package com.ibm.rational.dataservices.client.auth.oauth;

import com.ibm.rational.dataservices.client.Resources;
import com.ibm.rational.etl.common.log.LogManager;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLEncoder;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.apache.commons.logging.Log;
import org.apache.http.Header;
import org.apache.http.HeaderElement;
import org.apache.http.HttpEntity;
import org.apache.http.HttpEntityEnclosingRequest;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.HttpVersion;
import org.apache.http.NameValuePair;
import org.apache.http.ProtocolException;
import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.MalformedChallengeException;
import org.apache.http.client.AuthenticationHandler;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.conn.params.ConnManagerParams;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.cookie.Cookie;
import org.apache.http.cookie.SM;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.client.DefaultRedirectHandler;
import org.apache.http.impl.client.EntityEnclosingRequestWrapper;
import org.apache.http.impl.client.RequestWrapper;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.message.BasicHeader;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpProtocolParams;
import org.apache.http.protocol.HttpContext;

/* loaded from: input_file:com/ibm/rational/dataservices/client/auth/oauth/OAuthCommunicator.class */
public class OAuthCommunicator implements IOAuthCommunicator {
    private static final String OAUTH_REDIRECT_HEADER = "X-jazz-web-oauth-url";
    private static final String LOGIN_REDIRECT_HEADER = "X-com-ibm-team-repository-web-auth-uri";
    private static final String WEB_AUTH_MESSAGE = "X-com-ibm-team-repository-web-auth-msg";
    private static final String AUTH_REQUIRED = "authrequired";
    private static final String AUTH_FAILED = "authfailed";
    private static final String LOGIN = "login";
    private static final String OAUTH_AUTHORIZE = "oauth-authorize";
    private static final String AUTH_AUTH_REQUIRED = "auth/authrequired";
    private static final String AUTHENTICATED = "authenticated";
    private static final String SET_COOKIED_HEADER = "Set-Cookie";
    private static final String PATH_COOKIE_PARAMETER = "Path";
    private static final String J_USERNAME_FORM_PARAMETER = "j_username";
    private static final String J_PASSWORD_FORM_PARAMETER = "j_password";
    private static final String J_REDIRECT_FORM_PARAMETER = "redirectPage";
    private static final String J_SECURITY_CHECK = "j_security_check";
    private static final String LOCATION = "location";
    private static final String HTTPS = "https";
    private final DefaultHttpClient client;
    private PropertyChangeListener listener;
    private final IUserCredentials userCredentials;
    private String interceptedUri;
    private String queryPart;
    private String cookies;
    static final Log logger = LogManager.getLogger(OAuthCommunicator.class.getName());
    private static final Header FORM_CONTENT_TYPE_HEADER = new BasicHeader("Content-type", URLEncodedUtils.CONTENT_TYPE);

    public OAuthCommunicator(IUserCredentials iUserCredentials) throws OAuthCommunicatorException {
        this(iUserCredentials, new ICertificationHandler() { // from class: com.ibm.rational.dataservices.client.auth.oauth.OAuthCommunicator.1
            @Override // com.ibm.rational.dataservices.client.auth.oauth.ICertificationHandler
            public boolean acceptCertificate(X509Certificate[] x509CertificateArr) {
                return true;
            }
        });
    }

    public OAuthCommunicator(IUserCredentials iUserCredentials, ICertificationHandler iCertificationHandler) throws OAuthCommunicatorException {
        this.listener = null;
        this.interceptedUri = null;
        this.queryPart = null;
        this.cookies = null;
        this.userCredentials = iUserCredentials;
        BasicHttpParams basicHttpParams = new BasicHttpParams();
        ConnManagerParams.setMaxTotalConnections(basicHttpParams, 100);
        HttpProtocolParams.setContentCharset(basicHttpParams, "UTF-8");
        HttpProtocolParams.setUseExpectContinue(basicHttpParams, true);
        HttpProtocolParams.setVersion(basicHttpParams, HttpVersion.HTTP_1_1);
        this.client = new DefaultHttpClient(new ThreadSafeClientConnManager(basicHttpParams, new SchemeRegistry()), basicHttpParams) { // from class: com.ibm.rational.dataservices.client.auth.oauth.OAuthCommunicator.2
            AuthenticationHandler handler = new AuthenticationHandler() { // from class: com.ibm.rational.dataservices.client.auth.oauth.OAuthCommunicator.2.1
                @Override // org.apache.http.client.AuthenticationHandler
                public Map<String, Header> getChallenges(HttpResponse httpResponse, HttpContext httpContext) throws MalformedChallengeException {
                    return Collections.emptyMap();
                }

                @Override // org.apache.http.client.AuthenticationHandler
                public boolean isAuthenticationRequested(HttpResponse httpResponse, HttpContext httpContext) {
                    return false;
                }

                @Override // org.apache.http.client.AuthenticationHandler
                public AuthScheme selectScheme(Map<String, Header> map, HttpResponse httpResponse, HttpContext httpContext) throws AuthenticationException {
                    return null;
                }
            };

            @Override // org.apache.http.impl.client.DefaultHttpClient, org.apache.http.impl.client.AbstractHttpClient
            protected AuthenticationHandler createProxyAuthenticationHandler() {
                return this.handler;
            }

            @Override // org.apache.http.impl.client.DefaultHttpClient, org.apache.http.impl.client.AbstractHttpClient
            protected AuthenticationHandler createTargetAuthenticationHandler() {
                return this.handler;
            }
        };
        try {
            JfsX509TrustManager jfsX509TrustManager = new JfsX509TrustManager(iCertificationHandler);
            SSLContext sSLContext = SSLContext.getInstance("SSLV3");
            sSLContext.init(null, new TrustManager[]{jfsX509TrustManager}, null);
            SSLSocketFactory sSLSocketFactory = new SSLSocketFactory(sSLContext);
            sSLSocketFactory.setHostnameVerifier(new AllowAllHostnameVerifier());
            this.client.getConnectionManager().getSchemeRegistry().register(new Scheme(HTTPS, sSLSocketFactory, 443));
            this.client.setRedirectHandler(new DefaultRedirectHandler() { // from class: com.ibm.rational.dataservices.client.auth.oauth.OAuthCommunicator.3
                @Override // org.apache.http.impl.client.DefaultRedirectHandler, org.apache.http.client.RedirectHandler
                public boolean isRedirectRequested(HttpResponse httpResponse, HttpContext httpContext) {
                    Header[] headers;
                    if (httpResponse.getStatusLine().getStatusCode() != 302 || (headers = httpResponse.getHeaders(OAuthCommunicator.LOCATION)) == null || headers.length != 1) {
                        return super.isRedirectRequested(httpResponse, httpContext);
                    }
                    OAuthCommunicator.logger.debug("=> Redirection with Location=" + headers[0].getValue());
                    OAuthCommunicator.this.interceptedUri = headers[0].getValue();
                    return false;
                }
            });
        } catch (KeyManagementException e) {
            throw new OAuthCommunicatorException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new OAuthCommunicatorException(e2);
        }
    }

    @Override // com.ibm.rational.dataservices.client.auth.oauth.IOAuthCommunicator
    public void cleanupConnections(HttpResponse httpResponse) {
        closeConnection(httpResponse);
    }

    @Override // com.ibm.rational.dataservices.client.auth.oauth.IOAuthCommunicator
    public synchronized void setPropertyChangeListener(PropertyChangeListener propertyChangeListener) {
        this.listener = propertyChangeListener;
    }

    @Override // com.ibm.rational.dataservices.client.auth.oauth.IOAuthCommunicator
    public synchronized HttpResponse executeAndDump(HttpUriRequest httpUriRequest) throws OAuthCommunicatorException {
        HttpResponse execute = execute(httpUriRequest);
        logger.debug(execute.getStatusLine().toString());
        for (Header header : execute.getAllHeaders()) {
            logger.debug(String.valueOf(header.getName()) + " : " + header.getValue());
        }
        HttpEntity entity = execute.getEntity();
        if (entity != null) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(byteArrayOutputStream);
            try {
                BufferedInputStream bufferedInputStream = new BufferedInputStream(entity.getContent());
                try {
                    try {
                        int i = 0;
                        for (int read = bufferedInputStream.read(); read != -1; read = bufferedInputStream.read()) {
                            bufferedOutputStream.write(read);
                            i++;
                        }
                        if (i > Integer.MAX_VALUE) {
                            throw new OAuthCommunicatorException("Cannot produce a byte array for a response larger than 2147483647 bytes");
                        }
                        bufferedOutputStream.flush();
                        byteArrayOutputStream.flush();
                        logger.debug(new String(byteArrayOutputStream.toByteArray(), "UTF-8"));
                        try {
                            bufferedOutputStream.close();
                            bufferedInputStream.close();
                        } catch (IOException e) {
                            throw new OAuthCommunicatorException(e);
                        }
                    } catch (IOException e2) {
                        throw new OAuthCommunicatorException(e2);
                    }
                } catch (Throwable th) {
                    try {
                        bufferedOutputStream.close();
                        bufferedInputStream.close();
                        throw th;
                    } catch (IOException e3) {
                        throw new OAuthCommunicatorException(e3);
                    }
                }
            } catch (IOException e4) {
                throw new OAuthCommunicatorException(e4);
            } catch (IllegalStateException e5) {
                throw new OAuthCommunicatorException(e5);
            }
        }
        return execute;
    }

    @Override // com.ibm.rational.dataservices.client.auth.oauth.IOAuthCommunicator
    public synchronized HttpResponse execute(HttpUriRequest httpUriRequest) throws OAuthCommunicatorException {
        RequestWrapper requestWrapper;
        String query;
        try {
            try {
                logger.debug("Executing user request " + httpUriRequest.getMethod() + " to " + httpUriRequest.getURI());
                if (!httpUriRequest.getURI().getScheme().equals(HTTPS)) {
                    throw new OAuthCommunicatorException(Resources.OAuthCommunicator_Err_Only_Supoort_HTTPS);
                }
                if (this.cookies != null && this.cookies.length() > 0) {
                    httpUriRequest.setHeader(SM.COOKIE, this.cookies);
                }
                HttpResponse execute = this.client.execute(httpUriRequest);
                if (execute.getStatusLine().getStatusCode() == 302) {
                    this.queryPart = String.valueOf(URI.create(this.interceptedUri).getRawQuery()) + "&authorize=true";
                } else {
                    reactToAuthRequest(httpUriRequest.getURI(), execute);
                }
                while (this.interceptedUri != null) {
                    String str = this.interceptedUri;
                    logger.debug("INTERCEPTED URI: " + str);
                    URI create = URI.create(str);
                    this.interceptedUri = null;
                    if (str.indexOf(AUTH_AUTH_REQUIRED) != -1) {
                        logger.debug("case 1");
                        this.interceptedUri = create.resolve(create.getPath().replaceFirst(AUTH_AUTH_REQUIRED, J_SECURITY_CHECK)).toString();
                        logger.debug("=> Calculated post uri " + this.interceptedUri + " from uri " + create);
                    } else if (str.indexOf(LOGIN) != -1 || str.indexOf(J_SECURITY_CHECK) != -1) {
                        logger.debug("case 2");
                        closeConnection(execute);
                        execute = postCredentials(create, httpUriRequest.getURI().toString());
                    } else if (str.indexOf(AUTHENTICATED) != -1) {
                        logger.debug("case 3" + create);
                        try {
                            HttpGet httpGet = new HttpGet(create);
                            closeConnection(execute);
                            execute = this.client.execute(httpGet);
                        } catch (Exception e) {
                            e.printStackTrace();
                        }
                        logger.debug("Check if authenticated on " + str);
                        reactToAuthRequest(create, execute);
                    } else if (str.indexOf(OAUTH_AUTHORIZE) != -1) {
                        logger.debug("case 4");
                        closeConnection(execute);
                        execute = postAuthorization(create);
                    } else {
                        logger.debug("case 5");
                        try {
                            if (httpUriRequest instanceof HttpEntityEnclosingRequest) {
                                HttpEntityEnclosingRequest httpEntityEnclosingRequest = (HttpEntityEnclosingRequest) httpUriRequest;
                                EntityEnclosingRequestWrapper entityEnclosingRequestWrapper = new EntityEnclosingRequestWrapper(httpEntityEnclosingRequest);
                                entityEnclosingRequestWrapper.setEntity(httpEntityEnclosingRequest.getEntity());
                                requestWrapper = entityEnclosingRequestWrapper;
                            } else {
                                requestWrapper = new RequestWrapper(httpUriRequest);
                            }
                            String query2 = httpUriRequest.getURI().getQuery();
                            if (query2 != null && query2.length() > 0 && ((query = create.getQuery()) == null || query.length() == 0)) {
                                String fragment = create.getFragment();
                                str = String.valueOf(create.toString()) + "?" + query2;
                                if (fragment != null) {
                                    str = String.valueOf(str) + "#" + fragment;
                                }
                                create = URI.create(str);
                            }
                            requestWrapper.setURI(create);
                            requestWrapper.resetHeaders();
                            logger.debug("Reexecuting user request " + requestWrapper.getMethod() + " to " + str);
                            closeConnection(execute);
                            execute = this.client.execute(requestWrapper);
                        } catch (ProtocolException e2) {
                            throw new OAuthCommunicatorException(e2);
                        }
                    }
                }
                Header firstHeader = execute.getFirstHeader(WEB_AUTH_MESSAGE);
                if (firstHeader != null && firstHeader.getValue().equals(AUTH_FAILED)) {
                    execute.setStatusLine(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED);
                }
                logger.debug("STATUS CODE: " + execute.getStatusLine().getStatusCode());
                if (execute.getStatusLine().getStatusCode() >= 400) {
                    throw new OAuthCommunicatorException(execute);
                }
                return execute;
            } finally {
                this.interceptedUri = null;
                this.queryPart = null;
            }
        } catch (ClientProtocolException e3) {
            throw new OAuthCommunicatorException(e3);
        } catch (IOException e4) {
            throw new OAuthCommunicatorException(e4);
        }
    }

    private void reactToAuthRequest(URI uri, HttpResponse httpResponse) throws OAuthCommunicatorException, ClientProtocolException, IOException {
        Header firstHeader = httpResponse.getFirstHeader(OAUTH_REDIRECT_HEADER);
        if (firstHeader != null && firstHeader.getValue().length() > 0) {
            HttpGet httpGet = new HttpGet(firstHeader.getValue());
            closeConnection(httpResponse);
            logger.debug("=> Getting " + firstHeader.getValue() + " to find out about form-based login");
            this.client.execute(httpGet);
            this.queryPart = String.valueOf(URI.create(this.interceptedUri).getRawQuery()) + "&authorize=true";
            return;
        }
        Header firstHeader2 = httpResponse.getFirstHeader(WEB_AUTH_MESSAGE);
        if (firstHeader2 == null || !firstHeader2.getValue().equals(AUTH_REQUIRED)) {
            return;
        }
        Header firstHeader3 = httpResponse.getFirstHeader(LOGIN_REDIRECT_HEADER);
        if (firstHeader3 != null) {
            this.interceptedUri = firstHeader3.getValue();
            return;
        }
        String str = null;
        for (Header header : httpResponse.getHeaders("Set-Cookie")) {
            HeaderElement[] elements = header.getElements();
            int length = elements.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                NameValuePair parameterByName = elements[i].getParameterByName(PATH_COOKIE_PARAMETER);
                if (parameterByName != null) {
                    str = parameterByName.getValue();
                    break;
                }
                i++;
            }
            if (str != null) {
                break;
            }
        }
        this.interceptedUri = uri.resolve(String.valueOf(str) + "/" + J_SECURITY_CHECK).toString();
        logger.debug("=> Calculated post uri 1" + this.interceptedUri + " from uri " + uri);
    }

    private HttpResponse postCredentials(URI uri, String str) throws IOException, ClientProtocolException {
        sendToListener(new PropertyChangeEvent(this, IOAuthCommunicator.AUTHENTICATING, null, null));
        HttpPost httpPost = new HttpPost(uri);
        httpPost.setHeader(FORM_CONTENT_TYPE_HEADER);
        String str2 = "j_username=" + this.userCredentials.getUserId() + "&" + J_PASSWORD_FORM_PARAMETER + "=" + this.userCredentials.getPassword();
        if (str != null) {
            str = URLEncoder.encode(str, "UTF-8");
            str2 = String.valueOf(str2) + "&redirectPage=" + str;
        }
        httpPost.setEntity(new StringEntity(str2));
        logger.debug("POST credentials to " + uri + "redirection URI " + str);
        return this.client.execute(httpPost);
    }

    private HttpResponse postAuthorization(URI uri) throws UnsupportedEncodingException, IOException, ClientProtocolException {
        sendToListener(new PropertyChangeEvent(this, IOAuthCommunicator.AUTHORIZING, null, null));
        HttpPost httpPost = new HttpPost(uri);
        httpPost.setHeader(FORM_CONTENT_TYPE_HEADER);
        httpPost.setEntity(new StringEntity(this.queryPart));
        logger.debug("POST authorization to " + uri);
        return this.client.execute(httpPost);
    }

    private void sendToListener(PropertyChangeEvent propertyChangeEvent) {
        if (this.listener != null) {
            this.listener.propertyChange(propertyChangeEvent);
        }
    }

    private void closeConnection(HttpResponse httpResponse) {
        if (httpResponse != null) {
            try {
                HttpEntity entity = httpResponse.getEntity();
                if (entity != null) {
                    entity.consumeContent();
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }

    public String getCookies() {
        String str = "";
        for (Cookie cookie : this.client.getCookieStore().getCookies()) {
            str = String.valueOf(str) + cookie.getName() + "=" + cookie.getValue() + ";";
        }
        return str;
    }

    public void setCookies(String str) {
        this.cookies = str;
    }
}
