package org.asynchttpclient.netty.handler.intercept;

import io.netty.channel.Channel;
import io.netty.handler.codec.http.DefaultHttpHeaders;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpHeaders;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpResponse;
import io.netty.handler.codec.http.HttpUtil;
import java.util.List;
import org.asynchttpclient.Dsl;
import org.asynchttpclient.Realm;
import org.asynchttpclient.Request;
import org.asynchttpclient.RequestBuilder;
import org.asynchttpclient.netty.NettyResponseFuture;
import org.asynchttpclient.netty.channel.ChannelManager;
import org.asynchttpclient.netty.channel.ChannelState;
import org.asynchttpclient.netty.request.NettyRequestSender;
import org.asynchttpclient.ntlm.NtlmEngine;
import org.asynchttpclient.proxy.ProxyServer;
import org.asynchttpclient.spnego.SpnegoEngine;
import org.asynchttpclient.spnego.SpnegoEngineException;
import org.asynchttpclient.util.AuthenticatorUtils;
import org.asynchttpclient.util.HttpConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:META-INF/bundled-dependencies/async-http-client-2.7.0.jar:org/asynchttpclient/netty/handler/intercept/ProxyUnauthorized407Interceptor.class
 */
/* loaded from: input_file:META-INF/bundled-dependencies/pulsar-io-debezium-2.3.0.jar:META-INF/bundled-dependencies/async-http-client-2.7.0.jar:org/asynchttpclient/netty/handler/intercept/ProxyUnauthorized407Interceptor.class */
public class ProxyUnauthorized407Interceptor {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) ProxyUnauthorized407Interceptor.class);
    private final ChannelManager channelManager;
    private final NettyRequestSender requestSender;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProxyUnauthorized407Interceptor(ChannelManager channelManager, NettyRequestSender nettyRequestSender) {
        this.channelManager = channelManager;
        this.requestSender = nettyRequestSender;
    }

    public boolean exitAfterHandling407(Channel channel, NettyResponseFuture<?> nettyResponseFuture, HttpResponse httpResponse, Request request, ProxyServer proxyServer, HttpRequest httpRequest) {
        if (nettyResponseFuture.isAndSetInProxyAuth(true)) {
            LOGGER.info("Can't handle 407 as auth was already performed");
            return false;
        }
        Realm proxyRealm = nettyResponseFuture.getProxyRealm();
        if (proxyRealm == null) {
            LOGGER.debug("Can't handle 407 as there's no proxyRealm");
            return false;
        }
        List<String> all = httpResponse.headers().getAll(HttpHeaderNames.PROXY_AUTHENTICATE);
        if (all.isEmpty()) {
            LOGGER.info("Can't handle 407 as response doesn't contain Proxy-Authenticate headers");
            return false;
        }
        nettyResponseFuture.setChannelState(ChannelState.NEW);
        HttpHeaders add = new DefaultHttpHeaders(false).add(request.getHeaders());
        switch (proxyRealm.getScheme()) {
            case BASIC:
                if (AuthenticatorUtils.getHeaderWithPrefix(all, "Basic") != null) {
                    if (!proxyRealm.isUsePreemptiveAuth()) {
                        nettyResponseFuture.setProxyRealm(Dsl.realm(proxyRealm).setUsePreemptiveAuth(true).build());
                        break;
                    } else {
                        LOGGER.info("Can't handle 407 with Basic realm as auth was preemptive and already performed");
                        return false;
                    }
                } else {
                    LOGGER.info("Can't handle 407 with Basic realm as Proxy-Authenticate headers don't match");
                    return false;
                }
            case DIGEST:
                String headerWithPrefix = AuthenticatorUtils.getHeaderWithPrefix(all, "Digest");
                if (headerWithPrefix != null) {
                    nettyResponseFuture.setProxyRealm(Dsl.realm(proxyRealm).setUri(request.getUri()).setMethodName(request.getMethod()).setUsePreemptiveAuth(true).parseProxyAuthenticateHeader(headerWithPrefix).build());
                    break;
                } else {
                    LOGGER.info("Can't handle 407 with Digest realm as Proxy-Authenticate headers don't match");
                    return false;
                }
            case NTLM:
                String headerWithPrefix2 = AuthenticatorUtils.getHeaderWithPrefix(all, "NTLM");
                if (headerWithPrefix2 != null) {
                    ntlmProxyChallenge(headerWithPrefix2, add, proxyRealm, nettyResponseFuture);
                    nettyResponseFuture.setProxyRealm(Dsl.realm(proxyRealm).setUsePreemptiveAuth(true).build());
                    break;
                } else {
                    LOGGER.info("Can't handle 407 with NTLM realm as Proxy-Authenticate headers don't match");
                    return false;
                }
            case KERBEROS:
            case SPNEGO:
                if (AuthenticatorUtils.getHeaderWithPrefix(all, "Negotiate") == null) {
                    LOGGER.info("Can't handle 407 with Kerberos or Spnego realm as Proxy-Authenticate headers don't match");
                    return false;
                }
                try {
                    kerberosProxyChallenge(proxyRealm, proxyServer, add);
                    break;
                } catch (SpnegoEngineException e) {
                    String headerWithPrefix3 = AuthenticatorUtils.getHeaderWithPrefix(all, "NTLM");
                    if (headerWithPrefix3 == null) {
                        this.requestSender.abort(channel, nettyResponseFuture, e);
                        return false;
                    }
                    LOGGER.warn("Kerberos/Spnego proxy auth failed, proceeding with NTLM");
                    ntlmProxyChallenge(headerWithPrefix3, add, proxyRealm, nettyResponseFuture);
                    nettyResponseFuture.setProxyRealm(Dsl.realm(proxyRealm).setScheme(Realm.AuthScheme.NTLM).setUsePreemptiveAuth(true).build());
                    break;
                }
            default:
                throw new IllegalStateException("Invalid Authentication scheme " + proxyRealm.getScheme());
        }
        RequestBuilder headers = new RequestBuilder(nettyResponseFuture.getCurrentRequest()).setHeaders(add);
        if (nettyResponseFuture.getCurrentRequest().getUri().isSecured()) {
            headers.setMethod(HttpConstants.Methods.CONNECT);
        }
        Request build = headers.build();
        LOGGER.debug("Sending proxy authentication to {}", request.getUri());
        if (!nettyResponseFuture.isKeepAlive() || HttpUtil.isTransferEncodingChunked(httpRequest) || HttpUtil.isTransferEncodingChunked(httpResponse)) {
            this.channelManager.closeChannel(channel);
            this.requestSender.sendNextRequest(build, nettyResponseFuture);
            return true;
        }
        nettyResponseFuture.setConnectAllowed(true);
        nettyResponseFuture.setReuseChannel(true);
        this.requestSender.drainChannelAndExecuteNextRequest(channel, nettyResponseFuture, build);
        return true;
    }

    private void kerberosProxyChallenge(Realm realm, ProxyServer proxyServer, HttpHeaders httpHeaders) throws SpnegoEngineException {
        httpHeaders.set(HttpHeaderNames.PROXY_AUTHORIZATION, "Negotiate " + SpnegoEngine.instance(realm.getPrincipal(), realm.getPassword(), realm.getServicePrincipalName(), realm.getRealmName(), realm.isUseCanonicalHostname(), realm.getCustomLoginConfig(), realm.getLoginContextName()).generateToken(proxyServer.getHost()));
    }

    private void ntlmProxyChallenge(String str, HttpHeaders httpHeaders, Realm realm, NettyResponseFuture<?> nettyResponseFuture) {
        if (str.equals("NTLM")) {
            httpHeaders.set(HttpHeaderNames.PROXY_AUTHORIZATION, "NTLM " + NtlmEngine.INSTANCE.generateType1Msg());
            nettyResponseFuture.setInProxyAuth(false);
        } else {
            httpHeaders.set(HttpHeaderNames.PROXY_AUTHORIZATION, "NTLM " + NtlmEngine.INSTANCE.generateType3Msg(realm.getPrincipal(), realm.getPassword(), realm.getNtlmDomain(), realm.getNtlmHost(), str.substring("NTLM ".length()).trim()));
        }
    }
}
