package ch.cyberduck.core.http;

import ch.cyberduck.core.Credentials;
import ch.cyberduck.core.Host;
import ch.cyberduck.core.LocaleFactory;
import ch.cyberduck.core.LoginCallback;
import ch.cyberduck.core.LoginOptions;
import ch.cyberduck.core.ProxyCredentialsStore;
import ch.cyberduck.core.ProxyCredentialsStoreFactory;
import ch.cyberduck.core.exception.LoginCanceledException;
import ch.cyberduck.core.preferences.Preferences;
import ch.cyberduck.core.preferences.PreferencesFactory;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Queue;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthOption;
import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthSchemeProvider;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.MalformedChallengeException;
import org.apache.http.auth.NTCredentials;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.config.Lookup;
import org.apache.http.impl.auth.win.WindowsCredentialsProvider;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.ProxyAuthenticationStrategy;
import org.apache.http.impl.client.WinHttpClients;
import org.apache.http.protocol.HttpContext;
import org.apache.log4j.Logger;

/* loaded from: input_file:ch/cyberduck/core/http/CallbackProxyAuthenticationStrategy.class */
public class CallbackProxyAuthenticationStrategy extends ProxyAuthenticationStrategy {
    private static final String PROXY_CREDENTIALS_INPUT_ID = "cyberduck.credentials.input";
    private final Preferences preferences;
    private final Host bookmark;
    private final LoginCallback prompt;
    private final ProxyCredentialsStore keychain;
    private static final Logger log = Logger.getLogger(CallbackProxyAuthenticationStrategy.class);
    private static final List<String> DEFAULT_SCHEME_PRIORITY = Collections.unmodifiableList(Arrays.asList("Negotiate", "Kerberos", "NTLM", "CredSSP", "Digest", "Basic"));
    private static final List<String> IWA_SCHEME_PRIORITY = Collections.unmodifiableList(Arrays.asList("Negotiate", "NTLM"));

    public CallbackProxyAuthenticationStrategy(Host host, LoginCallback loginCallback) {
        this(ProxyCredentialsStoreFactory.get(), host, loginCallback);
    }

    public CallbackProxyAuthenticationStrategy(ProxyCredentialsStore proxyCredentialsStore, Host host, LoginCallback loginCallback) {
        this.preferences = PreferencesFactory.get();
        this.keychain = proxyCredentialsStore;
        this.bookmark = host;
        this.prompt = loginCallback;
    }

    public Queue<AuthOption> select(Map<String, Header> map, HttpHost httpHost, HttpResponse httpResponse, HttpContext httpContext) throws MalformedChallengeException {
        AuthSchemeProvider authSchemeProvider;
        HttpClientContext adapt = HttpClientContext.adapt(httpContext);
        LinkedList linkedList = new LinkedList();
        Lookup authSchemeRegistry = adapt.getAuthSchemeRegistry();
        if (authSchemeRegistry == null) {
            return linkedList;
        }
        Collection<String> proxyPreferredAuthSchemes = adapt.getRequestConfig().getProxyPreferredAuthSchemes();
        if (proxyPreferredAuthSchemes == null) {
            proxyPreferredAuthSchemes = DEFAULT_SCHEME_PRIORITY;
        }
        if (this.preferences.getBoolean("connection.proxy.windows.authentication.enable") && WinHttpClients.isWinAuthAvailable()) {
            for (String str : IWA_SCHEME_PRIORITY) {
                Header header = map.get(str.toLowerCase(Locale.ROOT));
                if (header != null && (authSchemeProvider = (AuthSchemeProvider) authSchemeRegistry.lookup(str)) != null) {
                    AuthScheme create = authSchemeProvider.create(httpContext);
                    create.processChallenge(header);
                    AuthScope authScope = new AuthScope(httpHost.getHostName(), httpHost.getPort(), create.getRealm(), create.getSchemeName());
                    if (log.isDebugEnabled()) {
                        log.debug(String.format("Add authentication options for scheme %s", proxyPreferredAuthSchemes));
                    }
                    linkedList.add(new AuthOption(create, new WindowsCredentialsProvider(null == adapt.getCredentialsProvider() ? new BasicCredentialsProvider() : adapt.getCredentialsProvider()).getCredentials(authScope)));
                }
            }
            if (!linkedList.isEmpty()) {
                return linkedList;
            }
        }
        Credentials credentials = this.keychain.getCredentials(httpHost.toURI());
        if (StringUtils.isEmpty(credentials.getPassword())) {
            try {
                credentials = this.prompt.prompt(this.bookmark, "", String.format("%s %s", LocaleFactory.localizedString("Login", "Login"), httpHost.getHostName()), MessageFormat.format(LocaleFactory.localizedString("Login {0} with username and password", "Credentials"), httpHost.getHostName()), new LoginOptions().icon(this.bookmark.getProtocol().disk()).usernamePlaceholder(LocaleFactory.localizedString("Username", "Credentials")).passwordPlaceholder(LocaleFactory.localizedString("Password", "Credentials")).user(true).password(true));
                if (credentials.isSaved()) {
                    httpContext.setAttribute(PROXY_CREDENTIALS_INPUT_ID, credentials);
                }
            } catch (LoginCanceledException e) {
                throw new MalformedChallengeException(e.getMessage(), e);
            }
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Authentication schemes in the order of preference: %s", proxyPreferredAuthSchemes));
        }
        for (String str2 : proxyPreferredAuthSchemes) {
            Header header2 = map.get(str2.toLowerCase(Locale.ROOT));
            if (header2 != null) {
                AuthSchemeProvider authSchemeProvider2 = (AuthSchemeProvider) authSchemeRegistry.lookup(str2);
                if (authSchemeProvider2 != null) {
                    AuthScheme create2 = authSchemeProvider2.create(httpContext);
                    create2.processChallenge(header2);
                    linkedList.add(new AuthOption(create2, new NTCredentials(credentials.getUsername(), credentials.getPassword(), this.preferences.getProperty("webdav.ntlm.workstation"), this.preferences.getProperty("webdav.ntlm.domain"))));
                }
            } else if (log.isDebugEnabled()) {
                log.debug(String.format("Challenge for %s authentication scheme not available", str2));
            }
        }
        return linkedList;
    }

    public void authSucceeded(HttpHost httpHost, AuthScheme authScheme, HttpContext httpContext) {
        HttpClientContext adapt = HttpClientContext.adapt(httpContext);
        Credentials credentials = (Credentials) adapt.getAttribute(PROXY_CREDENTIALS_INPUT_ID, Credentials.class);
        if (null != credentials) {
            adapt.removeAttribute(PROXY_CREDENTIALS_INPUT_ID);
            if (log.isInfoEnabled()) {
                log.info(String.format("Save passphrase for proxy %s", httpHost));
            }
            this.keychain.addCredentials(httpHost.toURI(), credentials.getUsername(), credentials.getPassword());
        }
        super.authSucceeded(httpHost, authScheme, httpContext);
    }

    public void authFailed(HttpHost httpHost, AuthScheme authScheme, HttpContext httpContext) {
        this.keychain.deleteCredentials(httpHost.getHostName());
        super.authFailed(httpHost, authScheme, httpContext);
    }
}
