.INSTANCE.generateType1Msg()));
            nettyResponseFuture.getInProxyAuth().set(false);
        } else {
            httpHeaders.set("Proxy-Authorization", (Object) ("NTLM " + NtlmEngine.INSTANCE.generateType3Msg(realm.getPrincipal(), realm.getPassword(), realm.getNtlmDomain(), realm.getNtlmHost(), str.substring("NTLM ".length()).trim())));
        }
    }
}
