package org.exist.http.servlets;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.exist.security.MD5;
import org.exist.security.User;
import org.exist.storage.BrokerPool;
import org.exist.xquery.functions.response.ResponseModule;
import org.xmldb.api.base.ErrorCodes;

/* loaded from: input_file:lib/exist-optional.jar:org/exist/http/servlets/DigestAuthenticator.class */
public class DigestAuthenticator implements Authenticator {
    private BrokerPool pool;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/exist-optional.jar:org/exist/http/servlets/DigestAuthenticator$Digest.class */
    public static class Digest {
        String method;
        String username = null;
        String realm = null;
        String nonce = null;
        String uri = null;
        String response = null;

        public Digest(String str) {
            this.method = null;
            this.method = str;
        }

        public boolean check(String str) throws IOException {
            if (str == null) {
                return true;
            }
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("MD5");
                messageDigest.reset();
                messageDigest.update(this.method.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(this.uri.getBytes("ISO-8859-1"));
                byte[] digest = messageDigest.digest();
                messageDigest.update(str.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(this.nonce.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(MD5.byteArrayToHex(digest).getBytes("ISO-8859-1"));
                return MD5.byteArrayToHex(messageDigest.digest()).equalsIgnoreCase(this.response);
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException("Encoding not supported");
            } catch (NoSuchAlgorithmException e2) {
                throw new RuntimeException("MD5 not supported");
            }
        }
    }

    public DigestAuthenticator(BrokerPool brokerPool) {
        this.pool = brokerPool;
    }

    @Override // org.exist.http.servlets.Authenticator
    public User authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            sendChallenge(httpServletRequest, httpServletResponse);
            return null;
        }
        Digest digest = new Digest(httpServletRequest.getMethod());
        parseCredentials(digest, header);
        User user = this.pool.getSecurityManager().getUser(digest.username);
        if (user == null) {
            sendChallenge(httpServletRequest, httpServletResponse);
            return null;
        }
        if (digest.check(user.getDigestPassword())) {
            return user;
        }
        sendChallenge(httpServletRequest, httpServletResponse);
        return null;
    }

    @Override // org.exist.http.servlets.Authenticator
    public void sendChallenge(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("WWW-Authenticate", new StringBuffer().append("Digest realm=\"exist\", nonce=\"").append(createNonce(httpServletRequest)).append("\", ").append("domain=\"").append(httpServletRequest.getContextPath()).append("\", ").append("opaque=\"").append(MD5.md(Integer.toString(hashCode(), 27), false)).append('\"').toString());
        httpServletResponse.setStatus(ErrorCodes.INVALID_DATABASE);
    }

    private String createNonce(HttpServletRequest httpServletRequest) {
        return MD5.md(new StringBuffer().append(httpServletRequest.getRemoteAddr()).append(':').append(Long.toString(System.currentTimeMillis())).append(':').append(Integer.toString(hashCode())).toString(), false);
    }

    private static void parseCredentials(Digest digest, String str) {
        String substring = str.substring("Digest ".length());
        StringBuffer stringBuffer = new StringBuffer();
        String str2 = null;
        boolean z = false;
        for (int i = 0; i < substring.length(); i++) {
            char charAt = substring.charAt(i);
            switch (charAt) {
                case ' ':
                    break;
                case '\"':
                case '\'':
                    if (z) {
                        String stringBuffer2 = stringBuffer.toString();
                        stringBuffer.setLength(0);
                        z = false;
                        if ("username".equalsIgnoreCase(str2)) {
                            digest.username = stringBuffer2;
                            break;
                        } else if ("realm".equalsIgnoreCase(str2)) {
                            digest.realm = stringBuffer2;
                            break;
                        } else if ("nonce".equalsIgnoreCase(str2)) {
                            digest.nonce = stringBuffer2;
                            break;
                        } else if ("uri".equalsIgnoreCase(str2)) {
                            digest.uri = stringBuffer2;
                            break;
                        } else if (ResponseModule.PREFIX.equalsIgnoreCase(str2)) {
                            digest.response = stringBuffer2;
                            break;
                        } else {
                            break;
                        }
                    } else {
                        z = true;
                        break;
                    }
                case ',':
                    str2 = null;
                    break;
                case '=':
                    str2 = stringBuffer.toString();
                    stringBuffer.setLength(0);
                    break;
                default:
                    stringBuffer.append(charAt);
                    break;
            }
        }
    }
}
