package com.refinitiv.eta.valueadd.reactor;

import com.sun.security.auth.module.Krb5LoginModule;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Objects;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.NTCredentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.auth.BasicSchemeFactory;
import org.apache.http.impl.auth.KerberosSchemeFactory;
import org.apache.http.impl.auth.NTLMSchemeFactory;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.ProxyAuthenticationStrategy;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/refinitiv/eta/valueadd/reactor/RestProxyAuthHandler.class */
public class RestProxyAuthHandler {
    static final int BASIC = 16;
    static final int NTLM = 32;
    static final int KERBEROS = 64;
    static final int NEGOTIATE = 128;
    private int authSchemeFlag;
    private SSLConnectionSocketFactory _sslconSocketFactory;
    private RestReactor _restReactor;
    private RequestConfig _defaultRequestConfig;
    private Logger loggerClient;
    private static String db;
    private static HashMap<String, String> loginConfigOptions = new HashMap<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/refinitiv/eta/valueadd/reactor/RestProxyAuthHandler$KerberosCallBackHandler.class */
    public static class KerberosCallBackHandler implements CallbackHandler {
        private final String user;
        private final String password;

        public KerberosCallBackHandler(String str, String str2) {
            this.user = str;
            this.password = str2;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException {
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(this.user);
                } else if (callback instanceof PasswordCallback) {
                    ((PasswordCallback) callback).setPassword(this.password.toCharArray());
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RestProxyAuthHandler(RestReactor restReactor, SSLConnectionSocketFactory sSLConnectionSocketFactory) {
        this.loggerClient = null;
        clear();
        this._sslconSocketFactory = sSLConnectionSocketFactory;
        this._restReactor = restReactor;
        this._defaultRequestConfig = RequestConfig.custom().setAuthenticationEnabled(true).build();
        this.loggerClient = LoggerFactory.getLogger(RestReactor.class);
    }

    void clear() {
        this.authSchemeFlag = 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int executeSync(HttpRequestBase httpRequestBase, RestConnectOptions restConnectOptions, RestResponse restResponse, ReactorErrorInfo reactorErrorInfo) throws ClientProtocolException, IOException {
        return execute(httpRequestBase, restConnectOptions, reactorErrorInfo, null, restResponse);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int executeAsync(HttpRequestBase httpRequestBase, RestConnectOptions restConnectOptions, RestHandler restHandler, ReactorErrorInfo reactorErrorInfo) throws ClientProtocolException, IOException {
        return execute(httpRequestBase, restConnectOptions, reactorErrorInfo, restHandler, null);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:21:0x00a2. Please report as an issue. */
    private int execute(HttpRequestBase httpRequestBase, RestConnectOptions restConnectOptions, ReactorErrorInfo reactorErrorInfo, RestHandler restHandler, RestResponse restResponse) throws ClientProtocolException, IOException {
        boolean z = false;
        int i = 0;
        while (i <= 1 && !z) {
            CloseableHttpClient build = HttpClientBuilder.create().setSSLSocketFactory(this._sslconSocketFactory).build();
            try {
                if (this.loggerClient.isTraceEnabled()) {
                    this.loggerClient.trace(this._restReactor.prepareRequestString(httpRequestBase, restConnectOptions));
                }
                HttpResponse execute = build.execute(httpRequestBase);
                String str = null;
                Exception exc = null;
                try {
                    str = EntityUtils.toString(execute.getEntity());
                    if (Objects.nonNull(restHandler)) {
                        restHandler.contentString(str);
                    }
                } catch (Exception e) {
                    exc = e;
                }
                if (this.loggerClient.isTraceEnabled()) {
                    this.loggerClient.trace(this._restReactor.prepareResponseString(execute, str, exc));
                }
                switch (execute.getStatusLine().getStatusCode()) {
                    case 200:
                        if (restHandler == null) {
                            RestReactor.convertResponse(this._restReactor, execute, restResponse, reactorErrorInfo, str, exc);
                        } else {
                            restHandler.completed(execute);
                        }
                        z = true;
                        build.close();
                        i++;
                    case 301:
                    case 302:
                    case 307:
                    case 308:
                        if (restHandler == null) {
                            Header firstHeader = execute.getFirstHeader("Location");
                            if (firstHeader != null) {
                                try {
                                    if (firstHeader.getValue() != null) {
                                        httpRequestBase.setURI(new URI(firstHeader.getValue()));
                                        z = false;
                                    }
                                } catch (URISyntaxException e2) {
                                    RestReactor.populateErrorInfo(reactorErrorInfo, -1, "RestProxyAuthHandler.execute", "Failed to request authentication token information. Incorrect redirecting.");
                                    build.close();
                                    return -1;
                                }
                            }
                            RestReactor.populateErrorInfo(reactorErrorInfo, -1, "RestProxyAuthHandler.execute", "Failed to send request. Malformed redirection response.");
                            build.close();
                            return -1;
                        }
                        restHandler.completed(execute);
                        z = true;
                        build.close();
                        i++;
                    case 403:
                    case 451:
                    default:
                        if (restHandler == null) {
                            RestReactor.populateErrorInfo(reactorErrorInfo, -1, "RestProxyAuthHandler.execute", "Failed to send HTTP request. Text: " + (Objects.nonNull(str) ? str : ""));
                            build.close();
                            return -1;
                        }
                        restHandler.completed(execute);
                        z = true;
                        build.close();
                        i++;
                    case 407:
                        processProxyAuthResponse(execute);
                        if ((this.authSchemeFlag & 128) != 0) {
                            int sendKerborosRequest = sendKerborosRequest(httpRequestBase, restConnectOptions, reactorErrorInfo, restHandler, restResponse);
                            build.close();
                            return sendKerborosRequest;
                        }
                        if ((this.authSchemeFlag & 64) != 0) {
                            int sendKerborosRequest2 = sendKerborosRequest(httpRequestBase, restConnectOptions, reactorErrorInfo, restHandler, restResponse);
                            build.close();
                            return sendKerborosRequest2;
                        }
                        if ((this.authSchemeFlag & 32) != 0) {
                            int sendNTLMRequest = sendNTLMRequest(httpRequestBase, restConnectOptions, reactorErrorInfo, restHandler, restResponse);
                            build.close();
                            return sendNTLMRequest;
                        }
                        if ((this.authSchemeFlag & 16) != 0) {
                            int sendBasicAuthRequest = sendBasicAuthRequest(httpRequestBase, restConnectOptions, reactorErrorInfo, restHandler, restResponse);
                            build.close();
                            return sendBasicAuthRequest;
                        }
                        z = true;
                        build.close();
                        i++;
                }
            } catch (Throwable th) {
                build.close();
                throw th;
            }
        }
        if (i <= 1 || z || restHandler != null) {
            return 0;
        }
        RestReactor.populateErrorInfo(reactorErrorInfo, -1, "RestProxyAuthHandler.execute", "Failed to send request. Too many redirect attempts.");
        return -1;
    }

    private void processProxyAuthResponse(HttpResponse httpResponse) {
        Header[] allHeaders = httpResponse.getAllHeaders();
        this.authSchemeFlag = 0;
        for (int i = 0; i < allHeaders.length; i++) {
            if (allHeaders[i].getName().indexOf("Proxy-Authenticate") != -1) {
                if (allHeaders[i].getValue().indexOf("Negotiate") != -1) {
                    this.authSchemeFlag |= 128;
                } else if (allHeaders[i].getValue().indexOf("Kerberos") != -1) {
                    this.authSchemeFlag |= 64;
                } else if (allHeaders[i].getValue().indexOf("NTLM") != -1) {
                    this.authSchemeFlag |= 32;
                } else if (allHeaders[i].getValue().indexOf("Basic") != -1) {
                    this.authSchemeFlag |= 16;
                }
            }
        }
    }

    private int sendBasicAuthRequest(HttpRequestBase httpRequestBase, RestConnectOptions restConnectOptions, ReactorErrorInfo reactorErrorInfo, RestHandler restHandler, RestResponse restResponse) throws ClientProtocolException, IOException {
        Registry build = RegistryBuilder.create().register("Basic", new BasicSchemeFactory()).build();
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(restConnectOptions.proxyUserName(), restConnectOptions.proxyPassword()));
        CloseableHttpClient build2 = HttpClientBuilder.create().useSystemProperties().setDefaultAuthSchemeRegistry(build).setDefaultCredentialsProvider(basicCredentialsProvider).setSSLSocketFactory(this._sslconSocketFactory).setProxy(new HttpHost(restConnectOptions.proxyHost(), restConnectOptions.proxyPort())).setProxyAuthenticationStrategy(ProxyAuthenticationStrategy.INSTANCE).build();
        httpRequestBase.setConfig(this._defaultRequestConfig);
        try {
            if (this.loggerClient.isTraceEnabled()) {
                this.loggerClient.trace(this._restReactor.prepareRequestString(httpRequestBase, restConnectOptions));
            }
            HttpResponse execute = build2.execute(httpRequestBase);
            String str = null;
            Exception exc = null;
            try {
                str = EntityUtils.toString(execute.getEntity());
                if (Objects.nonNull(restHandler)) {
                    restHandler.contentString(str);
                }
            } catch (Exception e) {
                exc = e;
            }
            if (this.loggerClient.isTraceEnabled()) {
                this.loggerClient.trace(this._restReactor.prepareResponseString(execute, str, exc));
            }
            if (execute.getStatusLine().getStatusCode() == 200) {
                if (restHandler == null) {
                    RestReactor.convertResponse(this._restReactor, execute, restResponse, reactorErrorInfo, str, exc);
                } else {
                    restHandler.completed(execute);
                }
                return 0;
            }
            if (restHandler == null) {
                int populateErrorInfo = RestReactor.populateErrorInfo(reactorErrorInfo, -1, "RestProxyAuthHandler.sendBasicAuthRequest", "Failed to send HTTP Request. Text: " + (Objects.nonNull(str) ? str : ""));
                build2.close();
                return populateErrorInfo;
            }
            restHandler.completed(execute);
            build2.close();
            return 0;
        } finally {
            build2.close();
        }
    }

    private int sendNTLMRequest(HttpRequestBase httpRequestBase, RestConnectOptions restConnectOptions, ReactorErrorInfo reactorErrorInfo, RestHandler restHandler, RestResponse restResponse) throws ClientProtocolException, IOException {
        Registry build = RegistryBuilder.create().register("NTLM", new NTLMSchemeFactory()).register("Basic", new BasicSchemeFactory()).build();
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(restConnectOptions.proxyUserName(), restConnectOptions.proxyPassword()));
        basicCredentialsProvider.setCredentials(AuthScope.ANY, new NTCredentials(restConnectOptions.proxyUserName(), restConnectOptions.proxyPassword(), restConnectOptions.proxyLocalHostName(), restConnectOptions.proxyDomain()));
        CloseableHttpClient build2 = HttpClientBuilder.create().useSystemProperties().setDefaultAuthSchemeRegistry(build).setDefaultCredentialsProvider(basicCredentialsProvider).setSSLSocketFactory(this._sslconSocketFactory).setProxy(new HttpHost(restConnectOptions.proxyHost(), restConnectOptions.proxyPort())).setProxyAuthenticationStrategy(ProxyAuthenticationStrategy.INSTANCE).build();
        httpRequestBase.setConfig(this._defaultRequestConfig);
        try {
            if (this.loggerClient.isTraceEnabled()) {
                this.loggerClient.trace(this._restReactor.prepareRequestString(httpRequestBase, restConnectOptions));
            }
            HttpResponse execute = build2.execute(httpRequestBase);
            String str = null;
            Exception exc = null;
            try {
                str = EntityUtils.toString(execute.getEntity());
                if (Objects.nonNull(restHandler)) {
                    restHandler.contentString(str);
                }
            } catch (Exception e) {
                exc = e;
            }
            if (this.loggerClient.isTraceEnabled()) {
                this.loggerClient.trace(this._restReactor.prepareResponseString(execute, str, exc));
            }
            if (execute.getStatusLine().getStatusCode() == 200) {
                if (restHandler == null) {
                    RestReactor.convertResponse(this._restReactor, execute, restResponse, reactorErrorInfo, str, exc);
                } else {
                    restHandler.completed(execute);
                }
                return 0;
            }
            if (restHandler == null) {
                int populateErrorInfo = RestReactor.populateErrorInfo(reactorErrorInfo, -1, "RestProxyAuthHandler.sendNTLMRequest", "Failed to send HTTP Request. Text: " + (Objects.nonNull(str) ? str : ""));
                build2.close();
                return populateErrorInfo;
            }
            restHandler.completed(execute);
            build2.close();
            return 0;
        } finally {
            build2.close();
        }
    }

    private int sendKerborosRequest(final HttpRequestBase httpRequestBase, final RestConnectOptions restConnectOptions, final ReactorErrorInfo reactorErrorInfo, final RestHandler restHandler, RestResponse restResponse) throws ClientProtocolException, IOException {
        System.setProperty("java.security.krb5.conf", restConnectOptions.proxyKRB5ConfigFile());
        loadLoginConfig();
        try {
            LoginContext loginContext = new LoginContext("etaj-restclient-kerberos", new KerberosCallBackHandler(restConnectOptions.proxyUserName(), restConnectOptions.proxyPassword()));
            loginContext.login();
            Subject subject = loginContext.getSubject();
            Registry build = RegistryBuilder.create().register("NTLM", new NTLMSchemeFactory()).register("Basic", new BasicSchemeFactory()).register("Negotiate", new SPNegoSchemeFactory()).register("Kerberos", new KerberosSchemeFactory()).build();
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            basicCredentialsProvider.setCredentials(AuthScope.ANY, new NTCredentials(restConnectOptions.proxyUserName(), restConnectOptions.proxyPassword(), restConnectOptions.proxyLocalHostName(), restConnectOptions.proxyDomain()));
            final CloseableHttpClient build2 = HttpClientBuilder.create().useSystemProperties().setDefaultAuthSchemeRegistry(build).setDefaultCredentialsProvider(basicCredentialsProvider).setSSLSocketFactory(this._sslconSocketFactory).setProxy(new HttpHost(restConnectOptions.proxyHost(), restConnectOptions.proxyPort())).setProxyAuthenticationStrategy(ProxyAuthenticationStrategy.INSTANCE).build();
            httpRequestBase.setConfig(this._defaultRequestConfig);
            HttpResponse httpResponse = (HttpResponse) Subject.doAs(subject, new PrivilegedAction<HttpResponse>() { // from class: com.refinitiv.eta.valueadd.reactor.RestProxyAuthHandler.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public HttpResponse run() {
                    CloseableHttpResponse closeableHttpResponse = null;
                    try {
                        try {
                            if (RestProxyAuthHandler.this.loggerClient.isTraceEnabled()) {
                                RestProxyAuthHandler.this.loggerClient.trace(RestProxyAuthHandler.this._restReactor.prepareRequestString(httpRequestBase, restConnectOptions));
                            }
                            closeableHttpResponse = build2.execute(httpRequestBase);
                        } catch (IOException e) {
                            if (restHandler == null) {
                                RestReactor.populateErrorInfo(reactorErrorInfo, -1, "RestProxyAuthHandler.sendKerborosRequest", "Failed to send HTTP Request. Text: " + e.getMessage());
                            } else {
                                restHandler.failed(e);
                            }
                            try {
                                build2.close();
                            } catch (IOException e2) {
                            }
                        }
                        return closeableHttpResponse;
                    } finally {
                        try {
                            build2.close();
                        } catch (IOException e3) {
                        }
                    }
                }
            });
            if (httpResponse == null) {
                return -1;
            }
            String str = null;
            Exception exc = null;
            try {
                str = EntityUtils.toString(httpResponse.getEntity());
                if (Objects.nonNull(restHandler)) {
                    restHandler.contentString(str);
                }
            } catch (Exception e) {
                exc = e;
            }
            if (this.loggerClient.isTraceEnabled()) {
                this.loggerClient.trace(this._restReactor.prepareResponseString(httpResponse, str, exc));
            }
            if (httpResponse.getStatusLine().getStatusCode() != 200) {
                if (restHandler == null) {
                    return RestReactor.populateErrorInfo(reactorErrorInfo, -1, "RestProxyAuthHandler.sendKerborosRequest", "Failed to send HTTP Request. Text: " + (Objects.nonNull(str) ? str : ""));
                }
                restHandler.completed(httpResponse);
            } else if (restHandler == null) {
                RestReactor.convertResponse(this._restReactor, httpResponse, new RestResponse(), reactorErrorInfo, str, exc);
            } else {
                restHandler.completed(httpResponse);
            }
            try {
                loginContext.logout();
                return 0;
            } catch (LoginException e2) {
                return 0;
            }
        } catch (LoginException e3) {
            if (restHandler == null) {
                return RestReactor.populateErrorInfo(reactorErrorInfo, -1, "RestProxyAuthHandler.sendKerborosRequest", "Failed to send HTTP Request. Text: " + e3.getMessage());
            }
            restHandler.failed(e3);
            return 0;
        }
    }

    private static void loadLoginConfig() {
        Configuration.setConfiguration(new Configuration() { // from class: com.refinitiv.eta.valueadd.reactor.RestProxyAuthHandler.2
            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                String name = Krb5LoginModule.class.getName();
                RestProxyAuthHandler.loginConfigOptions.put("com.sun.security.auth.module.Krb5LoginModule", "required");
                String property = System.getProperty("krb_login_config_useTicketCache");
                if (property != null && property.equals("true")) {
                    RestProxyAuthHandler.loginConfigOptions.put("useTicketCache", "true");
                    String property2 = System.getProperty("krb_login_config_doNotPrompt");
                    if (property2 != null && property2.equals("true")) {
                        RestProxyAuthHandler.loginConfigOptions.put("doNotPrompt", "true");
                    }
                    String property3 = System.getProperty("krb_login_config_ticketCache");
                    if (property3 != null && !property3.isEmpty()) {
                        RestProxyAuthHandler.loginConfigOptions.put("ticketCache", property3);
                    }
                }
                if (RestProxyAuthHandler.db = System.getProperty("javax.net.debug") != null && RestProxyAuthHandler.db.equals("all")) {
                    RestProxyAuthHandler.loginConfigOptions.put("debug", "true");
                }
                return new AppConfigurationEntry[]{new AppConfigurationEntry(name, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, RestProxyAuthHandler.loginConfigOptions)};
            }
        });
    }
}
