package electric.servlet.authenticators;

import electric.security.DigestCredentials;
import electric.security.IRealm;
import electric.servlet.InboundHTTPRequest;
import electric.servlet.OutboundHTTPResponse;
import electric.util.ArrayUtil;
import electric.util.Base64;
import electric.util.Strings;
import electric.util.http.AuthHeaderData;
import electric.util.http.DigestUtil;
import electric.util.http.IHTTPConstants;
import electric.util.io.Streams;
import electric.util.log.Log;
import java.io.IOException;
import java.io.InputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.StringTokenizer;

/* loaded from: input_file:electric/servlet/authenticators/DigestAuthenticator.class */
public class DigestAuthenticator implements IHTTPAuthenticator, IHTTPConstants {
    private static final long SECURITY_EVENT = Log.getCode("SECURITY");
    private static final long EXCEPTION_EVENT = Log.getCode("EXCEPTION");
    private String digestPrivateKey = "ELECTRIC";

    @Override // electric.servlet.authenticators.IHTTPAuthenticator
    public String getAuthMethod() {
        return "DIGEST";
    }

    static void parseAuthHeader(String str, AuthHeaderData authHeaderData) {
        StringTokenizer stringTokenizer = new StringTokenizer(str.substring(str.indexOf(" ")), ",");
        while (stringTokenizer.hasMoreElements()) {
            String nextToken = stringTokenizer.nextToken();
            int indexOf = nextToken.indexOf("=");
            String trim = nextToken.substring(0, indexOf).trim();
            String stripQuotes = Strings.stripQuotes(nextToken.substring(indexOf + 1));
            if ("qop".equals(trim)) {
                authHeaderData.qop = stripQuotes;
            } else if ("realm".equals(trim)) {
                authHeaderData.realmName = stripQuotes;
            } else if ("nonce".equals(trim)) {
                authHeaderData.nonce = stripQuotes;
            } else if ("opaque".equals(trim)) {
                authHeaderData.opaque = stripQuotes;
            } else if ("username".equals(trim)) {
                authHeaderData.userName = stripQuotes;
            } else if ("uri".equals(trim)) {
                authHeaderData.uri = stripQuotes;
            } else if ("response".equals(trim)) {
                authHeaderData.response = stripQuotes;
            } else if ("cnonce".equals(trim)) {
                authHeaderData.cnonce = stripQuotes;
            } else if ("nc".equals(trim)) {
                authHeaderData.nc = stripQuotes;
            }
        }
    }

    @Override // electric.servlet.authenticators.IHTTPAuthenticator
    public String[] getAuthorizedUsers(InboundHTTPRequest inboundHTTPRequest, IRealm iRealm, String str) {
        String[] strArr = new String[0];
        AuthHeaderData authHeaderData = new AuthHeaderData();
        parseAuthHeader(str, authHeaderData);
        try {
            if (!confirmNonce(authHeaderData.nonce)) {
                if (Log.isLogging(SECURITY_EVENT)) {
                    Log.log(SECURITY_EVENT, "confirmNonce failed");
                }
                return strArr;
            }
            authHeaderData.httpMethod = inboundHTTPRequest.getMethod();
            if (iRealm.authenticate(new DigestCredentials(authHeaderData))) {
                inboundHTTPRequest.setRemoteUser(authHeaderData.userName);
                strArr = (String[]) ArrayUtil.addElement(strArr, authHeaderData.userName);
            }
            return strArr;
        } catch (NoSuchAlgorithmException e) {
            if (Log.isLogging(EXCEPTION_EVENT)) {
                Log.log(EXCEPTION_EVENT, "getAuthUsersDigest:", (Throwable) e);
            }
            return strArr;
        }
    }

    private String generateNonce() throws NoSuchAlgorithmException {
        String l = Long.toString(System.currentTimeMillis());
        return Base64.toBase64(new StringBuffer().append(l).append(":").append(DigestUtil.digestHexFormat(MessageDigest.getInstance("MD5").digest(new StringBuffer().append(l).append(":").append(getDigestPrivateKey()).toString().getBytes()))).toString().getBytes());
    }

    private boolean confirmNonce(String str) throws NoSuchAlgorithmException {
        String str2 = new String(Base64.fromBase64(str));
        int indexOf = str2.indexOf(":");
        if (indexOf != -1) {
            String substring = str2.substring(0, indexOf);
            return DigestUtil.digestHexFormat(MessageDigest.getInstance("MD5").digest(new StringBuffer().append(substring).append(":").append(getDigestPrivateKey()).toString().getBytes())).equals(str2.substring(indexOf + 1));
        }
        if (!Log.isLogging(SECURITY_EVENT)) {
            return false;
        }
        Log.log(SECURITY_EVENT, "confirmNonce failed, bad digest");
        return false;
    }

    public String getDigestPrivateKey() {
        return this.digestPrivateKey;
    }

    @Override // electric.servlet.authenticators.IHTTPAuthenticator
    public boolean requestAuthentication(InboundHTTPRequest inboundHTTPRequest, OutboundHTTPResponse outboundHTTPResponse, IRealm iRealm) throws IOException {
        if (inboundHTTPRequest.getContentLength() != -1) {
            Streams.readFully((InputStream) inboundHTTPRequest.getInputStream(), inboundHTTPRequest.getContentLength());
        }
        outboundHTTPResponse.setStatus(401);
        String name = iRealm == null ? "null" : iRealm.getName();
        try {
            generateNonce();
            outboundHTTPResponse.addHeader(IHTTPConstants.WWW_AUTHENTICATE, new StringBuffer().append(new StringBuffer().append(new StringBuffer().append(new StringBuffer().append(new StringBuffer().append("Digest ").append("realm=\"").append(name).append("\"").toString()).append(", ").toString()).append("qop=\"auth\"").toString()).append(", ").toString()).append("nonce=\"").append(generateNonce()).append("\"").toString());
            outboundHTTPResponse.setContentLength(0);
            return false;
        } catch (NoSuchAlgorithmException e) {
            if (!Log.isLogging(SECURITY_EVENT)) {
                return false;
            }
            Log.log(SECURITY_EVENT, new StringBuffer().append("requestAuthenticationDigest got exception:").append(e).toString());
            return false;
        }
    }
}
