package org.eclipse.jgit.internal.transport.sshd.proxy;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.apache.http.HttpStatus;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.io.IoSession;
import org.apache.sshd.common.util.Readable;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import org.eclipse.jgit.annotations.NonNull;
import org.eclipse.jgit.internal.transport.sshd.GssApiMechanisms;
import org.eclipse.jgit.internal.transport.sshd.SshdText;
import org.eclipse.jgit.internal.transport.sshd.auth.AuthenticationHandler;
import org.eclipse.jgit.internal.transport.sshd.auth.BasicAuthentication;
import org.eclipse.jgit.internal.transport.sshd.auth.GssApiAuthentication;
import org.eclipse.jgit.internal.transport.sshd.proxy.HttpParser;
import org.eclipse.jgit.util.Base64;
import org.ietf.jgss.GSSContext;
import org.json.HTTP;

/* loaded from: input_file:test-dependencies/git-client.hpi:WEB-INF/lib/org.eclipse.jgit.ssh.apache-6.4.0.202211300538-r.jar:org/eclipse/jgit/internal/transport/sshd/proxy/HttpClientConnector.class */
public class HttpClientConnector extends AbstractClientProxyConnector {
    private static final String HTTP_HEADER_PROXY_AUTHENTICATION = "Proxy-Authentication:";
    private static final String HTTP_HEADER_PROXY_AUTHORIZATION = "Proxy-Authorization:";
    private HttpAuthenticationHandler basic;
    private HttpAuthenticationHandler negotiate;
    private List<HttpAuthenticationHandler> availableAuthentications;
    private Iterator<HttpAuthenticationHandler> clientAuthentications;
    private HttpAuthenticationHandler authenticator;
    private boolean ongoing;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:test-dependencies/git-client.hpi:WEB-INF/lib/org.eclipse.jgit.ssh.apache-6.4.0.202211300538-r.jar:org/eclipse/jgit/internal/transport/sshd/proxy/HttpClientConnector$HttpAuthenticationHandler.class */
    public interface HttpAuthenticationHandler extends AuthenticationHandler<AuthenticationChallenge, String> {
        String getName();
    }

    /* loaded from: input_file:test-dependencies/git-client.hpi:WEB-INF/lib/org.eclipse.jgit.ssh.apache-6.4.0.202211300538-r.jar:org/eclipse/jgit/internal/transport/sshd/proxy/HttpClientConnector$HttpBasicAuthentication.class */
    private class HttpBasicAuthentication extends BasicAuthentication<AuthenticationChallenge, String> implements HttpAuthenticationHandler {
        private boolean asked;

        public HttpBasicAuthentication() {
            super(HttpClientConnector.this.proxyAddress, HttpClientConnector.this.proxyUser, HttpClientConnector.this.proxyPassword);
        }

        @Override // org.eclipse.jgit.internal.transport.sshd.proxy.HttpClientConnector.HttpAuthenticationHandler
        public String getName() {
            return "Basic";
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.eclipse.jgit.internal.transport.sshd.auth.BasicAuthentication
        public void askCredentials() {
            if (this.asked) {
                throw new IllegalStateException("Basic auth: already asked user for password");
            }
            this.asked = true;
            super.askCredentials();
            this.done = true;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.eclipse.jgit.internal.transport.sshd.auth.AuthenticationHandler
        public String getToken() throws Exception {
            if (this.user.indexOf(58) >= 0) {
                throw new IOException(MessageFormat.format(SshdText.get().proxyHttpInvalidUserName, this.proxy, this.user));
            }
            byte[] bytes = this.user.getBytes(StandardCharsets.UTF_8);
            byte[] bArr = new byte[bytes.length + 1 + this.password.length];
            System.arraycopy(bytes, 0, bArr, 0, bytes.length);
            bArr[bytes.length] = 58;
            System.arraycopy(this.password, 0, bArr, bytes.length + 1, this.password.length);
            Arrays.fill(this.password, (byte) 0);
            String encodeBytes = Base64.encodeBytes(bArr);
            Arrays.fill(bArr, (byte) 0);
            return String.valueOf(getName()) + ' ' + encodeBytes;
        }
    }

    /* loaded from: input_file:test-dependencies/git-client.hpi:WEB-INF/lib/org.eclipse.jgit.ssh.apache-6.4.0.202211300538-r.jar:org/eclipse/jgit/internal/transport/sshd/proxy/HttpClientConnector$NegotiateAuthentication.class */
    private class NegotiateAuthentication extends GssApiAuthentication<AuthenticationChallenge, String> implements HttpAuthenticationHandler {
        public NegotiateAuthentication() {
            super(HttpClientConnector.this.proxyAddress);
        }

        @Override // org.eclipse.jgit.internal.transport.sshd.proxy.HttpClientConnector.HttpAuthenticationHandler
        public String getName() {
            return "Negotiate";
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.eclipse.jgit.internal.transport.sshd.auth.AuthenticationHandler
        public String getToken() throws Exception {
            return String.valueOf(getName()) + ' ' + Base64.encodeBytes(this.token);
        }

        @Override // org.eclipse.jgit.internal.transport.sshd.auth.GssApiAuthentication
        protected GSSContext createContext() throws Exception {
            return GssApiMechanisms.createContext(GssApiMechanisms.SPNEGO, GssApiMechanisms.getCanonicalName(HttpClientConnector.this.proxyAddress));
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.eclipse.jgit.internal.transport.sshd.auth.GssApiAuthentication
        public byte[] extractToken(AuthenticationChallenge authenticationChallenge) throws Exception {
            String token = authenticationChallenge.getToken();
            return token == null ? new byte[0] : Base64.decode(token);
        }
    }

    public HttpClientConnector(@NonNull InetSocketAddress inetSocketAddress, @NonNull InetSocketAddress inetSocketAddress2) {
        this(inetSocketAddress, inetSocketAddress2, null, null);
    }

    public HttpClientConnector(@NonNull InetSocketAddress inetSocketAddress, @NonNull InetSocketAddress inetSocketAddress2, String str, char[] cArr) {
        super(inetSocketAddress, inetSocketAddress2, str, cArr);
        this.basic = new HttpBasicAuthentication();
        this.negotiate = new NegotiateAuthentication();
        this.availableAuthentications = new ArrayList(2);
        this.availableAuthentications.add(this.negotiate);
        this.availableAuthentications.add(this.basic);
        this.clientAuthentications = this.availableAuthentications.iterator();
    }

    private void close() {
        HttpAuthenticationHandler httpAuthenticationHandler = this.authenticator;
        this.authenticator = null;
        if (httpAuthenticationHandler != null) {
            httpAuthenticationHandler.close();
        }
    }

    @Override // org.apache.sshd.client.session.ClientProxyConnector
    public void sendClientProxyMetadata(ClientSession clientSession) throws Exception {
        init(clientSession);
        IoSession ioSession = clientSession.getIoSession();
        ioSession.addCloseFutureListener(closeFuture -> {
            close();
        });
        StringBuilder connect = connect();
        if ((this.proxyUser != null && !this.proxyUser.isEmpty()) || (this.proxyPassword != null && this.proxyPassword.length > 0)) {
            this.authenticator = this.basic;
            this.basic.setParams(null);
            this.basic.start();
            connect = authenticate(connect, this.basic.getToken());
            clearPassword();
            this.proxyUser = null;
        }
        this.ongoing = true;
        try {
            send(connect, ioSession);
        } catch (Exception e) {
            this.ongoing = false;
            throw e;
        }
    }

    private void send(StringBuilder sb, IoSession ioSession) throws Exception {
        byte[] bytes = eol(sb).toString().getBytes(StandardCharsets.US_ASCII);
        ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer(bytes.length, false);
        byteArrayBuffer.putRawBytes(bytes);
        ioSession.writeBuffer(byteArrayBuffer).verify(getTimeout());
    }

    private StringBuilder connect() {
        return new StringBuilder().append(MessageFormat.format("CONNECT {0}:{1} HTTP/1.1\r\nProxy-Connection: keep-alive\r\nConnection: keep-alive\r\nHost: {0}:{1}\r\n", this.remoteAddress.getHostString(), Integer.toString(this.remoteAddress.getPort())));
    }

    private StringBuilder authenticate(StringBuilder sb, String str) {
        sb.append(HTTP_HEADER_PROXY_AUTHORIZATION).append(' ').append(str);
        return eol(sb);
    }

    private StringBuilder eol(StringBuilder sb) {
        return sb.append('\r').append('\n');
    }

    @Override // org.eclipse.jgit.internal.transport.sshd.proxy.StatefulProxyConnector
    public void messageReceived(IoSession ioSession, Readable readable) throws Exception {
        try {
            int available = readable.available();
            byte[] bArr = new byte[available];
            readable.getRawBytes(bArr, 0, available);
            handleMessage(ioSession, Arrays.asList(new String(bArr, StandardCharsets.US_ASCII).split(HTTP.CRLF)));
        } catch (Exception e) {
            if (this.authenticator != null) {
                this.authenticator.close();
                this.authenticator = null;
            }
            this.ongoing = false;
            try {
                setDone(false);
            } catch (Exception e2) {
                e.addSuppressed(e2);
            }
            throw e;
        }
    }

    private void handleMessage(IoSession ioSession, List<String> list) throws Exception {
        if (list.isEmpty() || list.get(0).isEmpty()) {
            throw new IOException(MessageFormat.format(SshdText.get().proxyHttpUnexpectedReply, this.proxyAddress, "<empty>"));
        }
        try {
            StatusLine parseStatusLine = HttpParser.parseStatusLine(list.get(0));
            if (!this.ongoing) {
                throw new IOException(MessageFormat.format(SshdText.get().proxyHttpUnexpectedReply, this.proxyAddress, Integer.toString(parseStatusLine.getResultCode()), parseStatusLine.getReason()));
            }
            switch (parseStatusLine.getResultCode()) {
                case 200:
                    if (this.authenticator != null) {
                        this.authenticator.close();
                    }
                    this.authenticator = null;
                    this.ongoing = false;
                    setDone(true);
                    return;
                case HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED /* 407 */:
                    this.authenticator = selectProtocol(HttpParser.getAuthenticationHeaders(list, HTTP_HEADER_PROXY_AUTHENTICATION), this.authenticator);
                    if (this.authenticator == null) {
                        throw new IOException(MessageFormat.format(SshdText.get().proxyCannotAuthenticate, this.proxyAddress));
                    }
                    String token = this.authenticator.getToken();
                    if (token == null) {
                        throw new IOException(MessageFormat.format(SshdText.get().proxyCannotAuthenticate, this.proxyAddress));
                    }
                    send(authenticate(connect(), token), ioSession);
                    return;
                default:
                    throw new IOException(MessageFormat.format(SshdText.get().proxyHttpFailure, this.proxyAddress, Integer.toString(parseStatusLine.getResultCode()), parseStatusLine.getReason()));
            }
        } catch (HttpParser.ParseException e) {
            throw new IOException(MessageFormat.format(SshdText.get().proxyHttpUnexpectedReply, this.proxyAddress, list.get(0)), e);
        }
    }

    private HttpAuthenticationHandler selectProtocol(List<AuthenticationChallenge> list, HttpAuthenticationHandler httpAuthenticationHandler) throws Exception {
        AuthenticationChallenge byName;
        AuthenticationChallenge byName2;
        if (httpAuthenticationHandler != null && !httpAuthenticationHandler.isDone() && (byName2 = getByName(list, httpAuthenticationHandler.getName())) != null) {
            httpAuthenticationHandler.setParams(byName2);
            httpAuthenticationHandler.process();
            return httpAuthenticationHandler;
        }
        if (httpAuthenticationHandler != null) {
            httpAuthenticationHandler.close();
        }
        while (this.clientAuthentications.hasNext()) {
            HttpAuthenticationHandler next = this.clientAuthentications.next();
            if (!next.isDone() && (byName = getByName(list, next.getName())) != null) {
                next.setParams(byName);
                next.start();
                return next;
            }
        }
        return null;
    }

    private AuthenticationChallenge getByName(List<AuthenticationChallenge> list, String str) {
        return list.stream().filter(authenticationChallenge -> {
            return authenticationChallenge.getMechanism().equalsIgnoreCase(str);
        }).findFirst().orElse(null);
    }
}
