package com.openshift.internal.restclient.okhttp;

import com.openshift.internal.restclient.DefaultClient;
import com.openshift.internal.restclient.authorization.AuthorizationDetails;
import com.openshift.internal.util.URIUtils;
import com.openshift.restclient.IClient;
import com.openshift.restclient.authorization.IAuthorizationContext;
import com.openshift.restclient.authorization.IAuthorizationDetails;
import com.openshift.restclient.authorization.UnauthorizedException;
import com.openshift.restclient.http.IHttpConstants;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Map;
import okhttp3.Authenticator;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.Route;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/openshift-restclient-java-6.1.3.Final.jar:com/openshift/internal/restclient/okhttp/OpenShiftAuthenticator.class */
public class OpenShiftAuthenticator implements Authenticator, IHttpConstants {
    public static final String ACCESS_TOKEN = "access_token";
    private static final String AUTH_ATTEMPTS = "X-OPENSHIFT-AUTH-ATTEMPTS";
    private static final String CSRF_TOKEN = "X-CSRF-Token";
    private static final String ERROR = "error";
    private static final String ERROR_DETAILS = "error_details";
    private Collection<IChallangeHandler> challangeHandlers = new ArrayList();
    private OkHttpClient okClient;
    private IClient client;

    @Override // okhttp3.Authenticator
    public Request authenticate(Route route, Response response) throws IOException {
        if (!unauthorizedForCluster(response)) {
            return null;
        }
        String httpUrl = response.request().url().toString();
        Response tryAuth = tryAuth(new Request.Builder().addHeader("X-CSRF-Token", "1").url(route.address().url().toString() + "oauth/authorize?response_type=token&client_id=openshift-challenging-client").build());
        Throwable th = null;
        try {
            try {
                if (!tryAuth.isSuccessful()) {
                    if (tryAuth != null) {
                        if (0 != 0) {
                            try {
                                tryAuth.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            tryAuth.close();
                        }
                    }
                    throw new UnauthorizedException(captureAuthDetails(httpUrl), ResponseCodeInterceptor.getStatus(response.body().string()));
                }
                Request build = response.request().newBuilder().header("Authorization", String.format("%s %s", "Bearer", extractAndSetAuthContextToken(tryAuth))).build();
                if (tryAuth != null) {
                    if (0 != 0) {
                        try {
                            tryAuth.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        tryAuth.close();
                    }
                }
                return build;
            } finally {
            }
        } catch (Throwable th4) {
            if (tryAuth != null) {
                if (th != null) {
                    try {
                        tryAuth.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    tryAuth.close();
                }
            }
            throw th4;
        }
    }

    private boolean unauthorizedForCluster(Response response) {
        return response.code() == 401 && this.client.getBaseURL().getHost().equals(response.request().url().host());
    }

    private Response tryAuth(Request request) throws IOException {
        return this.okClient.newBuilder().authenticator(new Authenticator() { // from class: com.openshift.internal.restclient.okhttp.OpenShiftAuthenticator.1
            @Override // okhttp3.Authenticator
            public Request authenticate(Route route, Response response) throws IOException {
                if (StringUtils.isNotBlank(response.request().header(OpenShiftAuthenticator.AUTH_ATTEMPTS)) || !StringUtils.isNotBlank(response.header(IHttpConstants.PROPERTY_WWW_AUTHENTICATE))) {
                    return null;
                }
                for (IChallangeHandler iChallangeHandler : OpenShiftAuthenticator.this.challangeHandlers) {
                    if (!iChallangeHandler.canHandle(response.headers())) {
                        return iChallangeHandler.handleChallange(response.request().newBuilder().header(OpenShiftAuthenticator.AUTH_ATTEMPTS, "1")).build();
                    }
                }
                return null;
            }
        }).followRedirects(false).followRedirects(false).build().newCall(request).execute();
    }

    private IAuthorizationDetails captureAuthDetails(String str) {
        AuthorizationDetails authorizationDetails = null;
        Map<String, String> splitFragment = URIUtils.splitFragment(str);
        if (splitFragment.containsKey("error")) {
            authorizationDetails = new AuthorizationDetails(splitFragment.get("error"), splitFragment.get(ERROR_DETAILS));
        }
        return authorizationDetails;
    }

    private String extractAndSetAuthContextToken(Response response) {
        String str = null;
        Map<String, String> splitFragment = URIUtils.splitFragment(response.header("Location"));
        if (splitFragment.containsKey("access_token")) {
            str = splitFragment.get("access_token");
            IAuthorizationContext authorizationContext = this.client.getAuthorizationContext();
            if (authorizationContext != null) {
                authorizationContext.setToken(str);
            }
        }
        return str;
    }

    public void setOkClient(OkHttpClient okHttpClient) {
        this.okClient = okHttpClient;
    }

    public void setClient(DefaultClient defaultClient) {
        this.client = defaultClient;
        this.challangeHandlers.clear();
        this.challangeHandlers.add(new BasicChallangeHandler(defaultClient.getAuthorizationContext()));
    }
}
