package winstone.auth;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import java.util.Random;
import java.util.Set;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.util.JSONUtils;
import org.apache.commons.httpclient.auth.AuthPolicy;
import org.apache.webdav.lib.Subscriber;
import org.codehaus.plexus.PlexusConstants;
import org.springframework.aop.framework.autoproxy.target.QuickTargetSourceCreator;
import org.w3c.dom.Node;
import winstone.AuthenticationPrincipal;
import winstone.AuthenticationRealm;
import winstone.Logger;
import winstone.WinstoneRequest;
import winstone.WinstoneResourceBundle;

/* loaded from: input_file:winstone.jar:winstone/auth/DigestAuthenticationHandler.class */
public class DigestAuthenticationHandler extends BaseAuthenticationHandler {
    private MessageDigest md5Digester;

    public DigestAuthenticationHandler(Node node, List list, Set set, AuthenticationRealm authenticationRealm) throws NoSuchAlgorithmException {
        super(node, list, set, authenticationRealm);
        this.md5Digester = MessageDigest.getInstance("MD5");
        Logger.log(Logger.DEBUG, AUTH_RESOURCES, "DigestAuthenticationHandler.Initialised", this.realmName);
    }

    @Override // winstone.auth.BaseAuthenticationHandler
    protected void requestAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        String str2 = "WinstoneToken:" + (new Random().nextDouble() * System.currentTimeMillis());
        httpServletResponse.setHeader("WWW-Authenticate", "Digest realm=\"" + this.realmName + "\", qop=\"auth\", nonce=\"" + str2 + "\", opaque=\"" + md5Encode(str2) + JSONUtils.DOUBLE_QUOTE);
        httpServletResponse.sendError(401, AUTH_RESOURCES.getString("DigestAuthenticationHandler.UnauthorizedMessage"));
    }

    @Override // winstone.auth.BaseAuthenticationHandler
    protected boolean validatePossibleAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        AuthenticationPrincipal retrieveUser;
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.startsWith(AuthPolicy.DIGEST)) {
            return true;
        }
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String str5 = null;
        String str6 = null;
        String str7 = null;
        String str8 = null;
        String str9 = null;
        String str10 = null;
        StringTokenizer stringTokenizer = new StringTokenizer(header.substring(6).trim(), ",");
        while (stringTokenizer.hasMoreTokens()) {
            String trim = stringTokenizer.nextToken().trim();
            int indexOf = trim.indexOf(61);
            String substring = trim.substring(0, indexOf);
            if (substring.equals("username")) {
                str2 = WinstoneResourceBundle.globalReplace(trim.substring(indexOf + 1).trim(), JSONUtils.DOUBLE_QUOTE, "");
            } else if (substring.equals(PlexusConstants.REALM_VISIBILITY)) {
                str3 = WinstoneResourceBundle.globalReplace(trim.substring(indexOf + 1).trim(), JSONUtils.DOUBLE_QUOTE, "");
            } else if (substring.equals("qop")) {
                str4 = WinstoneResourceBundle.globalReplace(trim.substring(indexOf + 1).trim(), JSONUtils.DOUBLE_QUOTE, "");
            } else if (substring.equals("algorithm")) {
                str5 = WinstoneResourceBundle.globalReplace(trim.substring(indexOf + 1).trim(), JSONUtils.DOUBLE_QUOTE, "");
            } else if (substring.equals(Subscriber.URI)) {
                str6 = WinstoneResourceBundle.globalReplace(trim.substring(indexOf + 1).trim(), JSONUtils.DOUBLE_QUOTE, "");
            } else if (substring.equals("nonce")) {
                str7 = WinstoneResourceBundle.globalReplace(trim.substring(indexOf + 1).trim(), JSONUtils.DOUBLE_QUOTE, "");
            } else if (substring.equals("nc")) {
                str8 = WinstoneResourceBundle.globalReplace(trim.substring(indexOf + 1).trim(), JSONUtils.DOUBLE_QUOTE, "");
            } else if (substring.equals("cnonce")) {
                str9 = WinstoneResourceBundle.globalReplace(trim.substring(indexOf + 1).trim(), JSONUtils.DOUBLE_QUOTE, "");
            } else if (substring.equals("response")) {
                str10 = WinstoneResourceBundle.globalReplace(trim.substring(indexOf + 1).trim(), JSONUtils.DOUBLE_QUOTE, "");
            }
        }
        if (str2 == null || str3 == null || str4 == null || str6 == null || str7 == null || str8 == null || str9 == null || str10 == null) {
            return true;
        }
        if ((str5 != null && !str5.equals("MD5")) || (retrieveUser = this.realm.retrieveUser(str2)) == null) {
            return true;
        }
        if (!md5Encode(md5Encode(str2 + QuickTargetSourceCreator.PREFIX_COMMONS_POOL + str3 + QuickTargetSourceCreator.PREFIX_COMMONS_POOL + retrieveUser.getPassword()) + QuickTargetSourceCreator.PREFIX_COMMONS_POOL + str7 + QuickTargetSourceCreator.PREFIX_COMMONS_POOL + str8 + QuickTargetSourceCreator.PREFIX_COMMONS_POOL + str9 + QuickTargetSourceCreator.PREFIX_COMMONS_POOL + str4 + QuickTargetSourceCreator.PREFIX_COMMONS_POOL + md5Encode(httpServletRequest.getMethod() + QuickTargetSourceCreator.PREFIX_COMMONS_POOL + str6)).equals(str10)) {
            return true;
        }
        retrieveUser.setAuthType(HttpServletRequest.DIGEST_AUTH);
        if (httpServletRequest instanceof WinstoneRequest) {
            ((WinstoneRequest) httpServletRequest).setRemoteUser(retrieveUser);
            return true;
        }
        if (!(httpServletRequest instanceof HttpServletRequestWrapper)) {
            Logger.log(Logger.WARNING, AUTH_RESOURCES, "DigestAuthenticationHandler.CantSetUser", httpServletRequest.getClass().getName());
            return true;
        }
        HttpServletRequestWrapper httpServletRequestWrapper = (HttpServletRequestWrapper) httpServletRequest;
        if (httpServletRequestWrapper.getRequest() instanceof WinstoneRequest) {
            ((WinstoneRequest) httpServletRequestWrapper.getRequest()).setRemoteUser(retrieveUser);
            return true;
        }
        Logger.log(Logger.WARNING, AUTH_RESOURCES, "DigestAuthenticationHandler.CantSetUser", httpServletRequestWrapper.getRequest().getClass().getName());
        return true;
    }

    public String md5Encode(String str) throws UnsupportedEncodingException {
        int i;
        int i2;
        byte[] digest = this.md5Digester.digest(str.getBytes("8859_1"));
        char[] cArr = new char[32];
        for (int i3 = 0; i3 < digest.length; i3++) {
            int i4 = (digest[i3] & 255) >> 4;
            int i5 = digest[i3] & 15;
            cArr[2 * i3] = i4 > 9 ? (char) (i4 + 87) : (char) (i4 + 48);
            int i6 = (2 * i3) + 1;
            if (i5 > 9) {
                i = i5;
                i2 = 87;
            } else {
                i = i5;
                i2 = 48;
            }
            cArr[i6] = (char) (i + i2);
        }
        return new String(cArr);
    }
}
