package org.eclipse.jetty.security.jaspi.modules;

import java.io.IOException;
import java.security.MessageDigest;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.xalan.templates.Constants;
import org.eclipse.jetty.util.B64Code;
import org.eclipse.jetty.util.QuotedStringTokenizer;
import org.eclipse.jetty.util.TypeUtil;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.security.Credential;

/* loaded from: input_file:WEB-INF/lib/jetty-all-7.6.0.v20120127.jar:org/eclipse/jetty/security/jaspi/modules/DigestAuthModule.class */
public class DigestAuthModule extends BaseAuthModule {
    private static final Logger LOG = Log.getLogger((Class<?>) DigestAuthModule.class);
    protected long maxNonceAge;
    protected long nonceSecret;
    protected boolean useStale;
    private String realmName;
    private static final String REALM_KEY = "org.eclipse.jetty.security.jaspi.modules.RealmName";

    /* loaded from: input_file:WEB-INF/lib/jetty-all-7.6.0.v20120127.jar:org/eclipse/jetty/security/jaspi/modules/DigestAuthModule$Digest.class */
    private static class Digest extends Credential {
        private static final long serialVersionUID = -1866670896275159116L;
        String method;
        String username = null;
        String realm = null;
        String nonce = null;
        String nc = null;
        String cnonce = null;
        String qop = null;
        String uri = null;
        String response = null;

        Digest(String str) {
            this.method = null;
            this.method = str;
        }

        @Override // org.eclipse.jetty.util.security.Credential
        public boolean check(Object obj) {
            byte[] digest;
            String obj2 = obj instanceof String ? (String) obj : obj.toString();
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("MD5");
                if (obj instanceof Credential.MD5) {
                    digest = ((Credential.MD5) obj).getDigest();
                } else {
                    messageDigest.update(this.username.getBytes("ISO-8859-1"));
                    messageDigest.update((byte) 58);
                    messageDigest.update(this.realm.getBytes("ISO-8859-1"));
                    messageDigest.update((byte) 58);
                    messageDigest.update(obj2.getBytes("ISO-8859-1"));
                    digest = messageDigest.digest();
                }
                messageDigest.reset();
                messageDigest.update(this.method.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(this.uri.getBytes("ISO-8859-1"));
                byte[] digest2 = messageDigest.digest();
                messageDigest.update(TypeUtil.toString(digest, 16).getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(this.nonce.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(this.nc.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(this.cnonce.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(this.qop.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(TypeUtil.toString(digest2, 16).getBytes("ISO-8859-1"));
                return TypeUtil.toString(messageDigest.digest(), 16).equalsIgnoreCase(this.response);
            } catch (Exception e) {
                DigestAuthModule.LOG.warn(e);
                return false;
            }
        }

        public String toString() {
            return this.username + "," + this.response;
        }
    }

    public DigestAuthModule() {
        this.maxNonceAge = 0L;
        this.nonceSecret = hashCode() ^ System.currentTimeMillis();
        this.useStale = false;
    }

    public DigestAuthModule(CallbackHandler callbackHandler, String str) {
        super(callbackHandler);
        this.maxNonceAge = 0L;
        this.nonceSecret = hashCode() ^ System.currentTimeMillis();
        this.useStale = false;
        this.realmName = str;
    }

    @Override // org.eclipse.jetty.security.jaspi.modules.BaseAuthModule, javax.security.auth.message.module.ServerAuthModule
    public void initialize(MessagePolicy messagePolicy, MessagePolicy messagePolicy2, CallbackHandler callbackHandler, Map map) throws AuthException {
        super.initialize(messagePolicy, messagePolicy2, callbackHandler, map);
        this.realmName = (String) map.get(REALM_KEY);
    }

    @Override // org.eclipse.jetty.security.jaspi.modules.BaseAuthModule, javax.security.auth.message.ServerAuth
    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageInfo.getRequestMessage();
        HttpServletResponse httpServletResponse = (HttpServletResponse) messageInfo.getResponseMessage();
        String header = httpServletRequest.getHeader("Authorization");
        try {
            boolean z = false;
            long currentTimeMillis = System.currentTimeMillis();
            if (header != null) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Credentials: " + header, new Object[0]);
                }
                QuotedStringTokenizer quotedStringTokenizer = new QuotedStringTokenizer(header, "=, ", true, false);
                Digest digest = new Digest(httpServletRequest.getMethod());
                String str = null;
                String str2 = null;
                while (quotedStringTokenizer.hasMoreTokens()) {
                    String nextToken = quotedStringTokenizer.nextToken();
                    switch (nextToken.length() == 1 ? nextToken.charAt(0) : (char) 0) {
                        case ' ':
                            break;
                        case ',':
                            str2 = null;
                            break;
                        case '=':
                            str2 = str;
                            str = nextToken;
                            continue;
                        default:
                            str = nextToken;
                            if (str2 != null) {
                                if (!"username".equalsIgnoreCase(str2)) {
                                    if (!"realm".equalsIgnoreCase(str2)) {
                                        if (!"nonce".equalsIgnoreCase(str2)) {
                                            if (!"nc".equalsIgnoreCase(str2)) {
                                                if (!"cnonce".equalsIgnoreCase(str2)) {
                                                    if (!"qop".equalsIgnoreCase(str2)) {
                                                        if (!Constants.ELEMNAME_URL_STRING.equalsIgnoreCase(str2)) {
                                                            if (!"response".equalsIgnoreCase(str2)) {
                                                                break;
                                                            } else {
                                                                digest.response = nextToken;
                                                                continue;
                                                            }
                                                        } else {
                                                            digest.uri = nextToken;
                                                            break;
                                                        }
                                                    } else {
                                                        digest.qop = nextToken;
                                                        break;
                                                    }
                                                } else {
                                                    digest.cnonce = nextToken;
                                                    break;
                                                }
                                            } else {
                                                digest.nc = nextToken;
                                                break;
                                            }
                                        } else {
                                            digest.nonce = nextToken;
                                            break;
                                        }
                                    } else {
                                        digest.realm = nextToken;
                                        break;
                                    }
                                } else {
                                    digest.username = nextToken;
                                    break;
                                }
                            } else {
                                break;
                            }
                    }
                }
                int checkNonce = checkNonce(digest.nonce, currentTimeMillis);
                if (checkNonce > 0) {
                    if (login(subject, digest.username, digest, "DIGEST", messageInfo)) {
                        return AuthStatus.SUCCESS;
                    }
                } else if (checkNonce == 0) {
                    z = true;
                }
            }
            if (!isMandatory(messageInfo)) {
                return AuthStatus.SUCCESS;
            }
            String contextPath = httpServletRequest.getContextPath();
            if (contextPath == null) {
                contextPath = "/";
            }
            httpServletResponse.setHeader("WWW-Authenticate", "Digest realm=\"" + this.realmName + "\", domain=\"" + contextPath + "\", nonce=\"" + newNonce(currentTimeMillis) + "\", algorithm=MD5, qop=\"auth\"" + (this.useStale ? " stale=" + z : ""));
            httpServletResponse.sendError(401);
            return AuthStatus.SEND_CONTINUE;
        } catch (IOException e) {
            throw new AuthException(e.getMessage());
        } catch (UnsupportedCallbackException e2) {
            throw new AuthException(e2.getMessage());
        }
    }

    public String newNonce(long j) {
        long j2 = this.nonceSecret;
        byte[] bArr = new byte[24];
        for (int i = 0; i < 8; i++) {
            bArr[i] = (byte) (j & 255);
            j >>= 8;
            bArr[8 + i] = (byte) (j2 & 255);
            j2 >>= 8;
        }
        byte[] bArr2 = null;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.reset();
            messageDigest.update(bArr, 0, 16);
            bArr2 = messageDigest.digest();
        } catch (Exception e) {
            LOG.warn(e);
        }
        for (int i2 = 0; i2 < bArr2.length; i2++) {
            bArr[8 + i2] = bArr2[i2];
            if (i2 == 23) {
                break;
            }
        }
        return new String(B64Code.encode(bArr));
    }

    public int checkNonce(String str, long j) {
        try {
            byte[] decode = B64Code.decode(str.toCharArray());
            if (decode.length != 24) {
                return -1;
            }
            long j2 = 0;
            long j3 = this.nonceSecret;
            byte[] bArr = new byte[16];
            System.arraycopy(decode, 0, bArr, 0, 8);
            for (int i = 0; i < 8; i++) {
                bArr[8 + i] = (byte) (j3 & 255);
                j3 >>= 8;
                j2 = (j2 << 8) + (255 & decode[7 - i]);
            }
            long j4 = j - j2;
            if (LOG.isDebugEnabled()) {
                LOG.debug("age=" + j4, new Object[0]);
            }
            byte[] bArr2 = null;
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("MD5");
                messageDigest.reset();
                messageDigest.update(bArr, 0, 16);
                bArr2 = messageDigest.digest();
            } catch (Exception e) {
                LOG.warn(e);
            }
            for (int i2 = 0; i2 < 16; i2++) {
                if (decode[i2 + 8] != bArr2[i2]) {
                    return -1;
                }
            }
            if (this.maxNonceAge <= 0) {
                return 1;
            }
            if (j4 >= 0) {
                return j4 > this.maxNonceAge ? 0 : 1;
            }
            return 0;
        } catch (Exception e2) {
            LOG.ignore(e2);
            return -1;
        }
    }
}
