package uk.ac.starlink.auth;

import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.util.AbstractSequentialList;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.HashSet;
import java.util.List;
import java.util.ListIterator;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.logging.Logger;

/* loaded from: input_file:uk/ac/starlink/auth/AuthManager.class */
public class AuthManager {
    private volatile UserInterface ui_;
    private final List<AuthScheme> schemes_;
    private final ContextList contexts_ = new ContextList();
    private final Redirector dfltRedirector_;
    private static AuthManager instance_;
    private static final Logger logger_;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:uk/ac/starlink/auth/AuthManager$ContextList.class */
    public static class ContextList extends AbstractSequentialList<TestedContext> {
        private final List<TestedContext> list_ = new ArrayList();
        private static final Comparator<TestedContext> CONTEXT_COMPARATOR = (testedContext, testedContext2) -> {
            return testedContext.hasFailed_ != testedContext2.hasFailed_ ? testedContext.hasFailed_ ? 1 : -1 : testedContext.hasSucceeded_ != testedContext2.hasSucceeded_ ? testedContext.hasSucceeded_ ? -1 : 1 : Integer.compare(System.identityHashCode(testedContext.context_), System.identityHashCode(testedContext2.context_));
        };

        ContextList() {
        }

        @Override // java.util.AbstractCollection, java.util.Collection, java.util.List
        public int size() {
            return this.list_.size();
        }

        @Override // java.util.AbstractSequentialList, java.util.AbstractList, java.util.List
        public ListIterator<TestedContext> listIterator(int i) {
            this.list_.removeIf(testedContext -> {
                return testedContext.context_.isExpired();
            });
            this.list_.sort(CONTEXT_COMPARATOR);
            return this.list_.listIterator(i);
        }

        @Override // java.util.AbstractList, java.util.AbstractCollection, java.util.Collection, java.util.List
        public void clear() {
            this.list_.clear();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:uk/ac/starlink/auth/AuthManager$TestedContext.class */
    public static class TestedContext {
        final AuthContext context_;
        boolean hasSucceeded_;
        boolean hasFailed_;

        TestedContext(AuthContext authContext) {
            this.context_ = authContext;
        }
    }

    public AuthManager(UserInterface userInterface, AuthScheme[] authSchemeArr, Redirector redirector) {
        this.ui_ = userInterface;
        this.schemes_ = new CopyOnWriteArrayList(Arrays.asList(authSchemeArr));
        this.dfltRedirector_ = redirector;
    }

    public void setUserInterface(UserInterface userInterface) {
        this.ui_ = userInterface;
    }

    public UserInterface getUserInterface() {
        return this.ui_;
    }

    public List<AuthScheme> getSchemes() {
        return this.schemes_;
    }

    public void clear() {
        synchronized (this.contexts_) {
            this.contexts_.clear();
        }
    }

    public URLConnection connect(URL url) throws IOException {
        return connect(url, (UrlConnector) null);
    }

    public URLConnection connect(URL url, UrlConnector urlConnector) throws IOException {
        return connect(url, urlConnector, this.dfltRedirector_);
    }

    public URLConnection connect(URL url, UrlConnector urlConnector, Redirector redirector) throws IOException {
        return makeConnection(url, urlConnector, redirector).getConnection();
    }

    public AuthConnection makeConnection(URL url, UrlConnector urlConnector, Redirector redirector) throws IOException {
        HttpURLConnection httpURLConnection;
        int responseCode;
        TestedContext urlContext = getUrlContext(url);
        AuthConnection connectWithContext = connectWithContext(url, urlConnector, urlContext, redirector);
        if (urlContext != null) {
            assessAuthAttempt(urlContext, connectWithContext);
        }
        URLConnection connection = connectWithContext.getConnection();
        if (this.ui_ != null && (connection instanceof HttpURLConnection) && ((responseCode = (httpURLConnection = (HttpURLConnection) connection).getResponseCode()) == 401 || responseCode == 403)) {
            Challenge[] challenges = AuthUtil.getChallenges(httpURLConnection);
            if (challenges.length == 0 && responseCode == 401) {
                throw new IOException("401 with no WWW-Authenticate challenges: " + url);
            }
            if (challenges.length > 0) {
                TestedContext challengeContext = getChallengeContext(challenges, url);
                if (challengeContext != null) {
                    AuthConnection connectWithContext2 = connectWithContext(url, urlConnector, challengeContext, redirector);
                    if (assessAuthAttempt(challengeContext, connectWithContext2)) {
                        return connectWithContext2;
                    }
                }
                ContextFactory preferredContextFactory = getPreferredContextFactory(challenges, url);
                if (preferredContextFactory == null) {
                    throw new IOException("No supported auth-schemes in WWW-Authenticate");
                }
                return connectWithChallenge(url, urlConnector, preferredContextFactory, redirector);
            }
        }
        return connectWithContext;
    }

    public InputStream openStream(URL url) throws IOException {
        return connect(url).getInputStream();
    }

    public URLConnection followRedirects(URLConnection uRLConnection, UrlConnector urlConnector, Redirector redirector) throws IOException {
        URL redirectUrl = redirector.getRedirectUrl(uRLConnection);
        if (redirectUrl == null) {
            return uRLConnection;
        }
        logger_.info("HTTP " + (uRLConnection instanceof HttpURLConnection ? ((HttpURLConnection) uRLConnection).getResponseCode() : -1) + " redirect to " + redirectUrl);
        return connect(redirectUrl, urlConnector, redirector);
    }

    public AuthStatus authcheck(URL url, final boolean z, boolean z2) throws IOException {
        AuthType authType;
        Redirector redirector = Redirector.NO_REDIRECT;
        UrlConnector urlConnector = new UrlConnector() { // from class: uk.ac.starlink.auth.AuthManager.1
            @Override // uk.ac.starlink.auth.UrlConnector
            public void connect(HttpURLConnection httpURLConnection) throws IOException {
                httpURLConnection.setInstanceFollowRedirects(false);
                if (z) {
                    httpURLConnection.setRequestMethod("HEAD");
                }
                httpURLConnection.connect();
            }
        };
        URLConnection openConnection = url.openConnection();
        if (!(openConnection instanceof HttpURLConnection)) {
            return AuthStatus.NO_AUTH;
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) openConnection;
        urlConnector.connect(httpURLConnection);
        int responseCode = httpURLConnection.getResponseCode();
        Challenge[] challenges = AuthUtil.getChallenges(httpURLConnection);
        if (responseCode == 401 || responseCode == 403) {
            authType = AuthType.REQUIRED;
        } else {
            if (responseCode < 200 || responseCode >= 300) {
                return new AuthStatus(AuthType.UNKNOWN);
            }
            authType = challenges.length > 0 ? AuthType.OPTIONAL : AuthType.NONE;
        }
        logger_.info("Initial Authcheck connection to " + url + ": " + responseCode);
        if (challenges.length > 0 && (authType == AuthType.REQUIRED || z2)) {
            if (z2) {
                synchronized (this.contexts_) {
                    for (Challenge challenge : challenges) {
                        this.contexts_.removeIf(testedContext -> {
                            return testedContext.context_.isChallengeDomain(challenge, url);
                        });
                    }
                }
            }
            AuthConnection authConnection = null;
            TestedContext challengeContext = getChallengeContext(challenges, url);
            if (challengeContext != null) {
                if (!$assertionsDisabled && z2) {
                    throw new AssertionError();
                }
                AuthConnection connectWithContext = connectWithContext(url, urlConnector, challengeContext, redirector);
                if (assessAuthAttempt(challengeContext, connectWithContext)) {
                    authConnection = connectWithContext;
                }
            }
            if (authConnection == null) {
                ContextFactory preferredContextFactory = getPreferredContextFactory(challenges, url);
                if (preferredContextFactory == null) {
                    logger_.warning("No supported auth-schemes in WWW-Authenticate");
                } else if (this.ui_ != null) {
                    authConnection = connectWithChallenge(url, urlConnector, preferredContextFactory, redirector);
                }
            }
            if (authConnection != null && (authConnection.getConnection() instanceof HttpURLConnection)) {
                int responseCode2 = ((HttpURLConnection) authConnection.getConnection()).getResponseCode();
                AuthContext context = authConnection.getContext();
                return new AuthStatus(authType, responseCode2 == 200 && context != null && context.hasCredentials(), AuthUtil.getAuthenticatedId(authConnection));
            }
        }
        return new AuthStatus(authType);
    }

    private boolean assessAuthAttempt(TestedContext testedContext, AuthConnection authConnection) {
        int i;
        URLConnection connection = authConnection.getConnection();
        if (connection instanceof HttpURLConnection) {
            try {
                i = ((HttpURLConnection) connection).getResponseCode();
            } catch (IOException e) {
                i = -1;
            }
        } else {
            i = -1;
        }
        boolean z = !testedContext.context_.hasCredentials();
        boolean z2 = i == 401 || i == 403;
        if (i >= 200 && i < 400) {
            testedContext.hasSucceeded_ = true;
            return true;
        }
        if (!z2) {
            return true;
        }
        testedContext.hasFailed_ = true;
        return z;
    }

    private TestedContext getUrlContext(URL url) {
        TestedContext testedContext;
        synchronized (this.contexts_) {
            testedContext = (TestedContext) this.contexts_.stream().filter(testedContext2 -> {
                return testedContext2.context_.isUrlDomain(url);
            }).findFirst().orElse(null);
        }
        return testedContext;
    }

    private TestedContext getChallengeContext(Challenge[] challengeArr, URL url) {
        TestedContext testedContext;
        synchronized (this.contexts_) {
            testedContext = (TestedContext) this.contexts_.stream().filter(testedContext2 -> {
                return Arrays.stream(challengeArr).anyMatch(challenge -> {
                    return testedContext2.context_.isChallengeDomain(challenge, url);
                });
            }).findFirst().orElse(null);
        }
        return testedContext;
    }

    private ContextFactory getPreferredContextFactory(Challenge[] challengeArr, URL url) {
        ContextFactory contextFactory;
        for (AuthScheme authScheme : this.schemes_) {
            for (Challenge challenge : challengeArr) {
                try {
                    contextFactory = authScheme.createContextFactory(challenge, url);
                } catch (BadChallengeException e) {
                    logger_.warning("Challenge error reported by scheme " + authScheme.getName() + ": " + e.getMessage() + " (" + challenge + ")");
                    contextFactory = null;
                }
                if (contextFactory != null) {
                    return contextFactory;
                }
            }
        }
        return null;
    }

    private AuthConnection connectWithChallenge(URL url, UrlConnector urlConnector, ContextFactory contextFactory, Redirector redirector) throws IOException {
        while (true) {
            logger_.info("Acquire credentials for " + url);
            AuthContext createContext = contextFactory.createContext(this.ui_);
            if (createContext == null) {
                TestedContext testedContext = new TestedContext(contextFactory.createUnauthContext());
                if (!$assertionsDisabled && testedContext.context_.hasCredentials()) {
                    throw new AssertionError();
                }
                logger_.info("Configuring anonymous context for " + url);
                synchronized (this.contexts_) {
                    this.contexts_.add(testedContext);
                }
                return connectWithContext(url, urlConnector, testedContext, redirector);
            }
            if (!$assertionsDisabled && !createContext.hasCredentials()) {
                throw new AssertionError();
            }
            TestedContext testedContext2 = new TestedContext(createContext);
            AuthConnection connectWithContext = connectWithContext(url, urlConnector, testedContext2, redirector);
            URLConnection connection = connectWithContext.getConnection();
            if (!(connection instanceof HttpURLConnection)) {
                return connectWithContext;
            }
            HttpURLConnection httpURLConnection = (HttpURLConnection) connection;
            int responseCode = httpURLConnection.getResponseCode();
            synchronized (this.contexts_) {
                this.contexts_.add(testedContext2);
            }
            if (responseCode != 401 && responseCode != 403) {
                if (responseCode >= 200 && responseCode < 300) {
                    testedContext2.hasSucceeded_ = true;
                    createContext.getScheme();
                    StringBuffer append = new StringBuffer().append("Configuring authenticated context ");
                    if (createContext.hasCredentials()) {
                        append.append("using scheme ").append(createContext.getScheme().getName());
                    }
                    append.append(" for ").append(url).append(" (").append(responseCode).append(")");
                    logger_.info(append.toString());
                }
                return connectWithContext;
            }
            testedContext2.hasFailed_ = true;
            if (!this.ui_.canRetry()) {
                logger_.info("Unsuccessful authentication (" + responseCode + ") for " + url);
                return connectWithContext;
            }
            this.ui_.message(new String[]{"Authentication failed", AuthUtil.authFailureMessage(httpURLConnection)});
        }
    }

    private static AuthConnection connectWithContext(URL url, UrlConnector urlConnector, TestedContext testedContext, Redirector redirector) throws IOException {
        AuthContext authContext = testedContext == null ? null : testedContext.context_;
        new HashSet().add(url.toString());
        URL url2 = url;
        logger_.config((authContext == null ? "Unauthenticated" : authContext.hasCredentials() ? "Authenticated" : "Anonymous") + " connection to " + url);
        while (true) {
            AuthConnection connectWithContext = connectWithContext(url2, urlConnector, testedContext);
            URL redirectUrl = redirector.getRedirectUrl(connectWithContext.getConnection());
            if (redirectUrl == null) {
                return connectWithContext;
            }
            url2 = redirectUrl;
        }
    }

    private static AuthConnection connectWithContext(URL url, UrlConnector urlConnector, TestedContext testedContext) throws IOException {
        AuthContext authContext = testedContext == null ? null : testedContext.context_;
        new HashSet().add(url.toString());
        URLConnection openConnection = url.openConnection();
        HttpURLConnection httpURLConnection = openConnection instanceof HttpURLConnection ? (HttpURLConnection) openConnection : null;
        if (httpURLConnection != null) {
            httpURLConnection.setInstanceFollowRedirects(false);
        }
        if (httpURLConnection != null && authContext != null) {
            authContext.configureConnection(httpURLConnection);
        }
        if (httpURLConnection == null || urlConnector == null) {
            openConnection.connect();
        } else {
            urlConnector.connect(httpURLConnection);
        }
        return new AuthConnection(openConnection, authContext);
    }

    public static AuthManager getInstance() {
        return instance_;
    }

    public static void setDefaultInstance(AuthManager authManager) {
        instance_ = authManager;
    }

    static {
        $assertionsDisabled = !AuthManager.class.desiredAssertionStatus();
        instance_ = new AuthManager((UserInterface) null, AuthUtil.getDefaultSchemes(), Redirector.DEFAULT);
        logger_ = Logger.getLogger("uk.ac.starlink.auth");
    }
}
