package com.citrix.auth.impl;

import com.citrix.auth.AMUrl;
import com.citrix.auth.AuthManRequestParams;
import com.citrix.auth.LoopingAuthManRequest;
import com.citrix.auth.StoreConfiguration;
import com.citrix.auth.exceptions.AuthManException;
import com.citrix.auth.exceptions.ClientCertificateException;
import com.citrix.auth.exceptions.NetworkException;
import com.citrix.auth.impl.messages.AuthChallenge;
import java.io.IOException;
import java.net.URI;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.message.BasicHeader;
import org.apache.http.protocol.HttpContext;

/* loaded from: classes.dex */
public class LoopingAuthManRequestImpl implements LoopingAuthManRequest {
    static int challengeCount = 0;
    private AgSession m_agSession;
    private HttpRequestBase m_authorizedRequest;
    private AuthChallenge m_currentAuthChallenge;
    private final Gateway m_gatewayForOnGatewayRequest;
    private boolean m_invalidAgSession;
    private int m_maxPrepareCount;
    private final HttpRequestBase m_originalHttpRequest;
    private int m_prepareCount;
    private final InternalRequestParams m_requestParams;
    private final AMUrl m_requestUrl;
    private int m_retriesDueToClientCertificate;
    private int m_retriesDueToNetworkConectivityFailure;
    private TokenData m_secondaryToken;
    private String m_lastChallengeReason = null;
    private final int m_maxNetworkConnectivityFailureRetries = 1;
    private final int m_maxClientCertificateExceptionRetries = 1;
    private boolean m_hasKeyManager = false;
    private boolean m_shouldRetryAfterResponse = true;

    public LoopingAuthManRequestImpl(HttpRequestBase httpRequestBase, InternalRequestParams internalRequestParams) throws AuthManException {
        this.m_requestParams = internalRequestParams;
        this.m_originalHttpRequest = httpRequestBase;
        AuthManRequestParams callerParams = internalRequestParams.getCallerParams();
        if (callerParams.getGatewayForOnGatewayResourceRequest() == null) {
            this.m_maxPrepareCount = 6;
            this.m_gatewayForOnGatewayRequest = null;
            this.m_requestUrl = new AMUrl(httpRequestBase.getURI());
            return;
        }
        this.m_maxPrepareCount = 2;
        this.m_gatewayForOnGatewayRequest = Gateway.create(callerParams.getGatewayForOnGatewayResourceRequest());
        URI uri = httpRequestBase.getURI();
        if (uri.getHost() == null) {
            this.m_requestUrl = new AMUrl("https://placeholder" + uri.toString());
            return;
        }
        this.m_requestUrl = new AMUrl(uri);
        AMUrl logonPointUrl = callerParams.getGatewayForOnGatewayResourceRequest().getLogonPointUrl();
        if (!this.m_requestUrl.getScheme().equals(logonPointUrl.getScheme()) && this.m_requestUrl.getHostName().equals(logonPointUrl.getHostName()) && this.m_requestUrl.getPort() == logonPointUrl.getPort()) {
            Utils.msg("LoopingAuthManRequestImpl: An on-gateway URL request is not for the same server as the specified gateway! Gateway: '%s' and Request URL: '%s'", logonPointUrl.getCanonicalURL(), this.m_requestUrl.getCanonicalURL());
        }
    }

    private void checkPrepareCount() throws AuthManException {
        if (this.m_prepareCount > this.m_maxPrepareCount) {
            throw AuthManException.maxAuthLoopAttemptsExceeded();
        }
    }

    private void extractCitrixAuthChallengeIfPresent(HttpResponse httpResponse) throws AuthManException {
        if (this.m_gatewayForOnGatewayRequest == null) {
            this.m_currentAuthChallenge = StorefrontAuth.extractCitrixAuthChallengeIfPresent(httpResponse, this.m_requestUrl);
            if (this.m_currentAuthChallenge != null) {
                String athenaAuthDomain = this.m_requestParams.getCallerParams().getAthenaAuthDomain();
                if (athenaAuthDomain != null) {
                    this.m_currentAuthChallenge.patchRealmWithAthenaAuthDomain(athenaAuthDomain);
                }
                String str = this.m_lastChallengeReason;
                String reason = this.m_currentAuthChallenge.getReason();
                this.m_lastChallengeReason = reason;
                if (!StorefrontChallengeReasons.TokenNoToken.equals(reason) && str != null && reason.equals(str)) {
                    throw AuthManException.protocolError("Got the same challenge reason twice in a row; reason='%s'", reason);
                }
            }
        }
    }

    private void generateAuthorizedRequest() throws AuthManException {
        this.m_authorizedRequest = AuthHttpUtils.cloneRequest(this.m_originalHttpRequest);
        if (this.m_secondaryToken != null) {
            this.m_authorizedRequest.setHeader(new BasicHeader("Authorization", "CitrixAuth " + this.m_secondaryToken.getTokenValue().getTokenString()));
        }
        if (this.m_agSession != null) {
            if (this.m_gatewayForOnGatewayRequest != null) {
                this.m_authorizedRequest.setURI(AuthHttpUtils.constructUrlFromHostRelativePath(this.m_agSession.getSessionGateway().getIdUrl(), this.m_requestUrl.getPathAndQuery()).toURI());
            } else {
                this.m_authorizedRequest.setURI(this.m_agSession.translateUrl(this.m_requestUrl).toURI());
            }
            AuthHttpUtils.applyHeadersToRequest(this.m_authorizedRequest, this.m_agSession.getProxyAccessHeaders());
        }
    }

    private void generateCitrixAuthHeader() throws AuthManException {
        this.m_secondaryToken = null;
        if (this.m_gatewayForOnGatewayRequest != null) {
            Utils.amLog("Request is specifically for gateway so skipping token auth processing.");
            return;
        }
        if (this.m_currentAuthChallenge == null) {
            this.m_secondaryToken = getTokenCaches().getLikelySecondaryTokenByServiceUrl(this.m_requestUrl);
            if (this.m_secondaryToken != null) {
                Utils.amLog("Selected a likely token based on the URL");
                return;
            }
            return;
        }
        ProtScope protScope = new ProtScope(this.m_currentAuthChallenge);
        Utils.amLog("Checking for cached secondary token with prot scope=%s", protScope);
        this.m_secondaryToken = getTokenCaches().getSecondaryTokenByProtScope(protScope);
        if (this.m_secondaryToken == null) {
            getStorefrontAuth().generateSecondaryTokenForChallenge(this.m_currentAuthChallenge);
            this.m_secondaryToken = getTokenCaches().getSecondaryTokenByProtScope(protScope);
        }
    }

    private GatewayAuth getGatewayAuth() {
        return new GatewayAuth(this.m_requestParams);
    }

    private StorefrontAuth getStorefrontAuth() {
        return new StorefrontAuth(this.m_requestParams);
    }

    private TokenCaches getTokenCaches() {
        return this.m_requestParams.getTokenCaches();
    }

    private void refetchClientCertificateOrRethrow(ClientCertificateException clientCertificateException) throws AuthManException {
        if (!this.m_requestParams.hasAKeyManager()) {
            Utils.amLog("LoopingAuthManRequestImpl.refetchClientCertificate No client certificate was previously used so throwing ClientCertificateException");
            throw clientCertificateException;
        }
        int i = this.m_retriesDueToClientCertificate;
        this.m_retriesDueToClientCertificate = i + 1;
        if (i >= 1) {
            Utils.amLog("LoopingAuthManRequestImpl.refetchClientCertificate exceeded client certificate retry limit. Throwing ClientCertificateException");
            throw clientCertificateException;
        }
        if (this.m_requestParams.getClientDependencies().refetchCertificate(this.m_requestParams.getStoreId())) {
            return;
        }
        Utils.amLog("LoopingAuthManRequestImpl.refetchClientCertificate could not get certificate for store!");
        throw clientCertificateException;
    }

    private void updateGatewayInfo() throws AuthManException {
        Utils.block("LoopingAuthManRequestImpl.updateGatewayInfo");
        this.m_agSession = getGatewayAuth().retrieveOrCreateAgSessionIfNeededToAccessStore();
    }

    private void updateNetworkConnectivityOrRethrow(NetworkException networkException) throws AuthManException {
        StoreConfiguration store = this.m_requestParams.getStore();
        Utils.amLog("updateNetworkConnectivityOrRethrow: Starts. Store is %s", store.getStoreId());
        int i = this.m_retriesDueToNetworkConectivityFailure;
        this.m_retriesDueToNetworkConectivityFailure = i + 1;
        if (i >= 1) {
            String format = Utils.format("updateNetworkConnectivityOrRethrow: Rethrowing network problem because there have already been %d network location updates.", Integer.valueOf(this.m_retriesDueToNetworkConectivityFailure));
            Utils.amLog(format);
            networkException.addInfo(format);
            throw networkException;
        }
        ConnectivitySupport connectivitySupport = this.m_requestParams.getDependencies().getConnectivitySupport();
        if (!connectivitySupport.updateLocationForStore(store, this.m_requestParams.getOperationCanceller())) {
            Utils.amLog("updateNetworkConnectivityOrRethrow: The network route has not changed after attempting to update the location so rethrowing.");
            networkException.addInfo("updateNetworkConnectivityOrRethrow: The network route has not changed after attempting to update the location so rethrowing.");
            throw networkException;
        }
        if (connectivitySupport.getRouteForResource(store) == null) {
            Utils.amLog("updateNetworkConnectivityOrRethrow: There is no connectivity to store so throwing new NetworkException");
            throw AuthManException.noConnectivity(networkException, "No connectivity to store " + store.getStoreId());
        }
        Utils.amLog("updateNetworkConnectivityOrRethrow: The route has changed for store %s", store.getStoreId());
    }

    @Override // com.citrix.auth.LoopingAuthManRequest
    public HttpRequestBase getAuthorizedRequest() {
        return this.m_authorizedRequest;
    }

    @Override // com.citrix.auth.LoopingAuthManRequest
    public HttpClient getHttpClient() throws AuthManException {
        HttpClientWrapper httpClient = this.m_requestParams.getHttpClient(this.m_authorizedRequest);
        this.m_hasKeyManager = httpClient.getKeyManager() != null;
        return httpClient;
    }

    @Override // com.citrix.auth.LoopingAuthManRequest
    public HttpContext getHttpContext() throws AuthManException {
        return this.m_requestParams.getHttpContext(this.m_authorizedRequest);
    }

    @Override // com.citrix.auth.LoopingAuthManRequest
    public void prepare() throws AuthManException {
        boolean z;
        Utils.amLog("LoopingAuthManRequestImpl.prepare");
        this.m_requestParams.throwIfRequestAborted();
        this.m_prepareCount++;
        do {
            z = false;
            try {
                if (!this.m_shouldRetryAfterResponse) {
                    throw AuthManException.systemError("Called Prepare when the last call to shouldRetryAfterResponse indicated that was not needed");
                    break;
                }
                checkPrepareCount();
                generateCitrixAuthHeader();
                updateGatewayInfo();
                generateAuthorizedRequest();
            } catch (ClientCertificateException e) {
                Utils.amLog("LoopingAuthManRequestImpl.prepare caught ClientCertificateException.");
                refetchClientCertificateOrRethrow(e);
                z = true;
            } catch (NetworkException e2) {
                Utils.amLog("LoopingAuthManRequestImpl.prepare caught NetworkException.");
                updateNetworkConnectivityOrRethrow(e2);
                z = true;
            } catch (AuthManException e3) {
                e3.addInfo("During LoopingAuthManRequestImpl.prepare m_requestUrl='%s'", this.m_requestUrl);
                Utils.amLog("prepare rethrowing exception: %s", e3.toVerboseString());
                throw e3;
            }
        } while (z);
    }

    @Override // com.citrix.auth.LoopingAuthManRequest
    public boolean shouldRetryAfterResponse(HttpResponse httpResponse, IOException iOException) throws AuthManException {
        boolean z;
        boolean z2 = true;
        Object[] objArr = new Object[2];
        objArr[0] = httpResponse == null ? "null" : httpResponse.getStatusLine();
        objArr[1] = iOException == null ? "null" : iOException.getClass().getName();
        Utils.amLog("LoopingAuthManRequestImpl.shouldRetryAfterResponse %s Exception: %s", objArr);
        try {
            try {
                this.m_shouldRetryAfterResponse = true;
                this.m_currentAuthChallenge = null;
                this.m_requestParams.throwIfRequestAborted();
                AuthManException requestError = AuthHttpUtils.getRequestError(getAuthorizedRequest(), httpResponse, iOException, this.m_hasKeyManager, "IOException during LoopingAuthManRequestImpl.shouldRetryAfterResponse");
                if (requestError != null) {
                    if (requestError instanceof ClientCertificateException) {
                        refetchClientCertificateOrRethrow((ClientCertificateException) requestError);
                        this.m_maxPrepareCount++;
                        this.m_shouldRetryAfterResponse = true;
                        z = this.m_shouldRetryAfterResponse;
                    } else {
                        if (!(requestError instanceof NetworkException)) {
                            throw requestError;
                        }
                        updateNetworkConnectivityOrRethrow((NetworkException) requestError);
                        this.m_maxPrepareCount++;
                        this.m_shouldRetryAfterResponse = true;
                        z = this.m_shouldRetryAfterResponse;
                        if (this.m_shouldRetryAfterResponse || 0 != 0) {
                            AuthHttpUtils.consumeResponse(httpResponse);
                        }
                        if (0 == 0 && this.m_shouldRetryAfterResponse) {
                            z2 = false;
                        }
                        if (z2) {
                            this.m_requestParams.getDependencies().getPersistenceManager().saveStateIfRequired(false);
                        }
                    }
                } else {
                    if (httpResponse == null) {
                        throw new IllegalArgumentException("shouldRetryAfterResponse was passed a null httpResponse but no exception!");
                    }
                    this.m_invalidAgSession = AgSession.doesHttpResultIndicateInvalidSession(this.m_agSession, httpResponse);
                    if (!this.m_invalidAgSession) {
                        extractCitrixAuthChallengeIfPresent(httpResponse);
                    }
                    this.m_shouldRetryAfterResponse = this.m_invalidAgSession || this.m_currentAuthChallenge != null;
                    if (this.m_shouldRetryAfterResponse) {
                        AuthHttpUtils.consumeResponse(httpResponse);
                    }
                    if (this.m_invalidAgSession) {
                        Utils.msg("Invalid AG session");
                        getGatewayAuth().reportInvalidAgSession(this.m_agSession);
                    }
                    if (this.m_currentAuthChallenge != null) {
                        getTokenCaches().addServiceRootHint(this.m_currentAuthChallenge);
                        getStorefrontAuth().reportChallenge(this.m_secondaryToken, this.m_currentAuthChallenge);
                    }
                    Object[] objArr2 = new Object[2];
                    objArr2[0] = Boolean.valueOf(this.m_shouldRetryAfterResponse);
                    objArr2[1] = this.m_shouldRetryAfterResponse ? "more auth needed" : "auth complete";
                    Utils.amLog("shouldRetryAfterResponse returns %s (%s)", objArr2);
                    z = this.m_shouldRetryAfterResponse;
                    if (this.m_shouldRetryAfterResponse || 0 != 0) {
                        AuthHttpUtils.consumeResponse(httpResponse);
                    }
                    if (0 == 0 && this.m_shouldRetryAfterResponse) {
                        z2 = false;
                    }
                    if (z2) {
                        this.m_requestParams.getDependencies().getPersistenceManager().saveStateIfRequired(false);
                    }
                }
                return z;
            } catch (AuthManException e) {
                e.addInfo("During LoopingAuthManRequestImpl.shouldRetryAfterResponse m_requestUrl='%s'", this.m_requestUrl);
                Utils.amLog("shouldRetryAfterResponse rethrowing exception: %s", e.toVerboseString());
                throw e;
            }
        } finally {
            if (this.m_shouldRetryAfterResponse || 0 != 0) {
                AuthHttpUtils.consumeResponse(httpResponse);
            }
            if (0 == 0 && this.m_shouldRetryAfterResponse) {
                z2 = false;
            }
            if (z2) {
                this.m_requestParams.getDependencies().getPersistenceManager().saveStateIfRequired(false);
            }
        }
    }
}
