package org.acegisecurity.ui.digestauth;

import gnu.crypto.Registry;
import java.io.IOException;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.util.JSONUtils;
import org.acegisecurity.AcegiMessageSource;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationServiceException;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.providers.dao.UserCache;
import org.acegisecurity.providers.dao.cache.NullUserCache;
import org.acegisecurity.ui.AuthenticationDetailsSource;
import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.acegisecurity.util.StringSplitUtils;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.jackrabbit.commons.cnd.Lexer;
import org.apache.jackrabbit.commons.webdav.JcrRemotingConstants;
import org.springframework.aop.framework.autoproxy.target.QuickTargetSourceCreator;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/acegi-security-1.0.5.jar:org/acegisecurity/ui/digestauth/DigestProcessingFilter.class */
public class DigestProcessingFilter implements Filter, InitializingBean, MessageSourceAware {
    private static final Log logger;
    private DigestProcessingFilterEntryPoint authenticationEntryPoint;
    private UserDetailsService userDetailsService;
    static Class class$org$acegisecurity$ui$digestauth$DigestProcessingFilter;
    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
    protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
    private UserCache userCache = new NullUserCache();
    private boolean passwordAlreadyEncoded = false;

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.userDetailsService, "A UserDetailsService is required");
        Assert.notNull(this.authenticationEntryPoint, "A DigestProcessingFilterEntryPoint is required");
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            throw new ServletException("Can only process HttpServletRequest");
        }
        if (!(servletResponse instanceof HttpServletResponse)) {
            throw new ServletException("Can only process HttpServletResponse");
        }
        String header = ((HttpServletRequest) servletRequest).getHeader("Authorization");
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("Authorization header received from user agent: ").append(header).toString());
        }
        if (header != null && header.startsWith("Digest ")) {
            String substring = header.substring(7);
            Map splitEachArrayElementAndCreateMap = StringSplitUtils.splitEachArrayElementAndCreateMap(StringSplitUtils.splitIgnoringQuotes(substring, ','), Lexer.QUEROPS_EQUAL, JSONUtils.DOUBLE_QUOTE);
            String str = (String) splitEachArrayElementAndCreateMap.get("username");
            String str2 = (String) splitEachArrayElementAndCreateMap.get("realm");
            String str3 = (String) splitEachArrayElementAndCreateMap.get("nonce");
            String str4 = (String) splitEachArrayElementAndCreateMap.get(JcrRemotingConstants.XML_URI);
            String str5 = (String) splitEachArrayElementAndCreateMap.get("response");
            String str6 = (String) splitEachArrayElementAndCreateMap.get("qop");
            String str7 = (String) splitEachArrayElementAndCreateMap.get("nc");
            String str8 = (String) splitEachArrayElementAndCreateMap.get("cnonce");
            if (str == null || str2 == null || str3 == null || str4 == null || servletResponse == null) {
                if (logger.isDebugEnabled()) {
                    logger.debug(new StringBuffer().append("extracted username: '").append(str).append("'; realm: '").append(str).append("'; nonce: '").append(str).append("'; uri: '").append(str).append("'; response: '").append(str).append(JSONUtils.SINGLE_QUOTE).toString());
                }
                fail(servletRequest, servletResponse, new BadCredentialsException(this.messages.getMessage("DigestProcessingFilter.missingMandatory", new Object[]{substring}, "Missing mandatory digest value; received header {0}")));
                return;
            }
            if (Registry.QOP_AUTH.equals(str6) && (str7 == null || str8 == null)) {
                if (logger.isDebugEnabled()) {
                    logger.debug(new StringBuffer().append("extracted nc: '").append(str7).append("'; cnonce: '").append(str8).append(JSONUtils.SINGLE_QUOTE).toString());
                }
                fail(servletRequest, servletResponse, new BadCredentialsException(this.messages.getMessage("DigestProcessingFilter.missingAuth", new Object[]{substring}, "Missing mandatory digest value; received header {0}")));
                return;
            }
            if (!getAuthenticationEntryPoint().getRealmName().equals(str2)) {
                fail(servletRequest, servletResponse, new BadCredentialsException(this.messages.getMessage("DigestProcessingFilter.incorrectRealm", new Object[]{str2, getAuthenticationEntryPoint().getRealmName()}, "Response realm name '{0}' does not match system realm name of '{1}'")));
                return;
            }
            if (!Base64.isArrayByteBase64(str3.getBytes())) {
                fail(servletRequest, servletResponse, new BadCredentialsException(this.messages.getMessage("DigestProcessingFilter.nonceEncoding", new Object[]{str3}, "Nonce is not encoded in Base64; received nonce {0}")));
                return;
            }
            String str9 = new String(Base64.decodeBase64(str3.getBytes()));
            String[] delimitedListToStringArray = StringUtils.delimitedListToStringArray(str9, QuickTargetSourceCreator.PREFIX_COMMONS_POOL);
            if (delimitedListToStringArray.length != 2) {
                fail(servletRequest, servletResponse, new BadCredentialsException(this.messages.getMessage("DigestProcessingFilter.nonceNotTwoTokens", new Object[]{str9}, "Nonce should have yielded two tokens but was {0}")));
                return;
            }
            try {
                long longValue = new Long(delimitedListToStringArray[0]).longValue();
                if (!DigestUtils.md5Hex(new StringBuffer().append(longValue).append(QuickTargetSourceCreator.PREFIX_COMMONS_POOL).append(getAuthenticationEntryPoint().getKey()).toString()).equals(delimitedListToStringArray[1])) {
                    fail(servletRequest, servletResponse, new BadCredentialsException(this.messages.getMessage("DigestProcessingFilter.nonceCompromised", new Object[]{str9}, "Nonce token compromised {0}")));
                    return;
                }
                boolean z = false;
                UserDetails userFromCache = this.userCache.getUserFromCache(str);
                if (userFromCache == null) {
                    z = true;
                    try {
                        userFromCache = this.userDetailsService.loadUserByUsername(str);
                        if (userFromCache == null) {
                            throw new AuthenticationServiceException("AuthenticationDao returned null, which is an interface contract violation");
                        }
                        this.userCache.putUserInCache(userFromCache);
                    } catch (UsernameNotFoundException e) {
                        fail(servletRequest, servletResponse, new BadCredentialsException(this.messages.getMessage("DigestProcessingFilter.usernameNotFound", new Object[]{str}, "Username {0} not found")));
                        return;
                    }
                }
                String generateDigest = generateDigest(this.passwordAlreadyEncoded, str, str2, userFromCache.getPassword(), ((HttpServletRequest) servletRequest).getMethod(), str4, str6, str3, str7, str8);
                if (!generateDigest.equals(str5) && !z) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Digest comparison failure; trying to refresh user from DAO in case password had changed");
                    }
                    try {
                        userFromCache = this.userDetailsService.loadUserByUsername(str);
                    } catch (UsernameNotFoundException e2) {
                        fail(servletRequest, servletResponse, new BadCredentialsException(this.messages.getMessage("DigestProcessingFilter.usernameNotFound", new Object[]{str}, "Username {0} not found")));
                    }
                    this.userCache.putUserInCache(userFromCache);
                    generateDigest = generateDigest(this.passwordAlreadyEncoded, str, str2, userFromCache.getPassword(), ((HttpServletRequest) servletRequest).getMethod(), str4, str6, str3, str7, str8);
                }
                if (!generateDigest.equals(str5)) {
                    if (logger.isDebugEnabled()) {
                        logger.debug(new StringBuffer().append("Expected response: '").append(generateDigest).append("' but received: '").append(str5).append("'; is AuthenticationDao returning clear text passwords?").toString());
                    }
                    fail(servletRequest, servletResponse, new BadCredentialsException(this.messages.getMessage("DigestProcessingFilter.incorrectResponse", "Incorrect response")));
                    return;
                } else {
                    if (longValue < System.currentTimeMillis()) {
                        fail(servletRequest, servletResponse, new NonceExpiredException(this.messages.getMessage("DigestProcessingFilter.nonceExpired", "Nonce has expired/timed out")));
                        return;
                    }
                    if (logger.isDebugEnabled()) {
                        logger.debug(new StringBuffer().append("Authentication success for user: '").append(str).append("' with response: '").append(str5).append(JSONUtils.SINGLE_QUOTE).toString());
                    }
                    UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userFromCache, userFromCache.getPassword());
                    usernamePasswordAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails((HttpServletRequest) servletRequest));
                    SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
                }
            } catch (NumberFormatException e3) {
                fail(servletRequest, servletResponse, new BadCredentialsException(this.messages.getMessage("DigestProcessingFilter.nonceNotNumeric", new Object[]{str9}, "Nonce token should have yielded a numeric first token, but was {0}")));
                return;
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public static String encodePasswordInA1Format(String str, String str2, String str3) {
        return new String(DigestUtils.md5Hex(new StringBuffer().append(str).append(QuickTargetSourceCreator.PREFIX_COMMONS_POOL).append(str2).append(QuickTargetSourceCreator.PREFIX_COMMONS_POOL).append(str3).toString()));
    }

    private void fail(ServletRequest servletRequest, ServletResponse servletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        SecurityContextHolder.getContext().setAuthentication(null);
        if (logger.isDebugEnabled()) {
            logger.debug(authenticationException);
        }
        this.authenticationEntryPoint.commence(servletRequest, servletResponse, authenticationException);
    }

    public static String generateDigest(boolean z, String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9) throws IllegalArgumentException {
        String stringBuffer;
        String str10 = new String(DigestUtils.md5Hex(new StringBuffer().append(str4).append(QuickTargetSourceCreator.PREFIX_COMMONS_POOL).append(str5).toString()));
        String encodePasswordInA1Format = z ? str3 : encodePasswordInA1Format(str, str2, str3);
        if (str6 == null) {
            stringBuffer = new StringBuffer().append(encodePasswordInA1Format).append(QuickTargetSourceCreator.PREFIX_COMMONS_POOL).append(str7).append(QuickTargetSourceCreator.PREFIX_COMMONS_POOL).append(str10).toString();
        } else {
            if (!Registry.QOP_AUTH.equals(str6)) {
                throw new IllegalArgumentException(new StringBuffer().append("This method does not support a qop: '").append(str6).append(JSONUtils.SINGLE_QUOTE).toString());
            }
            stringBuffer = new StringBuffer().append(encodePasswordInA1Format).append(QuickTargetSourceCreator.PREFIX_COMMONS_POOL).append(str7).append(QuickTargetSourceCreator.PREFIX_COMMONS_POOL).append(str8).append(QuickTargetSourceCreator.PREFIX_COMMONS_POOL).append(str9).append(QuickTargetSourceCreator.PREFIX_COMMONS_POOL).append(str6).append(QuickTargetSourceCreator.PREFIX_COMMONS_POOL).append(str10).toString();
        }
        return new String(DigestUtils.md5Hex(stringBuffer));
    }

    public DigestProcessingFilterEntryPoint getAuthenticationEntryPoint() {
        return this.authenticationEntryPoint;
    }

    public UserCache getUserCache() {
        return this.userCache;
    }

    public UserDetailsService getUserDetailsService() {
        return this.userDetailsService;
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    public void setAuthenticationEntryPoint(DigestProcessingFilterEntryPoint digestProcessingFilterEntryPoint) {
        this.authenticationEntryPoint = digestProcessingFilterEntryPoint;
    }

    @Override // org.springframework.context.MessageSourceAware
    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }

    public void setPasswordAlreadyEncoded(boolean z) {
        this.passwordAlreadyEncoded = z;
    }

    public void setUserCache(UserCache userCache) {
        this.userCache = userCache;
    }

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$acegisecurity$ui$digestauth$DigestProcessingFilter == null) {
            cls = class$("org.acegisecurity.ui.digestauth.DigestProcessingFilter");
            class$org$acegisecurity$ui$digestauth$DigestProcessingFilter = cls;
        } else {
            cls = class$org$acegisecurity$ui$digestauth$DigestProcessingFilter;
        }
        logger = LogFactory.getLog(cls);
    }
}
