package org.apache.catalina.authenticator;

import java.io.IOException;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.HttpRequest;
import org.apache.catalina.HttpResponse;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.servlets.WebdavStatus;
import org.apache.catalina.util.DigestEncoder;

/* loaded from: input_file:org/apache/catalina/authenticator/DigestAuthenticator.class */
public class DigestAuthenticator extends AuthenticatorBase {
    protected static final String info = "org.apache.catalina.authenticator.DigestAuthenticator/1.0";
    protected static final String QOP = "auth";
    private static final String EMPTY_STRING = "";
    protected static volatile MessageDigest messageDigest;
    protected String opaque;
    protected static final DigestEncoder digestEncoder = new DigestEncoder();
    protected static final String DEFAULT_ALGORITHM = "MD5";
    protected static volatile String algorithm = DEFAULT_ALGORITHM;
    protected int cnonceCacheSize = 1000;
    protected String key = null;
    protected long nonceValidity = 300000;
    protected boolean validateUri = true;

    /* loaded from: input_file:org/apache/catalina/authenticator/DigestAuthenticator$DigestInfo.class */
    private static class DigestInfo {
        private String opaque;
        private long nonceValidity;
        private String key;
        private boolean validateUri;
        private String userName = null;
        private String uri = null;
        private String response = null;
        private String nonce = null;
        private String nc = null;
        private String cnonce = null;
        private String realmName = null;
        private String qop = null;
        private boolean nonceStale = false;

        public DigestInfo(String str, long j, String str2, boolean z) {
            this.validateUri = true;
            this.opaque = str;
            this.nonceValidity = j;
            this.key = str2;
            this.validateUri = z;
        }

        public boolean validate(HttpServletRequest httpServletRequest, String str, LoginConfig loginConfig) {
            int indexOf;
            if (str == null || !str.startsWith("Digest ")) {
                return false;
            }
            String str2 = null;
            for (String str3 : str.substring(7).trim().split(",(?=(?:[^\"]*\"[^\"]*\")+$)")) {
                if (str3.length() != 0) {
                    int indexOf2 = str3.indexOf(61);
                    if (indexOf2 < 0) {
                        return false;
                    }
                    String trim = str3.substring(0, indexOf2).trim();
                    String trim2 = str3.substring(indexOf2 + 1).trim();
                    if ("username".equals(trim)) {
                        this.userName = DigestAuthenticator.removeQuotes(trim2);
                    }
                    if ("realm".equals(trim)) {
                        this.realmName = DigestAuthenticator.removeQuotes(trim2, true);
                    }
                    if ("nonce".equals(trim)) {
                        this.nonce = DigestAuthenticator.removeQuotes(trim2);
                    }
                    if ("nc".equals(trim)) {
                        this.nc = DigestAuthenticator.removeQuotes(trim2);
                    }
                    if ("cnonce".equals(trim)) {
                        this.cnonce = DigestAuthenticator.removeQuotes(trim2);
                    }
                    if ("qop".equals(trim)) {
                        this.qop = DigestAuthenticator.removeQuotes(trim2);
                    }
                    if ("uri".equals(trim)) {
                        this.uri = DigestAuthenticator.removeQuotes(trim2);
                    }
                    if ("response".equals(trim)) {
                        this.response = DigestAuthenticator.removeQuotes(trim2);
                    }
                    if ("opaque".equals(trim)) {
                        str2 = DigestAuthenticator.removeQuotes(trim2);
                    }
                }
            }
            if (this.userName == null || this.realmName == null || this.nonce == null || this.uri == null || this.response == null) {
                return false;
            }
            if (this.validateUri) {
                String queryString = httpServletRequest.getQueryString();
                if (!this.uri.equals(queryString == null ? httpServletRequest.getRequestURI() : httpServletRequest.getRequestURI() + "?" + queryString)) {
                    return false;
                }
            }
            String realmName = loginConfig.getRealmName();
            if (realmName == null) {
                realmName = "Authentication required";
            }
            if (!realmName.equals(this.realmName) || !this.opaque.equals(str2) || (indexOf = this.nonce.indexOf(":")) < 0 || indexOf + 1 == this.nonce.length()) {
                return false;
            }
            try {
                long parseLong = Long.parseLong(this.nonce.substring(0, indexOf));
                String substring = this.nonce.substring(indexOf + 1);
                if (System.currentTimeMillis() - parseLong > this.nonceValidity) {
                    this.nonceStale = true;
                    return false;
                }
                if (!new String(DigestAuthenticator.digestEncoder.encode(DigestAuthenticator.digest((httpServletRequest.getRemoteAddr() + ":" + parseLong + ":" + this.key).getBytes(Charset.defaultCharset())))).equals(substring)) {
                    return false;
                }
                if (this.qop != null && !DigestAuthenticator.QOP.equals(this.qop)) {
                    return false;
                }
                if (this.qop == null) {
                    return this.cnonce == null && this.nc == null;
                }
                if (this.cnonce == null || this.nc == null || this.nc.length() != 8) {
                    return false;
                }
                try {
                    Long.parseLong(this.nc, 16);
                    return true;
                } catch (NumberFormatException e) {
                    return false;
                }
            } catch (NumberFormatException e2) {
                return false;
            }
        }

        public boolean isNonceStale() {
            return this.nonceStale;
        }
    }

    public static String getAlgorithm() {
        return algorithm;
    }

    public static synchronized void setAlgorithm(String str) {
        algorithm = str;
        messageDigest = null;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase, org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve, org.glassfish.web.valve.GlassFishValve
    public String getInfo() {
        return info;
    }

    public int getCnonceCacheSize() {
        return this.cnonceCacheSize;
    }

    public void setCnonceCacheSize(int i) {
        this.cnonceCacheSize = i;
    }

    public String getKey() {
        return this.key;
    }

    public void setKey(String str) {
        this.key = str;
    }

    public long getNonceValidity() {
        return this.nonceValidity;
    }

    public void setNonceValidity(long j) {
        this.nonceValidity = j;
    }

    public String getOpaque() {
        return this.opaque;
    }

    public void setOpaque(String str) {
        this.opaque = str;
    }

    public boolean isValidateUri() {
        return this.validateUri;
    }

    public void setValidateUri(boolean z) {
        this.validateUri = z;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    public boolean authenticate(HttpRequest httpRequest, HttpResponse httpResponse, LoginConfig loginConfig) throws IOException {
        Principal authenticate;
        if (httpRequest.mo23getRequest().getUserPrincipal() != null) {
            return true;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) httpRequest.mo23getRequest();
        HttpServletResponse httpServletResponse = (HttpServletResponse) httpResponse.mo26getResponse();
        String authorization = httpRequest.getAuthorization();
        DigestInfo digestInfo = new DigestInfo(getOpaque(), getNonceValidity(), getKey(), isValidateUri());
        if (authorization == null || !digestInfo.validate(httpServletRequest, authorization, loginConfig) || (authenticate = this.context.getRealm().authenticate(httpServletRequest)) == null) {
            setAuthenticateHeader(httpServletRequest, httpServletResponse, loginConfig, generateNonce(httpServletRequest), digestInfo.isNonceStale());
            httpServletResponse.sendError(WebdavStatus.SC_UNAUTHORIZED);
            return false;
        }
        register(httpRequest, httpResponse, authenticate, Constants.DIGEST_METHOD, parseUsername(authorization), null);
        if (((String) httpRequest.getNote(Constants.REQ_SSOID_NOTE)) == null) {
            return true;
        }
        getSession(httpRequest, true);
        return true;
    }

    protected String parseUsername(String str) {
        String nextToken;
        int indexOf;
        if (str == null || !str.startsWith("Digest ")) {
            return null;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str.substring(7).trim(), ",");
        while (stringTokenizer.hasMoreTokens() && (indexOf = (nextToken = stringTokenizer.nextToken()).indexOf(61)) >= 0) {
            String trim = nextToken.substring(0, indexOf).trim();
            String trim2 = nextToken.substring(indexOf + 1).trim();
            if ("username".equals(trim)) {
                return removeQuotes(trim2);
            }
        }
        return null;
    }

    protected static String removeQuotes(String str, boolean z) {
        return (str.length() <= 0 || str.charAt(0) == '\"' || z) ? str.length() > 2 ? str.substring(1, str.length() - 1) : EMPTY_STRING : str;
    }

    protected static String removeQuotes(String str) {
        return removeQuotes(str, false);
    }

    protected String generateNonce(HttpServletRequest httpServletRequest) {
        long currentTimeMillis = System.currentTimeMillis();
        return currentTimeMillis + ":" + new String(digestEncoder.encode(digest((httpServletRequest.getRemoteAddr() + ":" + currentTimeMillis + ":" + getKey()).getBytes(Charset.defaultCharset()))));
    }

    protected void setAuthenticateHeader(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, LoginConfig loginConfig, String str, boolean z) {
        String realmName = loginConfig.getRealmName();
        if (realmName == null) {
            realmName = "Authentication required";
        }
        httpServletResponse.setHeader("WWW-Authenticate", z ? "Digest realm=\"" + realmName + "\", qop=\"" + QOP + "\", nonce=\"" + str + "\", opaque=\"" + getOpaque() + "\", stale=true" : "Digest realm=\"" + realmName + "\", qop=\"" + QOP + "\", nonce=\"" + str + "\", opaque=\"" + getOpaque() + "\"");
    }

    protected static synchronized MessageDigest getMessageDigest() {
        if (messageDigest == null) {
            try {
                messageDigest = MessageDigest.getInstance(algorithm);
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException(algorithm + " digest algorithm not available", e);
            }
        }
        return messageDigest;
    }

    protected static byte[] digest(byte[] bArr) {
        byte[] digest;
        MessageDigest messageDigest2 = getMessageDigest();
        synchronized (messageDigest2) {
            digest = messageDigest2.digest(bArr);
        }
        return digest;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase, org.apache.catalina.valves.ValveBase, org.apache.catalina.Lifecycle
    public synchronized void start() throws LifecycleException {
        super.start();
        if (getKey() == null) {
            setKey(generateSessionId());
        }
        if (getOpaque() == null) {
            setOpaque(generateSessionId());
        }
    }
}
