import okhttp3.internal.commonEquals
import okhttp3.internal.commonHashCode
import okhttp3.internal.commonToString

/**
 * An [RFC 7235][rfc_7235] challenge.
 *
 * [rfc_7235]: https://tools.ietf.org/html/rfc7235
 */
class Challenge(
  /** Returns the authentication scheme, like `Basic`. */
  @get:JvmName("scheme") val scheme: String,
  authParams: Map<String?, String>,
) {
  /**

    route: Route?,
    response: Response,
  ): Request? {
    val challenges = response.challenges()
    val request = response.request
    val url = request.url
    val proxyAuthorization = response.code == 407
    val proxy = route?.proxy ?: Proxy.NO_PROXY

    for (challenge in challenges) {
      if (!"Basic".equals(challenge.scheme, ignoreCase = true)) {
        continue
      }

 */
fun Headers.parseChallenges(headerName: String): List<Challenge> {
  val result = mutableListOf<Challenge>()
  for (h in 0 until size) {
    if (headerName.equals(name(h), ignoreCase = true)) {
      val header = Buffer().writeUtf8(value(h))
      try {
        header.readChallengeHeader(result)
      } catch (e: EOFException) {
        Platform.get().log("Unable to parse challenge", Platform.WARN, e)
      }
    }
  }

 * challenge. The proxy authenticator may return either an authenticated request, or null to
 * connect without authentication.
 *
 * ```java
 * for (Challenge challenge : response.challenges()) {
 *   // If this is preemptive auth, use a preemptive credential.
 *   if (challenge.scheme().equalsIgnoreCase("OkHttp-Preemptive")) {

package okhttp3.internal

import okhttp3.Challenge

fun Challenge.commonEquals(other: Any?): Boolean {
  return other is Challenge &&
    other.scheme == scheme &&
    other.authParams == authParams
}

fun Challenge.commonHashCode(): Int {
  var result = 29
  result = 31 * result + scheme.hashCode()
  result = 31 * result + authParams.hashCode()
  return result
}

If the response issues an authorization challenge, OkHttp will ask the [`Authenticator`](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-authenticator/) (if one is configured) to satisfy the challenge. If the authenticator supplies a credential, the request is retried with that credential included.

## Retrying Requests

In limited situations OkHttp will retry a route if connecting fails:

 * When making an HTTPS connection through an HTTP proxy, the proxy may issue an authentication challenge. OkHttp will call the proxy [authenticator](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-authenticator/) and try again.

 * one or more streams, and then released. An allocated connection won't be stolen by other calls
 * while a redirect or authorization challenge is being handled.
 *
 * When the maximum concurrent streams limit is reduced, some allocations will be rescinded.
 * Attempting to create new streams on these allocations will fail.
 *

   *
   *  * A stale connection. The request was made on a reused connection and that reused connection
   *    has since been closed by the server.
   *  * A client timeout (HTTP 408).
   *  * A authorization challenge (HTTP 401 and 407) that is satisfied by the [Authenticator].
   *  * A retryable server failure (HTTP 503 with a `Retry-After: 0` response header).
   *  * A misdirected request (HTTP 421) on a coalesced connection.
   */

    return response.request.newBuilder()
      .addHeader(header, credential)
      .build()
  }

  private fun schemeMatches(response: Response): Boolean {
    if (scheme == null) return true
    return response.challenges().any { it.scheme.equals(scheme, ignoreCase = true) }
  }