package org.apache.catalina.authenticator;

import com.sun.enterprise.deployment.xml.RuntimeTagNames;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.Hashtable;
import java.util.StringTokenizer;
import javax.faces.validator.BeanValidator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.HttpHeaders;
import org.apache.catalina.HttpRequest;
import org.apache.catalina.HttpResponse;
import org.apache.catalina.Realm;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.util.DigestEncoder;
import org.apache.derby.impl.store.raw.log.LogCounter;

/* loaded from: input_file:org/apache/catalina/authenticator/DigestAuthenticator.class */
public class DigestAuthenticator extends AuthenticatorBase {
    protected static final int USE_ONCE = 1;
    protected static final int USE_NEVER_EXPIRES = Integer.MAX_VALUE;
    protected static final int TIMEOUT_INFINITE = Integer.MAX_VALUE;
    protected static final String info = "org.apache.catalina.authenticator.DigestAuthenticator/1.0";
    private static final String EMPTY_STRING = "";
    protected static volatile MessageDigest messageDigest;
    protected Hashtable<String, Long> nOnceTokens = new Hashtable<>();
    protected long nOnceTimeout = LogCounter.MAX_LOGFILE_NUMBER;
    protected int nOnceUses = 1;
    protected String key = "Catalina";
    protected static final DigestEncoder digestEncoder = new DigestEncoder();
    protected static final String DEFAULT_ALGORITHM = "MD5";
    protected static volatile String algorithm = DEFAULT_ALGORITHM;

    public static String getAlgorithm() {
        return algorithm;
    }

    public static synchronized void setAlgorithm(String str) {
        algorithm = str;
        messageDigest = null;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase, org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve, org.glassfish.web.valve.GlassFishValve
    public String getInfo() {
        return info;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    public boolean authenticate(HttpRequest httpRequest, HttpResponse httpResponse, LoginConfig loginConfig) throws IOException {
        Principal authenticate;
        if (((HttpServletRequest) httpRequest.getRequest()).getUserPrincipal() != null) {
            return true;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) httpRequest.getRequest();
        HttpServletResponse httpServletResponse = (HttpServletResponse) httpResponse.getResponse();
        String authorization = httpRequest.getAuthorization();
        if (authorization == null || (authenticate = this.context.getRealm().authenticate(httpServletRequest)) == null) {
            setAuthenticateHeader(httpServletRequest, httpServletResponse, loginConfig, generateNOnce(httpServletRequest));
            httpServletResponse.sendError(401);
            return false;
        }
        register(httpRequest, httpResponse, authenticate, "DIGEST", parseUsername(authorization), null);
        if (((String) httpRequest.getNote(Constants.REQ_SSOID_NOTE)) == null) {
            return true;
        }
        getSession(httpRequest, true);
        return true;
    }

    protected static Principal findPrincipal(HttpServletRequest httpServletRequest, String str, Realm realm) {
        if (str == null || !str.startsWith("Digest ")) {
            return null;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str.substring(7).trim(), BeanValidator.VALIDATION_GROUPS_DELIMITER);
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String str5 = null;
        String str6 = null;
        String str7 = null;
        String str8 = null;
        String str9 = null;
        String method = httpServletRequest.getMethod();
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            int indexOf = nextToken.indexOf(61);
            if (indexOf < 0) {
                return null;
            }
            String trim = nextToken.substring(0, indexOf).trim();
            String trim2 = nextToken.substring(indexOf + 1).trim();
            if ("username".equals(trim)) {
                str2 = removeQuotes(trim2);
            }
            if (RuntimeTagNames.REALM.equals(trim)) {
                str3 = removeQuotes(trim2, true);
            }
            if (com.sun.enterprise.security.auth.digest.api.Constants.NONCE.equals(trim)) {
                str4 = removeQuotes(trim2);
            }
            if (com.sun.enterprise.security.auth.digest.api.Constants.NONCE_COUNT.equals(trim)) {
                str5 = trim2;
            }
            if (com.sun.enterprise.security.auth.digest.api.Constants.CNONCE.equals(trim)) {
                str6 = removeQuotes(trim2);
            }
            if (com.sun.enterprise.security.auth.digest.api.Constants.QOP.equals(trim)) {
                str7 = removeQuotes(trim2);
            }
            if ("uri".equals(trim)) {
                str8 = removeQuotes(trim2);
            }
            if (com.sun.enterprise.security.auth.digest.api.Constants.RESPONSE.equals(trim)) {
                str9 = removeQuotes(trim2);
            }
        }
        if (str2 == null || str3 == null || str4 == null || str8 == null || str9 == null) {
            return null;
        }
        return realm.authenticate(str2, str9.toCharArray(), str4, str5, str6, str7, str3, digestEncoder.encode(digest((method + ":" + str8).getBytes())));
    }

    protected String parseUsername(String str) {
        String nextToken;
        int indexOf;
        if (str == null || !str.startsWith("Digest ")) {
            return null;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str.substring(7).trim(), BeanValidator.VALIDATION_GROUPS_DELIMITER);
        while (stringTokenizer.hasMoreTokens() && (indexOf = (nextToken = stringTokenizer.nextToken()).indexOf(61)) >= 0) {
            String trim = nextToken.substring(0, indexOf).trim();
            String trim2 = nextToken.substring(indexOf + 1).trim();
            if ("username".equals(trim)) {
                return removeQuotes(trim2);
            }
        }
        return null;
    }

    protected static String removeQuotes(String str, boolean z) {
        return (str.length() <= 0 || str.charAt(0) == '\"' || z) ? str.length() > 2 ? str.substring(1, str.length() - 1) : "" : str;
    }

    protected static String removeQuotes(String str) {
        return removeQuotes(str, false);
    }

    protected String generateNOnce(HttpServletRequest httpServletRequest) {
        long currentTimeMillis = System.currentTimeMillis();
        String valueOf = String.valueOf(digestEncoder.encode(digest((httpServletRequest.getRemoteAddr() + ":" + currentTimeMillis + ":" + this.key).getBytes())));
        this.nOnceTokens.put(valueOf, Long.valueOf(currentTimeMillis + this.nOnceTimeout));
        return valueOf;
    }

    protected void setAuthenticateHeader(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, LoginConfig loginConfig, String str) {
        String realmName = loginConfig.getRealmName();
        if (realmName == null) {
            realmName = "Authentication required";
        }
        httpServletResponse.setHeader(HttpHeaders.WWW_AUTHENTICATE, "Digest realm=\"" + realmName + "\", qop=\"auth\", nonce=\"" + str + "\", opaque=\"" + String.valueOf(digestEncoder.encode(digest(str.getBytes()))) + "\"");
    }

    protected static synchronized MessageDigest getMessageDigest() {
        if (messageDigest == null) {
            try {
                messageDigest = MessageDigest.getInstance(algorithm);
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException(algorithm + " digest algorithm not available", e);
            }
        }
        return messageDigest;
    }

    protected static byte[] digest(byte[] bArr) {
        byte[] digest;
        MessageDigest messageDigest2 = getMessageDigest();
        synchronized (messageDigest2) {
            digest = messageDigest2.digest(bArr);
        }
        return digest;
    }
}
