package io.jenkins.cli.shaded.org.glassfish.tyrus.client.auth;

import gnu.crypto.Registry;
import hudson.model.User;
import io.jenkins.cli.shaded.org.glassfish.tyrus.core.l10n.LocalizationMessages;
import io.jenkins.plugins.junit.checks.JUnitChecksPublisher;
import java.io.IOException;
import java.net.URI;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.commons.jelly.servlet.JellyServlet;
import org.bouncycastle.cms.CMSAttributeTableGenerator;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/cli-2.346-rc32337.f77d6b_40f9c2.jar:io/jenkins/cli/shaded/org/glassfish/tyrus/client/auth/DigestAuthenticator.class */
public final class DigestAuthenticator extends Authenticator {
    private static final Logger logger = Logger.getLogger(DigestAuthenticator.class.getName());
    private static final char[] HEX_ARRAY = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
    private static final Pattern KEY_VALUE_PAIR_PATTERN = Pattern.compile("(\\w+)\\s*=\\s*(\"([^\"]+)\"|(\\w+))\\s*,?\\s*");
    private static final int CLIENT_NONCE_BYTE_COUNT = 4;
    private SecureRandom randomGenerator;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/cli-2.346-rc32337.f77d6b_40f9c2.jar:io/jenkins/cli/shaded/org/glassfish/tyrus/client/auth/DigestAuthenticator$Algorithm.class */
    public enum Algorithm {
        UNSPECIFIED(null),
        MD5(MessageDigestAlgorithms.MD5),
        MD5_SESS("MD5-sess");

        private final String md;

        Algorithm(String str) {
            this.md = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.md;
        }

        public static Algorithm parse(String str) {
            if (str == null || str.isEmpty()) {
                return UNSPECIFIED;
            }
            String trim = str.trim();
            return (trim.contains(MD5_SESS.md) || trim.contains(MD5_SESS.md.toLowerCase())) ? MD5_SESS : MD5;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/cli-2.346-rc32337.f77d6b_40f9c2.jar:io/jenkins/cli/shaded/org/glassfish/tyrus/client/auth/DigestAuthenticator$DigestScheme.class */
    public final class DigestScheme {
        private final String realm;
        private final String nonce;
        private final String opaque;
        private final Algorithm algorithm;
        private final QOP qop;
        private final boolean stale;
        private volatile int nc = 0;

        DigestScheme(String str, String str2, String str3, QOP qop, Algorithm algorithm, boolean z) {
            this.realm = str;
            this.nonce = str2;
            this.opaque = str3;
            this.qop = qop;
            this.algorithm = algorithm;
            this.stale = z;
        }

        public int incrementCounter() {
            int i = this.nc + 1;
            this.nc = i;
            return i;
        }

        public String getNonce() {
            return this.nonce;
        }

        public String getRealm() {
            return this.realm;
        }

        public String getOpaque() {
            return this.opaque;
        }

        public Algorithm getAlgorithm() {
            return this.algorithm;
        }

        public QOP getQop() {
            return this.qop;
        }

        public boolean isStale() {
            return this.stale;
        }

        public int getNc() {
            return this.nc;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/cli-2.346-rc32337.f77d6b_40f9c2.jar:io/jenkins/cli/shaded/org/glassfish/tyrus/client/auth/DigestAuthenticator$QOP.class */
    public enum QOP {
        UNSPECIFIED(null),
        AUTH(Registry.QOP_AUTH);

        private final String qop;

        QOP(String str) {
            this.qop = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.qop;
        }

        public static QOP parse(String str) {
            if (str == null || str.isEmpty()) {
                return UNSPECIFIED;
            }
            if (str.contains(Registry.QOP_AUTH)) {
                return AUTH;
            }
            throw new UnsupportedOperationException(LocalizationMessages.AUTHENTICATION_DIGEST_QOP_UNSUPPORTED(str));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DigestAuthenticator() {
        try {
            this.randomGenerator = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            logger.config(LocalizationMessages.AUTHENTICATION_DIGEST_NO_SUCH_ALG());
        }
    }

    @Override // io.jenkins.cli.shaded.org.glassfish.tyrus.client.auth.Authenticator
    public String generateAuthorizationHeader(URI uri, String str, Credentials credentials) throws AuthenticationException {
        if (credentials == null) {
            throw new AuthenticationException(LocalizationMessages.AUTHENTICATION_CREDENTIALS_MISSING());
        }
        try {
            DigestScheme parseAuthHeaders = parseAuthHeaders(str);
            if (parseAuthHeaders == null) {
                throw new AuthenticationException(LocalizationMessages.AUTHENTICATION_CREATE_AUTH_HEADER_FAILED());
            }
            return createNextAuthToken(parseAuthHeaders, uri.toString(), credentials);
        } catch (IOException e) {
            throw new AuthenticationException(e.getMessage());
        }
    }

    private DigestScheme parseAuthHeaders(String str) throws IOException {
        if (str == null) {
            return null;
        }
        String[] split = str.trim().split("\\s+", 2);
        if (split.length != 2 || !split[0].toLowerCase().equals(CMSAttributeTableGenerator.DIGEST)) {
            return null;
        }
        String str2 = null;
        String str3 = null;
        String str4 = null;
        QOP qop = QOP.UNSPECIFIED;
        Algorithm algorithm = Algorithm.UNSPECIFIED;
        boolean z = false;
        Matcher matcher = KEY_VALUE_PAIR_PATTERN.matcher(split[1]);
        while (matcher.find()) {
            if (matcher.groupCount() == 4) {
                String group = matcher.group(1);
                String group2 = matcher.group(3);
                String group3 = group2 == null ? matcher.group(4) : group2;
                if (group.equals("qop")) {
                    qop = QOP.parse(group3);
                } else if (group.equals(User.CanonicalIdResolver.REALM)) {
                    str2 = group3;
                } else if (group.equals("nonce")) {
                    str3 = group3;
                } else if (group.equals("opaque")) {
                    str4 = group3;
                } else if (group.equals("stale")) {
                    z = Boolean.parseBoolean(group3);
                } else if (group.equals("algorithm")) {
                    algorithm = Algorithm.parse(group3);
                }
            }
        }
        return new DigestScheme(str2, str3, str4, qop, algorithm, z);
    }

    private String createNextAuthToken(DigestScheme digestScheme, String str, Credentials credentials) throws AuthenticationException {
        String md5;
        StringBuilder sb = new StringBuilder(100);
        sb.append("Digest ");
        append(sb, "username", credentials.getUsername());
        append(sb, User.CanonicalIdResolver.REALM, digestScheme.getRealm());
        append(sb, "nonce", digestScheme.getNonce());
        append(sb, "opaque", digestScheme.getOpaque());
        append(sb, "algorithm", digestScheme.getAlgorithm().toString(), false);
        append(sb, "qop", digestScheme.getQop().toString(), false);
        append(sb, "uri", str);
        String md52 = digestScheme.getAlgorithm().equals(Algorithm.MD5_SESS) ? md5(md5(credentials.getUsername(), digestScheme.getRealm(), new String(credentials.getPassword(), AuthConfig.CHARACTER_SET))) : md5(credentials.getUsername(), digestScheme.getRealm(), new String(credentials.getPassword(), AuthConfig.CHARACTER_SET));
        String md53 = md5("GET", str);
        if (digestScheme.getQop().equals(QOP.UNSPECIFIED)) {
            md5 = md5(md52, digestScheme.getNonce(), md53);
        } else {
            String randomBytes = randomBytes(4);
            append(sb, "cnonce", randomBytes);
            String format = String.format("%08x", Integer.valueOf(digestScheme.incrementCounter()));
            append(sb, "nc", format, false);
            md5 = md5(md52, digestScheme.getNonce(), format, randomBytes, digestScheme.getQop().toString(), md53);
        }
        append(sb, JellyServlet.RESPONSE, md5);
        return sb.toString();
    }

    private static void append(StringBuilder sb, String str, String str2, boolean z) {
        if (str2 == null) {
            return;
        }
        if (sb.length() > 0 && sb.charAt(sb.length() - 1) != ' ') {
            sb.append(JUnitChecksPublisher.SEPARATOR);
        }
        sb.append(str);
        sb.append('=');
        if (z) {
            sb.append('\"');
        }
        sb.append(str2);
        if (z) {
            sb.append('\"');
        }
    }

    private static void append(StringBuilder sb, String str, String str2) {
        append(sb, str, str2, true);
    }

    private static String bytesToHex(byte[] bArr) {
        char[] cArr = new char[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & 255;
            cArr[i * 2] = HEX_ARRAY[i2 >>> 4];
            cArr[(i * 2) + 1] = HEX_ARRAY[i2 & 15];
        }
        return new String(cArr);
    }

    private static String md5(String... strArr) throws AuthenticationException {
        StringBuilder sb = new StringBuilder(100);
        for (String str : strArr) {
            if (sb.length() > 0) {
                sb.append(':');
            }
            sb.append(str);
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.MD5);
            messageDigest.update(sb.toString().getBytes(AuthConfig.CHARACTER_SET), 0, sb.length());
            return bytesToHex(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            throw new AuthenticationException(e.getMessage());
        }
    }

    private String randomBytes(int i) {
        byte[] bArr = new byte[i];
        this.randomGenerator.nextBytes(bArr);
        return bytesToHex(bArr);
    }
}
