package com.microsoft.tfs.core.util;

import com.microsoft.tfs.core.Messages;
import com.microsoft.tfs.core.clients.workitem.query.qe.WIQLOperators;
import com.microsoft.tfs.core.config.httpclient.HTTPClientFactory;
import com.microsoft.tfs.core.exceptions.ACSUnauthorizedException;
import com.microsoft.tfs.core.exceptions.HTTPProxyUnauthorizedException;
import com.microsoft.tfs.core.exceptions.mappers.VersionControlExceptionMapper;
import com.microsoft.tfs.core.httpclient.HttpClient;
import com.microsoft.tfs.core.httpclient.HttpException;
import com.microsoft.tfs.core.httpclient.HttpStatus;
import com.microsoft.tfs.core.httpclient.auth.AuthScope;
import com.microsoft.tfs.core.httpclient.cookie.CookiePolicy;
import com.microsoft.tfs.core.httpclient.methods.PostMethod;
import com.microsoft.tfs.core.ws.runtime.exceptions.ProxyUnauthorizedException;
import com.microsoft.tfs.core.ws.runtime.exceptions.TransportException;
import com.microsoft.tfs.util.Check;
import com.microsoft.tfs.util.LocaleUtil;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLDecoder;
import java.net.UnknownHostException;
import java.text.MessageFormat;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:WEB-INF/lib/com.microsoft.tfs.sdk-11.0.0.jar:com/microsoft/tfs/core/util/FederatedAuthenticationHelpers.class */
public class FederatedAuthenticationHelpers {
    public static final Log log = LogFactory.getLog(FederatedAuthenticationHelpers.class);

    public static String getWRAPAccessToken(HTTPClientFactory hTTPClientFactory, URI uri, String str, String str2, String str3) throws ACSUnauthorizedException, HTTPProxyUnauthorizedException {
        Check.notNull(hTTPClientFactory, "clientFactory");
        Check.notNull(uri, "acsIssuerURI");
        Check.notNullOrEmpty(str, "wrapScope");
        Check.notNullOrEmpty(str2, "wrapName");
        Check.notNull(str3, "wrapPassword");
        HttpClient newHTTPClient = hTTPClientFactory.newHTTPClient();
        PostMethod postMethod = new PostMethod(URIUtils.resolve(uri, "/WRAPv0.9/").toString());
        newHTTPClient.getState().clearCredentials();
        newHTTPClient.getParams().setPreemptiveAuthenticationTypes(new Class[0]);
        postMethod.getParams().setCookiePolicy(CookiePolicy.IGNORE_COOKIES);
        postMethod.setFollowRedirects(false);
        postMethod.setDoAuthentication(false);
        postMethod.addParameter("wrap_name", str2);
        postMethod.addParameter("wrap_password", str3);
        postMethod.addParameter("wrap_scope", str);
        try {
            int executeMethod = newHTTPClient.executeMethod(postMethod);
            log.trace(MessageFormat.format("WRAP post method status: {0}", HttpStatus.getStatusText(executeMethod)));
            switch (executeMethod) {
                case 200:
                    return parseAccessTokenFromResponse(postMethod.getResponseBodyAsString());
                case HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED /* 407 */:
                    throw new HTTPProxyUnauthorizedException(new ProxyUnauthorizedException(newHTTPClient.getHostConfiguration().getProxyHost(), newHTTPClient.getHostConfiguration().getProxyPort(), newHTTPClient.getState().getProxyCredentials(AuthScope.ANY)));
                default:
                    String responseBodyAsString = postMethod.getResponseBodyAsString();
                    log.warn(MessageFormat.format("ACS returned non-OK status {0}: {1}", HttpStatus.getStatusText(executeMethod), responseBodyAsString));
                    throw new ACSUnauthorizedException(str2, getDetailMessage(responseBodyAsString));
            }
        } catch (HttpException e) {
            log.error(Messages.getString("FederatedAuthenticationHelpers.HTTPErrorGettingAccessToken", LocaleUtil.ROOT), e);
            throw new TransportException(Messages.getString("FederatedAuthenticationHelpers.HTTPErrorGettingAccessToken"), e);
        } catch (UnknownHostException e2) {
            throw VersionControlExceptionMapper.map(new TransportException(e2));
        } catch (IOException e3) {
            log.error(Messages.getString("FederatedAuthenticationHelpers.IOErrorGettingAccessToken", LocaleUtil.ROOT), e3);
            throw new TransportException(Messages.getString("FederatedAuthenticationHelpers.IOErrorGettingAccessToken"), e3);
        }
    }

    protected static String getDetailMessage(String str) {
        Check.notNull(str, "acsResponseBody");
        String[] split = str.split(":");
        for (int i = 0; i < split.length; i++) {
            if (split[i].equalsIgnoreCase("Detail")) {
                String string = Messages.getString("FederatedAuthenticationHelpers.DetailFieldPresentButMessageMissing");
                if (i + 1 < split.length) {
                    string = split[i + 1];
                    if (!string.matches("ACS\\d{5}")) {
                        return string;
                    }
                }
                if (i + 2 < split.length) {
                    string = string + ":" + split[i + 2];
                }
                return string;
            }
        }
        return null;
    }

    private static String parseAccessTokenFromResponse(String str) {
        String str2 = null;
        if (str != null) {
            log.trace(MessageFormat.format("WRAP post method response body: {0}", str));
            String[] split = str.split("&");
            int length = split.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String[] split2 = split[i].split(WIQLOperators.EQUAL_TO, 2);
                if (split2.length == 2 && split2[0].equalsIgnoreCase("wrap_access_token")) {
                    try {
                        str2 = URLDecoder.decode(split2[1], "UTF-8");
                        log.trace(MessageFormat.format("Parsed access token: {0}", str2));
                        break;
                    } catch (UnsupportedEncodingException e) {
                        log.error("Unsupported encoding while decoding access token", e);
                        str2 = null;
                    }
                } else {
                    i++;
                }
            }
        }
        if (str2 == null) {
            log.warn(MessageFormat.format("Could not parse WRAP access token from response body: {0}", str));
        }
        return str2;
    }
}
