package com.inet.authentication.digest;

import com.inet.annotations.InternalApi;
import com.inet.authentication.AuthenticationDescription;
import com.inet.authentication.RemoteLoginProcessor;
import com.inet.permissions.url.legacy.OldPermissionXMLUtils;
import com.inet.plugin.ApplicationDescription;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.UUID;
import javax.annotation.SuppressFBWarnings;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InternalApi
/* loaded from: input_file:com/inet/authentication/digest/DigestAccessAuthWUI.class */
public abstract class DigestAccessAuthWUI extends RemoteLoginProcessor {
    private static String a;
    private String b;
    private String c;
    private boolean d;
    private String e;

    protected DigestAccessAuthWUI(AuthenticationDescription authenticationDescription) {
        super(authenticationDescription);
        this.d = true;
    }

    @Override // com.inet.authentication.LoginProcessor
    public String getLoginID() {
        return this.b;
    }

    @Override // com.inet.authentication.RemoteLoginProcessor
    public boolean isMasterPassword() {
        return false;
    }

    @Override // com.inet.authentication.RemoteLoginProcessor
    public void requestLoginData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (a == null) {
            a = ApplicationDescription.get().getApplicationName();
        }
        this.b = null;
        this.d = true;
        long nanoTime = System.nanoTime();
        UUID.randomUUID().toString();
        this.c = Base64.getEncoder().encodeToString((nanoTime + ":" + nanoTime).getBytes(StandardCharsets.UTF_8));
        this.e = httpServletRequest.getRequestURI();
        if (httpServletRequest.getQueryString() != null) {
            this.e += "?" + httpServletRequest.getQueryString();
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Digest ");
        sb.append("realm=\"").append(a).append(OldPermissionXMLUtils.XML_QUOTE).append(",");
        sb.append("qop=\"auth\"").append(",");
        sb.append("nonce=\"").append(this.c).append(OldPermissionXMLUtils.XML_QUOTE);
        httpServletResponse.addHeader("WWW-Authenticate", sb.toString());
        try {
            httpServletResponse.sendError(401);
        } catch (IOException e) {
            LOGGER.debug(e);
        }
    }

    @Override // com.inet.authentication.RemoteLoginProcessor
    public boolean transferClientLoginData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (getLoginID() != null) {
            return true;
        }
        String header = httpServletRequest.getHeader("Authorization");
        DigestAuthorizationHeader from = DigestAuthorizationHeader.from(header);
        if (from == null) {
            LOGGER.error("Wrong authorization header: " + header);
            return true;
        }
        if (a(httpServletRequest.getMethod(), from)) {
            this.b = from.getUsername();
        } else {
            LOGGER.debug("Unsuccessful authentication with header: " + header);
        }
        this.d = false;
        return true;
    }

    protected abstract String getHashValueOfA1(String str, String str2);

    private boolean a(String str, DigestAuthorizationHeader digestAuthorizationHeader) {
        String hashValueOfA1;
        if (!digestAuthorizationHeader.getRealm().equals(a) || !digestAuthorizationHeader.getUri().equals(this.e)) {
            return false;
        }
        try {
            long parseLong = Long.parseLong(digestAuthorizationHeader.getNc(), 16);
            if (this.d && parseLong == 1 && digestAuthorizationHeader.getQop().equals("auth") && (hashValueOfA1 = getHashValueOfA1(digestAuthorizationHeader.getUsername(), digestAuthorizationHeader.getRealm())) != null) {
                return md5(String.format("%s:%s:%s:%s:%s:%s", hashValueOfA1, digestAuthorizationHeader.getNonce(), digestAuthorizationHeader.getNc(), digestAuthorizationHeader.getCnonce(), digestAuthorizationHeader.getQop(), md5(String.format("%s:%s", str, digestAuthorizationHeader.getUri())))).equals(digestAuthorizationHeader.getResponse());
            }
            return false;
        } catch (NumberFormatException e) {
            return false;
        }
    }

    @SuppressFBWarnings(value = {"WEAK_MESSAGE_DIGEST_MD5"}, justification = "legacy protocol required MD5")
    protected static String md5(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.update(str.getBytes(), 0, str.length());
            String bigInteger = new BigInteger(1, messageDigest.digest()).toString(16);
            while (bigInteger.length() < 32) {
                bigInteger = "0" + bigInteger;
            }
            return bigInteger;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
}
