package org.glassfish.jersey.client.authentication;

import Acme.Serve.SSLAcceptor;
import ch.qos.logback.core.net.ssl.SSL;
import com.github.scribejava.core.model.OAuthConstants;
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet;
import java.io.IOException;
import java.net.URI;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.client.ClientResponseContext;
import javax.ws.rs.core.Response;
import org.apache.axis.Message;
import org.bouncycastle.cms.CMSAttributeTableGenerator;
import org.glassfish.jersey.client.authentication.HttpAuthenticationFilter;
import org.glassfish.jersey.client.internal.LocalizationMessages;
import org.glassfish.jersey.message.MessageUtils;
import org.glassfish.jersey.uri.UriComponent;
import org.osgi.service.upnp.UPnPStateVariable;

/* JADX WARN: Classes with same name are omitted:
  input_file:MarinaMasterRest.war:WEB-INF/lib/jersey-client-2.25.1.jar:org/glassfish/jersey/client/authentication/DigestAuthenticator.class
 */
/* loaded from: input_file:lib/jersey-client-2.33.jar:org/glassfish/jersey/client/authentication/DigestAuthenticator.class */
final class DigestAuthenticator {
    private static final char[] HEX_ARRAY = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
    private static final Pattern KEY_VALUE_PAIR_PATTERN = Pattern.compile("(\\w+)\\s*=\\s*(\"([^\"]+)\"|(\\w+))\\s*,?\\s*");
    private static final int CLIENT_NONCE_BYTE_COUNT = 4;
    private final SecureRandom randomGenerator;
    private final HttpAuthenticationFilter.Credentials credentials;
    private final Map<URI, DigestScheme> digestCache;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:MarinaMasterRest.war:WEB-INF/lib/jersey-client-2.25.1.jar:org/glassfish/jersey/client/authentication/DigestAuthenticator$Algorithm.class
     */
    /* loaded from: input_file:lib/jersey-client-2.33.jar:org/glassfish/jersey/client/authentication/DigestAuthenticator$Algorithm.class */
    public enum Algorithm {
        UNSPECIFIED(null),
        MD5("MD5"),
        MD5_SESS("MD5-sess");

        private final String md;

        Algorithm(String str) {
            this.md = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.md;
        }

        public static Algorithm parse(String str) {
            if (str == null || str.isEmpty()) {
                return UNSPECIFIED;
            }
            String trim = str.trim();
            return (trim.contains(MD5_SESS.md) || trim.contains(MD5_SESS.md.toLowerCase(Locale.ROOT))) ? MD5_SESS : MD5;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:MarinaMasterRest.war:WEB-INF/lib/jersey-client-2.25.1.jar:org/glassfish/jersey/client/authentication/DigestAuthenticator$DigestScheme.class
     */
    /* loaded from: input_file:lib/jersey-client-2.33.jar:org/glassfish/jersey/client/authentication/DigestAuthenticator$DigestScheme.class */
    public final class DigestScheme {
        private final String realm;
        private final String nonce;
        private final String opaque;
        private final Algorithm algorithm;
        private final QOP qop;
        private final boolean stale;
        private volatile int nc = 0;

        DigestScheme(String str, String str2, String str3, QOP qop, Algorithm algorithm, boolean z) {
            this.realm = str;
            this.nonce = str2;
            this.opaque = str3;
            this.qop = qop;
            this.algorithm = algorithm;
            this.stale = z;
        }

        public int incrementCounter() {
            int i = this.nc + 1;
            this.nc = i;
            return i;
        }

        public String getNonce() {
            return this.nonce;
        }

        public String getRealm() {
            return this.realm;
        }

        public String getOpaque() {
            return this.opaque;
        }

        public Algorithm getAlgorithm() {
            return this.algorithm;
        }

        public QOP getQop() {
            return this.qop;
        }

        public boolean isStale() {
            return this.stale;
        }

        public int getNc() {
            return this.nc;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:MarinaMasterRest.war:WEB-INF/lib/jersey-client-2.25.1.jar:org/glassfish/jersey/client/authentication/DigestAuthenticator$QOP.class
     */
    /* loaded from: input_file:lib/jersey-client-2.33.jar:org/glassfish/jersey/client/authentication/DigestAuthenticator$QOP.class */
    public enum QOP {
        UNSPECIFIED(null),
        AUTH("auth");

        private final String qop;

        QOP(String str) {
            this.qop = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.qop;
        }

        public static QOP parse(String str) {
            if (str == null || str.isEmpty()) {
                return UNSPECIFIED;
            }
            if (str.contains("auth")) {
                return AUTH;
            }
            throw new UnsupportedOperationException(LocalizationMessages.DIGEST_FILTER_QOP_UNSUPPORTED(str));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DigestAuthenticator(HttpAuthenticationFilter.Credentials credentials, final int i) {
        this.credentials = credentials;
        this.digestCache = Collections.synchronizedMap(new LinkedHashMap<URI, DigestScheme>(i) { // from class: org.glassfish.jersey.client.authentication.DigestAuthenticator.1
            private static final long serialVersionUID = 2546245625L;

            @Override // java.util.LinkedHashMap
            protected boolean removeEldestEntry(Map.Entry<URI, DigestScheme> entry) {
                return size() > i;
            }
        });
        try {
            this.randomGenerator = SecureRandom.getInstance(SSL.DEFAULT_SECURE_RANDOM_ALGORITHM);
        } catch (NoSuchAlgorithmException e) {
            throw new RequestAuthenticationException(LocalizationMessages.ERROR_DIGEST_FILTER_GENERATOR(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean filterRequest(ClientRequestContext clientRequestContext) throws IOException {
        HttpAuthenticationFilter.Credentials credentials;
        DigestScheme digestScheme = this.digestCache.get(AuthenticationUtil.getCacheKey(clientRequestContext));
        if (digestScheme == null || (credentials = HttpAuthenticationFilter.getCredentials(clientRequestContext, this.credentials, HttpAuthenticationFilter.Type.DIGEST)) == null) {
            return false;
        }
        clientRequestContext.getHeaders().add("Authorization", createNextAuthToken(digestScheme, clientRequestContext, credentials));
        return true;
    }

    public boolean filterResponse(ClientRequestContext clientRequestContext, ClientResponseContext clientResponseContext) throws IOException {
        if (Response.Status.fromStatusCode(clientResponseContext.getStatus()) != Response.Status.UNAUTHORIZED) {
            return true;
        }
        DigestScheme parseAuthHeaders = parseAuthHeaders((List) clientResponseContext.getHeaders().get("WWW-Authenticate"));
        if (parseAuthHeaders == null) {
            return false;
        }
        HttpAuthenticationFilter.Credentials credentials = HttpAuthenticationFilter.getCredentials(clientRequestContext, this.credentials, HttpAuthenticationFilter.Type.DIGEST);
        if (credentials == null) {
            if (clientResponseContext.hasEntity()) {
                AuthenticationUtil.discardInputAndClose(clientResponseContext.getEntityStream());
            }
            throw new ResponseAuthenticationException((Response) null, LocalizationMessages.AUTHENTICATION_CREDENTIALS_MISSING_DIGEST());
        }
        boolean repeatRequest = HttpAuthenticationFilter.repeatRequest(clientRequestContext, clientResponseContext, createNextAuthToken(parseAuthHeaders, clientRequestContext, credentials));
        URI cacheKey = AuthenticationUtil.getCacheKey(clientRequestContext);
        if (repeatRequest) {
            this.digestCache.put(cacheKey, parseAuthHeaders);
        } else {
            this.digestCache.remove(cacheKey);
        }
        return repeatRequest;
    }

    private DigestScheme parseAuthHeaders(List<?> list) throws IOException {
        if (list == null) {
            return null;
        }
        for (Object obj : list) {
            if (obj instanceof String) {
                String[] split = ((String) obj).trim().split("\\s+", 2);
                if (split.length == 2 && CMSAttributeTableGenerator.DIGEST.equals(split[0].toLowerCase(Locale.ROOT))) {
                    String str = null;
                    String str2 = null;
                    String str3 = null;
                    QOP qop = QOP.UNSPECIFIED;
                    Algorithm algorithm = Algorithm.UNSPECIFIED;
                    boolean z = false;
                    Matcher matcher = KEY_VALUE_PAIR_PATTERN.matcher(split[1]);
                    while (matcher.find()) {
                        if (matcher.groupCount() == 4) {
                            String group = matcher.group(1);
                            String group2 = matcher.group(3);
                            String group3 = group2 == null ? matcher.group(4) : group2;
                            if ("qop".equals(group)) {
                                qop = QOP.parse(group3);
                            } else if (OAuthConstants.REALM.equals(group)) {
                                str = group3;
                            } else if (IDTokenClaimsSet.NONCE_CLAIM_NAME.equals(group)) {
                                str2 = group3;
                            } else if ("opaque".equals(group)) {
                                str3 = group3;
                            } else if ("stale".equals(group)) {
                                z = Boolean.parseBoolean(group3);
                            } else if (SSLAcceptor.ARG_ALGORITHM.equals(group)) {
                                algorithm = Algorithm.parse(group3);
                            }
                        }
                    }
                    return new DigestScheme(str, str2, str3, qop, algorithm, z);
                }
            }
        }
        return null;
    }

    private String createNextAuthToken(DigestScheme digestScheme, ClientRequestContext clientRequestContext, HttpAuthenticationFilter.Credentials credentials) throws IOException {
        String md5;
        StringBuilder sb = new StringBuilder(100);
        sb.append("Digest ");
        append(sb, "username", credentials.getUsername());
        append(sb, OAuthConstants.REALM, digestScheme.getRealm());
        append(sb, IDTokenClaimsSet.NONCE_CLAIM_NAME, digestScheme.getNonce());
        append(sb, "opaque", digestScheme.getOpaque());
        append(sb, SSLAcceptor.ARG_ALGORITHM, digestScheme.getAlgorithm().toString(), false);
        append(sb, "qop", digestScheme.getQop().toString(), false);
        String fullRelativeUri = UriComponent.fullRelativeUri(clientRequestContext.getUri());
        append(sb, UPnPStateVariable.TYPE_URI, fullRelativeUri);
        String md52 = digestScheme.getAlgorithm() == Algorithm.MD5_SESS ? md5(md5(credentials.getUsername(), digestScheme.getRealm(), new String(credentials.getPassword(), MessageUtils.getCharset(clientRequestContext.getMediaType())))) : md5(credentials.getUsername(), digestScheme.getRealm(), new String(credentials.getPassword(), MessageUtils.getCharset(clientRequestContext.getMediaType())));
        String md53 = md5(clientRequestContext.getMethod(), fullRelativeUri);
        if (digestScheme.getQop() == QOP.UNSPECIFIED) {
            md5 = md5(md52, digestScheme.getNonce(), md53);
        } else {
            String randomBytes = randomBytes(4);
            append(sb, "cnonce", randomBytes);
            String format = String.format("%08x", Integer.valueOf(digestScheme.incrementCounter()));
            append(sb, "nc", format, false);
            md5 = md5(md52, digestScheme.getNonce(), format, randomBytes, digestScheme.getQop().toString(), md53);
        }
        append(sb, Message.RESPONSE, md5);
        return sb.toString();
    }

    private static void append(StringBuilder sb, String str, String str2, boolean z) {
        if (str2 == null) {
            return;
        }
        if (sb.length() > 0 && sb.charAt(sb.length() - 1) != ' ') {
            sb.append(',');
        }
        sb.append(str);
        sb.append('=');
        if (z) {
            sb.append('\"');
        }
        sb.append(str2);
        if (z) {
            sb.append('\"');
        }
    }

    private static void append(StringBuilder sb, String str, String str2) {
        append(sb, str, str2, true);
    }

    private static String bytesToHex(byte[] bArr) {
        char[] cArr = new char[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & 255;
            cArr[i * 2] = HEX_ARRAY[i2 >>> 4];
            cArr[(i * 2) + 1] = HEX_ARRAY[i2 & 15];
        }
        return new String(cArr);
    }

    private static String md5(String... strArr) throws IOException {
        StringBuilder sb = new StringBuilder(100);
        for (String str : strArr) {
            if (sb.length() > 0) {
                sb.append(':');
            }
            sb.append(str);
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.update(sb.toString().getBytes(HttpAuthenticationFilter.CHARACTER_SET), 0, sb.length());
            return bytesToHex(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            throw new IOException(e.getMessage());
        }
    }

    private String randomBytes(int i) {
        byte[] bArr = new byte[i];
        this.randomGenerator.nextBytes(bArr);
        return bytesToHex(bArr);
    }
}
