package io.vertx.ext.web.handler.impl;

import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.impl.logging.Logger;
import io.vertx.core.impl.logging.LoggerFactory;
import io.vertx.core.shareddata.LocalMap;
import io.vertx.core.shareddata.Shareable;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.VertxContextPRNG;
import io.vertx.ext.auth.htdigest.HtdigestAuth;
import io.vertx.ext.auth.htdigest.HtdigestCredentials;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.Session;
import io.vertx.ext.web.handler.DigestAuthHandler;
import io.vertx.ext.web.handler.FormLoginHandler;
import io.vertx.ext.web.handler.HttpException;
import io.vertx.ext.web.handler.impl.HTTPAuthorizationHandler;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.jboss.resteasy.spi.HttpResponseCodes;

/* loaded from: input_file:io/vertx/ext/web/handler/impl/DigestAuthHandlerImpl.class */
public class DigestAuthHandlerImpl extends HTTPAuthorizationHandler<HtdigestAuth> implements DigestAuthHandler {
    private static final String DEFAULT_NONCE_MAP_NAME = "htdigest.nonces";
    private static final MessageDigest MD5;
    private final VertxContextPRNG random;
    private final LocalMap<String, Nonce> nonces;
    private final long nonceExpireTimeout;
    private long lastExpireRun;
    private static final char[] hexArray;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) HTTPAuthorizationHandler.class);
    private static final Pattern PARSER = Pattern.compile("(\\w+)=[\"]?([^\"]*)[\"]?$");
    private static final Pattern SPLITTER = Pattern.compile(",(?=(?:[^\"]|\"[^\"]*\")*$)");

    /* loaded from: input_file:io/vertx/ext/web/handler/impl/DigestAuthHandlerImpl$Nonce.class */
    private static class Nonce implements Shareable {
        private final long createdAt;
        private final int count;

        Nonce(int i) {
            this(System.currentTimeMillis(), i);
        }

        Nonce(long j, int i) {
            this.createdAt = j;
            this.count = i;
        }
    }

    public DigestAuthHandlerImpl(Vertx vertx, HtdigestAuth htdigestAuth, long j) {
        super(htdigestAuth, HTTPAuthorizationHandler.Type.DIGEST, htdigestAuth.realm());
        this.random = VertxContextPRNG.current(vertx);
        this.nonces = vertx.sharedData().getLocalMap(DEFAULT_NONCE_MAP_NAME);
        this.nonceExpireTimeout = j;
    }

    @Override // io.vertx.ext.web.handler.impl.AuthenticationHandlerInternal
    public void authenticate(RoutingContext routingContext, Handler<AsyncResult<User>> handler) {
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - this.lastExpireRun > this.nonceExpireTimeout / 2) {
            HashSet hashSet = new HashSet();
            this.nonces.forEach((str, nonce) -> {
                if (nonce == null || nonce.createdAt + this.nonceExpireTimeout >= currentTimeMillis) {
                    return;
                }
                hashSet.add(str);
            });
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                this.nonces.remove((String) it.next());
            }
            this.lastExpireRun = currentTimeMillis;
        }
        parseAuthorization(routingContext, asyncResult -> {
            String str2;
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
                return;
            }
            HtdigestCredentials htdigestCredentials = new HtdigestCredentials();
            try {
                for (String str3 : SPLITTER.split((CharSequence) asyncResult.result())) {
                    Matcher matcher = PARSER.matcher(str3);
                    if (matcher.find()) {
                        String group = matcher.group(1);
                        boolean z = -1;
                        switch (group.hashCode()) {
                            case -1355678356:
                                if (group.equals("cnonce")) {
                                    z = true;
                                    break;
                                }
                                break;
                            case -1077554975:
                                if (group.equals("method")) {
                                    z = 2;
                                    break;
                                }
                                break;
                            case -1010695135:
                                if (group.equals("opaque")) {
                                    z = 5;
                                    break;
                                }
                                break;
                            case -340323263:
                                if (group.equals("response")) {
                                    z = 8;
                                    break;
                                }
                                break;
                            case -265713450:
                                if (group.equals(FormLoginHandler.DEFAULT_USERNAME_PARAM)) {
                                    z = 10;
                                    break;
                                }
                                break;
                            case 3509:
                                if (group.equals("nc")) {
                                    z = 3;
                                    break;
                                }
                                break;
                            case 112146:
                                if (group.equals("qop")) {
                                    z = 6;
                                    break;
                                }
                                break;
                            case 116076:
                                if (group.equals("uri")) {
                                    z = 9;
                                    break;
                                }
                                break;
                            case 105002991:
                                if (group.equals("nonce")) {
                                    z = 4;
                                    break;
                                }
                                break;
                            case 108386959:
                                if (group.equals("realm")) {
                                    z = 7;
                                    break;
                                }
                                break;
                            case 225490031:
                                if (group.equals("algorithm")) {
                                    z = false;
                                    break;
                                }
                                break;
                        }
                    }
                }
                String nonce2 = htdigestCredentials.getNonce();
                if (!this.nonces.containsKey(nonce2)) {
                    handler.handle(Future.failedFuture(UNAUTHORIZED));
                    return;
                }
                if (htdigestCredentials.getQop() != null) {
                    int parseInt = Integer.parseInt(htdigestCredentials.getNc(), 16);
                    Nonce nonce3 = this.nonces.get(nonce2);
                    if (parseInt <= nonce3.count) {
                        handler.handle(Future.failedFuture(UNAUTHORIZED));
                        return;
                    }
                    this.nonces.put(nonce2, new Nonce(nonce3.createdAt, parseInt));
                }
                Session session = routingContext.session();
                if (session == null || (str2 = (String) session.data().get("opaque")) == null || str2.equals(htdigestCredentials.getOpaque())) {
                    htdigestCredentials.setMethod(routingContext.request().method().name());
                    this.authProvider.authenticate(htdigestCredentials, asyncResult -> {
                        if (asyncResult.failed()) {
                            handler.handle(Future.failedFuture(new HttpException(HttpResponseCodes.SC_UNAUTHORIZED, asyncResult.cause())));
                        } else {
                            handler.handle(asyncResult);
                        }
                    });
                } else {
                    handler.handle(Future.failedFuture(UNAUTHORIZED));
                }
            } catch (RuntimeException e) {
                handler.handle(Future.failedFuture(e));
            }
        });
    }

    @Override // io.vertx.ext.web.handler.impl.HTTPAuthorizationHandler, io.vertx.ext.web.handler.impl.AuthenticationHandlerInternal
    public String authenticateHeader(RoutingContext routingContext) {
        byte[] bArr = new byte[32];
        this.random.nextBytes(bArr);
        String md5 = md5(bArr);
        this.nonces.put(md5, new Nonce(0));
        String str = null;
        Session session = routingContext.session();
        if (session != null) {
            str = (String) session.data().get("opaque");
        }
        if (str == null) {
            this.random.nextBytes(bArr);
            str = md5(bArr);
        }
        return "Digest realm=\"" + this.realm + "\", qop=\"auth\", nonce=\"" + md5 + "\", opaque=\"" + str + "\"";
    }

    private static String bytesToHex(byte[] bArr) {
        char[] cArr = new char[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & 255;
            cArr[i * 2] = hexArray[i2 >>> 4];
            cArr[(i * 2) + 1] = hexArray[i2 & 15];
        }
        return new String(cArr);
    }

    private static synchronized String md5(byte[] bArr) {
        MD5.reset();
        return bytesToHex(MD5.digest(bArr));
    }

    static {
        try {
            MD5 = MessageDigest.getInstance(MessageDigestAlgorithms.MD5);
            hexArray = "0123456789abcdef".toCharArray();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
}
