package org.apache.camel.component.salesforce.internal.client;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.util.Collections;
import java.util.List;
import org.apache.camel.component.salesforce.SalesforceHttpClient;
import org.apache.camel.component.salesforce.api.SalesforceException;
import org.apache.camel.component.salesforce.api.dto.RestError;
import org.apache.camel.component.salesforce.internal.SalesforceSession;
import org.eclipse.jetty.client.BufferingResponseListener;
import org.eclipse.jetty.client.ProtocolHandler;
import org.eclipse.jetty.client.Request;
import org.eclipse.jetty.client.Response;
import org.eclipse.jetty.client.Result;
import org.eclipse.jetty.client.internal.HttpContentResponse;
import org.eclipse.jetty.client.internal.TunnelRequest;
import org.eclipse.jetty.client.transport.HttpConversation;
import org.eclipse.jetty.client.transport.HttpRequest;
import org.eclipse.jetty.client.transport.ResponseListeners;
import org.eclipse.jetty.http.HttpField;
import org.eclipse.jetty.http.HttpHeader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/camel/component/salesforce/internal/client/SalesforceSecurityHandler.class */
public class SalesforceSecurityHandler implements ProtocolHandler {
    static final String CLIENT_ATTRIBUTE = SalesforceSecurityHandler.class.getName().concat("camel-salesforce-client");
    static final String AUTHENTICATION_REQUEST_ATTRIBUTE = SalesforceSecurityHandler.class.getName().concat(".request");
    private static final Logger LOG = LoggerFactory.getLogger(SalesforceSecurityHandler.class);
    private static final String AUTHENTICATION_RETRIES_ATTRIBUTE = SalesforceSecurityHandler.class.getName().concat(".retries");
    private static final String EXPIRED_PASSWORD_CODE = "INVALID_OPERATION_WITH_EXPIRED_PASSWORD";
    private final SalesforceHttpClient httpClient;
    private final SalesforceSession session;
    private final int maxAuthenticationRetries;
    private final int maxContentLength;
    private final ObjectMapper objectMapper = new ObjectMapper();

    /* loaded from: input_file:org/apache/camel/component/salesforce/internal/client/SalesforceSecurityHandler$SecurityListener.class */
    private class SecurityListener extends BufferingResponseListener {
        SecurityListener(int i) {
            super(i);
        }

        @Override // org.eclipse.jetty.client.BufferingResponseListener, org.eclipse.jetty.client.Response.Listener, org.eclipse.jetty.client.Response.CompleteListener
        public void onComplete(Result result) {
            HttpRequest httpRequest = (HttpRequest) result.getRequest();
            HttpContentResponse httpContentResponse = new HttpContentResponse(result.getResponse(), getContent(), getMediaType(), getEncoding());
            HttpConversation conversation = httpRequest.getConversation();
            Integer num = (Integer) conversation.getAttribute(SalesforceSecurityHandler.AUTHENTICATION_RETRIES_ATTRIBUTE);
            if (num == null) {
                num = 0;
            }
            AbstractClientBase abstractClientBase = (AbstractClientBase) conversation.getAttribute(SalesforceSecurityHandler.CLIENT_ATTRIBUTE);
            if (result.isFailed()) {
                retryOnFailure(httpRequest, conversation, num, abstractClientBase, result.getFailure());
                return;
            }
            HttpRequest httpRequest2 = (HttpRequest) conversation.getAttribute(SalesforceSecurityHandler.AUTHENTICATION_REQUEST_ATTRIBUTE);
            if (httpRequest2 != null) {
                try {
                    SalesforceSecurityHandler.this.session.parseLoginResponse(httpContentResponse, httpContentResponse.getContentAsString());
                    conversation.removeAttribute(SalesforceSecurityHandler.AUTHENTICATION_REQUEST_ATTRIBUTE);
                    retryRequest(httpRequest2, abstractClientBase, num, conversation, true);
                    return;
                } catch (SalesforceException e) {
                    if (num.intValue() < SalesforceSecurityHandler.this.maxAuthenticationRetries) {
                        retryOnFailure(httpRequest, conversation, num, abstractClientBase, e);
                        return;
                    } else {
                        forwardFailureComplete(httpRequest2, null, httpContentResponse, e);
                        return;
                    }
                }
            }
            int status = httpContentResponse.getStatus();
            String reason = httpContentResponse.getReason();
            if (num.intValue() >= SalesforceSecurityHandler.this.maxAuthenticationRetries) {
                forwardSuccessComplete(httpRequest, httpContentResponse);
                return;
            }
            if (status == 401) {
                List<RestError> emptyList = Collections.emptyList();
                try {
                    emptyList = abstractClientBase.readErrorsFrom(getContentAsInputStream(), SalesforceSecurityHandler.this.objectMapper);
                } catch (IOException e2) {
                    SalesforceSecurityHandler.LOG.warn("Unable to deserialize errors from response body.");
                }
                if (emptyList.stream().anyMatch(restError -> {
                    return SalesforceSecurityHandler.EXPIRED_PASSWORD_CODE.equals(restError.getErrorCode());
                })) {
                    forwardFailureComplete(httpRequest, null, httpContentResponse, createSalesforceException(abstractClientBase, status));
                    return;
                } else {
                    SalesforceSecurityHandler.LOG.warn("Retrying on Salesforce authentication error [{}]: [{}]", Integer.valueOf(status), reason);
                    retryLogin(httpRequest, num);
                    return;
                }
            }
            if (status < 200 || status >= 300) {
                SalesforceException createRestException = abstractClientBase != null ? abstractClientBase.createRestException(httpContentResponse, getContent().length == 0 ? null : getContentAsInputStream()) : null;
                if (status != 400 || createRestException == null || !isInvalidSessionError(createRestException)) {
                    forwardSuccessComplete(httpRequest, httpContentResponse);
                } else {
                    SalesforceSecurityHandler.LOG.warn("Retrying on Bulk API Salesforce authentication error [{}]: [{}]", Integer.valueOf(status), reason);
                    retryLogin(httpRequest, num);
                }
            }
        }

        private SalesforceException createSalesforceException(AbstractClientBase abstractClientBase, int i) {
            List<RestError> emptyList = Collections.emptyList();
            try {
                emptyList = abstractClientBase.readErrorsFrom(getContentAsInputStream(), new ObjectMapper());
            } catch (IOException e) {
                SalesforceSecurityHandler.LOG.warn("Unable to deserialize errors from response body.");
            }
            return new SalesforceException(emptyList, i);
        }

        protected void retryOnFailure(HttpRequest httpRequest, HttpConversation httpConversation, Integer num, AbstractClientBase abstractClientBase, Throwable th) {
            SalesforceSecurityHandler.LOG.warn("Retrying on Salesforce authentication failure {}", th.getMessage(), th);
            retryRequest(httpRequest, abstractClientBase, num, httpConversation, true);
        }

        private boolean isInvalidSessionError(SalesforceException salesforceException) {
            return salesforceException.getErrors() != null && salesforceException.getErrors().size() == 1 && "InvalidSessionId".equals(salesforceException.getErrors().get(0).getErrorCode());
        }

        private void retryLogin(HttpRequest httpRequest, Integer num) {
            HttpConversation conversation = httpRequest.getConversation();
            conversation.setAttribute(SalesforceSecurityHandler.AUTHENTICATION_REQUEST_ATTRIBUTE, httpRequest);
            retryRequest((HttpRequest) SalesforceSecurityHandler.this.session.getLoginRequest(conversation), null, num, conversation, false);
        }

        private void retryRequest(HttpRequest httpRequest, AbstractClientBase abstractClientBase, Integer num, HttpConversation httpConversation, boolean z) {
            Request request;
            if (z) {
                request = SalesforceSecurityHandler.this.httpClient.copyRequest(httpRequest, httpRequest.getURI());
                Request.Content body = request.getBody();
                if (body != null) {
                    body.rewind();
                }
                request.method(httpRequest.getMethod());
                request.headers(mutable -> {
                    for (HttpField httpField : httpRequest.getHeaders()) {
                        HttpHeader header = httpField.getHeader();
                        if (HttpHeader.COOKIE.equals(header) || HttpHeader.HOST.equals(header)) {
                            mutable.add(header, httpField.getValue());
                        }
                    }
                });
            } else {
                request = httpRequest;
            }
            String str = SalesforceSecurityHandler.AUTHENTICATION_RETRIES_ATTRIBUTE;
            Integer valueOf = Integer.valueOf(num.intValue() + 1);
            httpConversation.setAttribute(str, valueOf);
            Object attribute = httpConversation.getAttribute(SalesforceSecurityHandler.AUTHENTICATION_REQUEST_ATTRIBUTE);
            SalesforceSecurityHandler.LOG.debug("Retry attempt {} on authentication error for {}", valueOf, attribute != null ? attribute : request);
            if (attribute == null) {
                String accessToken = SalesforceSecurityHandler.this.session.getAccessToken();
                if (abstractClientBase != null) {
                    abstractClientBase.setAccessToken(accessToken);
                    abstractClientBase.setInstanceUrl(SalesforceSecurityHandler.this.session.getInstanceUrl());
                    abstractClientBase.setAccessToken(request);
                } else {
                    request.headers(mutable2 -> {
                        mutable2.add(HttpHeader.AUTHORIZATION, "OAuth " + accessToken);
                    });
                }
            }
            httpConversation.updateResponseListeners(null);
            request.onRequestBegin(getRequestAbortListener(httpRequest));
            request.send(null);
        }

        private Request.BeginListener getRequestAbortListener(final HttpRequest httpRequest) {
            return new Request.BeginListener() { // from class: org.apache.camel.component.salesforce.internal.client.SalesforceSecurityHandler.SecurityListener.1
                @Override // org.eclipse.jetty.client.Request.BeginListener
                public void onBegin(Request request) {
                    Throwable abortCause = httpRequest.getAbortCause();
                    if (abortCause != null) {
                        request.abort(abortCause);
                    }
                }
            };
        }

        private void forwardSuccessComplete(HttpRequest httpRequest, Response response) {
            HttpConversation conversation = httpRequest.getConversation();
            conversation.updateResponseListeners(null);
            conversation.getResponseListeners().emitSuccessComplete(new Result(httpRequest, response));
        }

        private void forwardFailureComplete(HttpRequest httpRequest, Throwable th, Response response, Throwable th2) {
            HttpConversation conversation = httpRequest.getConversation();
            conversation.updateResponseListeners(null);
            ResponseListeners responseListeners = conversation.getResponseListeners();
            if (th2 == null) {
                responseListeners.emitSuccess(response);
            } else {
                responseListeners.emitFailure(response, th2);
            }
            responseListeners.notifyComplete(new Result(httpRequest, th, response, th2));
        }
    }

    public SalesforceSecurityHandler(SalesforceHttpClient salesforceHttpClient) {
        this.httpClient = salesforceHttpClient;
        this.session = salesforceHttpClient.getSession();
        this.maxAuthenticationRetries = salesforceHttpClient.getMaxRetries();
        this.maxContentLength = salesforceHttpClient.getMaxContentLength();
    }

    @Override // org.eclipse.jetty.client.ProtocolHandler
    public boolean accept(Request request, Response response) {
        if (request instanceof TunnelRequest) {
            return false;
        }
        HttpConversation conversation = ((HttpRequest) request).getConversation();
        Integer num = (Integer) conversation.getAttribute(AUTHENTICATION_RETRIES_ATTRIBUTE);
        if (conversation.getAttribute(AUTHENTICATION_REQUEST_ATTRIBUTE) != null && (num == null || num.intValue() <= this.maxAuthenticationRetries)) {
            return true;
        }
        int status = response.getStatus();
        return (status == 401 || status == 400) && (num == null || num.intValue() <= this.maxAuthenticationRetries);
    }

    @Override // org.eclipse.jetty.client.ProtocolHandler
    public Response.Listener getResponseListener() {
        return new SecurityListener(this.maxContentLength);
    }

    @Override // org.eclipse.jetty.client.ProtocolHandler
    public String getName() {
        return "CamelSalesforceSecurityHandler";
    }
}
