package com.hazelcast.org.apache.calcite.avatica.remote;

import com.hazelcast.org.apache.hc.client5.http.ClientProtocolException;
import com.hazelcast.org.apache.hc.client5.http.SystemDefaultDnsResolver;
import com.hazelcast.org.apache.hc.client5.http.auth.AuthSchemeFactory;
import com.hazelcast.org.apache.hc.client5.http.auth.AuthScope;
import com.hazelcast.org.apache.hc.client5.http.auth.Credentials;
import com.hazelcast.org.apache.hc.client5.http.auth.CredentialsProvider;
import com.hazelcast.org.apache.hc.client5.http.auth.KerberosConfig;
import com.hazelcast.org.apache.hc.client5.http.auth.KerberosCredentials;
import com.hazelcast.org.apache.hc.client5.http.auth.StandardAuthScheme;
import com.hazelcast.org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
import com.hazelcast.org.apache.hc.client5.http.classic.methods.HttpPost;
import com.hazelcast.org.apache.hc.client5.http.impl.auth.BasicAuthCache;
import com.hazelcast.org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
import com.hazelcast.org.apache.hc.client5.http.impl.auth.BasicSchemeFactory;
import com.hazelcast.org.apache.hc.client5.http.impl.auth.DigestSchemeFactory;
import com.hazelcast.org.apache.hc.client5.http.impl.auth.SPNegoSchemeFactory;
import com.hazelcast.org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import com.hazelcast.org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
import com.hazelcast.org.apache.hc.client5.http.impl.classic.HttpClients;
import com.hazelcast.org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
import com.hazelcast.org.apache.hc.client5.http.protocol.HttpClientContext;
import com.hazelcast.org.apache.hc.client5.http.socket.ConnectionSocketFactory;
import com.hazelcast.org.apache.hc.core5.http.ClassicHttpRequest;
import com.hazelcast.org.apache.hc.core5.http.ContentType;
import com.hazelcast.org.apache.hc.core5.http.NoHttpResponseException;
import com.hazelcast.org.apache.hc.core5.http.config.Lookup;
import com.hazelcast.org.apache.hc.core5.http.config.Registry;
import com.hazelcast.org.apache.hc.core5.http.config.RegistryBuilder;
import com.hazelcast.org.apache.hc.core5.http.io.entity.ByteArrayEntity;
import com.hazelcast.org.apache.hc.core5.http.io.entity.EntityUtils;
import com.hazelcast.org.apache.hc.core5.http.protocol.HttpContext;
import com.hazelcast.org.slf4j.Logger;
import com.hazelcast.org.slf4j.LoggerFactory;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.Principal;
import java.util.Objects;
import org.ietf.jgss.GSSCredential;

/* loaded from: input_file:com/hazelcast/org/apache/calcite/avatica/remote/AvaticaCommonsHttpClientImpl.class */
public class AvaticaCommonsHttpClientImpl implements AvaticaHttpClient, HttpClientPoolConfigurable, UsernamePasswordAuthenticateable, GSSAuthenticateable {
    private static final boolean STRIP_PORT_ON_SERVER_LOOKUP = true;
    protected final URI uri;
    protected BasicAuthCache authCache;
    protected CloseableHttpClient client;
    protected Registry<ConnectionSocketFactory> socketFactoryRegistry;
    protected PoolingHttpClientConnectionManager pool;
    protected UsernamePasswordCredentials credentials = null;
    protected CredentialsProvider credentialsProvider = null;
    protected Lookup<AuthSchemeFactory> authRegistry = null;
    protected Object userToken;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AvaticaCommonsHttpClientImpl.class);
    private static final boolean USE_CANONICAL_HOSTNAME = Boolean.parseBoolean(System.getProperty("avatica.http.spnego.use_canonical_hostname", "true"));
    private static final KerberosConfig KERBEROS_CONFIG = KerberosConfig.custom().setStripPort(true).setUseCanonicalHostname(USE_CANONICAL_HOSTNAME).build();
    private static AuthScope anyAuthScope = new AuthScope(null, -1);

    /* loaded from: input_file:com/hazelcast/org/apache/calcite/avatica/remote/AvaticaCommonsHttpClientImpl$EmptyCredentials.class */
    private static class EmptyCredentials implements Credentials {
        public static final EmptyCredentials INSTANCE = new EmptyCredentials();

        private EmptyCredentials() {
        }

        @Override // com.hazelcast.org.apache.hc.client5.http.auth.Credentials
        public char[] getPassword() {
            return null;
        }

        @Override // com.hazelcast.org.apache.hc.client5.http.auth.Credentials
        public Principal getUserPrincipal() {
            return null;
        }
    }

    public AvaticaCommonsHttpClientImpl(URL url) {
        this.uri = toURI((URL) Objects.requireNonNull(url));
    }

    protected void initializeClient(PoolingHttpClientConnectionManager poolingHttpClientConnectionManager) {
        this.authCache = new BasicAuthCache();
        this.client = HttpClients.custom().setConnectionManager(poolingHttpClientConnectionManager).build();
    }

    @Override // com.hazelcast.org.apache.calcite.avatica.remote.AvaticaHttpClient
    public byte[] send(byte[] bArr) {
        HttpClientContext create;
        CloseableHttpResponse execute;
        int code;
        while (true) {
            create = HttpClientContext.create();
            if (null != this.credentialsProvider) {
                create.setCredentialsProvider(this.credentialsProvider);
                create.setAuthSchemeRegistry(this.authRegistry);
                create.setAuthCache(this.authCache);
            }
            if (null != this.userToken) {
                create.setUserToken(this.userToken);
            }
            ByteArrayEntity byteArrayEntity = new ByteArrayEntity(bArr, ContentType.APPLICATION_OCTET_STREAM);
            HttpPost httpPost = new HttpPost(this.uri);
            httpPost.setEntity(byteArrayEntity);
            try {
                execute = execute(httpPost, create);
                try {
                    code = execute.getCode();
                } catch (Throwable th) {
                    if (execute != null) {
                        try {
                            execute.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (NoHttpResponseException e) {
                LOG.debug("The server failed to issue an HTTP response, retrying");
            } catch (RuntimeException e2) {
                throw e2;
            } catch (Exception e3) {
                LOG.debug("Failed to execute HTTP request", (Throwable) e3);
                throw new RuntimeException(e3);
            }
            if (200 == code || 500 == code) {
                break;
            }
            if (503 != code) {
                throw new RuntimeException("Failed to execute HTTP Request, got HTTP/" + code);
            }
            LOG.debug("Failed to connect to server (HTTP/503), retrying");
            if (execute != null) {
                execute.close();
            }
        }
        this.userToken = create.getUserToken();
        byte[] byteArray = EntityUtils.toByteArray(execute.getEntity());
        if (execute != null) {
            execute.close();
        }
        return byteArray;
    }

    CloseableHttpResponse execute(HttpPost httpPost, HttpClientContext httpClientContext) throws IOException, ClientProtocolException {
        return this.client.execute((ClassicHttpRequest) httpPost, (HttpContext) httpClientContext);
    }

    @Override // com.hazelcast.org.apache.calcite.avatica.remote.UsernamePasswordAuthenticateable
    public void setUsernamePassword(AuthenticationType authenticationType, String str, String str2) {
        this.credentials = new UsernamePasswordCredentials((String) Objects.requireNonNull(str), ((String) Objects.requireNonNull(str2)).toCharArray());
        this.credentialsProvider = new BasicCredentialsProvider();
        ((BasicCredentialsProvider) this.credentialsProvider).setCredentials(anyAuthScope, this.credentials);
        RegistryBuilder create = RegistryBuilder.create();
        switch (authenticationType) {
            case BASIC:
                create.register(StandardAuthScheme.BASIC, new BasicSchemeFactory());
                break;
            case DIGEST:
                create.register(StandardAuthScheme.DIGEST, new DigestSchemeFactory());
                break;
            default:
                throw new IllegalArgumentException("Unsupported authentiation type: " + authenticationType);
        }
        this.authRegistry = create.build();
    }

    @Override // com.hazelcast.org.apache.calcite.avatica.remote.GSSAuthenticateable
    public void setGSSCredential(GSSCredential gSSCredential) {
        this.authRegistry = RegistryBuilder.create().register(StandardAuthScheme.SPNEGO, new SPNegoSchemeFactory(KERBEROS_CONFIG, SystemDefaultDnsResolver.INSTANCE)).build();
        this.credentialsProvider = new BasicCredentialsProvider();
        if (null != gSSCredential) {
            ((BasicCredentialsProvider) this.credentialsProvider).setCredentials(anyAuthScope, new KerberosCredentials(gSSCredential));
        } else {
            ((BasicCredentialsProvider) this.credentialsProvider).setCredentials(anyAuthScope, EmptyCredentials.INSTANCE);
        }
    }

    private static URI toURI(URL url) throws RuntimeException {
        try {
            return url.toURI();
        } catch (URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.hazelcast.org.apache.calcite.avatica.remote.HttpClientPoolConfigurable
    public void setHttpClientPool(PoolingHttpClientConnectionManager poolingHttpClientConnectionManager) {
        initializeClient(poolingHttpClientConnectionManager);
    }
}
