package com.google.cloud.tools.jib.registry;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpResponseException;
import com.google.cloud.tools.jib.event.EventDispatcher;
import com.google.cloud.tools.jib.event.events.LogEvent;
import com.google.cloud.tools.jib.global.JibSystemProperties;
import com.google.cloud.tools.jib.http.Authorization;
import com.google.cloud.tools.jib.http.Connection;
import com.google.cloud.tools.jib.http.Request;
import com.google.cloud.tools.jib.json.JsonTemplateMapper;
import com.google.cloud.tools.jib.registry.json.ErrorEntryTemplate;
import com.google.cloud.tools.jib.registry.json.ErrorResponseTemplate;
import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.net.ConnectException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.util.Iterator;
import java.util.Locale;
import java.util.function.Function;
import javax.annotation.Nullable;
import javax.net.ssl.SSLException;
import org.apache.http.NoHttpResponseException;

/* loaded from: input_file:com/google/cloud/tools/jib/registry/RegistryEndpointCaller.class */
class RegistryEndpointCaller<T> {

    @VisibleForTesting
    static final int STATUS_CODE_PERMANENT_REDIRECT = 308;
    private static final String DEFAULT_PROTOCOL = "https";
    private final EventDispatcher eventDispatcher;
    private final URL initialRequestUrl;
    private final String userAgent;
    private final RegistryEndpointProvider<T> registryEndpointProvider;

    @Nullable
    private final Authorization authorization;
    private final RegistryEndpointRequestProperties registryEndpointRequestProperties;
    private final boolean allowInsecureRegistries;
    private final Function<URL, Connection> connectionFactory;

    @Nullable
    private Function<URL, Connection> insecureConnectionFactory;

    private static boolean isHttpsProtocol(URL url) {
        return DEFAULT_PROTOCOL.equals(url.getProtocol());
    }

    @VisibleForTesting
    static boolean isBrokenPipe(IOException iOException) {
        IOException iOException2 = iOException;
        while (iOException2 != null) {
            String message = iOException2.getMessage();
            if (message != null && message.toLowerCase(Locale.US).contains("broken pipe")) {
                return true;
            }
            iOException2 = iOException2.getCause();
            if (iOException2 == iOException) {
                return false;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RegistryEndpointCaller(EventDispatcher eventDispatcher, String str, String str2, RegistryEndpointProvider<T> registryEndpointProvider, @Nullable Authorization authorization, RegistryEndpointRequestProperties registryEndpointRequestProperties, boolean z) throws MalformedURLException {
        this(eventDispatcher, str, str2, registryEndpointProvider, authorization, registryEndpointRequestProperties, z, Connection.getConnectionFactory(), null);
    }

    @VisibleForTesting
    RegistryEndpointCaller(EventDispatcher eventDispatcher, String str, String str2, RegistryEndpointProvider<T> registryEndpointProvider, @Nullable Authorization authorization, RegistryEndpointRequestProperties registryEndpointRequestProperties, boolean z, Function<URL, Connection> function, @Nullable Function<URL, Connection> function2) throws MalformedURLException {
        this.eventDispatcher = eventDispatcher;
        this.initialRequestUrl = registryEndpointProvider.getApiRoute("https://" + str2);
        this.userAgent = str;
        this.registryEndpointProvider = registryEndpointProvider;
        this.authorization = authorization;
        this.registryEndpointRequestProperties = registryEndpointRequestProperties;
        this.allowInsecureRegistries = z;
        this.connectionFactory = function;
        this.insecureConnectionFactory = function2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nullable
    public T call() throws IOException, RegistryException {
        return callWithAllowInsecureRegistryHandling(this.initialRequestUrl);
    }

    @Nullable
    private T callWithAllowInsecureRegistryHandling(URL url) throws IOException, RegistryException {
        if (!isHttpsProtocol(url) && !this.allowInsecureRegistries) {
            throw new InsecureRegistryException(url);
        }
        try {
            return call(url, this.connectionFactory);
        } catch (ConnectException e) {
            if (this.allowInsecureRegistries && isHttpsProtocol(url) && url.getPort() == -1) {
                return fallBackToHttp(url);
            }
            throw e;
        } catch (SSLException e2) {
            return handleUnverifiableServerException(url);
        }
    }

    @Nullable
    private T handleUnverifiableServerException(URL url) throws IOException, RegistryException {
        if (!this.allowInsecureRegistries) {
            throw new InsecureRegistryException(url);
        }
        try {
            this.eventDispatcher.dispatch(LogEvent.info("Cannot verify server at " + url + ". Attempting again with no TLS verification."));
            return call(url, getInsecureConnectionFactory());
        } catch (SSLException e) {
            return fallBackToHttp(url);
        }
    }

    @Nullable
    private T fallBackToHttp(URL url) throws IOException, RegistryException {
        GenericUrl genericUrl = new GenericUrl(url);
        genericUrl.setScheme("http");
        this.eventDispatcher.dispatch(LogEvent.info("Failed to connect to " + url + " over HTTPS. Attempting again with HTTP: " + genericUrl));
        return call(genericUrl.toURL(), this.connectionFactory);
    }

    private Function<URL, Connection> getInsecureConnectionFactory() throws RegistryException {
        try {
            if (this.insecureConnectionFactory == null) {
                this.insecureConnectionFactory = Connection.getInsecureConnectionFactory();
            }
            return this.insecureConnectionFactory;
        } catch (GeneralSecurityException e) {
            throw new RegistryException("cannot turn off TLS peer verification", e);
        }
    }

    @Nullable
    private T call(URL url, Function<URL, Connection> function) throws IOException, RegistryException {
        boolean z = isHttpsProtocol(url) || JibSystemProperties.isSendCredentialsOverHttpEnabled();
        try {
            Connection apply = function.apply(url);
            Throwable th = null;
            try {
                try {
                    Request.Builder body = Request.builder().setUserAgent(this.userAgent).setHttpTimeout(Integer.valueOf(JibSystemProperties.getHttpTimeout())).setAccept(this.registryEndpointProvider.getAccept()).setBody(this.registryEndpointProvider.getContent());
                    if (z) {
                        body.setAuthorization(this.authorization);
                    }
                    T handleResponse = this.registryEndpointProvider.handleResponse(apply.send(this.registryEndpointProvider.getHttpMethod(), body.build()));
                    if (apply != null) {
                        if (0 != 0) {
                            try {
                                apply.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            apply.close();
                        }
                    }
                    return handleResponse;
                } finally {
                }
            } catch (Throwable th3) {
                if (apply != null) {
                    if (th != null) {
                        try {
                            apply.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        apply.close();
                    }
                }
                throw th3;
            }
        } catch (NoHttpResponseException e) {
            throw new RegistryNoResponseException(e);
        } catch (HttpResponseException e2) {
            try {
                return this.registryEndpointProvider.handleHttpResponseException(e2);
            } catch (HttpResponseException e3) {
                if (e3.getStatusCode() == 400 || e3.getStatusCode() == 404 || e3.getStatusCode() == 405) {
                    throw newRegistryErrorException(e3);
                }
                if (e3.getStatusCode() == 403) {
                    throw new RegistryUnauthorizedException(this.registryEndpointRequestProperties.getServerUrl(), this.registryEndpointRequestProperties.getImageName(), e3);
                }
                if (e3.getStatusCode() == 401) {
                    if (z) {
                        throw new RegistryUnauthorizedException(this.registryEndpointRequestProperties.getServerUrl(), this.registryEndpointRequestProperties.getImageName(), e3);
                    }
                    throw new RegistryCredentialsNotSentException(this.registryEndpointRequestProperties.getServerUrl(), this.registryEndpointRequestProperties.getImageName());
                }
                if (e3.getStatusCode() == 307 || e3.getStatusCode() == 301 || e3.getStatusCode() == STATUS_CODE_PERMANENT_REDIRECT) {
                    return callWithAllowInsecureRegistryHandling(new URL(url, e3.getHeaders().getLocation()));
                }
                throw e3;
            }
        } catch (IOException e4) {
            if (isBrokenPipe(e4)) {
                throw new RegistryBrokenPipeException(e4);
            }
            throw e4;
        }
    }

    @VisibleForTesting
    RegistryErrorException newRegistryErrorException(HttpResponseException httpResponseException) {
        RegistryErrorExceptionBuilder registryErrorExceptionBuilder = new RegistryErrorExceptionBuilder(this.registryEndpointProvider.getActionDescription(), httpResponseException);
        try {
            Iterator<ErrorEntryTemplate> it = ((ErrorResponseTemplate) JsonTemplateMapper.readJson(httpResponseException.getContent(), ErrorResponseTemplate.class)).getErrors().iterator();
            while (it.hasNext()) {
                registryErrorExceptionBuilder.addReason(it.next());
            }
        } catch (IOException e) {
            registryErrorExceptionBuilder.addReason("registry returned error code " + httpResponseException.getStatusCode() + "; possible causes include invalid or wrong reference. Actual error output follows:\n" + httpResponseException.getContent() + "\n");
        }
        return registryErrorExceptionBuilder.build();
    }
}
