package org.springframework.cloud.dataflow.container.registry.authorization;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cloud.dataflow.container.registry.ContainerImageRestTemplateFactory;
import org.springframework.cloud.dataflow.container.registry.ContainerRegistryConfiguration;
import org.springframework.cloud.dataflow.container.registry.ContainerRegistryProperties;
import org.springframework.core.convert.converter.Converter;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:org/springframework/cloud/dataflow/container/registry/authorization/DockerConfigJsonSecretToRegistryConfigurationConverter.class */
public class DockerConfigJsonSecretToRegistryConfigurationConverter implements Converter<String, Map<String, ContainerRegistryConfiguration>> {
    private static final Logger logger = LoggerFactory.getLogger(DockerConfigJsonSecretToRegistryConfigurationConverter.class);
    public static final String BEARER_REALM_ATTRIBUTE = "Bearer realm";
    public static final String SERVICE_ATTRIBUTE = "service";
    public static final String HTTPS_INDEX_DOCKER_IO_V_1 = "https://index.docker.io/v1/";
    public static final String DOCKER_IO = "docker.io";
    public static final String REGISTRY_1_DOCKER_IO = "registry-1.docker.io";
    private final ContainerImageRestTemplateFactory containerImageRestTemplate;
    private final Map<String, Boolean> httpProxyPerHost;
    private final boolean replaceDefaultDockerRegistryServer;

    public DockerConfigJsonSecretToRegistryConfigurationConverter(ContainerRegistryProperties containerRegistryProperties, ContainerImageRestTemplateFactory containerImageRestTemplateFactory) {
        this.replaceDefaultDockerRegistryServer = containerRegistryProperties.isReplaceDefaultDockerRegistryServer();
        this.httpProxyPerHost = (Map) containerRegistryProperties.getRegistryConfigurations().entrySet().stream().collect(Collectors.toMap(entry -> {
            return ((ContainerRegistryConfiguration) entry.getValue()).getRegistryHost();
        }, entry2 -> {
            return Boolean.valueOf(((ContainerRegistryConfiguration) entry2.getValue()).isUseHttpProxy());
        }));
        this.containerImageRestTemplate = containerImageRestTemplateFactory;
    }

    public Map<String, ContainerRegistryConfiguration> convert(String str) {
        if (StringUtils.hasText(str)) {
            try {
                Map map = (Map) ((Map) new ObjectMapper().readValue(str, Map.class)).get("auths");
                HashMap hashMap = new HashMap();
                for (Object obj : map.keySet()) {
                    ContainerRegistryConfiguration containerRegistryConfiguration = new ContainerRegistryConfiguration();
                    containerRegistryConfiguration.setRegistryHost(replaceDefaultDockerRegistryServerUrl(obj.toString()));
                    Map map2 = (Map) map.get(obj.toString());
                    containerRegistryConfiguration.setUser((String) map2.get("username"));
                    containerRegistryConfiguration.setSecret((String) map2.get("password"));
                    Optional<String> dockerTokenServiceUri = getDockerTokenServiceUri(containerRegistryConfiguration.getRegistryHost(), true, this.httpProxyPerHost.getOrDefault(containerRegistryConfiguration.getRegistryHost(), false).booleanValue());
                    if (dockerTokenServiceUri.isPresent()) {
                        containerRegistryConfiguration.setAuthorizationType(ContainerRegistryConfiguration.AuthorizationType.dockeroauth2);
                        containerRegistryConfiguration.getExtra().put(DockerOAuth2RegistryAuthorizer.DOCKER_REGISTRY_AUTH_URI_KEY, dockerTokenServiceUri.get());
                    } else if (StringUtils.isEmpty(containerRegistryConfiguration.getUser()) && StringUtils.isEmpty(containerRegistryConfiguration.getSecret())) {
                        containerRegistryConfiguration.setAuthorizationType(ContainerRegistryConfiguration.AuthorizationType.anonymous);
                    } else {
                        containerRegistryConfiguration.setAuthorizationType(ContainerRegistryConfiguration.AuthorizationType.basicauth);
                    }
                    logger.info("Registry Configuration: " + containerRegistryConfiguration.toString());
                    hashMap.put(containerRegistryConfiguration.getRegistryHost(), containerRegistryConfiguration);
                }
                return hashMap;
            } catch (Exception e) {
                logger.error("Failed to parse the Secrets in dockerconfigjson");
            }
        }
        return Collections.emptyMap();
    }

    private String replaceDefaultDockerRegistryServerUrl(String str) {
        return (this.replaceDefaultDockerRegistryServer && (DOCKER_IO.equals(str) || HTTPS_INDEX_DOCKER_IO_V_1.equals(str))) ? "registry-1.docker.io" : str;
    }

    public Optional<String> getDockerTokenServiceUri(String str, boolean z, boolean z2) {
        try {
            this.containerImageRestTemplate.getContainerRestTemplate(z, z2).exchange(UriComponentsBuilder.newInstance().scheme("https").host(str).path("v2/").build().toUri(), HttpMethod.GET, new HttpEntity(new HttpHeaders()), Map.class);
            return Optional.empty();
        } catch (HttpClientErrorException e) {
            if (e.getRawStatusCode() != 401) {
                return Optional.empty();
            }
            if (e.getResponseHeaders() == null || !e.getResponseHeaders().containsKey("WWW-Authenticate")) {
                return Optional.empty();
            }
            List list = e.getResponseHeaders().get("WWW-Authenticate");
            logger.info("Www-Authenticate: {} for container registry {}", list, str);
            if (CollectionUtils.isEmpty(list)) {
                return Optional.empty();
            }
            Map map = (Map) Stream.of((Object[]) ((String) list.get(0)).split(",")).map(str2 -> {
                return str2.split("=");
            }).collect(Collectors.toMap(strArr -> {
                return strArr[0];
            }, strArr2 -> {
                return strArr2[1];
            }));
            if (CollectionUtils.isEmpty(map) || !map.containsKey(BEARER_REALM_ATTRIBUTE) || !map.containsKey(SERVICE_ATTRIBUTE)) {
                logger.warn("Invalid Www-Authenticate: {} for container registry {}", list, str);
                return Optional.empty();
            }
            String replaceAll = String.format("%s?service=%s&scope=repository:{repository}:pull", map.get(BEARER_REALM_ATTRIBUTE), map.get(SERVICE_ATTRIBUTE)).replaceAll("\"", "");
            logger.info("tokenServiceUri: " + replaceAll);
            return Optional.of(replaceAll);
        } catch (Exception e2) {
            return Optional.empty();
        }
    }
}
