package org.apache.catalina.authenticator;

import com.enginframe.server.processor.EFSPCommand;
import io.ktor.http.auth.HttpAuthHeader;
import java.io.IOException;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.HttpRequest;
import org.apache.catalina.HttpResponse;
import org.apache.catalina.Realm;
import org.apache.catalina.connector.Request;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.util.MD5Encoder;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.derby.impl.store.raw.log.LogCounter;
import org.apache.log4j.spi.LocationInfo;
import org.apache.naming.ResourceRef;
import org.apache.tomcat.util.buf.HexUtils;
import org.apache.tomcat.util.http.parser.Authorization;
import org.apache.tomcat.util.security.ConcurrentMessageDigest;

/* JADX WARN: Classes with same name are omitted:
  input_file:kernel/nice_root/tomcat/lib/catalina.jar:org/apache/catalina/authenticator/DigestAuthenticator.class
 */
/* loaded from: input_file:org/apache/catalina/authenticator/DigestAuthenticator.class */
public class DigestAuthenticator extends AuthenticatorBase {
    protected static final int USE_ONCE = 1;
    protected static final int USE_NEVER_EXPIRES = Integer.MAX_VALUE;
    protected static final int TIMEOUT_INFINITE = Integer.MAX_VALUE;
    protected static final MD5Encoder md5Encoder = new MD5Encoder();
    protected static final String info = "org.apache.catalina.authenticator.DigestAuthenticator/1.0";
    protected static MessageDigest md5Helper;
    protected Hashtable nOnceTokens = new Hashtable();
    protected long nOnceTimeout = LogCounter.MAX_LOGFILE_NUMBER;
    protected int nOnceUses = 1;
    protected String key = "Catalina";

    /* renamed from: org.apache.catalina.authenticator.DigestAuthenticator$1, reason: invalid class name */
    /* loaded from: input_file:kernel/nice_root/tomcat/lib/catalina.jar:org/apache/catalina/authenticator/DigestAuthenticator$1.class */
    class AnonymousClass1 extends LinkedHashMap<String, NonceInfo> {
        private static final long serialVersionUID = 1;
        private static final long LOG_SUPPRESS_TIME = 300000;
        private long lastLog = 0;

        AnonymousClass1() {
        }

        @Override // java.util.LinkedHashMap
        protected boolean removeEldestEntry(Map.Entry<String, NonceInfo> entry) {
            long currentTimeMillis = System.currentTimeMillis();
            if (size() <= DigestAuthenticator.this.getNonceCacheSize()) {
                return false;
            }
            if (this.lastLog >= currentTimeMillis || currentTimeMillis - entry.getValue().getTimestamp() >= DigestAuthenticator.this.getNonceValidity()) {
                return true;
            }
            DigestAuthenticator.access$000(DigestAuthenticator.this).warn(AuthenticatorBase.sm.getString("digestAuthenticator.cacheRemove"));
            this.lastLog = currentTimeMillis + LOG_SUPPRESS_TIME;
            return true;
        }
    }

    /* loaded from: input_file:kernel/nice_root/tomcat/lib/catalina.jar:org/apache/catalina/authenticator/DigestAuthenticator$AuthDigest.class */
    public enum AuthDigest {
        MD5("MD5", "MD5"),
        SHA_256("SHA-256", "SHA-256"),
        SHA_512_256(MessageDigestAlgorithms.SHA_512_256, "SHA-512-256");

        private final String javaName;
        private final String rfcName;

        AuthDigest(String str, String str2) {
            this.javaName = str;
            this.rfcName = str2;
        }

        public String getJavaName() {
            return this.javaName;
        }

        public String getRfcName() {
            return this.rfcName;
        }
    }

    /* loaded from: input_file:kernel/nice_root/tomcat/lib/catalina.jar:org/apache/catalina/authenticator/DigestAuthenticator$DigestInfo.class */
    public static class DigestInfo {
        private final String opaque;
        private final long nonceValidity;
        private final String key;
        private final Map<String, NonceInfo> nonces;
        private boolean validateUri;
        private String userName = null;
        private String method = null;
        private String uri = null;
        private String response = null;
        private String nonce = null;
        private String nc = null;
        private String cnonce = null;
        private String realmName = null;
        private String qop = null;
        private String opaqueReceived = null;
        private boolean nonceStale = false;
        private AuthDigest algorithm = null;

        public DigestInfo(String str, long j, String str2, Map<String, NonceInfo> map, boolean z) {
            this.validateUri = true;
            this.opaque = str;
            this.nonceValidity = j;
            this.key = str2;
            this.nonces = map;
            this.validateUri = z;
        }

        public String getUsername() {
            return this.userName;
        }

        public boolean parse(Request request, String str) {
            if (str == null) {
                return false;
            }
            try {
                Map<String, String> parseAuthorizationDigest = Authorization.parseAuthorizationDigest(new StringReader(str));
                if (parseAuthorizationDigest == null) {
                    return false;
                }
                this.method = request.getMethod();
                this.userName = parseAuthorizationDigest.get("username");
                this.realmName = parseAuthorizationDigest.get(HttpAuthHeader.Parameters.Realm);
                this.nonce = parseAuthorizationDigest.get("nonce");
                this.nc = parseAuthorizationDigest.get("nc");
                this.cnonce = parseAuthorizationDigest.get("cnonce");
                this.qop = parseAuthorizationDigest.get("qop");
                this.uri = parseAuthorizationDigest.get("uri");
                this.response = parseAuthorizationDigest.get(EFSPCommand.RESPONSE);
                this.opaqueReceived = parseAuthorizationDigest.get("opaque");
                this.algorithm = (AuthDigest) DigestAuthenticator.access$100().get(parseAuthorizationDigest.get("algorithm"));
                if (this.algorithm != null) {
                    return true;
                }
                this.algorithm = DigestAuthenticator.access$200();
                return true;
            } catch (IOException e) {
                return false;
            }
        }

        @Deprecated
        public boolean validate(Request request) {
            return validate(request, Arrays.asList(DigestAuthenticator.access$200()));
        }

        /* JADX WARN: Type inference failed for: r1v24, types: [byte[], byte[][]] */
        public boolean validate(Request request, List<AuthDigest> list) {
            int indexOf;
            NonceInfo nonceInfo;
            if (this.userName == null || this.realmName == null || this.nonce == null || this.uri == null || this.response == null) {
                return false;
            }
            if (this.validateUri) {
                String queryString = request.getQueryString();
                String requestURI = queryString == null ? request.getRequestURI() : request.getRequestURI() + LocationInfo.NA + queryString;
                if (!this.uri.equals(requestURI)) {
                    String header = request.getHeader("host");
                    String scheme = request.getScheme();
                    if (header == null || requestURI.startsWith(scheme)) {
                        return false;
                    }
                    if (!this.uri.equals(scheme + "://" + header + requestURI)) {
                        return false;
                    }
                }
            }
            if (!AuthenticatorBase.getRealmName(request.getContext()).equals(this.realmName) || !this.opaque.equals(this.opaqueReceived) || (indexOf = this.nonce.indexOf(58)) < 0 || indexOf + 1 == this.nonce.length()) {
                return false;
            }
            try {
                long parseLong = Long.parseLong(this.nonce.substring(0, indexOf));
                String substring = this.nonce.substring(indexOf + 1);
                if (System.currentTimeMillis() - parseLong > this.nonceValidity) {
                    this.nonceStale = true;
                    synchronized (this.nonces) {
                        this.nonces.remove(this.nonce);
                    }
                }
                if (!HexUtils.toHexString(ConcurrentMessageDigest.digest("SHA-256", new byte[]{(request.getRemoteAddr() + ":" + parseLong + ":" + this.key).getBytes(StandardCharsets.ISO_8859_1)})).equals(substring)) {
                    return false;
                }
                if (this.qop != null && !ResourceRef.AUTH.equals(this.qop)) {
                    return false;
                }
                if (this.qop == null) {
                    if (this.cnonce != null || this.nc != null) {
                        return false;
                    }
                } else {
                    if (this.cnonce == null || this.nc == null || this.nc.length() < 6 || this.nc.length() > 8) {
                        return false;
                    }
                    try {
                        long parseLong2 = Long.parseLong(this.nc, 16);
                        synchronized (this.nonces) {
                            nonceInfo = this.nonces.get(this.nonce);
                        }
                        if (nonceInfo == null) {
                            this.nonceStale = true;
                        } else if (!nonceInfo.nonceCountValid(parseLong2)) {
                            return false;
                        }
                    } catch (NumberFormatException e) {
                        return false;
                    }
                }
                return list.contains(this.algorithm);
            } catch (NumberFormatException e2) {
                return false;
            }
        }

        public boolean isNonceStale() {
            return this.nonceStale;
        }

        /* JADX WARN: Type inference failed for: r1v7, types: [byte[], byte[][]] */
        public Principal authenticate(Realm realm) {
            return realm.authenticate(this.userName, this.response, this.nonce, this.nc, this.cnonce, this.qop, this.realmName, HexUtils.toHexString(ConcurrentMessageDigest.digest(this.algorithm.getJavaName(), new byte[]{(this.method + ":" + this.uri).getBytes(StandardCharsets.ISO_8859_1)})), this.algorithm.getJavaName());
        }
    }

    /* loaded from: input_file:kernel/nice_root/tomcat/lib/catalina.jar:org/apache/catalina/authenticator/DigestAuthenticator$NonceInfo.class */
    public static class NonceInfo {
        private final long timestamp;
        private final boolean[] seen;
        private final int offset;
        private int count = 0;

        public NonceInfo(long j, int i) {
            this.timestamp = j;
            this.seen = new boolean[i];
            this.offset = i / 2;
        }

        public synchronized boolean nonceCountValid(long j) {
            if (this.count - this.offset >= j || j > (this.count - this.offset) + this.seen.length) {
                return false;
            }
            int length = (int) ((j + this.offset) % this.seen.length);
            if (this.seen[length]) {
                return false;
            }
            this.seen[length] = true;
            this.seen[this.count % this.seen.length] = false;
            this.count++;
            return true;
        }

        public long getTimestamp() {
            return this.timestamp;
        }
    }

    public DigestAuthenticator() {
        try {
            if (md5Helper == null) {
                md5Helper = MessageDigest.getInstance("MD5");
            }
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            throw new IllegalStateException();
        }
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase, org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve
    public String getInfo() {
        return info;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    public boolean authenticate(HttpRequest httpRequest, HttpResponse httpResponse, LoginConfig loginConfig) throws IOException {
        Principal findPrincipal;
        Principal userPrincipal = ((HttpServletRequest) httpRequest.getRequest()).getUserPrincipal();
        if (userPrincipal != null) {
            if (this.debug >= 1) {
                log(new StringBuffer().append("Already authenticated '").append(userPrincipal.getName()).append("'").toString());
            }
            String str = (String) httpRequest.getNote(Constants.REQ_SSOID_NOTE);
            if (str == null) {
                return true;
            }
            associate(str, getSession(httpRequest, true));
            return true;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) httpRequest.getRequest();
        HttpServletResponse httpServletResponse = (HttpServletResponse) httpResponse.getResponse();
        String authorization = httpRequest.getAuthorization();
        if (authorization != null && (findPrincipal = findPrincipal(httpServletRequest, authorization, this.context.getRealm())) != null) {
            register(httpRequest, httpResponse, findPrincipal, "DIGEST", parseUsername(authorization), null);
            return true;
        }
        setAuthenticateHeader(httpServletRequest, httpServletResponse, loginConfig, generateNOnce(httpServletRequest));
        httpServletResponse.setStatus(401);
        return false;
    }

    protected static Principal findPrincipal(HttpServletRequest httpServletRequest, String str, Realm realm) {
        if (str == null || !str.startsWith("Digest ")) {
            return null;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str.substring(7).trim(), ",");
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String str5 = null;
        String str6 = null;
        String str7 = null;
        String str8 = null;
        String str9 = null;
        String method = httpServletRequest.getMethod();
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            int indexOf = nextToken.indexOf(61);
            if (indexOf < 0) {
                return null;
            }
            String trim = nextToken.substring(0, indexOf).trim();
            String trim2 = nextToken.substring(indexOf + 1).trim();
            if ("username".equals(trim)) {
                str2 = removeQuotes(trim2);
            }
            if (HttpAuthHeader.Parameters.Realm.equals(trim)) {
                str3 = removeQuotes(trim2, true);
            }
            if ("nonce".equals(trim)) {
                str4 = removeQuotes(trim2);
            }
            if ("nc".equals(trim)) {
                str5 = removeQuotes(trim2);
            }
            if ("cnonce".equals(trim)) {
                str6 = removeQuotes(trim2);
            }
            if ("qop".equals(trim)) {
                str7 = removeQuotes(trim2);
            }
            if ("uri".equals(trim)) {
                str8 = removeQuotes(trim2);
            }
            if (EFSPCommand.RESPONSE.equals(trim)) {
                str9 = removeQuotes(trim2);
            }
        }
        if (str2 == null || str3 == null || str4 == null || str8 == null || str9 == null) {
            return null;
        }
        if (str7 != null && (str6 == null || str5 == null)) {
            return null;
        }
        return realm.authenticate(str2, str9, str4, str5, str6, str7, str3, md5Encoder.encode(md5Helper.digest(new StringBuffer().append(method).append(":").append(str8).toString().getBytes())));
    }

    protected String parseUsername(String str) {
        String nextToken;
        int indexOf;
        if (str == null || !str.startsWith("Digest ")) {
            return null;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str.substring(7).trim(), ",");
        while (stringTokenizer.hasMoreTokens() && (indexOf = (nextToken = stringTokenizer.nextToken()).indexOf(61)) >= 0) {
            String trim = nextToken.substring(0, indexOf).trim();
            String trim2 = nextToken.substring(indexOf + 1).trim();
            if ("username".equals(trim)) {
                return removeQuotes(trim2);
            }
        }
        return null;
    }

    protected static String removeQuotes(String str, boolean z) {
        return (str.length() <= 0 || str.charAt(0) == '\"' || z) ? str.length() > 2 ? str.substring(1, str.length() - 1) : new String() : str;
    }

    protected static String removeQuotes(String str) {
        return removeQuotes(str, false);
    }

    protected String generateNOnce(HttpServletRequest httpServletRequest) {
        long currentTimeMillis = System.currentTimeMillis();
        String encode = md5Encoder.encode(md5Helper.digest(new StringBuffer().append(httpServletRequest.getRemoteAddr()).append(":").append(currentTimeMillis).append(":").append(this.key).toString().getBytes()));
        this.nOnceTokens.put(encode, new Long(currentTimeMillis + this.nOnceTimeout));
        return encode;
    }

    protected void setAuthenticateHeader(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, LoginConfig loginConfig, String str) {
        String realmName = loginConfig.getRealmName();
        if (realmName == null) {
            realmName = new StringBuffer().append(httpServletRequest.getServerName()).append(":").append(httpServletRequest.getServerPort()).toString();
        }
        httpServletResponse.setHeader("WWW-Authenticate", new StringBuffer().append("Digest realm=\"").append(realmName).append("\", ").append("qop=\"auth\", nonce=\"").append(str).append("\", ").append("opaque=\"").append(md5Encoder.encode(md5Helper.digest(str.getBytes()))).append("\"").toString());
    }
}
