package com.worklight.adapters.http;

import com.worklight.adapters.http.schema.AuthenticationScheme;
import com.worklight.adapters.http.schema.NTLMAuthentication;
import com.worklight.common.log.WorklightLogger;
import com.worklight.common.log.WorklightServerLogger;
import com.worklight.core.auth.KerberosConfiguration;
import com.worklight.server.auth.api.UserIdentity;
import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.NTCredentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CookieStore;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.cookie.BasicClientCookie;
import org.apache.http.params.HttpParams;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HttpContext;

/* loaded from: input_file:com/worklight/adapters/http/HttpClientContext.class */
public class HttpClientContext {
    private static final String LOGGER_KERBEROS_CONFIGURATION_INVALID = "logger.kerberosConfigurationInvalid";
    private static final WorklightServerLogger logger = new WorklightServerLogger(HttpClientContext.class, WorklightLogger.MessagesBundles.CORE);
    HTTPConnectionManager adapterConnManager;
    private HttpContext context = new BasicHttpContext();
    private BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
    private Subject subject;
    private HttpHost target;
    private Map<String, AuthenticationScheme> targetAuthConfig;
    private List<String> targetAuthPref;
    private HttpHost proxy;
    private Map<String, AuthenticationScheme> proxyAuthConfig;
    private List<String> proxyAuthPref;

    public HttpClientContext(HTTPConnectionManager hTTPConnectionManager, HttpHost httpHost, Map<String, AuthenticationScheme> map, UserIdentity userIdentity, HttpHost httpHost2, Map<String, AuthenticationScheme> map2, UserIdentity userIdentity2) {
        this.adapterConnManager = hTTPConnectionManager;
        this.context.setAttribute("http.auth.credentials-provider", this.credentialsProvider);
        this.context.setAttribute("http.cookie-store", new BasicCookieStore());
        this.target = httpHost;
        if (map != null) {
            this.targetAuthConfig = map;
            this.targetAuthPref = processAuthentication(httpHost, map, userIdentity);
        }
        this.proxy = httpHost2;
        if (map2 != null) {
            this.proxyAuthConfig = map2;
            this.proxyAuthPref = processAuthentication(httpHost2, map2, userIdentity2);
        }
    }

    private List<String> processAuthentication(HttpHost httpHost, Map<String, AuthenticationScheme> map, UserIdentity userIdentity) {
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, AuthenticationScheme> entry : map.entrySet()) {
            String key = entry.getKey();
            arrayList.add(key);
            if (key.equals("Basic")) {
                setupBasicAuthentication(userIdentity, httpHost);
            } else if (key.equals("Digest")) {
                setupDigestAuthentication(userIdentity, httpHost);
            } else if (key.equals("NTLM")) {
                setupNTLMAuthentication((NTLMAuthentication) entry.getValue(), userIdentity, httpHost);
            } else {
                if (!key.equals("negotiate")) {
                    throw new IllegalArgumentException("Unsupported authentication scheme: " + key);
                }
                setupSPNEGOAuthentication(userIdentity, httpHost);
            }
        }
        return arrayList;
    }

    public void addCookies(List<BasicClientCookie> list) {
        CookieStore cookieStore = (CookieStore) this.context.getAttribute("http.cookie-store");
        for (BasicClientCookie basicClientCookie : list) {
            basicClientCookie.setDomain(this.target.getHostName());
            cookieStore.addCookie(basicClientCookie);
        }
    }

    public HttpResponse execute(final HttpRequest httpRequest) {
        HttpParams params = httpRequest.getParams();
        params.setParameter("http.auth.target-scheme-pref", this.targetAuthPref);
        if (this.proxy != null) {
            params.setParameter("http.route.default-proxy", this.proxy);
            params.setParameter("http.auth.proxy-scheme-pref", this.proxyAuthPref);
        }
        if (this.subject == null) {
            return doExecute(httpRequest);
        }
        try {
            logger.debug("execute", KerberosConfiguration.getInstance().getCurrentConfigurationAString());
            return (HttpResponse) Subject.doAs(this.subject, new PrivilegedExceptionAction<HttpResponse>() { // from class: com.worklight.adapters.http.HttpClientContext.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public HttpResponse run() throws IOException {
                    return HttpClientContext.this.doExecute(httpRequest);
                }
            });
        } catch (PrivilegedActionException e) {
            throw ((RuntimeException) e.getException());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public HttpResponse doExecute(HttpRequest httpRequest) {
        return this.adapterConnManager.execute(httpRequest, new ThreadSafeHttpContext(this.context));
    }

    public HttpResponse executeAs(HttpRequest httpRequest, UserIdentity userIdentity) throws IOException {
        return new HttpClientContext(this.adapterConnManager, this.target, this.targetAuthConfig, userIdentity, this.proxy, this.proxyAuthConfig, userIdentity).execute(httpRequest);
    }

    private void setupBasicAuthentication(UserIdentity userIdentity, HttpHost httpHost) {
        if (userIdentity != null) {
            this.credentialsProvider.setCredentials(new AuthScope(httpHost.getHostName(), httpHost.getPort(), AuthScope.ANY_REALM, "Basic"), new UsernamePasswordCredentials(userIdentity.name, (String) userIdentity.credentials));
        }
    }

    private void setupDigestAuthentication(UserIdentity userIdentity, HttpHost httpHost) {
        if (userIdentity != null) {
            this.credentialsProvider.setCredentials(new AuthScope(httpHost.getHostName(), httpHost.getPort(), AuthScope.ANY_REALM, "Digest"), new UsernamePasswordCredentials(userIdentity.name, (String) userIdentity.credentials));
        }
    }

    private void setupNTLMAuthentication(NTLMAuthentication nTLMAuthentication, UserIdentity userIdentity, HttpHost httpHost) {
        if (userIdentity != null) {
            this.credentialsProvider.setCredentials(new AuthScope(httpHost.getHostName(), httpHost.getPort(), AuthScope.ANY_REALM, "NTLM"), createNTCredentials(nTLMAuthentication, userIdentity));
        }
    }

    private void setupSPNEGOAuthentication(final UserIdentity userIdentity, HttpHost httpHost) {
        if (userIdentity != null) {
            KerberosConfiguration kerberosConfiguration = KerberosConfiguration.getInstance();
            if (kerberosConfiguration == null || !kerberosConfiguration.isValid()) {
                logger.warn("setupSPNEGOAuthentication", LOGGER_KERBEROS_CONFIGURATION_INVALID, new Object[0]);
            }
            try {
                LoginContext loginContext = new LoginContext("com.sun.security.jgss.login", new CallbackHandler() { // from class: com.worklight.adapters.http.HttpClientContext.2
                    @Override // javax.security.auth.callback.CallbackHandler
                    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                        for (Callback callback : callbackArr) {
                            if (callback instanceof NameCallback) {
                                ((NameCallback) callback).setName(userIdentity.name);
                            } else {
                                if (!(callback instanceof PasswordCallback)) {
                                    throw new UnsupportedCallbackException(callback, "Unrecognized Callback");
                                }
                                ((PasswordCallback) callback).setPassword(((String) userIdentity.credentials).toCharArray());
                            }
                        }
                    }
                });
                try {
                    loginContext.login();
                    this.subject = loginContext.getSubject();
                    this.credentialsProvider.setCredentials(new AuthScope(httpHost.getHostName(), httpHost.getPort(), AuthScope.ANY_REALM, "negotiate"), new Credentials() { // from class: com.worklight.adapters.http.HttpClientContext.3
                        @Override // org.apache.http.auth.Credentials
                        public Principal getUserPrincipal() {
                            return null;
                        }

                        @Override // org.apache.http.auth.Credentials
                        public String getPassword() {
                            return null;
                        }
                    });
                } catch (LoginException e) {
                    throw new RuntimeException("Kerberos login failed: " + e.getMessage(), e);
                }
            } catch (LoginException e2) {
                throw new RuntimeException("Failed to create Kerberos login context.", e2);
            }
        }
    }

    private NTCredentials createNTCredentials(NTLMAuthentication nTLMAuthentication, UserIdentity userIdentity) {
        String[] split = userIdentity.name.split("[\\\\/]");
        return new NTCredentials(split.length == 2 ? split[1] : split[0], (String) userIdentity.credentials, nTLMAuthentication.getWorkstation(), split.length == 2 ? split[0] : "");
    }
}
