package org.wildfly.httpclient.common;

import io.undertow.client.ClientExchange;
import io.undertow.client.ClientRequest;
import io.undertow.client.ClientResponse;
import io.undertow.security.impl.AuthenticationInfoToken;
import io.undertow.security.impl.DigestWWWAuthenticateToken;
import io.undertow.server.session.SecureRandomSessionIdGenerator;
import io.undertow.util.AttachmentKey;
import io.undertow.util.FlexBase64;
import io.undertow.util.HeaderValues;
import io.undertow.util.Headers;
import io.undertow.util.HexConverter;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.AccessController;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.LinkedBlockingDeque;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.kie.server.client.CredentialsProvider;
import org.wildfly.security.auth.client.AuthenticationConfiguration;
import org.wildfly.security.auth.client.AuthenticationContext;
import org.wildfly.security.auth.client.AuthenticationContextConfigurationClient;
import org.wildfly.security.auth.principal.NamePrincipal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:m2repo/org/wildfly/wildfly-http-client/wildfly-http-client-common/1.0.12.Final/wildfly-http-client-common-1.0.12.Final.jar:org/wildfly/httpclient/common/PoolAuthenticationContext.class */
public class PoolAuthenticationContext {
    private volatile Type current;
    private static final AttachmentKey<DigestImpl> DIGEST = AttachmentKey.create(DigestImpl.class);
    private static final AuthenticationContextConfigurationClient AUTH_CONTEXT_CLIENT = (AuthenticationContextConfigurationClient) AccessController.doPrivileged(AuthenticationContextConfigurationClient::new);
    private static final LinkedBlockingDeque<DigestImpl> digestList = new LinkedBlockingDeque<>();
    private static final SecureRandomSessionIdGenerator cnonceGenerator = new SecureRandomSessionIdGenerator();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:m2repo/org/wildfly/wildfly-http-client/wildfly-http-client-common/1.0.12.Final/wildfly-http-client-common-1.0.12.Final.jar:org/wildfly/httpclient/common/PoolAuthenticationContext$DigestImpl.class */
    public static final class DigestImpl {
        private String realm;
        private String domain;
        private String nonce;
        private String opaque;
        private String algorithm;
        private String qop;
        private int nccount;

        private DigestImpl() {
            this.nccount = 1;
        }

        static /* synthetic */ int access$708(DigestImpl digestImpl) {
            int i = digestImpl.nccount;
            digestImpl.nccount = i + 1;
            return i;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:m2repo/org/wildfly/wildfly-http-client/wildfly-http-client-common/1.0.12.Final/wildfly-http-client-common-1.0.12.Final.jar:org/wildfly/httpclient/common/PoolAuthenticationContext$Type.class */
    public enum Type {
        NONE,
        BASIC,
        DIGEST
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean handleResponse(ClientResponse clientResponse) {
        String first;
        if (clientResponse.getResponseCode() != 401 || (first = clientResponse.getResponseHeaders().getFirst(Headers.WWW_AUTHENTICATE)) == null) {
            return false;
        }
        String lowerCase = first.toLowerCase(Locale.ENGLISH);
        if (lowerCase.startsWith("basic ")) {
            this.current = Type.BASIC;
            return true;
        }
        if (!lowerCase.startsWith("digest ")) {
            return false;
        }
        this.current = Type.DIGEST;
        Map<DigestWWWAuthenticateToken, String> parseHeader = DigestWWWAuthenticateToken.parseHeader(first.substring(7));
        DigestImpl digestImpl = new DigestImpl();
        digestImpl.domain = parseHeader.get(DigestWWWAuthenticateToken.DOMAIN);
        digestImpl.nonce = parseHeader.get(DigestWWWAuthenticateToken.NONCE);
        digestImpl.opaque = parseHeader.get(DigestWWWAuthenticateToken.OPAQUE);
        digestImpl.algorithm = parseHeader.get(DigestWWWAuthenticateToken.ALGORITHM);
        String str = parseHeader.get(DigestWWWAuthenticateToken.MESSAGE_QOP);
        digestImpl.qop = null;
        if (str != null) {
            for (String str2 : str.split(",")) {
                if (str2.equals("auth")) {
                    digestImpl.qop = str2;
                }
            }
            if (digestImpl.qop == null) {
                throw HttpClientMessages.MESSAGES.unsupportedQopInDigest();
            }
        }
        digestImpl.realm = parseHeader.get(DigestWWWAuthenticateToken.REALM);
        digestImpl.nccount = 1;
        if (digestImpl.algorithm.startsWith("\"")) {
            digestImpl.algorithm = digestImpl.algorithm.substring(1, digestImpl.algorithm.length() - 1);
        }
        digestList.add(digestImpl);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean prepareRequest(URI uri, ClientRequest clientRequest, AuthenticationConfiguration authenticationConfiguration) {
        char[] password;
        DigestImpl poll;
        String path;
        String str;
        if (this.current == Type.NONE) {
            return false;
        }
        AuthenticationConfiguration authenticationConfiguration2 = authenticationConfiguration;
        if (authenticationConfiguration2 == null) {
            authenticationConfiguration2 = AUTH_CONTEXT_CLIENT.getAuthenticationConfiguration(uri, AuthenticationContext.captureCurrent());
        }
        CallbackHandler callbackHandler = AUTH_CONTEXT_CLIENT.getCallbackHandler(authenticationConfiguration2);
        Callback nameCallback = new NameCallback("user name");
        PasswordCallback passwordCallback = new PasswordCallback("password", false);
        try {
            callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            String name = nameCallback.getName();
            if (name == null || (password = passwordCallback.getPassword()) == null) {
                return false;
            }
            NamePrincipal namePrincipal = new NamePrincipal(name);
            if (this.current == Type.BASIC) {
                clientRequest.getRequestHeaders().put(Headers.AUTHORIZATION, CredentialsProvider.BASIC_AUTH_PREFIX + FlexBase64.encodeString((namePrincipal.getName() + ":" + new String(password)).getBytes(StandardCharsets.UTF_8), false));
                return true;
            }
            if (this.current != Type.DIGEST || (poll = digestList.poll()) == null) {
                return false;
            }
            String createSessionId = cnonceGenerator.createSessionId();
            try {
                int indexOf = clientRequest.getPath().indexOf("?");
                if (indexOf > 0) {
                    path = clientRequest.getPath().substring(0, indexOf);
                    str = clientRequest.getPath().substring(indexOf + 1);
                } else {
                    path = clientRequest.getPath();
                    str = null;
                }
                String uri2 = new URI(uri.getScheme(), uri.getUserInfo(), uri.getHost(), uri.getPort(), path, str, null).toString();
                clientRequest.putAttachment(DIGEST, poll);
                StringBuilder sb = new StringBuilder("Digest username=\"");
                sb.append(namePrincipal.getName());
                sb.append("\", uri=\"");
                sb.append(uri2);
                sb.append("\", realm=\"");
                sb.append(poll.realm);
                sb.append("\"");
                StringBuilder sb2 = new StringBuilder();
                if (poll.qop != null) {
                    sb.append(", nc=");
                    String hexString = Integer.toHexString(DigestImpl.access$708(poll));
                    for (int length = hexString.length(); length < 8; length++) {
                        sb2.append("0");
                    }
                    sb2.append(hexString);
                    sb.append(sb2.toString());
                    sb.append(", cnonce=\"");
                    sb.append(createSessionId);
                    sb.append("\"");
                }
                sb.append(", algorithm=");
                sb.append(poll.algorithm);
                sb.append(", nonce=\"");
                sb.append(poll.nonce);
                sb.append("\", opaque=\"");
                sb.append(poll.opaque);
                sb.append("\", qop=auth");
                String str2 = namePrincipal.getName() + ":" + poll.realm + ":" + new String(password);
                String str3 = clientRequest.getMethod().toString() + ":" + uri2;
                try {
                    MessageDigest messageDigest = MessageDigest.getInstance(poll.algorithm);
                    messageDigest.update(str2.getBytes(StandardCharsets.UTF_8));
                    byte[] convertToHexBytes = HexConverter.convertToHexBytes(messageDigest.digest());
                    messageDigest.reset();
                    messageDigest.update(str3.getBytes(StandardCharsets.UTF_8));
                    String convertToHexString = HexConverter.convertToHexString(messageDigest.digest());
                    messageDigest.reset();
                    messageDigest.update(convertToHexBytes);
                    messageDigest.update((byte) 58);
                    messageDigest.update(poll.nonce.getBytes(StandardCharsets.UTF_8));
                    messageDigest.update((byte) 58);
                    if (poll.qop != null) {
                        messageDigest.update(sb2.toString().getBytes(StandardCharsets.UTF_8));
                        messageDigest.update((byte) 58);
                        messageDigest.update(createSessionId.getBytes(StandardCharsets.UTF_8));
                        messageDigest.update((byte) 58);
                        messageDigest.update("auth".getBytes(StandardCharsets.UTF_8));
                        messageDigest.update((byte) 58);
                    }
                    messageDigest.update(convertToHexString.getBytes(StandardCharsets.UTF_8));
                    sb.append(", response=\"");
                    sb.append(HexConverter.convertToHexString(messageDigest.digest()));
                    sb.append("\"");
                    clientRequest.getRequestHeaders().put(Headers.AUTHORIZATION, sb.toString());
                    return true;
                } catch (NoSuchAlgorithmException e) {
                    throw new RuntimeException(e);
                }
            } catch (URISyntaxException e2) {
                throw new RuntimeException(e2);
            }
        } catch (IOException | UnsupportedCallbackException e3) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isStale(ClientExchange clientExchange) {
        if (this.current != Type.DIGEST) {
            return false;
        }
        ClientResponse response = clientExchange.getResponse();
        if (response.getResponseCode() == 401) {
            HeaderValues headerValues = response.getResponseHeaders().get(Headers.WWW_AUTHENTICATE);
            if (headerValues == null) {
                return false;
            }
            Iterator<String> it = headerValues.iterator();
            while (it.hasNext()) {
                String next = it.next();
                if (next.toLowerCase(Locale.ENGLISH).startsWith("digest ") && DigestWWWAuthenticateToken.parseHeader(next.substring(7)).containsKey(DigestWWWAuthenticateToken.STALE)) {
                    return true;
                }
            }
            return false;
        }
        DigestImpl digestImpl = (DigestImpl) clientExchange.getRequest().getAttachment(DIGEST);
        if (digestImpl == null) {
            return false;
        }
        String first = response.getResponseHeaders().getFirst(Headers.AUTHENTICATION_INFO);
        if (first != null) {
            try {
                String str = AuthenticationInfoToken.parseHeader(first).get(AuthenticationInfoToken.NEXT_NONCE);
                if (str != null) {
                    digestImpl.nonce = str;
                }
            } catch (Exception e) {
                HttpClientMessages.MESSAGES.failedToParseAuthenticationInfo(e);
            }
        }
        digestList.add(digestImpl);
        return false;
    }
}
