package org.javabeanstack.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.time.DateUtils;
import org.javabeanstack.crypto.DigestUtil;
import org.javabeanstack.security.exceptions.TypeAuthInvalid;
import org.javabeanstack.security.model.ClientAuth;
import org.javabeanstack.security.model.ServerAuth;
import org.javabeanstack.util.Dates;
import org.javabeanstack.util.Fn;
import org.javabeanstack.util.Strings;

/* loaded from: input_file:org/javabeanstack/security/DigestAuth.class */
public class DigestAuth {
    private final Map<String, ServerAuth> serverAuthMap;
    public static final String BASIC = "Basic";
    public static final String DIGEST = "Digest";
    private String type;
    private String realm;
    private String qop;
    private int numberCanFail;
    private int secondsIdle;
    private List<String> typeAuthValids;
    private List<String> algorithmValids;
    private List<String> qopValids;

    public DigestAuth() {
        this.serverAuthMap = new HashMap();
        this.type = BASIC;
        this.realm = "";
        this.qop = "";
        this.numberCanFail = 10;
        this.secondsIdle = 60;
        this.typeAuthValids = new ArrayList();
        this.algorithmValids = new ArrayList();
        this.qopValids = new ArrayList();
        defaultAttributes();
    }

    public DigestAuth(String str, String str2, String str3) throws TypeAuthInvalid {
        this.serverAuthMap = new HashMap();
        this.type = BASIC;
        this.realm = "";
        this.qop = "";
        this.numberCanFail = 10;
        this.secondsIdle = 60;
        this.typeAuthValids = new ArrayList();
        this.algorithmValids = new ArrayList();
        this.qopValids = new ArrayList();
        defaultAttributes();
        if (!isValidTypeAuth(str)) {
            throw new TypeAuthInvalid(str + " no es válido");
        }
        this.type = str;
        this.realm = str2;
        this.qop = (String) Fn.nvl(str3, "");
        if (this.qop.isEmpty()) {
            return;
        }
        String[] split = this.qop.split(",");
        for (int i = 0; i < split.length; i++) {
            split[i] = split[i].trim();
        }
        this.qopValids = Arrays.asList(split);
    }

    private void defaultAttributes() {
        this.typeAuthValids.add(BASIC);
        this.typeAuthValids.add(DIGEST);
        this.algorithmValids.add("MD5");
        this.algorithmValids.add("MD5-sess");
        this.qopValids.add("");
        this.qopValids.add("auth");
        this.qopValids.add("auth-int");
    }

    protected final boolean isValidTypeAuth(String str) {
        return this.typeAuthValids.contains(str);
    }

    protected final boolean isValidAlgoritm(String str) {
        return this.algorithmValids.contains(str);
    }

    protected final boolean isValidQop(String str) {
        return this.qopValids.contains(str);
    }

    public String getResponseHeader(ServerAuth serverAuth) {
        String str = this.type;
        if (this.type.equalsIgnoreCase(BASIC)) {
            return str + " realm=\"Restricted\"";
        }
        String opaque = serverAuth.getOpaque();
        return str + " realm=\"" + this.realm + "\" qop=\"" + this.qop + "\" nonce=\"" + serverAuth.getNonce() + "\" opaque=\"" + opaque + "\" nc=" + Strings.leftPad(Integer.valueOf(serverAuth.getNonceCount()).toString(), 8, "0");
    }

    public ServerAuth createResponseAuth() throws TypeAuthInvalid {
        return createResponseAuth(this.type, null, this.realm);
    }

    public ServerAuth createResponseAuth(String str, String str2, String str3) throws TypeAuthInvalid {
        ServerAuth serverAuth = new ServerAuth();
        if (str == null) {
            str = getType();
        }
        if (!isValidTypeAuth(str)) {
            throw new TypeAuthInvalid(str + " no esta permitido");
        }
        if (str3 == null) {
            str = getRealm();
        }
        serverAuth.setType(str);
        serverAuth.setRealm((String) Fn.nvl(str3, ""));
        if (str2 == null) {
            String str4 = str + ":" + Dates.now().toString() + ":" + ((String) Fn.nvl(str3, ""));
            String date = Dates.now().toString();
            str2 = DigestUtil.md5(str4);
            serverAuth.setOpaque(DigestUtil.md5(date));
        }
        serverAuth.setNonce(str2);
        this.serverAuthMap.put(str2, serverAuth);
        if (this.serverAuthMap.size() > 500) {
            purgeResponseAuth();
        }
        return serverAuth;
    }

    public void purgeResponseAuth() {
        Date addSeconds = DateUtils.addSeconds(Dates.now(), this.secondsIdle * (-1));
        Iterator<Map.Entry<String, ServerAuth>> it = this.serverAuthMap.entrySet().iterator();
        while (it.hasNext()) {
            if (it.next().getValue().getLastReference().before(addSeconds)) {
                it.remove();
            }
        }
    }

    public ServerAuth getResponseAuth(String str) {
        ServerAuth serverAuth = this.serverAuthMap.get(str);
        if (serverAuth != null) {
            serverAuth.setLastReference(new Date());
        }
        return serverAuth;
    }

    public boolean isNonceExist(String str) {
        ServerAuth serverAuth = this.serverAuthMap.get(str);
        if (serverAuth == null) {
            return false;
        }
        serverAuth.setLastReference(new Date());
        return true;
    }

    public String getOpaque(String str) {
        ServerAuth serverAuth = this.serverAuthMap.get(str);
        if (serverAuth != null) {
            return serverAuth.getOpaque();
        }
        return null;
    }

    protected boolean checkNonce(ClientAuth clientAuth) {
        if (isNonceExist(clientAuth.getNonce())) {
            return Strings.isNullorEmpty(clientAuth.getQop()).booleanValue() || getOpaque(clientAuth.getNonce()) != null;
        }
        return false;
    }

    public boolean check(ClientAuth clientAuth) {
        if (clientAuth.getType().equals(BASIC) && isValidTypeAuth(BASIC)) {
            return checkBasic(clientAuth);
        }
        if (!clientAuth.getType().equals(DIGEST) || !isValidTypeAuth(DIGEST)) {
            return false;
        }
        if (checkMD5(clientAuth)) {
            this.serverAuthMap.remove(clientAuth.getNonce());
            return true;
        }
        if (checkMD5_Sess(clientAuth)) {
            this.serverAuthMap.remove(clientAuth.getNonce());
            return true;
        }
        ServerAuth serverAuth = this.serverAuthMap.get(clientAuth.getNonce());
        if (serverAuth == null) {
            return false;
        }
        serverAuth.increment();
        if (serverAuth.getNonceCount() <= getNumberCanFail()) {
            return false;
        }
        this.serverAuthMap.remove(clientAuth.getNonce());
        return false;
    }

    public boolean checkBasic(ClientAuth clientAuth) {
        ServerAuth responseAuth;
        if (!isValidTypeAuth(BASIC) || (responseAuth = getResponseAuth(clientAuth.getUsername())) == null) {
            return false;
        }
        if (responseAuth.getNonceCount() >= this.numberCanFail) {
            this.serverAuthMap.remove(clientAuth.getUsername());
            return false;
        }
        if (clientAuth.getPassword().equals(responseAuth.getPassword())) {
            this.serverAuthMap.remove(clientAuth.getUsername());
            return true;
        }
        responseAuth.increment();
        return false;
    }

    public boolean checkMD5(ClientAuth clientAuth) {
        if (!isValidTypeAuth(DIGEST) || !isValidAlgoritm("MD5")) {
            return false;
        }
        ServerAuth responseAuth = getResponseAuth(clientAuth.getNonce());
        if (!compareServerAndClientAuth(clientAuth, responseAuth)) {
            return false;
        }
        String str = "";
        String md5 = DigestUtil.md5(clientAuth.getUsername() + ":" + clientAuth.getRealm() + ":" + responseAuth.getPassword());
        String md52 = DigestUtil.md5(clientAuth.getMethod() + ":" + clientAuth.getUri());
        String qop = clientAuth.getQop();
        if (clientAuth.getQop().equals("auth-int") && Strings.isNullorEmpty(clientAuth.getEntityBody()).booleanValue()) {
            qop = "auth";
        }
        if (qop.isEmpty()) {
            str = DigestUtil.md5(md5 + ":" + clientAuth.getNonce() + ":" + md52);
        } else if (qop.equals("auth")) {
            str = DigestUtil.md5(md5 + ":" + clientAuth.getNonce() + ":" + clientAuth.getNonceCount() + ":" + clientAuth.getCnonce() + ":" + clientAuth.getQop() + ":" + md52);
        } else if (qop.equals("auth-int")) {
            str = DigestUtil.md5(md5 + ":" + clientAuth.getNonce() + ":" + clientAuth.getNonceCount() + ":" + clientAuth.getCnonce() + ":" + clientAuth.getQop() + ":" + DigestUtil.md5(clientAuth.getMethod() + ":" + clientAuth.getUri() + ":" + DigestUtil.md5(clientAuth.getEntityBody())));
        }
        return clientAuth.getResponse().equals(str);
    }

    public boolean checkMD5_Sess(ClientAuth clientAuth) {
        String md5;
        if (!isValidTypeAuth(DIGEST) || !isValidAlgoritm("MD5-sess")) {
            return false;
        }
        ServerAuth responseAuth = getResponseAuth(clientAuth.getNonce());
        if (!compareServerAndClientAuth(clientAuth, responseAuth)) {
            return false;
        }
        String md52 = DigestUtil.md5(DigestUtil.md5(clientAuth.getUsername() + ":" + clientAuth.getRealm() + ":" + responseAuth.getPassword()) + ":" + clientAuth.getNonce() + ":" + clientAuth.getCnonce());
        String md53 = DigestUtil.md5(clientAuth.getMethod() + ":" + clientAuth.getUri());
        String qop = clientAuth.getQop();
        if (clientAuth.getQop().equals("auth-int") && Strings.isNullorEmpty(clientAuth.getEntityBody()).booleanValue()) {
            qop = "auth";
        }
        if (clientAuth.getQop().isEmpty()) {
            md5 = DigestUtil.md5(md52 + ":" + clientAuth.getNonce() + ":" + md53);
        } else {
            if (qop.equals("auth-int")) {
                md53 = DigestUtil.md5(clientAuth.getMethod() + ":" + clientAuth.getUri() + ":" + DigestUtil.md5(clientAuth.getEntityBody()));
            }
            md5 = DigestUtil.md5(md52 + ":" + clientAuth.getNonce() + ":" + clientAuth.getNonceCount() + ":" + clientAuth.getCnonce() + ":" + clientAuth.getQop() + ":" + md53);
        }
        return md5.equals(clientAuth.getResponse());
    }

    public boolean compareServerAndClientAuth(ClientAuth clientAuth, ServerAuth serverAuth) {
        if (serverAuth == null || !isValidQop(clientAuth.getQop()) || !serverAuth.getType().equals(clientAuth.getType()) || !serverAuth.getRealm().equals(clientAuth.getRealm())) {
            return false;
        }
        if ((serverAuth.getNonceCount() == 0 && Strings.isNullorEmpty(clientAuth.getNonceCount()).booleanValue()) || clientAuth.getQop().isEmpty() || serverAuth.getNonceCount() == Integer.parseInt(clientAuth.getNonceCount())) {
            return serverAuth.getNonce().equals(clientAuth.getNonce());
        }
        return false;
    }

    public String getType() {
        return this.type;
    }

    public void setType(String str) throws TypeAuthInvalid {
        this.type = str;
        if (!isValidTypeAuth(str)) {
            throw new TypeAuthInvalid();
        }
    }

    public String getRealm() {
        return this.realm;
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    public String getQop() {
        return this.qop;
    }

    public void setQop(String str) {
        this.qop = str;
    }

    public int getNumberCanFail() {
        return this.numberCanFail;
    }

    public void setNumberCanFail(int i) {
        this.numberCanFail = i;
    }

    public int getSecondsIdle() {
        return this.secondsIdle;
    }

    public void setSecondsIdle(int i) {
        this.secondsIdle = i;
    }

    public List<String> getTypeAuthValids() {
        return this.typeAuthValids;
    }

    public void setTypeAuthValids(List<String> list) {
        this.typeAuthValids = list;
    }

    public List<String> getAlgorithmValids() {
        return this.algorithmValids;
    }

    public void setAlgorithmValids(List<String> list) {
        this.algorithmValids = list;
    }

    public List<String> getQopValids() {
        return this.qopValids;
    }

    public void setQopValids(List<String> list) {
        this.qopValids = list;
    }
}
