package org.apache.jena.http.auth;

import java.net.Authenticator;
import java.net.PasswordAuthentication;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.List;
import org.apache.jena.atlas.lib.Bytes;
import org.apache.jena.atlas.web.AuthScheme;
import org.apache.jena.atlas.web.HttpException;
import org.apache.jena.http.HttpLib;
import org.apache.jena.riot.web.HttpNames;

/* loaded from: input_file:WEB-INF/lib/jena-arq-5.2.0.jar:org/apache/jena/http/auth/AuthLib.class */
public class AuthLib {
    public static <T> HttpResponse<T> authExecute(HttpClient httpClient, HttpRequest httpRequest, HttpResponse.BodyHandler<T> bodyHandler) {
        HttpResponse<T> executeJDK = HttpLib.executeJDK(httpClient, httpRequest, bodyHandler);
        return executeJDK.statusCode() != 401 ? executeJDK : handle401(httpClient, httpRequest, bodyHandler, executeJDK);
    }

    private static <T> HttpResponse<T> handle401(HttpClient httpClient, HttpRequest httpRequest, HttpResponse.BodyHandler<T> bodyHandler, HttpResponse<T> httpResponse) {
        AuthRequestModifier bearerAuthModifier;
        AuthChallenge wwwAuthenticateHeader = wwwAuthenticateHeader(httpResponse);
        if (wwwAuthenticateHeader == null) {
            return httpResponse;
        }
        PasswordRecord passwordRecord = null;
        if (wwwAuthenticateHeader.authScheme == AuthScheme.BASIC || wwwAuthenticateHeader.authScheme == AuthScheme.DIGEST) {
            passwordRecord = AuthEnv.get().getUsernamePassword(httpRequest.uri());
            if (passwordRecord == null) {
                throw new HttpException(401);
            }
        }
        switch (wwwAuthenticateHeader.authScheme) {
            case BASIC:
                bearerAuthModifier = basicAuthModifier(passwordRecord.getUsername(), passwordRecord.getPassword());
                break;
            case DIGEST:
                bearerAuthModifier = DigestLib.digestAuthModifier(wwwAuthenticateHeader, passwordRecord.getUsername(), passwordRecord.getPassword(), httpRequest.method(), HttpLib.requestTargetServer(httpRequest.uri()));
                break;
            case BEARER:
                bearerAuthModifier = bearerAuthModifier(HttpLib.endpoint(httpRequest.uri().toString()), wwwAuthenticateHeader);
                break;
            case UNKNOWN:
                return httpResponse;
            default:
                throw new HttpException("Not an authentication scheme -- " + wwwAuthenticateHeader.authScheme);
        }
        if (bearerAuthModifier == null) {
            return httpResponse;
        }
        AuthEnv.get().registerAuthModifier(httpRequest.uri().toString(), bearerAuthModifier);
        return HttpLib.executeJDK(httpClient, bearerAuthModifier.addAuth(HttpLib.createBuilder(httpRequest)).build(), bodyHandler);
    }

    private static AuthChallenge wwwAuthenticateHeader(HttpResponse<?> httpResponse) {
        List<String> allValues = httpResponse.headers().allValues(HttpNames.hWWWAuthenticate);
        if (allValues.size() == 0) {
            return null;
        }
        AuthChallenge authChallenge = null;
        for (String str : allValues) {
            AuthChallenge parse = AuthChallenge.parse(str);
            if (parse == null) {
                AuthEnv.LOG.warn("Bad authentication response - ignored: " + str);
                return null;
            }
            AuthScheme authScheme = parse.authScheme;
            switch (authScheme) {
                case BASIC:
                    if (authChallenge == null) {
                        authChallenge = parse;
                        break;
                    } else {
                        break;
                    }
                case DIGEST:
                    return parse;
                case BEARER:
                    return parse;
                case UNKNOWN:
                    AuthEnv.LOG.warn("Authentication required: " + authScheme);
                    break;
                default:
                    AuthEnv.LOG.warn("Unrecogized authentication response - ignored: " + str);
                    break;
            }
        }
        return authChallenge;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AuthRequestModifier basicAuthModifier(String str, String str2) {
        return builder -> {
            return builder.setHeader(HttpNames.hAuthorization, HttpLib.basicAuth(str, str2));
        };
    }

    private static AuthRequestModifier bearerAuthModifier(String str, AuthChallenge authChallenge) {
        String bearerToken = AuthEnv.get().getBearerToken(str, authChallenge);
        if (bearerToken == null) {
            return null;
        }
        if (bearerToken.contains(" ")) {
            throw new AuthException("Bad token - contains spaces");
        }
        return builder -> {
            return builder.setHeader(HttpNames.hAuthorization, "Bearer " + bearerToken);
        };
    }

    public static Authenticator authenticator(final String str, final String str2) {
        return new Authenticator() { // from class: org.apache.jena.http.auth.AuthLib.1
            @Override // java.net.Authenticator
            protected PasswordAuthentication getPasswordAuthentication() {
                return new PasswordAuthentication(str, str2.toCharArray());
            }
        };
    }

    public static PasswordAuthentication getPasswordAuthentication(Authenticator authenticator) {
        return authenticator.requestPasswordAuthenticationInstance(null, null, -1, null, null, null, null, null);
    }

    public static String base64enc(String str) {
        return Base64.getEncoder().encodeToString(str.getBytes(StandardCharsets.UTF_8));
    }

    public static String base64dec(String str) {
        try {
            return Bytes.bytes2string(Base64.getDecoder().decode(str));
        } catch (IllegalArgumentException e) {
            return null;
        }
    }
}
