package com.azure.core.http.netty.implementation;

import com.azure.core.util.AuthorizationChallengeHandler;
import com.azure.core.util.CoreUtils;
import com.azure.core.util.logging.ClientLogger;
import io.netty.buffer.Unpooled;
import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.http.DefaultFullHttpRequest;
import io.netty.handler.codec.http.HttpClientCodec;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpHeaders;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpResponse;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpUtil;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.handler.codec.http.LastHttpContent;
import io.netty.handler.proxy.HttpProxyHandler;
import io.netty.handler.proxy.ProxyConnectException;
import io.netty.handler.proxy.ProxyHandler;
import io.netty.util.AttributeKey;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Supplier;
import java.util.regex.Pattern;

/* loaded from: input_file:WEB-INF/lib/azure-core-http-netty-1.11.2.jar:com/azure/core/http/netty/implementation/HttpProxyHandler.class */
public final class HttpProxyHandler extends ProxyHandler {
    private static final String VALIDATION_ERROR_TEMPLATE = "The '%s' returned in the 'Proxy-Authentication-Info' header doesn't match the value sent in the 'Proxy-Authorization' header. Sent: %s, received: %s.";
    private static final String NONE = "none";
    private static final String HTTP = "http";
    private static final String CNONCE = "cnonce";
    private static final String NC = "nc";
    private static final String AUTH_BASIC = "basic";
    private static final String AUTH_DIGEST = "digest";
    private static final String PROXY_URI_PATH = "/";
    private final ClientLogger logger;
    private final AuthorizationChallengeHandler challengeHandler;
    private final AtomicReference<ChallengeHolder> proxyChallengeHolderReference;
    private final HttpClientCodec codec;
    private String authScheme;
    private HttpResponseStatus status;
    private HttpHeaders innerHeaders;
    private static final AttributeKey<String> PROXY_AUTHORIZATION_KEY = AttributeKey.newInstance("ProxyAuthorization");
    private static final Pattern AUTH_SCHEME_PATTERN = Pattern.compile("^digest", 2);
    private static final String PROXY_METHOD = HttpMethod.CONNECT.name();
    private static final Supplier<byte[]> NO_BODY = () -> {
        return new byte[0];
    };

    public HttpProxyHandler(InetSocketAddress inetSocketAddress, AuthorizationChallengeHandler authorizationChallengeHandler, AtomicReference<ChallengeHolder> atomicReference) {
        super(inetSocketAddress);
        this.logger = new ClientLogger((Class<?>) HttpProxyHandler.class);
        this.authScheme = null;
        this.challengeHandler = authorizationChallengeHandler;
        this.proxyChallengeHolderReference = atomicReference;
        this.codec = new HttpClientCodec();
    }

    @Override // io.netty.handler.proxy.ProxyHandler
    public String protocol() {
        return HTTP;
    }

    @Override // io.netty.handler.proxy.ProxyHandler
    public String authScheme() {
        return this.authScheme == null ? "none" : this.authScheme;
    }

    @Override // io.netty.handler.proxy.ProxyHandler
    protected void addCodec(ChannelHandlerContext channelHandlerContext) {
        channelHandlerContext.pipeline().addBefore(channelHandlerContext.name(), null, this.codec);
    }

    @Override // io.netty.handler.proxy.ProxyHandler
    protected void removeEncoder(ChannelHandlerContext channelHandlerContext) {
        this.codec.removeOutboundHandler();
    }

    @Override // io.netty.handler.proxy.ProxyHandler
    protected void removeDecoder(ChannelHandlerContext channelHandlerContext) {
        this.codec.removeInboundHandler();
    }

    @Override // io.netty.handler.proxy.ProxyHandler
    protected Object newInitialMessage(ChannelHandlerContext channelHandlerContext) {
        InetSocketAddress inetSocketAddress = (InetSocketAddress) destinationAddress();
        String formatHostnameForHttp = HttpUtil.formatHostnameForHttp(inetSocketAddress);
        int port = inetSocketAddress.getPort();
        String str = formatHostnameForHttp + ":" + port;
        String str2 = (port == 80 || port == 443) ? str : formatHostnameForHttp;
        DefaultFullHttpRequest defaultFullHttpRequest = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.CONNECT, str, Unpooled.EMPTY_BUFFER, false);
        defaultFullHttpRequest.headers().set(HttpHeaderNames.HOST, str2);
        if (this.challengeHandler != null) {
            String createAuthorizationHeader = createAuthorizationHeader();
            if (!CoreUtils.isNullOrEmpty(createAuthorizationHeader)) {
                this.authScheme = AUTH_SCHEME_PATTERN.matcher(createAuthorizationHeader).find() ? AUTH_DIGEST : AUTH_BASIC;
                defaultFullHttpRequest.headers().set("Proxy-Authorization", (Object) createAuthorizationHeader);
                channelHandlerContext.channel().attr(PROXY_AUTHORIZATION_KEY).set(createAuthorizationHeader);
            }
        }
        return defaultFullHttpRequest;
    }

    private String createAuthorizationHeader() {
        String attemptToPipelineAuthorization = this.challengeHandler.attemptToPipelineAuthorization(PROXY_METHOD, PROXY_URI_PATH, NO_BODY);
        if (!CoreUtils.isNullOrEmpty(attemptToPipelineAuthorization)) {
            return attemptToPipelineAuthorization;
        }
        ChallengeHolder challengeHolder = this.proxyChallengeHolderReference.get();
        if (challengeHolder != null) {
            List<Map<String, String>> digestChallenges = challengeHolder.getDigestChallenges();
            if (!CoreUtils.isNullOrEmpty(digestChallenges)) {
                attemptToPipelineAuthorization = this.challengeHandler.handleDigest(PROXY_METHOD, PROXY_URI_PATH, digestChallenges, NO_BODY);
            }
            if (CoreUtils.isNullOrEmpty(attemptToPipelineAuthorization) && challengeHolder.hasBasicChallenge()) {
                attemptToPipelineAuthorization = this.challengeHandler.handleBasic();
            }
        }
        return attemptToPipelineAuthorization;
    }

    @Override // io.netty.handler.proxy.ProxyHandler
    protected boolean handleResponse(ChannelHandlerContext channelHandlerContext, Object obj) throws ProxyConnectException {
        if (obj instanceof HttpResponse) {
            if (this.status != null) {
                throw this.logger.logExceptionAsWarning(new RuntimeException("Received too many responses for a request"));
            }
            HttpResponse httpResponse = (HttpResponse) obj;
            this.status = httpResponse.status();
            this.innerHeaders = httpResponse.headers();
            if (httpResponse.status().code() == 407) {
                this.proxyChallengeHolderReference.set(extractChallengesFromHeaders(httpResponse.headers()));
            } else if (httpResponse.status().code() == 200) {
                validateProxyAuthenticationInfo(httpResponse.headers().get(AuthorizationChallengeHandler.PROXY_AUTHENTICATION_INFO), (String) channelHandlerContext.channel().attr(PROXY_AUTHORIZATION_KEY).get());
            }
        }
        boolean z = obj instanceof LastHttpContent;
        if (z) {
            if (this.status == null) {
                throw new HttpProxyHandler.HttpProxyConnectException("Never received response for CONNECT request.", this.innerHeaders);
            }
            if (this.status.code() != 200) {
                throw new HttpProxyHandler.HttpProxyConnectException("Failed to connect to proxy. Status: " + this.status, this.innerHeaders);
            }
        }
        return z;
    }

    private static ChallengeHolder extractChallengesFromHeaders(HttpHeaders httpHeaders) {
        boolean z = false;
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = httpHeaders.getAll("Proxy-Authenticate").iterator();
        while (it.hasNext()) {
            String[] split = it.next().split(" ", 2);
            String trim = split[0].trim();
            if (trim.equalsIgnoreCase(AUTH_BASIC)) {
                z = true;
            } else if (trim.equalsIgnoreCase(AUTH_DIGEST)) {
                HashMap hashMap = new HashMap();
                for (String str : split[1].split(",")) {
                    String[] split2 = str.split("=", 2);
                    if (split2.length == 2) {
                        hashMap.put(split2[0].trim(), split2[1].trim().replace("\"", ""));
                    }
                }
                arrayList.add(hashMap);
            }
        }
        return new ChallengeHolder(z, arrayList);
    }

    private void validateProxyAuthenticationInfo(String str, String str2) {
        if (CoreUtils.isNullOrEmpty(str)) {
            return;
        }
        Map<String, String> parseAuthenticationOrAuthorizationHeader = AuthorizationChallengeHandler.parseAuthenticationOrAuthorizationHeader(str);
        Map<String, String> parseAuthenticationOrAuthorizationHeader2 = AuthorizationChallengeHandler.parseAuthenticationOrAuthorizationHeader(str2);
        validateProxyAuthenticationInfoValue(CNONCE, parseAuthenticationOrAuthorizationHeader, parseAuthenticationOrAuthorizationHeader2);
        validateProxyAuthenticationInfoValue(NC, parseAuthenticationOrAuthorizationHeader, parseAuthenticationOrAuthorizationHeader2);
        this.challengeHandler.consumeAuthenticationInfoHeader(parseAuthenticationOrAuthorizationHeader);
    }

    private void validateProxyAuthenticationInfoValue(String str, Map<String, String> map, Map<String, String> map2) {
        if (map.containsKey(str)) {
            String str2 = map2.get(str);
            String str3 = map.get(str);
            if (!str3.equalsIgnoreCase(str2)) {
                throw this.logger.logExceptionAsError(new IllegalStateException(String.format(VALIDATION_ERROR_TEMPLATE, str, str2, str3)));
            }
        }
    }
}
