package org.opencastproject.security.util;

import java.io.IOException;
import java.util.Map;
import java.util.Random;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.http.Header;
import org.apache.http.HeaderElement;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.ResponseHandler;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.impl.auth.DigestScheme;
import org.apache.http.impl.client.DefaultHttpClient;
import org.opencastproject.security.api.TrustedHttpClient;
import org.opencastproject.security.api.TrustedHttpClientException;
import org.opencastproject.util.data.Either;
import org.opencastproject.util.data.Function;
import org.opencastproject.util.data.Option;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opencastproject/security/util/StandAloneTrustedHttpClientImpl.class */
public final class StandAloneTrustedHttpClientImpl implements TrustedHttpClient {
    private static final Logger logger = LoggerFactory.getLogger(StandAloneTrustedHttpClientImpl.class);
    public static final String AUTHORIZATION_HEADER_NAME = "Authorization";
    public static final String REQUESTED_AUTH_HEADER = "X-Requested-Auth";
    public static final String DIGEST_AUTH = "Digest";
    public static final int DEFAULT_CONNECTION_TIMEOUT = 60000;
    public static final int DEFAULT_SOCKET_TIMEOUT = 60000;
    public static final int DEFAULT_NONCE_TIMEOUT_RETRIES = 3;
    private static final int MILLISECONDS_IN_SECONDS = 1000;
    public static final int DEFAULT_RETRY_BASE_DELAY = 300;
    public static final int DEFAULT_RETRY_MAXIMUM_VARIABLE_TIME = 300;
    private final String user;
    private final String pass;
    private final int nonceTimeoutRetries;
    private final Map<HttpResponse, HttpClient> responseMap = new ConcurrentHashMap();
    private final Random generator = new Random();
    private final int retryBaseDelay;
    private final int retryMaximumVariableTime;

    public StandAloneTrustedHttpClientImpl(String str, String str2, Option<Integer> option, Option<Integer> option2, Option<Integer> option3) {
        this.user = str;
        this.pass = str2;
        this.nonceTimeoutRetries = option.getOrElse((Option<Integer>) 3).intValue();
        this.retryBaseDelay = option2.getOrElse((Option<Integer>) 300).intValue();
        this.retryMaximumVariableTime = option3.getOrElse((Option<Integer>) 300).intValue();
    }

    @Override // org.opencastproject.security.api.TrustedHttpClient
    public <A> Function<Function<HttpResponse, A>, Either<Exception, A>> run(HttpUriRequest httpUriRequest) {
        return run(this, httpUriRequest);
    }

    public static <A> Function<Function<HttpResponse, A>, Either<Exception, A>> run(final TrustedHttpClient trustedHttpClient, final HttpUriRequest httpUriRequest) {
        return new Function<Function<HttpResponse, A>, Either<Exception, A>>() { // from class: org.opencastproject.security.util.StandAloneTrustedHttpClientImpl.1
            @Override // org.opencastproject.util.data.Function
            public Either<Exception, A> apply(Function<HttpResponse, A> function) {
                HttpResponse httpResponse = null;
                try {
                    try {
                        httpResponse = TrustedHttpClient.this.execute(httpUriRequest);
                        Either<Exception, A> right = Either.right(function.apply(httpResponse));
                        if (httpResponse != null) {
                            TrustedHttpClient.this.close(httpResponse);
                        }
                        return right;
                    } catch (Exception e) {
                        Either<Exception, A> left = Either.left(e);
                        if (httpResponse != null) {
                            TrustedHttpClient.this.close(httpResponse);
                        }
                        return left;
                    }
                } catch (Throwable th) {
                    if (httpResponse != null) {
                        TrustedHttpClient.this.close(httpResponse);
                    }
                    throw th;
                }
            }
        };
    }

    @Override // org.opencastproject.security.api.TrustedHttpClient
    public <A> TrustedHttpClient.RequestRunner<A> runner(HttpUriRequest httpUriRequest) {
        return runner(this, httpUriRequest);
    }

    public static <A> TrustedHttpClient.RequestRunner<A> runner(final TrustedHttpClient trustedHttpClient, final HttpUriRequest httpUriRequest) {
        return new TrustedHttpClient.RequestRunner<A>() { // from class: org.opencastproject.security.util.StandAloneTrustedHttpClientImpl.2
            @Override // org.opencastproject.security.api.TrustedHttpClient.RequestRunner
            public Either<Exception, A> run(Function<HttpResponse, A> function) {
                HttpResponse httpResponse = null;
                try {
                    try {
                        httpResponse = TrustedHttpClient.this.execute(httpUriRequest);
                        Either<Exception, A> right = Either.right(function.apply(httpResponse));
                        if (httpResponse != null) {
                            TrustedHttpClient.this.close(httpResponse);
                        }
                        return right;
                    } catch (Exception e) {
                        Either<Exception, A> left = Either.left(e);
                        if (httpResponse != null) {
                            TrustedHttpClient.this.close(httpResponse);
                        }
                        return left;
                    }
                } catch (Throwable th) {
                    if (httpResponse != null) {
                        TrustedHttpClient.this.close(httpResponse);
                    }
                    throw th;
                }
            }
        };
    }

    @Override // org.opencastproject.security.api.TrustedHttpClient
    public HttpResponse execute(HttpUriRequest httpUriRequest) throws TrustedHttpClientException {
        return execute(httpUriRequest, 60000, 60000);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v42, types: [org.apache.http.HttpResponse] */
    /* JADX WARN: Type inference failed for: r5v0, types: [org.opencastproject.security.util.StandAloneTrustedHttpClientImpl] */
    @Override // org.opencastproject.security.api.TrustedHttpClient
    public HttpResponse execute(HttpUriRequest httpUriRequest, int i, int i2) throws TrustedHttpClientException {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        defaultHttpClient.getParams().setIntParameter("http.connection.timeout", i);
        httpUriRequest.setHeader(REQUESTED_AUTH_HEADER, DIGEST_AUTH);
        if ("GET".equalsIgnoreCase(httpUriRequest.getMethod()) || "HEAD".equalsIgnoreCase(httpUriRequest.getMethod())) {
            defaultHttpClient.getCredentialsProvider().setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(this.user, this.pass));
            try {
                HttpResponseWrapper httpResponseWrapper = new HttpResponseWrapper(defaultHttpClient.execute(httpUriRequest));
                this.responseMap.put(httpResponseWrapper, defaultHttpClient);
                return httpResponseWrapper;
            } catch (IOException e) {
                defaultHttpClient.getConnectionManager().shutdown();
                throw new TrustedHttpClientException(e);
            }
        }
        manuallyHandleDigestAuthentication(httpUriRequest, defaultHttpClient);
        HttpResponseWrapper httpResponseWrapper2 = null;
        try {
            httpResponseWrapper2 = new HttpResponseWrapper(defaultHttpClient.execute(httpUriRequest));
            if (this.nonceTimeoutRetries > 0 && hadNonceTimeoutResponse(httpResponseWrapper2)) {
                defaultHttpClient.getConnectionManager().shutdown();
                httpResponseWrapper2 = retryAuthAndRequestAfterNonceTimeout(httpUriRequest, httpResponseWrapper2);
            }
            this.responseMap.put(httpResponseWrapper2, defaultHttpClient);
            return httpResponseWrapper2;
        } catch (Exception e2) {
            if (httpResponseWrapper2 != null) {
                this.responseMap.remove(httpResponseWrapper2);
            }
            defaultHttpClient.getConnectionManager().shutdown();
            throw new TrustedHttpClientException(e2);
        }
    }

    private HttpResponse retryAuthAndRequestAfterNonceTimeout(HttpUriRequest httpUriRequest, HttpResponse httpResponse) throws TrustedHttpClientException, IOException, ClientProtocolException {
        httpUriRequest.removeHeaders(AUTHORIZATION_HEADER_NAME);
        int i = 0;
        while (true) {
            if (i >= this.nonceTimeoutRetries) {
                break;
            }
            DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
            int i2 = 0;
            if (this.retryMaximumVariableTime > 0) {
                i2 = this.generator.nextInt(this.retryMaximumVariableTime * 1000);
            }
            long j = (this.retryBaseDelay * 1000) + i2;
            if (j > 0) {
                logger.info("Sleeping " + j + "ms before trying request " + httpUriRequest.getURI() + " again due to a " + httpResponse.getStatusLine());
                try {
                    Thread.sleep(j);
                } catch (InterruptedException e) {
                    logger.error("Suffered InteruptedException while trying to sleep until next retry.", e);
                }
            }
            manuallyHandleDigestAuthentication(httpUriRequest, defaultHttpClient);
            httpResponse = new HttpResponseWrapper(defaultHttpClient.execute(httpUriRequest));
            if (!hadNonceTimeoutResponse(httpResponse)) {
                this.responseMap.put(httpResponse, defaultHttpClient);
                break;
            }
            defaultHttpClient.getConnectionManager().shutdown();
            i++;
        }
        return httpResponse;
    }

    private boolean hadNonceTimeoutResponse(HttpResponse httpResponse) {
        return 401 == httpResponse.getStatusLine().getStatusCode() && "Nonce has expired/timed out".equals(httpResponse.getStatusLine().getReasonPhrase());
    }

    private void manuallyHandleDigestAuthentication(HttpUriRequest httpUriRequest, HttpClient httpClient) throws TrustedHttpClientException {
        try {
            HttpRequestBase httpRequestBase = (HttpRequestBase) httpUriRequest.getClass().newInstance();
            httpRequestBase.setURI(httpUriRequest.getURI());
            httpRequestBase.setHeader(REQUESTED_AUTH_HEADER, DIGEST_AUTH);
            String[] realmAndNonce = getRealmAndNonce(httpRequestBase);
            if (realmAndNonce != null) {
                UsernamePasswordCredentials usernamePasswordCredentials = new UsernamePasswordCredentials(this.user, this.pass);
                DigestScheme digestScheme = new DigestScheme();
                digestScheme.overrideParamter("realm", realmAndNonce[0]);
                digestScheme.overrideParamter("nonce", realmAndNonce[1]);
                try {
                    httpUriRequest.setHeader(digestScheme.authenticate(usernamePasswordCredentials, httpUriRequest));
                } catch (Exception e) {
                    httpClient.getConnectionManager().shutdown();
                    throw new TrustedHttpClientException(e);
                }
            }
        } catch (Exception e2) {
            throw new IllegalStateException("Can not create a new " + httpUriRequest.getClass().getName());
        }
    }

    @Override // org.opencastproject.security.api.TrustedHttpClient
    public <T> T execute(HttpUriRequest httpUriRequest, ResponseHandler<T> responseHandler, int i, int i2) throws TrustedHttpClientException {
        try {
            return responseHandler.handleResponse(execute(httpUriRequest, i, i2));
        } catch (IOException e) {
            throw new TrustedHttpClientException(e);
        }
    }

    @Override // org.opencastproject.security.api.TrustedHttpClient
    public void close(HttpResponse httpResponse) {
        if (httpResponse == null) {
            logger.debug("Can not close a null response");
            return;
        }
        HttpClient remove = this.responseMap.remove(httpResponse);
        if (remove != null) {
            remove.getConnectionManager().shutdown();
        }
    }

    @Override // org.opencastproject.security.api.TrustedHttpClient
    public <T> T execute(HttpUriRequest httpUriRequest, ResponseHandler<T> responseHandler) throws TrustedHttpClientException {
        return (T) execute(httpUriRequest, responseHandler, 60000, 60000);
    }

    private String[] getRealmAndNonce(HttpRequestBase httpRequestBase) throws TrustedHttpClientException {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        try {
            Header[] headers = new HttpResponseWrapper(defaultHttpClient.execute((HttpUriRequest) httpRequestBase)).getHeaders("WWW-Authenticate");
            if (headers == null || headers.length == 0) {
                logger.warn("URI {} does not support digest authentication", httpRequestBase.getURI());
                defaultHttpClient.getConnectionManager().shutdown();
                return null;
            }
            String str = null;
            String str2 = null;
            for (HeaderElement headerElement : headers[0].getElements()) {
                if ("nonce".equals(headerElement.getName())) {
                    str = headerElement.getValue();
                } else if ("Digest realm".equals(headerElement.getName())) {
                    str2 = headerElement.getValue();
                }
            }
            defaultHttpClient.getConnectionManager().shutdown();
            return new String[]{str2, str};
        } catch (IOException e) {
            defaultHttpClient.getConnectionManager().shutdown();
            throw new TrustedHttpClientException(e);
        }
    }
}
