package dev.galasa.docker.internal;

import com.google.gson.JsonObject;
import com.google.gson.JsonSyntaxException;
import dev.galasa.ICredentials;
import dev.galasa.ICredentialsToken;
import dev.galasa.ICredentialsUsername;
import dev.galasa.ICredentialsUsernamePassword;
import dev.galasa.ICredentialsUsernameToken;
import dev.galasa.docker.DockerManagerException;
import dev.galasa.docker.internal.properties.DockerImagePrefix;
import dev.galasa.docker.internal.properties.DockerRegistryCredentials;
import dev.galasa.docker.internal.properties.DockerRegistryURL;
import dev.galasa.framework.spi.IFramework;
import dev.galasa.framework.spi.creds.CredentialsException;
import dev.galasa.framework.spi.creds.ICredentialsService;
import dev.galasa.http.HttpClientException;
import dev.galasa.http.HttpClientResponse;
import dev.galasa.http.IHttpClient;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.Base64;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:dev/galasa/docker/internal/DockerRegistryImpl.class */
public class DockerRegistryImpl {
    private IFramework framework;
    private DockerManagerImpl dockerManager;
    private String registryId;
    private ICredentialsService credService;
    private String registryRealmType;
    private URL registryRealmURL;
    private String authToken;
    private IHttpClient client;
    private IHttpClient realmClient;
    private static final Log logger = LogFactory.getLog(DockerRegistryImpl.class);
    private URL registryUrl = DockerRegistryURL.get(this);
    private String prefix = DockerImagePrefix.get(this);

    public DockerRegistryImpl(IFramework iFramework, DockerManagerImpl dockerManagerImpl, String str) throws DockerManagerException {
        this.framework = iFramework;
        this.dockerManager = dockerManagerImpl;
        this.registryId = str;
        this.client = dockerManagerImpl.getHttpManager().newHttpClient();
        this.realmClient = dockerManagerImpl.getHttpManager().newHttpClient();
        try {
            this.client.setURI(this.registryUrl.toURI());
            this.credService = iFramework.getCredentialsService();
        } catch (CredentialsException e) {
            logger.error("Could not access credential store from framework.", e);
            throw new DockerManagerException("Could not access credential store from framework.", e);
        } catch (URISyntaxException e2) {
            logger.error("Registry URL is incompatible", e2);
            throw new DockerManagerException("Could not parse Docker registry URL.", e2);
        }
    }

    public boolean doYouHave(DockerImageImpl dockerImageImpl) {
        try {
            registryAuthenticate(dockerImageImpl);
            String str = "/v2/" + getPrefix() + dockerImageImpl.getImageName() + "/manifests/" + dockerImageImpl.getTag();
            logger.trace("Checking if image is available at location: " + str);
            return this.client.getJson(str).getStatusCode() == 200;
        } catch (DockerManagerException e) {
            logger.trace("Failed to access registry", e);
            return false;
        } catch (ClassCastException e2) {
            logger.trace("Invalid JSON returned from Docker Registry\n" + ((String) null), e2);
            return false;
        } catch (IllegalStateException e3) {
            return false;
        } catch (HttpClientException e4) {
            return false;
        }
    }

    public void registryAuthenticate(DockerImageImpl dockerImageImpl) throws DockerManagerException {
        if (!retrieveRealm(dockerImageImpl)) {
            logger.info("No authentication required");
        } else if ("Bearer realm".equalsIgnoreCase(this.registryRealmType)) {
            this.authToken = retrieveBearerToken();
        } else if ("Basic realm".equalsIgnoreCase(this.registryRealmType)) {
            this.authToken = retrieveBasicToken();
        }
    }

    public String retrieveBearerToken() throws DockerManagerException {
        try {
            this.realmClient.setURI(this.registryRealmURL.toURI());
            HttpClientResponse json = this.realmClient.getJson("");
            if (json.getStatusCode() == 200) {
                String asString = ((JsonObject) json.getContent()).get("token").getAsString();
                this.client.addCommonHeader("Authorization", "Bearer " + asString);
                return asString;
            }
            if (json.getStatusCode() == 401) {
                Map map = json.getheaders();
                for (String str : map.keySet()) {
                    if (str.equalsIgnoreCase("WWW-Authenticate")) {
                        if ("Basic realm".equals(parseAuthRealmType((String) map.get(str)))) {
                            return retrieveBasicToken();
                        }
                        throw new DockerManagerException("Dont know how to authenticate to registry: " + this.registryUrl);
                    }
                }
            }
            throw new DockerManagerException("Failed to retrieve token from:" + this.registryRealmURL);
        } catch (HttpClientException | URISyntaxException e) {
            throw new DockerManagerException("Failed to connect to: " + this.registryRealmURL);
        }
    }

    public String retrieveBasicToken() throws DockerManagerException {
        try {
            ICredentialsUsernamePassword creds = getCreds();
            if (creds instanceof ICredentialsUsernamePassword) {
                String username = ((ICredentialsUsername) creds).getUsername();
                String password = creds.getPassword();
                this.client.setAuthorisation(username, password);
                this.client.build();
                return generateDockerRegistryAuthStructure(username, password);
            }
            if (creds instanceof ICredentialsUsernameToken) {
                throw new DockerManagerException("Username tokens are not yet supported");
            }
            if (creds instanceof ICredentialsUsername) {
                throw new DockerManagerException("Username credentials are not yet supported");
            }
            if (creds instanceof ICredentialsToken) {
                throw new DockerManagerException("Tokens are not yet supported");
            }
            throw new DockerManagerException("Couldnt generate token");
        } catch (DockerManagerException | CredentialsException e) {
            throw new DockerManagerException("Couldnt locate credentials to generate token", e);
        }
    }

    public ICredentials getCreds() throws DockerManagerException, CredentialsException {
        return this.credService.getCredentials(DockerRegistryCredentials.get(this));
    }

    boolean retrieveRealm(DockerImageImpl dockerImageImpl) throws DockerManagerException {
        String str = "/v2/" + getPrefix() + dockerImageImpl.getImageName() + "/manifests/" + dockerImageImpl.getTag();
        try {
            HttpClientResponse json = this.client.getJson(str);
            if (json.getStatusCode() == 200) {
                return false;
            }
            if (json.getStatusCode() == 401) {
                Map map = json.getheaders();
                for (String str2 : map.keySet()) {
                    if (str2.equalsIgnoreCase("WWW-Authenticate")) {
                        this.registryRealmType = parseAuthRealmType((String) map.get(str2));
                        if (this.registryRealmType.equals("")) {
                            throw new DockerManagerException("Registry location '" + str + "' not found. Check to ensure image registry path is correct.");
                        }
                        if ("BASIC realm".equalsIgnoreCase(this.registryRealmType)) {
                            return true;
                        }
                        this.registryRealmURL = parseAuthRealmURL((String) map.get(str2));
                        return true;
                    }
                }
            }
            throw new DockerManagerException("Failed to authenticate, and authentication is required.");
        } catch (HttpClientException | MalformedURLException | JsonSyntaxException e) {
            throw new DockerManagerException("Failed to connect to registry.", e);
        }
    }

    private String parseAuthRealmType(String str) {
        return str.split("=")[0];
    }

    private URL parseAuthRealmURL(String str) throws MalformedURLException {
        String replaceAll = str.replaceAll("\"", "");
        String[] split = replaceAll.substring(replaceAll.indexOf("=") + 1).split(",");
        StringBuilder sb = new StringBuilder();
        sb.append(split[0]);
        sb.append("?");
        for (int i = 1; i < split.length; i++) {
            sb.append(split[i]);
            if (i != split.length - 1) {
                sb.append("&");
            }
        }
        return new URL(sb.toString());
    }

    private String generateDockerRegistryAuthStructure(String str, String str2) {
        JsonObject jsonObject = new JsonObject();
        jsonObject.addProperty("username", str);
        jsonObject.addProperty("password", str2);
        return Base64.getEncoder().encodeToString(jsonObject.toString().getBytes());
    }

    public String getHost() {
        return this.registryUrl.getPort() != -1 ? this.registryUrl.getHost() + ":" + this.registryUrl.getPort() : this.registryUrl.getHost();
    }

    public String getPrefix() {
        return this.prefix;
    }

    public String getAuthToken() {
        return this.authToken;
    }

    public String getId() {
        return this.registryId;
    }
}
