package registry
 
 import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"

 	"net"

 	"net/http"
 	"net/url"
 	"strings"
 

 	"github.com/Sirupsen/logrus"

 	"github.com/docker/distribution/registry/api/v2"

 	"github.com/docker/docker/pkg/transport"

 )
 

 // for mocking in unit tests
 var lookupIP = net.LookupIP
 

 // scans string for api version in the URL path. returns the trimmed address, if version found, string and API version.
 func scanForAPIVersion(address string) (string, APIVersion) {

 	var (
 		chunks        []string
 		apiVersionStr string
 	)

 
 	if strings.HasSuffix(address, "/") {
 		address = address[:len(address)-1]

 	}

 
 	chunks = strings.Split(address, "/")
 	apiVersionStr = chunks[len(chunks)-1]
 

 	for k, v := range apiVersions {
 		if apiVersionStr == v {

 			address = strings.Join(chunks[:len(chunks)-1], "/")
 			return address, k

 		}
 	}

 
 	return address, APIVersionUnknown

 }
 

 // NewEndpoint parses the given address to return a registry endpoint.

 func NewEndpoint(index *IndexInfo, metaHeaders http.Header) (*Endpoint, error) {

 	// *TODO: Allow per-registry configuration of endpoints.

 	endpoint, err := newEndpoint(index.GetAuthConfigKey(), index.Secure, metaHeaders)

 	if err != nil {
 		return nil, err
 	}

 	if err := validateEndpoint(endpoint); err != nil {
 		return nil, err
 	}
 
 	return endpoint, nil
 }

 func validateEndpoint(endpoint *Endpoint) error {

 	logrus.Debugf("pinging registry endpoint %s", endpoint)

 	// Try HTTPS ping to registry

 	endpoint.URL.Scheme = "https"
 	if _, err := endpoint.Ping(); err != nil {

 		if endpoint.IsSecure {

 			// If registry is secure and HTTPS failed, show user the error and tell them about `--insecure-registry`
 			// in case that's what they need. DO NOT accept unknown CA certificates, and DO NOT fallback to HTTP.

 			return fmt.Errorf("invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host)

 		}
 
 		// If registry is insecure and HTTPS failed, fallback to HTTP.

 		logrus.Debugf("Error from registry %q marked as insecure: %v. Insecurely falling back to HTTP", endpoint, err)

 		endpoint.URL.Scheme = "http"

 
 		var err2 error
 		if _, err2 = endpoint.Ping(); err2 == nil {

 			return nil

 		}

 		return fmt.Errorf("invalid registry endpoint %q. HTTPS attempt: %v. HTTP attempt: %v", endpoint, err, err2)

 	}
 

 	return nil

 }

 func newEndpoint(address string, secure bool, metaHeaders http.Header) (*Endpoint, error) {

 	var (

 		endpoint       = new(Endpoint)
 		trimmedAddress string
 		err            error

 	)

 
 	if !strings.HasPrefix(address, "http") {
 		address = "https://" + address

 	}

 
 	trimmedAddress, endpoint.Version = scanForAPIVersion(address)
 
 	if endpoint.URL, err = url.Parse(trimmedAddress); err != nil {

 		return nil, err
 	}

 	endpoint.IsSecure = secure

 	tr := NewTransport(ConnectTimeout, endpoint.IsSecure)
 	endpoint.client = HTTPClient(transport.NewTransport(tr, DockerHeaders(metaHeaders)...))

 	return endpoint, nil

 }
 

 func (repoInfo *RepositoryInfo) GetEndpoint(metaHeaders http.Header) (*Endpoint, error) {
 	return NewEndpoint(repoInfo.Index, metaHeaders)

 }
 

 // Endpoint stores basic information about a registry endpoint.

 type Endpoint struct {

 	client         *http.Client

 	URL            *url.URL
 	Version        APIVersion
 	IsSecure       bool
 	AuthChallenges []*AuthorizationChallenge

 	URLBuilder     *v2.URLBuilder

 }
 
 // Get the formated URL for the root of this registry Endpoint

 func (e *Endpoint) String() string {
 	return fmt.Sprintf("%s/v%d/", e.URL, e.Version)
 }
 
 // VersionString returns a formatted string of this
 // endpoint address using the given API Version.
 func (e *Endpoint) VersionString(version APIVersion) string {
 	return fmt.Sprintf("%s/v%d/", e.URL, version)

 }
 

 // Path returns a formatted string for the URL
 // of this endpoint with the given path appended.
 func (e *Endpoint) Path(path string) string {
 	return fmt.Sprintf("%s/v%d/%s", e.URL, e.Version, path)

 }
 

 func (e *Endpoint) Ping() (RegistryInfo, error) {
 	// The ping logic to use is determined by the registry endpoint version.
 	switch e.Version {
 	case APIVersion1:

 		return e.pingV1()

 	case APIVersion2:

 		return e.pingV2()

 	}
 
 	// APIVersionUnknown
 	// We should try v2 first...
 	e.Version = APIVersion2

 	regInfo, errV2 := e.pingV2()

 	if errV2 == nil {
 		return regInfo, nil
 	}
 
 	// ... then fallback to v1.
 	e.Version = APIVersion1

 	regInfo, errV1 := e.pingV1()

 	if errV1 == nil {
 		return regInfo, nil
 	}
 
 	e.Version = APIVersionUnknown
 	return RegistryInfo{}, fmt.Errorf("unable to ping registry endpoint %s\nv2 ping attempt failed with error: %s\n v1 ping attempt failed with error: %s", e, errV2, errV1)
 }
 

 func (e *Endpoint) pingV1() (RegistryInfo, error) {

 	logrus.Debugf("attempting v1 ping for registry endpoint %s", e)

 	if e.String() == IndexServerAddress() {

 		// Skip the check, we know this one is valid

 		// (and we never want to fallback to http in case of error)
 		return RegistryInfo{Standalone: false}, nil
 	}
 

 	req, err := http.NewRequest("GET", e.Path("_ping"), nil)

 	if err != nil {
 		return RegistryInfo{Standalone: false}, err
 	}
 

 	resp, err := e.client.Do(req)

 	if err != nil {
 		return RegistryInfo{Standalone: false}, err
 	}
 
 	defer resp.Body.Close()
 
 	jsonString, err := ioutil.ReadAll(resp.Body)
 	if err != nil {

 		return RegistryInfo{Standalone: false}, fmt.Errorf("error while reading the http response: %s", err)

 	}
 
 	// If the header is absent, we assume true for compatibility with earlier
 	// versions of the registry. default to true
 	info := RegistryInfo{
 		Standalone: true,
 	}
 	if err := json.Unmarshal(jsonString, &info); err != nil {

 		logrus.Debugf("Error unmarshalling the _ping RegistryInfo: %s", err)

 		// don't stop here. Just assume sane defaults
 	}
 	if hdr := resp.Header.Get("X-Docker-Registry-Version"); hdr != "" {

 		logrus.Debugf("Registry version header: '%s'", hdr)

 		info.Version = hdr
 	}

 	logrus.Debugf("RegistryInfo.Version: %q", info.Version)

 
 	standalone := resp.Header.Get("X-Docker-Registry-Standalone")

 	logrus.Debugf("Registry standalone header: '%s'", standalone)

 	// Accepted values are "true" (case-insensitive) and "1".
 	if strings.EqualFold(standalone, "true") || standalone == "1" {
 		info.Standalone = true
 	} else if len(standalone) > 0 {
 		// there is a header set, and it is not "true" or "1", so assume fails
 		info.Standalone = false
 	}

 	logrus.Debugf("RegistryInfo.Standalone: %t", info.Standalone)

 	return info, nil
 }

 func (e *Endpoint) pingV2() (RegistryInfo, error) {

 	logrus.Debugf("attempting v2 ping for registry endpoint %s", e)

 	req, err := http.NewRequest("GET", e.Path(""), nil)

 	if err != nil {
 		return RegistryInfo{}, err
 	}
 

 	resp, err := e.client.Do(req)

 	if err != nil {
 		return RegistryInfo{}, err
 	}
 	defer resp.Body.Close()
 

 	// The endpoint may have multiple supported versions.
 	// Ensure it supports the v2 Registry API.
 	var supportsV2 bool
 

 HeaderLoop:
 	for _, supportedVersions := range resp.Header[http.CanonicalHeaderKey("Docker-Distribution-API-Version")] {
 		for _, versionName := range strings.Fields(supportedVersions) {
 			if versionName == "registry/2.0" {
 				supportsV2 = true
 				break HeaderLoop
 			}

 		}
 	}
 
 	if !supportsV2 {
 		return RegistryInfo{}, fmt.Errorf("%s does not appear to be a v2 registry endpoint", e)
 	}
 

 	if resp.StatusCode == http.StatusOK {
 		// It would seem that no authentication/authorization is required.
 		// So we don't need to parse/add any authorization schemes.
 		return RegistryInfo{Standalone: true}, nil
 	}
 
 	if resp.StatusCode == http.StatusUnauthorized {
 		// Parse the WWW-Authenticate Header and store the challenges
 		// on this endpoint object.
 		e.AuthChallenges = parseAuthHeader(resp.Header)
 		return RegistryInfo{}, nil
 	}
 
 	return RegistryInfo{}, fmt.Errorf("v2 registry endpoint returned status %d: %q", resp.StatusCode, http.StatusText(resp.StatusCode))
 }