package com.usthe.sureness.processor.support;

import com.usthe.sureness.processor.BaseProcessor;
import com.usthe.sureness.processor.exception.DisabledAccountException;
import com.usthe.sureness.processor.exception.ExcessiveAttemptsException;
import com.usthe.sureness.processor.exception.IncorrectCredentialsException;
import com.usthe.sureness.processor.exception.NeedDigestInfoException;
import com.usthe.sureness.processor.exception.SurenessAuthenticationException;
import com.usthe.sureness.processor.exception.UnknownAccountException;
import com.usthe.sureness.provider.SurenessAccount;
import com.usthe.sureness.provider.SurenessAccountProvider;
import com.usthe.sureness.subject.Subject;
import com.usthe.sureness.subject.support.DigestSubject;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/usthe/sureness/processor/support/DigestProcessor.class */
public class DigestProcessor extends BaseProcessor {
    private static final Logger logger = LoggerFactory.getLogger(DigestProcessor.class);
    private static final String DEFAULT_REALM = "sureness_realm";
    private static final String DEFAULT_QOP = "auth";
    private static final String HEX_LOOKUP = "0123456789abcdef";
    private static MessageDigest md5Digest;
    private static String realm;
    private static String qop;
    private SurenessAccountProvider accountProvider;

    @Override // com.usthe.sureness.processor.BaseProcessor, com.usthe.sureness.processor.Processor
    public boolean canSupportSubjectClass(Class<?> cls) {
        return cls == DigestSubject.class;
    }

    @Override // com.usthe.sureness.processor.BaseProcessor, com.usthe.sureness.processor.Processor
    public Class<?> getSupportSubjectClass() {
        return DigestSubject.class;
    }

    @Override // com.usthe.sureness.processor.BaseProcessor
    public Subject authenticated(Subject subject) throws SurenessAuthenticationException {
        if (subject.getPrincipal() == null || subject.getCredential() == null) {
            throw new NeedDigestInfoException("you should try once with digest auth information", getAuthenticate());
        }
        String str = (String) subject.getPrincipal();
        SurenessAccount loadAccount = this.accountProvider.loadAccount(str);
        if (loadAccount == null) {
            if (logger.isDebugEnabled()) {
                logger.debug("PasswordProcessor authenticated fail, no this user: {}", subject.getPrincipal());
            }
            throw new UnknownAccountException("do not exist the account: " + str);
        }
        DigestSubject digestSubject = (DigestSubject) subject;
        if (!calcDigest(calcDigest(str, digestSubject.getRealm(), loadAccount.getPassword()), digestSubject.getNonce(), digestSubject.getNc(), digestSubject.getCnonce(), digestSubject.getQop(), calcDigest(digestSubject.getHttpMethod(), digestSubject.getUri())).equals(digestSubject.getCredential())) {
            throw new IncorrectCredentialsException("incorrect password");
        }
        if (loadAccount.isDisabledAccount()) {
            throw new DisabledAccountException("account is disabled");
        }
        if (loadAccount.isExcessiveAttempts()) {
            throw new ExcessiveAttemptsException("account is disable due to many time authenticated, try later");
        }
        subject.setOwnRoles(loadAccount.getOwnRoles());
        return subject;
    }

    private String getAuthenticate() {
        return "Digest realm=" + realm + ",nonce=" + calcDigest(String.valueOf(System.currentTimeMillis()), new String[0]) + ",qop=" + qop;
    }

    private String calcDigest(String str, String... strArr) {
        StringBuilder sb = new StringBuilder(str);
        if (strArr != null) {
            for (String str2 : strArr) {
                sb.append(':').append(str2);
            }
        }
        md5Digest.reset();
        md5Digest.update(sb.toString().getBytes(StandardCharsets.UTF_8));
        return bytesToHexString(md5Digest.digest());
    }

    private static String bytesToHexString(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            sb.append(HEX_LOOKUP.charAt((b & 240) >> 4));
            sb.append(HEX_LOOKUP.charAt(b & 15));
        }
        return sb.toString();
    }

    public void setAccountProvider(SurenessAccountProvider surenessAccountProvider) {
        this.accountProvider = surenessAccountProvider;
    }

    public static void setRealm(String str) {
        realm = str;
    }

    public static void setQop(String str) {
        qop = str;
    }

    static {
        try {
            md5Digest = MessageDigest.getInstance("MD5");
            realm = DEFAULT_REALM;
            qop = DEFAULT_QOP;
        } catch (NoSuchAlgorithmException e) {
            logger.error(e.getMessage(), e);
        }
    }
}
