package net.officefloor.plugin.web.http.security.scheme;

import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.util.Map;
import java.util.Properties;
import java.util.UUID;
import net.officefloor.plugin.socket.server.http.HttpHeader;
import net.officefloor.plugin.socket.server.http.HttpRequest;
import net.officefloor.plugin.socket.server.http.HttpResponse;
import net.officefloor.plugin.socket.server.http.ServerHttpConnection;
import net.officefloor.plugin.socket.server.http.parse.impl.HttpRequestParserImpl;
import net.officefloor.plugin.socket.server.http.protocol.HttpStatus;
import net.officefloor.plugin.web.http.security.HttpSecurity;
import net.officefloor.plugin.web.http.security.HttpSecurityServiceManagedObjectSource;
import net.officefloor.plugin.web.http.security.store.CredentialEntry;
import net.officefloor.plugin.web.http.security.store.CredentialStore;
import net.officefloor.plugin.web.http.security.store.CredentialStoreUtil;
import net.officefloor.plugin.web.http.session.HttpSession;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang.StringUtils;
import org.hsqldb.Trace;

/* loaded from: input_file:WEB-INF/lib/officeplugin_web-2.6.0.jar:net/officefloor/plugin/web/http/security/scheme/DigestHttpSecuritySource.class */
public class DigestHttpSecuritySource implements HttpSecuritySource<Dependencies> {
    public static final String PROPERTY_REALM = "http.security.digest.realm";
    public static final String PROPERTY_PRIVATE_KEY = "http.security.digest.private.key";
    private static final Charset US_ASCII = HttpRequestParserImpl.US_ASCII;
    protected static final String SECURITY_STATE_SESSION_KEY = "#" + DigestHttpSecuritySource.class.getName() + "#";
    protected static final String MOCK_NONCE = "dcd98b7102dd2f0e8b11d0f600bfb0c093";
    protected static final String MOCK_OPAQUE = "5ccc069c403ebaf9f0171e9517f40e41";
    protected static final Object MOCK_SECURITY_STATE = new SecurityState(MOCK_NONCE, MOCK_OPAQUE);
    private String realm;
    private String privateKey;

    /* loaded from: input_file:WEB-INF/lib/officeplugin_web-2.6.0.jar:net/officefloor/plugin/web/http/security/scheme/DigestHttpSecuritySource$Dependencies.class */
    public enum Dependencies {
        CREDENTIAL_STORE
    }

    /* loaded from: input_file:WEB-INF/lib/officeplugin_web-2.6.0.jar:net/officefloor/plugin/web/http/security/scheme/DigestHttpSecuritySource$Digest.class */
    private static class Digest {
        private static final byte[] COLON = ":".getBytes(DigestHttpSecuritySource.US_ASCII);
        private final MessageDigest digest;

        public Digest(String str) throws AuthenticationException {
            this.digest = CredentialStoreUtil.createDigest(str);
        }

        public void appendColon() {
            this.digest.update(COLON);
        }

        public void append(String str) {
            if (str == null) {
                return;
            }
            append(str.getBytes(DigestHttpSecuritySource.US_ASCII));
        }

        public void append(byte[] bArr) {
            this.digest.update(bArr);
        }

        public void append(InputStream inputStream) throws AuthenticationException {
            try {
                int read = inputStream.read();
                while (read != -1) {
                    this.digest.update((byte) read);
                    read = inputStream.read();
                }
            } catch (IOException e) {
                throw new AuthenticationException(e);
            }
        }

        public byte[] getDigest() {
            return new String(Hex.encodeHex(this.digest.digest(), true)).getBytes(DigestHttpSecuritySource.US_ASCII);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/officeplugin_web-2.6.0.jar:net/officefloor/plugin/web/http/security/scheme/DigestHttpSecuritySource$ParameterState.class */
    public enum ParameterState {
        INIT,
        NAME,
        NAME_VALUE_SEPARATION,
        VALUE,
        QUOTED_VALUE
    }

    /* loaded from: input_file:WEB-INF/lib/officeplugin_web-2.6.0.jar:net/officefloor/plugin/web/http/security/scheme/DigestHttpSecuritySource$SecurityState.class */
    private static class SecurityState implements Serializable {
        public final String nonce;
        public final String opaque;
        public int nonceCount;

        private SecurityState(String str, String str2) {
            this.nonceCount = 1;
            this.nonce = str;
            this.opaque = str2;
        }
    }

    private Properties parseParameters(String str) throws AuthenticationException {
        ParameterState parameterState = ParameterState.INIT;
        int i = -1;
        String str2 = null;
        Properties properties = new Properties();
        for (int i2 = 0; i2 < str.length(); i2++) {
            switch (str.charAt(i2)) {
                case ' ':
                    switch (parameterState) {
                    }
                case Trace.INPUTSTREAM_ERROR /* 34 */:
                    switch (parameterState) {
                        case NAME_VALUE_SEPARATION:
                            i = i2 + 1;
                            parameterState = ParameterState.QUOTED_VALUE;
                            break;
                        case QUOTED_VALUE:
                            properties.setProperty(str2.toLowerCase(), str.substring(i, i2));
                            parameterState = ParameterState.INIT;
                            break;
                    }
                case Trace.SAVEPOINT_NOT_FOUND /* 44 */:
                    switch (parameterState) {
                        case VALUE:
                            properties.setProperty(str2.toLowerCase(), str.substring(i, i2).trim());
                            parameterState = ParameterState.INIT;
                            break;
                    }
                case Trace.CONSTRAINT_NOT_FOUND /* 61 */:
                    switch (parameterState) {
                        case NAME:
                            str2 = str.substring(i, i2).trim();
                            parameterState = ParameterState.NAME_VALUE_SEPARATION;
                            break;
                    }
                default:
                    switch (parameterState) {
                        case NAME_VALUE_SEPARATION:
                            i = i2;
                            parameterState = ParameterState.VALUE;
                            break;
                        case INIT:
                            i = i2;
                            parameterState = ParameterState.NAME;
                            break;
                    }
            }
        }
        switch (parameterState) {
            case VALUE:
                properties.setProperty(str2.toLowerCase(), str.substring(i).trim());
                break;
        }
        return properties;
    }

    protected String getTimestamp() {
        return String.valueOf(System.currentTimeMillis());
    }

    protected String getOpaqueSeed() {
        return UUID.randomUUID().toString();
    }

    @Override // net.officefloor.plugin.web.http.security.scheme.HttpSecuritySource
    public void init(HttpSecuritySourceContext<Dependencies> httpSecuritySourceContext) throws Exception {
        this.realm = httpSecuritySourceContext.getProperty(PROPERTY_REALM);
        this.privateKey = httpSecuritySourceContext.getProperty(PROPERTY_PRIVATE_KEY);
        httpSecuritySourceContext.requireDependency(Dependencies.CREDENTIAL_STORE, CredentialStore.class);
    }

    @Override // net.officefloor.plugin.web.http.security.scheme.HttpSecuritySource
    public String getAuthenticationScheme() {
        return HttpSecurityServiceManagedObjectSource.DIGEST_AUTHENTICATION_SCHEME;
    }

    @Override // net.officefloor.plugin.web.http.security.scheme.HttpSecuritySource
    public HttpSecurity authenticate(String str, ServerHttpConnection serverHttpConnection, HttpSession httpSession, Map<Dependencies, Object> map) throws IOException, AuthenticationException {
        SecurityState securityState = (SecurityState) httpSession.getAttribute(SECURITY_STATE_SESSION_KEY);
        if (securityState == null) {
            return null;
        }
        String str2 = securityState.nonce;
        Properties parseParameters = parseParameters(str);
        String property = parseParameters.getProperty("username");
        String property2 = parseParameters.getProperty("realm");
        String property3 = parseParameters.getProperty("response");
        String property4 = parseParameters.getProperty("opaque");
        String property5 = parseParameters.getProperty("uri");
        String property6 = parseParameters.getProperty("qop");
        String property7 = parseParameters.getProperty("cnonce");
        String property8 = parseParameters.getProperty("nc");
        if (!securityState.opaque.equals(property4)) {
            return null;
        }
        if (property8 != null) {
            try {
                long j = 0;
                for (int i = 0; i < Hex.decodeHex(property8.toCharArray()).length; i++) {
                    j = (j << 8) + r0[i];
                }
                if (securityState.nonceCount != j) {
                    return null;
                }
                securityState.nonceCount++;
            } catch (Exception e) {
                throw new AuthenticationException(e);
            }
        }
        CredentialStore credentialStore = (CredentialStore) map.get(Dependencies.CREDENTIAL_STORE);
        CredentialEntry retrieveCredentialEntry = credentialStore.retrieveCredentialEntry(property, property2);
        if (retrieveCredentialEntry == null) {
            return null;
        }
        byte[] retrieveCredentials = retrieveCredentialEntry.retrieveCredentials();
        String algorithm = credentialStore.getAlgorithm();
        String str3 = StringUtils.EMPTY;
        int indexOf = algorithm.indexOf(58);
        if (indexOf > 0) {
            str3 = algorithm.substring(indexOf);
            algorithm = algorithm.substring(0, indexOf);
        }
        byte[] bArr = retrieveCredentials;
        if (str3.equalsIgnoreCase("sess")) {
            Digest digest = new Digest(algorithm);
            digest.append(bArr);
            digest.appendColon();
            digest.append(str2);
            digest.appendColon();
            digest.append(property7);
            bArr = digest.getDigest();
        }
        HttpRequest httpRequest = serverHttpConnection.getHttpRequest();
        String method = httpRequest.getMethod();
        Digest digest2 = new Digest(algorithm);
        digest2.append(method);
        digest2.appendColon();
        digest2.append(property5);
        if ("auth-int".equalsIgnoreCase(property6)) {
            Digest digest3 = new Digest(algorithm);
            digest3.append(httpRequest.getEntity().createBrowseInputStream());
            digest2.appendColon();
            digest2.append(digest3.getDigest());
        }
        byte[] digest4 = digest2.getDigest();
        Digest digest5 = new Digest(algorithm);
        digest5.append(bArr);
        digest5.appendColon();
        digest5.append(str2);
        if ("auth".equalsIgnoreCase(property6) || "auth-int".equalsIgnoreCase(property6)) {
            digest5.appendColon();
            digest5.append(property8);
            digest5.appendColon();
            digest5.append(property7);
            digest5.appendColon();
            digest5.append(property6);
        }
        digest5.appendColon();
        digest5.append(digest4);
        if (!new String(digest5.getDigest(), US_ASCII).equals(property3)) {
            return null;
        }
        return new HttpSecurityImpl(getAuthenticationScheme(), property, retrieveCredentialEntry.retrieveRoles());
    }

    @Override // net.officefloor.plugin.web.http.security.scheme.HttpSecuritySource
    public void loadUnauthorised(ServerHttpConnection serverHttpConnection, HttpSession httpSession, Map<Dependencies, Object> map) throws AuthenticationException {
        String algorithm = ((CredentialStore) map.get(Dependencies.CREDENTIAL_STORE)).getAlgorithm();
        HttpRequest httpRequest = serverHttpConnection.getHttpRequest();
        String str = StringUtils.EMPTY;
        for (HttpHeader httpHeader : httpRequest.getHeaders()) {
            if ("ETag".equalsIgnoreCase(httpHeader.getName())) {
                str = httpHeader.getValue();
            }
        }
        String timestamp = getTimestamp();
        Digest digest = new Digest(algorithm);
        digest.append(timestamp);
        digest.appendColon();
        digest.append(str);
        digest.appendColon();
        digest.append(this.privateKey);
        String str2 = new String(digest.getDigest(), US_ASCII);
        Digest digest2 = new Digest(algorithm);
        digest2.append(getOpaqueSeed());
        String str3 = new String(digest2.getDigest(), US_ASCII);
        String str4 = getAuthenticationScheme() + " realm=\"" + this.realm + "\", qop=\"auth,auth-int\", nonce=\"" + str2 + "\", opaque=\"" + str3 + "\", algorithm=\"" + algorithm + "\"";
        HttpResponse httpResponse = serverHttpConnection.getHttpResponse();
        httpResponse.setStatus(HttpStatus.SC_UNAUTHORIZED);
        httpResponse.addHeader("WWW-Authenticate", str4);
        httpSession.setAttribute(SECURITY_STATE_SESSION_KEY, new SecurityState(str2, str3));
    }
}
