package org.eclipse.jetty.security.authentication;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Queue;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.atomic.AtomicInteger;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.axiom.om.util.DigestGenerator;
import org.eclipse.jetty.http.HttpHeaders;
import org.eclipse.jetty.http.security.Credential;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.UserAuthentication;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.B64Code;
import org.eclipse.jetty.util.QuotedStringTokenizer;
import org.eclipse.jetty.util.TypeUtil;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;

/* loaded from: input_file:WEB-INF/lib/jetty-security-7.5.4.v20111024.jar:org/eclipse/jetty/security/authentication/DigestAuthenticator.class */
public class DigestAuthenticator extends LoginAuthenticator {
    private static final Logger LOG = Log.getLogger((Class<?>) DigestAuthenticator.class);
    SecureRandom _random = new SecureRandom();
    private long _maxNonceAgeMs = 60000;
    private ConcurrentMap<String, Nonce> _nonceCount = new ConcurrentHashMap();
    private Queue<Nonce> _nonceQueue = new ConcurrentLinkedQueue();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/jetty-security-7.5.4.v20111024.jar:org/eclipse/jetty/security/authentication/DigestAuthenticator$Digest.class */
    public static class Digest extends Credential {
        private static final long serialVersionUID = -2484639019549527724L;
        final String method;
        String username = "";
        String realm = "";
        String nonce = "";
        String nc = "";
        String cnonce = "";
        String qop = "";
        String uri = "";
        String response = "";

        Digest(String str) {
            this.method = str;
        }

        @Override // org.eclipse.jetty.http.security.Credential
        public boolean check(Object obj) {
            byte[] digest;
            if (obj instanceof char[]) {
                obj = new String((char[]) obj);
            }
            String obj2 = obj instanceof String ? obj : obj.toString();
            try {
                MessageDigest messageDigest = MessageDigest.getInstance(DigestGenerator.md5DigestAlgorithm);
                if (obj instanceof Credential.MD5) {
                    digest = ((Credential.MD5) obj).getDigest();
                } else {
                    messageDigest.update(this.username.getBytes("ISO-8859-1"));
                    messageDigest.update((byte) 58);
                    messageDigest.update(this.realm.getBytes("ISO-8859-1"));
                    messageDigest.update((byte) 58);
                    messageDigest.update(obj2.getBytes("ISO-8859-1"));
                    digest = messageDigest.digest();
                }
                messageDigest.reset();
                messageDigest.update(this.method.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(this.uri.getBytes("ISO-8859-1"));
                byte[] digest2 = messageDigest.digest();
                messageDigest.update(TypeUtil.toString(digest, 16).getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(this.nonce.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(this.nc.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(this.cnonce.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(this.qop.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(TypeUtil.toString(digest2, 16).getBytes("ISO-8859-1"));
                return TypeUtil.toString(messageDigest.digest(), 16).equalsIgnoreCase(this.response);
            } catch (Exception e) {
                DigestAuthenticator.LOG.warn(e);
                return false;
            }
        }

        public String toString() {
            return this.username + StringArrayPropertyEditor.DEFAULT_SEPARATOR + this.response;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/jetty-security-7.5.4.v20111024.jar:org/eclipse/jetty/security/authentication/DigestAuthenticator$Nonce.class */
    public static class Nonce {
        final String _nonce;
        final long _ts;
        AtomicInteger _nc = new AtomicInteger();

        public Nonce(String str, long j) {
            this._nonce = str;
            this._ts = j;
        }
    }

    @Override // org.eclipse.jetty.security.authentication.LoginAuthenticator, org.eclipse.jetty.security.Authenticator
    public void setConfiguration(Authenticator.AuthConfiguration authConfiguration) {
        super.setConfiguration(authConfiguration);
        String initParameter = authConfiguration.getInitParameter("maxNonceAge");
        if (initParameter != null) {
            this._maxNonceAgeMs = Long.valueOf(initParameter).longValue();
        }
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public String getAuthMethod() {
        return "DIGEST";
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public boolean secureResponse(ServletRequest servletRequest, ServletResponse servletResponse, boolean z, Authentication.User user) throws ServerAuthException {
        return true;
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        if (!z) {
            return this._deferred;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = httpServletRequest.getHeader("Authorization");
        boolean z2 = false;
        if (header != null) {
            try {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Credentials: " + header, new Object[0]);
                }
                QuotedStringTokenizer quotedStringTokenizer = new QuotedStringTokenizer(header, "=, ", true, false);
                Digest digest = new Digest(httpServletRequest.getMethod());
                String str = null;
                String str2 = null;
                while (quotedStringTokenizer.hasMoreTokens()) {
                    String nextToken = quotedStringTokenizer.nextToken();
                    switch (nextToken.length() == 1 ? nextToken.charAt(0) : (char) 0) {
                        case ' ':
                            break;
                        case ',':
                            str2 = null;
                            break;
                        case '=':
                            str2 = str;
                            str = nextToken;
                            break;
                        default:
                            str = nextToken;
                            if (str2 != null) {
                                if ("username".equalsIgnoreCase(str2)) {
                                    digest.username = nextToken;
                                } else if ("realm".equalsIgnoreCase(str2)) {
                                    digest.realm = nextToken;
                                } else if ("nonce".equalsIgnoreCase(str2)) {
                                    digest.nonce = nextToken;
                                } else if ("nc".equalsIgnoreCase(str2)) {
                                    digest.nc = nextToken;
                                } else if ("cnonce".equalsIgnoreCase(str2)) {
                                    digest.cnonce = nextToken;
                                } else if ("qop".equalsIgnoreCase(str2)) {
                                    digest.qop = nextToken;
                                } else if ("uri".equalsIgnoreCase(str2)) {
                                    digest.uri = nextToken;
                                } else if ("response".equalsIgnoreCase(str2)) {
                                    digest.response = nextToken;
                                }
                                str2 = null;
                                break;
                            } else {
                                break;
                            }
                    }
                }
                int checkNonce = checkNonce(digest, (Request) httpServletRequest);
                if (checkNonce > 0) {
                    UserIdentity login = this._loginService.login(digest.username, digest);
                    if (login != null) {
                        renewSessionOnAuthentication(httpServletRequest, httpServletResponse);
                        return new UserAuthentication(getAuthMethod(), login);
                    }
                } else if (checkNonce == 0) {
                    z2 = true;
                }
            } catch (IOException e) {
                throw new ServerAuthException(e);
            }
        }
        if (this._deferred.isDeferred(httpServletResponse)) {
            return Authentication.UNAUTHENTICATED;
        }
        String contextPath = httpServletRequest.getContextPath();
        if (contextPath == null) {
            contextPath = "/";
        }
        httpServletResponse.setHeader(HttpHeaders.WWW_AUTHENTICATE, "Digest realm=\"" + this._loginService.getName() + "\", domain=\"" + contextPath + "\", nonce=\"" + newNonce((Request) httpServletRequest) + "\", algorithm=MD5, qop=\"auth\", stale=" + z2);
        httpServletResponse.sendError(401);
        return Authentication.SEND_CONTINUE;
    }

    public String newNonce(Request request) {
        Nonce nonce;
        do {
            byte[] bArr = new byte[24];
            this._random.nextBytes(bArr);
            nonce = new Nonce(new String(B64Code.encode(bArr)), request.getTimeStamp());
        } while (this._nonceCount.putIfAbsent(nonce._nonce, nonce) != null);
        this._nonceQueue.add(nonce);
        return nonce._nonce;
    }

    private int checkNonce(Digest digest, Request request) {
        long timeStamp = request.getTimeStamp() - this._maxNonceAgeMs;
        Nonce peek = this._nonceQueue.peek();
        while (true) {
            Nonce nonce = peek;
            if (nonce == null || nonce._ts >= timeStamp) {
                try {
                    Nonce nonce2 = this._nonceCount.get(digest.nonce);
                    if (nonce2 == null) {
                        return 0;
                    }
                    long parseLong = Long.parseLong(digest.nc, 16);
                    if (parseLong > 2147483647L) {
                        return 0;
                    }
                    int i = nonce2._nc.get();
                    while (!nonce2._nc.compareAndSet(i, (int) parseLong)) {
                        i = nonce2._nc.get();
                    }
                    return parseLong <= ((long) i) ? -1 : 1;
                } catch (Exception e) {
                    LOG.ignore(e);
                    return -1;
                }
            }
            this._nonceQueue.remove();
            this._nonceCount.remove(nonce._nonce);
            peek = this._nonceQueue.peek();
        }
    }
}
