package jdk.incubator.http;

import java.io.IOException;
import java.net.Authenticator;
import java.net.InetSocketAddress;
import java.net.PasswordAuthentication;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Objects;
import java.util.WeakHashMap;
import jdk.incubator.http.internal.common.Utils;

/* loaded from: input_file:jdk/incubator/http/AuthenticationFilter.class */
class AuthenticationFilter implements HeaderFilter {
    volatile MultiExchange<?, ?> exchange;
    static final int DEFAULT_RETRY_LIMIT = 3;
    static final int UNAUTHORIZED = 401;
    static final int PROXY_UNAUTHORIZED = 407;
    private static final Base64.Encoder encoder = Base64.getEncoder();
    static final int retry_limit = Utils.getIntegerNetProperty("jdk.httpclient.auth.retrylimit", 3);
    static final WeakHashMap<HttpClientImpl, Cache> caches = new WeakHashMap<>();

    /* loaded from: input_file:jdk/incubator/http/AuthenticationFilter$AuthInfo.class */
    static class AuthInfo {
        final boolean fromcache;
        final String scheme;
        int retries;
        PasswordAuthentication credentials;
        CacheEntry cacheEntry;
        static final /* synthetic */ boolean $assertionsDisabled;

        AuthInfo(boolean z, String str, PasswordAuthentication passwordAuthentication) {
            this.fromcache = z;
            this.scheme = str;
            this.credentials = passwordAuthentication;
            this.retries = 1;
        }

        AuthInfo(boolean z, String str, PasswordAuthentication passwordAuthentication, CacheEntry cacheEntry) {
            this(z, str, passwordAuthentication);
            if (!$assertionsDisabled && passwordAuthentication != null && (cacheEntry == null || cacheEntry.value != null)) {
                throw new AssertionError();
            }
            this.cacheEntry = cacheEntry;
        }

        AuthInfo retryWithCredentials(PasswordAuthentication passwordAuthentication) {
            AuthInfo authInfo = this.fromcache ? new AuthInfo(false, this.scheme, passwordAuthentication) : this;
            authInfo.credentials = (PasswordAuthentication) Objects.requireNonNull(passwordAuthentication);
            authInfo.retries = this.retries;
            return authInfo;
        }

        static {
            $assertionsDisabled = !AuthenticationFilter.class.desiredAssertionStatus();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:jdk/incubator/http/AuthenticationFilter$Cache.class */
    public static class Cache {
        final LinkedList<CacheEntry> entries = new LinkedList<>();

        Cache() {
        }

        synchronized CacheEntry get(URI uri, boolean z) {
            Iterator<CacheEntry> it = this.entries.iterator();
            while (it.hasNext()) {
                CacheEntry next = it.next();
                if (next.equalsKey(uri, z)) {
                    return next;
                }
            }
            return null;
        }

        synchronized void remove(String str, URI uri, boolean z) {
            Iterator<CacheEntry> it = this.entries.iterator();
            while (it.hasNext()) {
                CacheEntry next = it.next();
                if (next.equalsKey(uri, z)) {
                    this.entries.remove(next);
                }
            }
        }

        synchronized void remove(CacheEntry cacheEntry) {
            this.entries.remove(cacheEntry);
        }

        synchronized void store(String str, URI uri, boolean z, PasswordAuthentication passwordAuthentication) {
            remove(str, uri, z);
            this.entries.add(new CacheEntry(str, uri, z, passwordAuthentication));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:jdk/incubator/http/AuthenticationFilter$CacheEntry.class */
    public static class CacheEntry {
        final String root;
        final String scheme;
        final boolean proxy;
        final PasswordAuthentication value;

        CacheEntry(String str, URI uri, boolean z, PasswordAuthentication passwordAuthentication) {
            this.scheme = str;
            this.root = uri.resolve(".").toString();
            this.proxy = z;
            this.value = passwordAuthentication;
        }

        public PasswordAuthentication value() {
            return this.value;
        }

        public boolean equalsKey(URI uri, boolean z) {
            if (this.proxy != z) {
                return false;
            }
            return uri.toString().startsWith(this.root);
        }
    }

    private PasswordAuthentication getCredentials(String str, boolean z, HttpRequestImpl httpRequestImpl) throws IOException {
        Authenticator orElseThrow = this.exchange.client().authenticator().orElseThrow(() -> {
            return new IOException("No authenticator set");
        });
        URI uri = httpRequestImpl.uri();
        HeaderParser headerParser = new HeaderParser(str);
        String findKey = headerParser.findKey(0);
        return AuthenticatorHack.requestPasswordAuthenticationInstance(orElseThrow, uri.getHost(), null, uri.getPort(), uri.getScheme(), headerParser.findValue("realm"), findKey, uri.toURL(), z ? Authenticator.RequestorType.PROXY : Authenticator.RequestorType.SERVER);
    }

    private URI getProxyURI(HttpRequestImpl httpRequestImpl) {
        InetSocketAddress proxy = httpRequestImpl.proxy();
        if (proxy == null) {
            return null;
        }
        try {
            return new URI("proxy." + httpRequestImpl.uri().getScheme(), null, proxy.getHostString(), proxy.getPort(), null, null, null);
        } catch (URISyntaxException e) {
            throw new InternalError(e);
        }
    }

    @Override // jdk.incubator.http.HeaderFilter
    public void request(HttpRequestImpl httpRequestImpl, MultiExchange<?, ?> multiExchange) throws IOException {
        CacheEntry cacheEntry;
        URI proxyURI;
        CacheEntry cacheEntry2;
        Cache cache = getCache(multiExchange);
        this.exchange = multiExchange;
        if (this.exchange.proxyauth == null && (proxyURI = getProxyURI(httpRequestImpl)) != null && (cacheEntry2 = cache.get(proxyURI, true)) != null) {
            this.exchange.proxyauth = new AuthInfo(true, cacheEntry2.scheme, null, cacheEntry2);
            addBasicCredentials(httpRequestImpl, true, cacheEntry2.value);
        }
        if (this.exchange.serverauth != null || (cacheEntry = cache.get(httpRequestImpl.uri(), false)) == null) {
            return;
        }
        this.exchange.serverauth = new AuthInfo(true, cacheEntry.scheme, null, cacheEntry);
        addBasicCredentials(httpRequestImpl, false, cacheEntry.value);
    }

    private static void addBasicCredentials(HttpRequestImpl httpRequestImpl, boolean z, PasswordAuthentication passwordAuthentication) {
        String str = z ? "Proxy-Authorization" : "Authorization";
        StringBuilder sb = new StringBuilder(128);
        sb.append(passwordAuthentication.getUserName()).append(':').append(passwordAuthentication.getPassword());
        httpRequestImpl.setSystemHeader(str, "Basic " + encoder.encodeToString(sb.toString().getBytes(StandardCharsets.ISO_8859_1)));
    }

    @Override // jdk.incubator.http.HeaderFilter
    public HttpRequestImpl response(Response response) throws IOException {
        Cache cache = getCache(this.exchange);
        int statusCode = response.statusCode();
        HttpHeaders headers = response.headers();
        HttpRequestImpl request = response.request();
        if (statusCode != UNAUTHORIZED && statusCode != PROXY_UNAUTHORIZED) {
            if (this.exchange.serverauth != null && !this.exchange.serverauth.fromcache) {
                AuthInfo authInfo = this.exchange.serverauth;
                cache.store(authInfo.scheme, request.uri(), false, authInfo.credentials);
            }
            if (this.exchange.proxyauth == null || this.exchange.proxyauth.fromcache) {
                return null;
            }
            AuthInfo authInfo2 = this.exchange.proxyauth;
            cache.store(authInfo2.scheme, request.uri(), false, authInfo2.credentials);
            return null;
        }
        boolean z = statusCode == PROXY_UNAUTHORIZED;
        String orElseThrow = headers.firstValue(z ? "Proxy-Authenticate" : "WWW-Authenticate").orElseThrow(() -> {
            return new IOException("Invalid auth header");
        });
        if (!new HeaderParser(orElseThrow).findKey(0).equalsIgnoreCase("Basic")) {
            return null;
        }
        AuthInfo authInfo3 = z ? this.exchange.proxyauth : this.exchange.serverauth;
        if (authInfo3 == null) {
            PasswordAuthentication credentials = getCredentials(orElseThrow, z, request);
            if (credentials == null) {
                throw new IOException("No credentials provided");
            }
            AuthInfo authInfo4 = new AuthInfo(false, "Basic", credentials);
            if (z) {
                this.exchange.proxyauth = authInfo4;
            } else {
                this.exchange.serverauth = authInfo4;
            }
            addBasicCredentials(request, z, credentials);
            return request;
        }
        if (authInfo3.retries > retry_limit) {
            throw new IOException("too many authentication attempts. Limit: " + Integer.toString(retry_limit));
        }
        if (authInfo3.fromcache) {
            cache.remove(authInfo3.cacheEntry);
        }
        PasswordAuthentication credentials2 = getCredentials(orElseThrow, z, request);
        if (credentials2 == null) {
            throw new IOException("No credentials provided");
        }
        AuthInfo retryWithCredentials = authInfo3.retryWithCredentials(credentials2);
        if (z) {
            this.exchange.proxyauth = retryWithCredentials;
        } else {
            this.exchange.serverauth = retryWithCredentials;
        }
        addBasicCredentials(request, z, retryWithCredentials.credentials);
        retryWithCredentials.retries++;
        return request;
    }

    static synchronized Cache getCache(MultiExchange<?, ?> multiExchange) {
        HttpClientImpl client = multiExchange.client();
        Cache cache = caches.get(client);
        if (cache == null) {
            cache = new Cache();
            caches.put(client, cache);
        }
        return cache;
    }
}
