package org.sentrysoftware.winrm.service;

import java.io.IOException;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.URL;
import java.nio.file.Path;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Queue;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.TrustManager;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.WebServiceException;
import javax.xml.ws.handler.Handler;
import javax.xml.ws.soap.SOAPFaultException;
import org.apache.cxf.Bus;
import org.apache.cxf.bus.extension.ExtensionManagerBus;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.message.Message;
import org.apache.cxf.transport.http.HTTPConduitFactory;
import org.apache.cxf.transport.http.asyncclient.AsyncHTTPConduit;
import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
import org.apache.cxf.ws.addressing.WSAddressingFeature;
import org.apache.cxf.ws.addressing.policy.MetadataConstants;
import org.apache.cxf.ws.policy.PolicyConstants;
import org.apache.http.auth.AuthSchemeProvider;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.NTCredentials;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.impl.auth.KerberosSchemeFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.builders.PrimitiveAssertion;
import org.sentrysoftware.metricshub.engine.common.helpers.MetricsHubConstants;
import org.sentrysoftware.winrm.Utils;
import org.sentrysoftware.winrm.WinRMHttpProtocolEnum;
import org.sentrysoftware.winrm.service.client.auth.AuthenticationEnum;
import org.sentrysoftware.winrm.service.client.auth.TrustAllX509Manager;
import org.sentrysoftware.winrm.service.client.auth.kerberos.KerberosUtils;
import org.sentrysoftware.winrm.service.client.auth.ntlm.NTCredentialsWithEncryption;
import org.sentrysoftware.winrm.service.client.auth.ntlm.NtlmMasqAsSpnegoSchemeFactory;
import org.sentrysoftware.winrm.service.client.encryption.AsyncHttpEncryptionAwareConduitFactory;
import org.sentrysoftware.winrm.service.client.encryption.DecryptAndVerifyInInterceptor;
import org.sentrysoftware.winrm.service.client.encryption.SignAndEncryptOutInterceptor;

/* loaded from: input_file:org/sentrysoftware/winrm/service/WinRMInvocationHandler.class */
public class WinRMInvocationHandler implements InvocationHandler {
    public static final String WSMAN_SCHEMA_NAMESPACE = "http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd";
    private static final long PAUSE_TIME_MILLISECONDS = 500;
    private static final int MAX_RETRY = 3;
    private static final URL WSDL_LOCATION_URL = WinRMWebServiceClient.class.getClassLoader().getResource("wsdl/WinRM.wsdl");
    private static final QName SERVICE = new QName("http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", "WinRMWebServiceClient");
    private static final QName PORT = new QName("http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd", "WinRMPort");
    private static final List<String> CONTENT_TYPE_LIST = Collections.singletonList("application/soap+xml;charset=UTF-8");
    private static final List<Handler> HANDLER_CHAIN = Arrays.asList(new StripShellResponseHandler());
    private static final Registry<AuthSchemeProvider> AUTH_SCHEME_REGISTRY = RegistryBuilder.create().register("Negotiate", new NtlmMasqAsSpnegoSchemeFactory()).register("Kerberos", new KerberosSchemeFactory(true)).build();
    private static final Policy POLICY = new Policy();
    private static final WSAddressingFeature WS_ADDRESSING_FEATURE;
    private static final TLSClientParameters TLS_CLIENT_PARAMETERS;
    private static final Map<CredentialsMapKey, Credentials> CREDENTIALS;
    private final WinRMWebService winRMWebService;
    private final WinRMEndpoint winRMEndpoint;
    private final long timeout;
    private final String resourceUri;
    private final Path ticketCache;
    private final Queue<AuthenticationEnum> authenticationsQueue;
    private AuthenticationEnum authentication;
    private Client wsClient;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/sentrysoftware/winrm/service/WinRMInvocationHandler$AuthCredentials.class */
    public static class AuthCredentials {
        private final AuthenticationEnum authentication;
        private final Credentials credentials;

        AuthCredentials(AuthenticationEnum authenticationEnum, Credentials credentials) {
            this.authentication = authenticationEnum;
            this.credentials = credentials;
        }

        public AuthenticationEnum getAuthentication() {
            return this.authentication;
        }

        public Credentials getCredentials() {
            return this.credentials;
        }

        public int hashCode() {
            return Objects.hash(this.authentication, this.credentials);
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || !(obj instanceof AuthCredentials)) {
                return false;
            }
            AuthCredentials authCredentials = (AuthCredentials) obj;
            return this.authentication == authCredentials.authentication && Objects.equals(this.credentials, authCredentials.credentials);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/sentrysoftware/winrm/service/WinRMInvocationHandler$CredentialsMapKey.class */
    public static class CredentialsMapKey {
        private final String canonizedRawUsername;
        private final char[] password;
        private final Path ticketCache;
        private final AuthenticationEnum authentication;

        CredentialsMapKey(WinRMEndpoint winRMEndpoint, Path path, AuthenticationEnum authenticationEnum) {
            this.ticketCache = path;
            this.authentication = authenticationEnum;
            this.password = winRMEndpoint.getPassword();
            this.canonizedRawUsername = winRMEndpoint.getRawUsername() != null ? winRMEndpoint.getRawUsername().replaceAll("\\s", "").toUpperCase() : null;
        }

        public int hashCode() {
            return (31 * ((31 * 1) + Arrays.hashCode(this.password))) + Objects.hash(this.authentication, this.canonizedRawUsername, this.ticketCache);
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || !(obj instanceof CredentialsMapKey)) {
                return false;
            }
            CredentialsMapKey credentialsMapKey = (CredentialsMapKey) obj;
            return this.authentication == credentialsMapKey.authentication && Objects.equals(this.canonizedRawUsername, credentialsMapKey.canonizedRawUsername) && Arrays.equals(this.password, credentialsMapKey.password) && Objects.equals(this.ticketCache, credentialsMapKey.ticketCache);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/sentrysoftware/winrm/service/WinRMInvocationHandler$RetryAuthenticationException.class */
    public static class RetryAuthenticationException extends Exception {
        private static final long serialVersionUID = 1;

        RetryAuthenticationException(Throwable th) {
            super(th);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/sentrysoftware/winrm/service/WinRMInvocationHandler$RetryTgtExpirationException.class */
    public static class RetryTgtExpirationException extends RetryAuthenticationException {
        private static final long serialVersionUID = 1;

        RetryTgtExpirationException(Throwable th) {
            super(th);
        }
    }

    public WinRMInvocationHandler(WinRMEndpoint winRMEndpoint, Bus bus, long j, String str, Path path, List<AuthenticationEnum> list) {
        Utils.checkNonNull(winRMEndpoint, "winRMEndpoint");
        Utils.checkNonNull(bus, ExtensionManagerBus.BUS_PROPERTY_NAME);
        Utils.checkNonNull(list, "authentications");
        this.winRMEndpoint = winRMEndpoint;
        this.timeout = j;
        this.resourceUri = str;
        this.ticketCache = path;
        this.authenticationsQueue = (Queue) list.stream().collect(Collectors.toCollection(LinkedList::new));
        this.winRMWebService = createWinRMWebService(winRMEndpoint, bus);
        AuthCredentials computeCredentials = computeCredentials(winRMEndpoint, path, this.authenticationsQueue);
        this.authentication = computeCredentials.getAuthentication();
        this.wsClient = getWebServiceClient(winRMEndpoint, j, str, this.winRMWebService, computeCredentials.getCredentials());
    }

    public Client getClient() {
        return this.wsClient;
    }

    @Override // java.lang.reflect.InvocationHandler
    public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
        Credentials credentials;
        Utils.checkNonNull(method, "method");
        try {
            return invokeMethod(method, objArr);
        } catch (RetryTgtExpirationException e) {
            this.authentication = null;
            try {
                credentials = KerberosUtils.createCredentials(this.winRMEndpoint.getUsername(), this.winRMEndpoint.getPassword(), this.ticketCache);
                CREDENTIALS.put(new CredentialsMapKey(this.winRMEndpoint, this.ticketCache, AuthenticationEnum.KERBEROS), credentials);
            } catch (Exception e2) {
                if (!continueToRetry()) {
                    throw e2;
                }
                AuthCredentials computeCredentials = computeCredentials(this.winRMEndpoint, this.ticketCache, this.authenticationsQueue);
                this.authentication = computeCredentials.getAuthentication();
                credentials = computeCredentials.getCredentials();
            }
            this.wsClient = getWebServiceClient(this.winRMEndpoint, this.timeout, this.resourceUri, this.winRMWebService, credentials);
            return invoke(obj, method, objArr);
        } catch (RetryAuthenticationException e3) {
            if (continueToRetry()) {
                AuthCredentials computeCredentials2 = computeCredentials(this.winRMEndpoint, this.ticketCache, this.authenticationsQueue);
                this.authentication = computeCredentials2.getAuthentication();
                this.wsClient = getWebServiceClient(this.winRMEndpoint, this.timeout, this.resourceUri, this.winRMWebService, computeCredentials2.getCredentials());
                return invoke(obj, method, objArr);
            }
            Throwable cause = e3.getCause();
            if (cause instanceof SOAPFaultException) {
                throw new RuntimeException("KERBEROS with encryption over HTTP is not implemented.", cause);
            }
            throw cause;
        }
    }

    boolean continueToRetry() {
        return !this.authenticationsQueue.isEmpty();
    }

    Object invokeMethod(Method method, Object[] objArr) throws IllegalAccessException, RetryAuthenticationException {
        WebServiceException webServiceException = null;
        int i = 0;
        while (i < 3) {
            i++;
            try {
                return method.invoke(this.winRMWebService, objArr);
            } catch (InvocationTargetException e) {
                Throwable targetException = e.getTargetException();
                if (targetException instanceof SOAPFaultException) {
                    if (this.winRMEndpoint.getProtocol() != WinRMHttpProtocolEnum.HTTP || this.authentication == AuthenticationEnum.NTLM) {
                        throw ((SOAPFaultException) targetException);
                    }
                    throw new RetryAuthenticationException(targetException);
                }
                if (!(targetException instanceof WebServiceException)) {
                    throw new IllegalStateException("Failure when calling " + createCallInfos(method, objArr), targetException);
                }
                WebServiceException webServiceException2 = (WebServiceException) targetException;
                if (!(webServiceException2.getCause() instanceof IOException)) {
                    throw new RuntimeException("Exception occurred while making WinRM WebService call " + createCallInfos(method, objArr), webServiceException2);
                }
                if (webServiceException2.getCause().getMessage() != null && webServiceException2.getCause().getMessage().startsWith("Authorization loop detected on Conduit")) {
                    RuntimeException runtimeException = new RuntimeException(String.format("Authentication error on %s with user name \"%s\"", this.winRMEndpoint.getEndpoint(), this.winRMEndpoint.getRawUsername()));
                    if (this.authentication == AuthenticationEnum.KERBEROS) {
                        throw new RetryTgtExpirationException(runtimeException);
                    }
                    throw new RetryAuthenticationException(runtimeException);
                }
                if (webServiceException == null) {
                    webServiceException = webServiceException2;
                }
                if (i < 3) {
                    try {
                        Utils.sleep(PAUSE_TIME_MILLISECONDS);
                    } catch (InterruptedException e2) {
                        Thread.currentThread().interrupt();
                        throw new RuntimeException("Exception occured while making WinRM WebService call " + createCallInfos(method, objArr), e2);
                    }
                }
            }
        }
        throw new RuntimeException(String.format("failed task \"%s\" after %d attempts", createCallInfos(method, objArr), 3), webServiceException);
    }

    static String createCallInfos(Method method, Object[] objArr) {
        String name = (method == null || method.getName() == null) ? "" : method.getName();
        return objArr == null ? name : (String) Stream.concat(Stream.of(name), Stream.of(objArr)).filter(Objects::nonNull).map((v0) -> {
            return v0.toString();
        }).collect(Collectors.joining(MetricsHubConstants.WHITE_SPACE));
    }

    static Credentials createCredentials(WinRMEndpoint winRMEndpoint, AuthenticationEnum authenticationEnum, Path path) {
        switch (authenticationEnum) {
            case KERBEROS:
                return KerberosUtils.createCredentials(winRMEndpoint.getUsername(), winRMEndpoint.getPassword(), path);
            case NTLM:
            default:
                String valueOf = String.valueOf(winRMEndpoint.getPassword());
                return winRMEndpoint.getProtocol() == WinRMHttpProtocolEnum.HTTP ? new NTCredentialsWithEncryption(winRMEndpoint.getUsername(), valueOf, null, winRMEndpoint.getDomain()) : new NTCredentials(winRMEndpoint.getUsername(), valueOf, null, winRMEndpoint.getDomain());
        }
    }

    static AuthCredentials computeCredentials(WinRMEndpoint winRMEndpoint, Path path, Queue<AuthenticationEnum> queue) {
        try {
            AuthenticationEnum remove = queue.remove();
            return new AuthCredentials(remove, CREDENTIALS.compute(new CredentialsMapKey(winRMEndpoint, path, remove), (credentialsMapKey, credentials) -> {
                return credentials != null ? credentials : createCredentials(winRMEndpoint, remove, path);
            }));
        } catch (Exception e) {
            if (queue.isEmpty()) {
                throw e;
            }
            return computeCredentials(winRMEndpoint, path, queue);
        }
    }

    static WinRMWebService createWinRMWebService(WinRMEndpoint winRMEndpoint, Bus bus) {
        JaxWsProxyFactoryBean jaxWsProxyFactoryBean = new JaxWsProxyFactoryBean();
        jaxWsProxyFactoryBean.setServiceName(SERVICE);
        jaxWsProxyFactoryBean.setEndpointName(PORT);
        jaxWsProxyFactoryBean.setBus(bus);
        jaxWsProxyFactoryBean.setServiceClass(WinRMWebService.class);
        jaxWsProxyFactoryBean.setAddress(winRMEndpoint.getEndpoint());
        jaxWsProxyFactoryBean.getFeatures().add(WS_ADDRESSING_FEATURE);
        jaxWsProxyFactoryBean.setBindingId("http://schemas.xmlsoap.org/wsdl/soap12/");
        jaxWsProxyFactoryBean.getClientFactoryBean().getServiceFactory().setWsdlURL(WSDL_LOCATION_URL);
        return (WinRMWebService) jaxWsProxyFactoryBean.create(WinRMWebService.class);
    }

    static Client getWebServiceClient(WinRMEndpoint winRMEndpoint, long j, String str, WinRMWebService winRMWebService, Credentials credentials) {
        Client client = ClientProxy.getClient(winRMWebService);
        if (str != null) {
            client.getOutInterceptors().add(new WSManHeaderInterceptor(str));
        }
        client.getInInterceptors().add(new DecryptAndVerifyInInterceptor());
        client.getOutInterceptors().add(new SignAndEncryptOutInterceptor());
        client.getEndpoint().getEndpointInfo().setProperty(HTTPConduitFactory.class.getName(), new AsyncHttpEncryptionAwareConduitFactory());
        client.getEndpoint().getEndpointInfo().getService().setProperty("soap.force.doclit.bare", true);
        BindingProvider bindingProvider = (BindingProvider) winRMWebService;
        bindingProvider.getBinding().setHandlerChain(HANDLER_CHAIN);
        bindingProvider.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, POLICY);
        bindingProvider.getRequestContext().put("http.autoredirect", true);
        bindingProvider.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, winRMEndpoint.getEndpoint());
        HashMap hashMap = new HashMap();
        hashMap.put("Content-Type", CONTENT_TYPE_LIST);
        bindingProvider.getRequestContext().put(Message.PROTOCOL_HEADERS, hashMap);
        HTTPClientPolicy hTTPClientPolicy = new HTTPClientPolicy();
        hTTPClientPolicy.setConnectionTimeout(j);
        hTTPClientPolicy.setConnectionRequestTimeout(j);
        hTTPClientPolicy.setReceiveTimeout(j);
        hTTPClientPolicy.setAllowChunking(false);
        bindingProvider.getRequestContext().put(Credentials.class.getName(), credentials);
        bindingProvider.getRequestContext().put(AuthSchemeProvider.class.getName(), AUTH_SCHEME_REGISTRY);
        AsyncHTTPConduit asyncHTTPConduit = (AsyncHTTPConduit) client.getConduit();
        asyncHTTPConduit.setClient(hTTPClientPolicy);
        asyncHTTPConduit.getClient().setAutoRedirect(true);
        asyncHTTPConduit.setTlsClientParameters(TLS_CLIENT_PARAMETERS);
        return client;
    }

    static {
        POLICY.addAssertion(new PrimitiveAssertion(MetadataConstants.USING_ADDRESSING_2004_QNAME));
        WS_ADDRESSING_FEATURE = new WSAddressingFeature();
        WS_ADDRESSING_FEATURE.setResponses(WSAddressingFeature.AddressingResponses.ANONYMOUS);
        TLS_CLIENT_PARAMETERS = new TLSClientParameters();
        TLS_CLIENT_PARAMETERS.setDisableCNCheck(true);
        TLS_CLIENT_PARAMETERS.setTrustManagers(new TrustManager[]{new TrustAllX509Manager()});
        CREDENTIALS = new ConcurrentHashMap();
    }
}
