package org.mortbay.jetty.security;

import java.security.MessageDigest;
import java.security.Principal;
import org.apache.velocity.tools.generic.LinkTool;
import org.apache.velocity.tools.view.ViewContext;
import org.codehaus.plexus.PlexusConstants;
import org.mortbay.jetty.Request;
import org.mortbay.jetty.Response;
import org.mortbay.jetty.security.Credential;
import org.mortbay.log.Log;
import org.mortbay.util.QuotedStringTokenizer;
import org.mortbay.util.StringUtil;
import org.mortbay.util.TypeUtil;
import org.mortbay.util.URIUtil;

/* loaded from: input_file:org/mortbay/jetty/security/DigestAuthenticator.class */
public class DigestAuthenticator implements Authenticator {
    protected long maxNonceAge = 0;
    protected long nonceSecret = hashCode() ^ System.currentTimeMillis();
    protected boolean useStale = false;

    /* loaded from: input_file:org/mortbay/jetty/security/DigestAuthenticator$Digest.class */
    class Digest extends Credential {
        private String i;
        String a = null;
        String b = null;
        String c = null;
        String d = null;
        String e = null;
        String f = null;
        String g = null;
        String h = null;

        Digest(String str) {
            this.i = null;
            this.i = str;
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v38, types: [boolean] */
        /* JADX WARN: Type inference failed for: r0v4 */
        /* JADX WARN: Type inference failed for: r0v44 */
        /* JADX WARN: Type inference failed for: r0v45 */
        /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Throwable] */
        @Override // org.mortbay.jetty.security.Credential
        public boolean check(Object obj) {
            byte[] digest;
            ?? obj2 = obj instanceof String ? (String) obj : obj.toString();
            String str = obj2;
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("MD5");
                if (obj instanceof Credential.MD5) {
                    digest = ((Credential.MD5) obj).getDigest();
                } else {
                    messageDigest.update(this.a.getBytes(StringUtil.__ISO_8859_1));
                    messageDigest.update((byte) 58);
                    messageDigest.update(this.b.getBytes(StringUtil.__ISO_8859_1));
                    messageDigest.update((byte) 58);
                    messageDigest.update(str.getBytes(StringUtil.__ISO_8859_1));
                    digest = messageDigest.digest();
                }
                messageDigest.reset();
                messageDigest.update(this.i.getBytes(StringUtil.__ISO_8859_1));
                messageDigest.update((byte) 58);
                messageDigest.update(this.g.getBytes(StringUtil.__ISO_8859_1));
                byte[] digest2 = messageDigest.digest();
                messageDigest.update(TypeUtil.toString(digest, 16).getBytes(StringUtil.__ISO_8859_1));
                messageDigest.update((byte) 58);
                messageDigest.update(this.c.getBytes(StringUtil.__ISO_8859_1));
                messageDigest.update((byte) 58);
                messageDigest.update(this.d.getBytes(StringUtil.__ISO_8859_1));
                messageDigest.update((byte) 58);
                messageDigest.update(this.e.getBytes(StringUtil.__ISO_8859_1));
                messageDigest.update((byte) 58);
                messageDigest.update(this.f.getBytes(StringUtil.__ISO_8859_1));
                messageDigest.update((byte) 58);
                messageDigest.update(TypeUtil.toString(digest2, 16).getBytes(StringUtil.__ISO_8859_1));
                obj2 = TypeUtil.toString(messageDigest.digest(), 16).equalsIgnoreCase(this.h);
                return obj2;
            } catch (Exception e) {
                Log.warn((Throwable) obj2);
                return false;
            }
        }

        public String toString() {
            return new StringBuffer().append(this.a).append(",").append(this.h).toString();
        }
    }

    @Override // org.mortbay.jetty.security.Authenticator
    public Principal authenticate(UserRealm userRealm, String str, Request request, Response response) {
        boolean z = false;
        Principal principal = null;
        String header = request.getHeader("Authorization");
        if (header != null) {
            if (Log.isDebugEnabled()) {
                Log.debug(new StringBuffer("Credentials: ").append(header).toString());
            }
            QuotedStringTokenizer quotedStringTokenizer = new QuotedStringTokenizer(header, "=, ", true, false);
            Digest digest = new Digest(request.getMethod());
            String str2 = null;
            String str3 = null;
            while (quotedStringTokenizer.hasMoreTokens()) {
                String nextToken = quotedStringTokenizer.nextToken();
                switch (nextToken.length() == 1 ? nextToken.charAt(0) : (char) 0) {
                    case ' ':
                        break;
                    case ',':
                        str3 = null;
                        break;
                    case '=':
                        str3 = str2;
                        str2 = nextToken;
                        break;
                    default:
                        str2 = nextToken;
                        if (str3 != null) {
                            if ("username".equalsIgnoreCase(str3)) {
                                digest.a = nextToken;
                            } else if (PlexusConstants.REALM_VISIBILITY.equalsIgnoreCase(str3)) {
                                digest.b = nextToken;
                            } else if ("nonce".equalsIgnoreCase(str3)) {
                                digest.c = nextToken;
                            } else if ("nc".equalsIgnoreCase(str3)) {
                                digest.d = nextToken;
                            } else if ("cnonce".equalsIgnoreCase(str3)) {
                                digest.e = nextToken;
                            } else if ("qop".equalsIgnoreCase(str3)) {
                                digest.f = nextToken;
                            } else if (LinkTool.URI_KEY.equalsIgnoreCase(str3)) {
                                digest.g = nextToken;
                            } else if (ViewContext.RESPONSE.equalsIgnoreCase(str3)) {
                                digest.h = nextToken;
                            }
                            str3 = null;
                            break;
                        } else {
                            break;
                        }
                }
            }
            int checkNonce = checkNonce(digest.c, request);
            if (checkNonce > 0) {
                principal = userRealm.authenticate(digest.a, digest, request);
            } else if (checkNonce == 0) {
                z = true;
            }
            if (principal == null) {
                Log.warn(new StringBuffer("AUTH FAILURE: user ").append(StringUtil.printable(digest.a)).toString());
            } else {
                request.setAuthType("DIGEST");
                request.setUserPrincipal(principal);
            }
        }
        if (principal == null && response != null) {
            sendChallenge(userRealm, request, response, z);
        }
        return principal;
    }

    @Override // org.mortbay.jetty.security.Authenticator
    public String getAuthMethod() {
        return "DIGEST";
    }

    public void sendChallenge(UserRealm userRealm, Request request, Response response, boolean z) {
        String contextPath = request.getContextPath();
        String str = contextPath;
        if (contextPath == null) {
            str = URIUtil.SLASH;
        }
        response.setHeader("WWW-Authenticate", new StringBuffer("Digest realm=\"").append(userRealm.getName()).append("\", domain=\"").append(str).append("\", nonce=\"").append(newNonce(request)).append("\", algorithm=MD5, qop=\"auth\"").append(this.useStale ? new StringBuffer(" stale=").append(z).toString() : "").toString());
        response.sendError(401);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v19, types: [byte[]] */
    /* JADX WARN: Type inference failed for: r0v8 */
    /* JADX WARN: Type inference failed for: r0v9, types: [java.lang.Throwable] */
    public String newNonce(Request request) {
        long timeStamp = request.getTimeStamp();
        long j = this.nonceSecret;
        byte[] bArr = new byte[24];
        for (int i = 0; i < 8; i++) {
            bArr[i] = (byte) (timeStamp & 255);
            timeStamp >>= 8;
            bArr[i + 8] = (byte) (j & 255);
            j >>= 8;
        }
        ?? r0 = 0;
        byte[] bArr2 = null;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.reset();
            messageDigest.update(bArr, 0, 16);
            r0 = messageDigest.digest();
            bArr2 = r0;
        } catch (Exception e) {
            Log.warn((Throwable) r0);
        }
        for (int i2 = 0; i2 < bArr2.length; i2++) {
            bArr[i2 + 8] = bArr2[i2];
            if (i2 == 23) {
                break;
            }
        }
        return new String(B64Code.encode(bArr));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v18 */
    /* JADX WARN: Type inference failed for: r0v19, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v30, types: [int] */
    /* JADX WARN: Type inference failed for: r0v40, types: [byte[]] */
    /* JADX WARN: Type inference failed for: r0v50 */
    public int checkNonce(String str, Request request) {
        ?? r0;
        try {
            byte[] decode = B64Code.decode(str.toCharArray());
            if (decode.length != 24) {
                return -1;
            }
            long j = 0;
            long j2 = this.nonceSecret;
            byte[] bArr = new byte[16];
            System.arraycopy(decode, 0, bArr, 0, 8);
            for (int i = 0; i < 8; i++) {
                bArr[i + 8] = (byte) (j2 & 255);
                j2 >>= 8;
                j = (j << 8) + (255 & decode[7 - i]);
            }
            long timeStamp = request.getTimeStamp() - j;
            if (Log.isDebugEnabled()) {
                Log.debug(new StringBuffer("age=").append(timeStamp).toString());
            }
            r0 = 0;
            r0 = 0;
            byte[] bArr2 = null;
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("MD5");
                messageDigest.reset();
                messageDigest.update(bArr, 0, 16);
                r0 = messageDigest.digest();
                bArr2 = r0;
            } catch (Exception e) {
                Log.warn((Throwable) r0);
            }
            for (int i2 = 0; i2 < 16; i2++) {
                if (decode[i2 + 8] != bArr2[i2]) {
                    return -1;
                }
            }
            if (this.maxNonceAge <= 0) {
                return 1;
            }
            if (timeStamp < 0) {
                return 0;
            }
            r0 = (timeStamp > this.maxNonceAge ? 1 : (timeStamp == this.maxNonceAge ? 0 : -1));
            return r0 > 0 ? 0 : 1;
        } catch (Exception e2) {
            Log.ignore(r0);
            return -1;
        }
    }

    public long getMaxNonceAge() {
        return this.maxNonceAge;
    }

    public void setMaxNonceAge(long j) {
        this.maxNonceAge = j;
    }

    public long getNonceSecret() {
        return this.nonceSecret;
    }

    public void setNonceSecret(long j) {
        this.nonceSecret = j;
    }

    public void setUseStale(boolean z) {
        this.useStale = z;
    }

    public boolean getUseStale() {
        return this.useStale;
    }
}
