package org.picketlink.authentication.web;

import java.io.IOException;
import java.util.Timer;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.picketlink.authentication.web.support.HTTPDigestUtil;
import org.picketlink.authentication.web.support.NonceCache;
import org.picketlink.credential.DefaultLoginCredentials;
import org.picketlink.idm.credential.Digest;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/layers/base/org/picketlink/core/api/main/picketlink-api-2.5.5.SP2.jar:org/picketlink/authentication/web/DigestAuthenticationScheme.class */
public class DigestAuthenticationScheme implements HTTPAuthenticationScheme {
    public static final String REALM_NAME_INIT_PARAM = "realmName";
    public static final String DEFAULT_REALM_NAME = "PicketLink Default Realm";
    private final Timer nonceCleanupTimer = new Timer("PicketLink_Digest_Nonce_Cache_Cleanup");
    private NonceCache nonceCache = new NonceCache();
    private String realm;

    public DigestAuthenticationScheme(FilterConfig filterConfig) {
        this.realm = "PicketLink Default Realm";
        String initParameter = filterConfig.getInitParameter("realmName");
        if (initParameter != null) {
            this.realm = initParameter;
        }
        this.nonceCleanupTimer.schedule(this.nonceCache, this.nonceCache.getNonceMaxValid(), this.nonceCache.getNonceMaxValid());
    }

    @Override // org.picketlink.authentication.web.HTTPAuthenticationScheme
    public void extractCredential(HttpServletRequest httpServletRequest, DefaultLoginCredentials defaultLoginCredentials) {
        if (isDigestAuthentication(httpServletRequest)) {
            String[] extractTokens = extractTokens(httpServletRequest);
            if (extractTokens.length > 0) {
                Digest digest = HTTPDigestUtil.digest(extractTokens);
                digest.setMethod(httpServletRequest.getMethod());
                if (this.nonceCache.hasValidNonce(digest, httpServletRequest)) {
                    defaultLoginCredentials.setCredential(digest);
                }
            }
        }
    }

    @Override // org.picketlink.authentication.web.HTTPAuthenticationScheme
    public void challengeClient(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String contextPath = httpServletRequest.getContextPath();
        if (contextPath == null) {
            contextPath = "/";
        }
        String generateAndCacheNonce = this.nonceCache.generateAndCacheNonce(httpServletRequest);
        StringBuilder sb = new StringBuilder("Digest realm=\"");
        sb.append(this.realm).append("\",");
        sb.append("domain=\"").append(contextPath).append("\",");
        sb.append("nonce=\"").append(generateAndCacheNonce).append("\",");
        sb.append("algorithm=MD5,");
        sb.append("qop=").append("auth").append(",");
        sb.append("stale=\"").append(false).append("\"");
        httpServletResponse.setHeader("WWW-Authenticate", sb.toString());
        httpServletResponse.sendError(401);
    }

    @Override // org.picketlink.authentication.web.HTTPAuthenticationScheme
    public boolean postAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        return true;
    }

    private String[] extractTokens(HttpServletRequest httpServletRequest) {
        return getAuthorizationHeader(httpServletRequest).substring(7).trim().split(",(?=(?:[^\"]*\"[^\"]*\")+$)");
    }

    private String getAuthorizationHeader(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader("Authorization");
    }

    private boolean isDigestAuthentication(HttpServletRequest httpServletRequest) {
        String authorizationHeader = getAuthorizationHeader(httpServletRequest);
        return authorizationHeader != null && authorizationHeader.startsWith("Digest ");
    }
}
