package com.caucho.server.security;

import com.caucho.util.Base64;
import com.caucho.util.CharBuffer;
import com.caucho.util.CharCursor;
import com.caucho.util.RandomUtil;
import com.caucho.util.StringCharCursor;
import com.caucho.xml.XmlChar;
import java.io.IOException;
import java.security.Principal;
import java.util.logging.Level;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/caucho/server/security/DigestLogin.class */
public class DigestLogin extends AbstractLogin {
    protected String _realm;

    public void setRealmName(String str) {
        this._realm = str;
    }

    public String getRealmName() {
        return this._realm;
    }

    @Override // com.caucho.server.security.AbstractLogin
    public String getAuthType() {
        return "Digest";
    }

    @Override // com.caucho.server.security.AbstractLogin
    public Principal authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ServletContext servletContext) throws ServletException, IOException {
        Principal userPrincipal = getAuthenticator().getUserPrincipal(httpServletRequest, httpServletResponse, servletContext);
        if (userPrincipal != null) {
            return userPrincipal;
        }
        Principal digestPrincipal = getDigestPrincipal(httpServletRequest, httpServletResponse, servletContext);
        if (digestPrincipal != null) {
            return digestPrincipal;
        }
        sendDigestChallenge(httpServletResponse, servletContext);
        return null;
    }

    @Override // com.caucho.server.security.AbstractLogin
    public Principal getUserPrincipal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ServletContext servletContext) throws ServletException {
        Principal userPrincipal = getAuthenticator().getUserPrincipal(httpServletRequest, httpServletResponse, servletContext);
        return userPrincipal != null ? userPrincipal : getDigestPrincipal(httpServletRequest, httpServletResponse, servletContext);
    }

    protected void sendDigestChallenge(HttpServletResponse httpServletResponse, ServletContext servletContext) throws ServletException, IOException {
        String realmName = getRealmName();
        if (realmName == null) {
            realmName = "resin";
        }
        CharBuffer allocate = CharBuffer.allocate();
        Base64.encode(allocate, getRandomLong(servletContext));
        String charBuffer = allocate.toString();
        allocate.clear();
        allocate.append("Digest ");
        allocate.append("realm=\"");
        allocate.append(realmName);
        allocate.append("\", qop=\"auth\", ");
        allocate.append("nonce=\"");
        allocate.append(charBuffer);
        allocate.append("\"");
        httpServletResponse.setHeader("WWW-Authenticate", allocate.close());
        httpServletResponse.sendError(401);
    }

    protected long getRandomLong(ServletContext servletContext) {
        return RandomUtil.getRandomLong();
    }

    protected Principal getDigestPrincipal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ServletContext servletContext) throws ServletException {
        String header = httpServletRequest.getHeader("authorization");
        if (header == null) {
            return null;
        }
        String str = null;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String str5 = null;
        String str6 = null;
        String str7 = null;
        String str8 = null;
        StringCharCursor stringCharCursor = new StringCharCursor(header);
        if (!"Digest".equalsIgnoreCase(scanKey(stringCharCursor))) {
            return null;
        }
        while (true) {
            String scanKey = scanKey(stringCharCursor);
            if (scanKey == null) {
                break;
            }
            String scanValue = scanValue(stringCharCursor);
            if (scanKey.equals("username")) {
                str = scanValue;
            } else if (scanKey.equals("realm")) {
                str2 = scanValue;
            } else if (scanKey.equals("uri")) {
                str3 = scanValue;
            } else if (scanKey.equals("nonce")) {
                str4 = scanValue;
            } else if (scanKey.equals("response")) {
                str8 = scanValue;
            } else if (scanKey.equals("cnonce")) {
                str5 = scanValue;
            } else if (scanKey.equals("nc")) {
                str6 = scanValue;
            } else if (scanKey.equals("qop")) {
                str7 = scanValue;
            }
        }
        byte[] decodeDigest = decodeDigest(str8);
        if (decodeDigest == null || str == null || str3 == null || str4 == null) {
            return null;
        }
        Principal loginDigest = getAuthenticator().loginDigest(httpServletRequest, httpServletResponse, servletContext, str, str2, str4, str3, str7, str6, str5, decodeDigest);
        if (log.isLoggable(Level.FINE)) {
            log.fine(new StringBuffer().append("digest: ").append(str).append(" -> ").append(loginDigest).toString());
        }
        return loginDigest;
    }

    protected byte[] decodeDigest(String str) {
        if (str == null) {
            return null;
        }
        byte[] bArr = new byte[(str.length() + 1) / 2];
        for (int i = 0; i + 1 < str.length(); i += 2) {
            char charAt = str.charAt(i);
            char charAt2 = str.charAt(i + 1);
            int i2 = 0;
            if (charAt >= '0' && charAt <= '9') {
                i2 = 0 + (charAt - '0');
            } else if (charAt >= 'a' && charAt <= 'f') {
                i2 = 0 + (charAt - 'a') + 10;
            }
            int i3 = i2 * 16;
            if (charAt2 >= '0' && charAt2 <= '9') {
                i3 += charAt2 - '0';
            } else if (charAt2 >= 'a' && charAt2 <= 'f') {
                i3 += (charAt2 - 'a') + 10;
            }
            bArr[i / 2] = (byte) i3;
        }
        return bArr;
    }

    protected String scanKey(CharCursor charCursor) throws ServletException {
        char read;
        while (true) {
            char current = charCursor.current();
            if (!XmlChar.isWhitespace(current) && current != ',') {
                break;
            }
            charCursor.next();
        }
        char current2 = charCursor.current();
        if (current2 == 65535) {
            return null;
        }
        if (!XmlChar.isNameStart(current2)) {
            throw new ServletException(new StringBuffer().append("bad key: ").append(current2).append(" ").append(charCursor).toString());
        }
        CharBuffer allocate = CharBuffer.allocate();
        while (true) {
            read = charCursor.read();
            if (!XmlChar.isNameChar(read)) {
                break;
            }
            allocate.append(read);
        }
        if (read != 65535) {
            charCursor.previous();
        }
        return allocate.close();
    }

    protected String scanValue(CharCursor charCursor) throws ServletException {
        skipWhitespace(charCursor);
        if (charCursor.read() != '=') {
            throw new ServletException("expected '='");
        }
        skipWhitespace(charCursor);
        CharBuffer allocate = CharBuffer.allocate();
        char read = charCursor.read();
        if (read == '\"') {
            while (true) {
                char read2 = charCursor.read();
                if (read2 == 65535 || read2 == '\"') {
                    break;
                }
                allocate.append(read2);
            }
        } else {
            while (read != 65535 && read != ',' && !XmlChar.isWhitespace(read)) {
                allocate.append(read);
                read = charCursor.read();
            }
            charCursor.previous();
        }
        return allocate.close();
    }

    protected void skipWhitespace(CharCursor charCursor) {
        while (XmlChar.isWhitespace(charCursor.current())) {
            charCursor.next();
        }
    }
}
