package org.jboss.as.domain.http.server;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.RealmCallback;
import org.jboss.as.domain.management.util.HexUtil;
import org.jboss.com.sun.net.httpserver.Authenticator;
import org.jboss.com.sun.net.httpserver.Headers;
import org.jboss.com.sun.net.httpserver.HttpExchange;
import org.jboss.com.sun.net.httpserver.HttpPrincipal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/jboss/as/domain/http/server/DigestAuthenticator.class */
public class DigestAuthenticator extends Authenticator {
    private Map<InetSocketAddress, DigestContext> authentications = new HashMap();
    private final NonceFactory nonceFactory = new NonceFactory();
    private final CallbackHandler callbackHandler;
    private final String realm;
    private static final byte COLON = 58;
    private static final String CHALLENGE = "Digest";
    private static final String NONCE = "nonce";
    private static final String MD5 = "MD5";
    private static final String REALM = "realm";
    private static final String RESPONSE = "response";
    private static final String USERNAME = "username";
    private static final String URI = "uri";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jboss/as/domain/http/server/DigestAuthenticator$DigestContext.class */
    public class DigestContext {
        private HttpPrincipal principal;

        private DigestContext() {
            this.principal = null;
        }

        boolean isAuthenticated() {
            return this.principal != null;
        }

        HttpPrincipal getPrincipal() {
            return this.principal;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jboss/as/domain/http/server/DigestAuthenticator$HeaderParser.class */
    public class HeaderParser {
        private static final char EQUALS = '=';
        private static final char DELIMITER = ',';
        private static final char QUOTE = '\"';
        private static final char ESCAPE = '\\';
        private final String message;
        private final int length;
        private int pos = 0;
        private boolean hasNextConfirmed;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:org/jboss/as/domain/http/server/DigestAuthenticator$HeaderParser$Parameter.class */
        public class Parameter {
            String key;
            String value;

            Parameter() {
            }
        }

        HeaderParser(String str) {
            this.message = str;
            this.length = str.length();
        }

        boolean hasNext() {
            int indexOf;
            if (this.hasNextConfirmed) {
                return true;
            }
            if (this.pos >= this.length || (indexOf = this.message.indexOf(EQUALS, this.pos)) < 0 || indexOf >= this.length - 1) {
                return false;
            }
            this.hasNextConfirmed = true;
            return true;
        }

        Parameter next() {
            if (!this.hasNextConfirmed && !hasNext()) {
                return null;
            }
            Parameter parameter = new Parameter();
            int indexOf = this.message.indexOf(EQUALS, this.pos);
            parameter.key = this.message.substring(this.pos, indexOf).trim();
            this.pos = indexOf + 1;
            int indexOf2 = this.message.indexOf(DELIMITER, this.pos);
            int indexOf3 = this.message.indexOf(QUOTE, this.pos);
            boolean z = false;
            if (indexOf3 > 0 && (indexOf2 < 0 || indexOf3 < indexOf2)) {
                z = true;
            }
            if (z) {
                String trim = this.message.substring(this.pos, indexOf3).trim();
                if (!"".equals(trim)) {
                    throw new IllegalArgumentException("Unexpected characters being dropped from header '" + trim + "' for " + parameter.key);
                }
                this.pos = indexOf3;
                int i = -1;
                while (i < 0) {
                    indexOf3 = this.message.indexOf(QUOTE, indexOf3 + 1);
                    if (indexOf3 < 0) {
                        throw new IllegalArgumentException("Unable to find closing quote for " + parameter.key);
                    }
                    if (this.message.charAt(indexOf3 - 1) != ESCAPE) {
                        i = indexOf3;
                    }
                }
                parameter.value = this.message.substring(this.pos + 1, i);
                int indexOf4 = this.message.indexOf(DELIMITER, this.pos);
                if (indexOf4 > 0) {
                    this.pos = indexOf4 + 1;
                }
            } else {
                int indexOf5 = this.message.indexOf(DELIMITER, this.pos);
                if (indexOf5 > 0) {
                    parameter.value = this.message.substring(this.pos, indexOf5).trim();
                    this.pos = indexOf5 + 1;
                } else {
                    parameter.value = this.message.substring(this.pos, this.length - 1).trim();
                    this.pos = this.length + 1;
                }
            }
            this.hasNextConfirmed = false;
            return parameter;
        }
    }

    public DigestAuthenticator(CallbackHandler callbackHandler, String str) {
        this.callbackHandler = callbackHandler;
        this.realm = str;
    }

    public Authenticator.Result authenticate(HttpExchange httpExchange) {
        DigestContext orCreateNegotiationContext = getOrCreateNegotiationContext(httpExchange.getRemoteAddress());
        if (orCreateNegotiationContext.isAuthenticated()) {
            return new Authenticator.Success(orCreateNegotiationContext.getPrincipal());
        }
        Headers requestHeaders = httpExchange.getRequestHeaders();
        if (!requestHeaders.containsKey(Constants.AUTHORIZATION_HEADER)) {
            httpExchange.getResponseHeaders().add(Constants.WWW_AUTHENTICATE_HEADER, "Digest " + createChallenge(false));
            return new Authenticator.Retry(Constants.UNAUTHORIZED);
        }
        String first = requestHeaders.getFirst(Constants.AUTHORIZATION_HEADER);
        if (!first.startsWith("Digest ")) {
            throw new RuntimeException("Invalid 'Authorization' header.");
        }
        Map<String, String> parseDigestChallenge = parseDigestChallenge(first.substring(CHALLENGE.length() + 1));
        HttpPrincipal validateUser = validateUser(parseDigestChallenge);
        if (validateUser == null) {
            if (parseDigestChallenge.containsKey(NONCE)) {
                this.nonceFactory.useNonce(parseDigestChallenge.get(NONCE));
            }
            return new Authenticator.Failure(Constants.FORBIDDEN);
        }
        if (this.nonceFactory.useNonce(parseDigestChallenge.get(NONCE))) {
            orCreateNegotiationContext.principal = validateUser;
            return new Authenticator.Success(validateUser);
        }
        httpExchange.getResponseHeaders().add(Constants.WWW_AUTHENTICATE_HEADER, "Digest " + createChallenge(true));
        return new Authenticator.Retry(Constants.UNAUTHORIZED);
    }

    private HttpPrincipal validateUser(Map<String, String> map) {
        Callback realmCallback = new RealmCallback("Realm", map.get(REALM));
        Callback nameCallback = new NameCallback("Username", map.get(USERNAME));
        PasswordCallback passwordCallback = new PasswordCallback("Password", false);
        try {
            this.callbackHandler.handle(new Callback[]{realmCallback, nameCallback, passwordCallback});
            try {
                MessageDigest messageDigest = MessageDigest.getInstance(MD5);
                messageDigest.update(map.get(USERNAME).getBytes());
                messageDigest.update((byte) 58);
                messageDigest.update(map.get(REALM).getBytes());
                messageDigest.update((byte) 58);
                messageDigest.update(new String(passwordCallback.getPassword()).getBytes());
                byte[] convertToHexBytes = HexUtil.convertToHexBytes(messageDigest.digest());
                messageDigest.update(Constants.GET.getBytes());
                messageDigest.update((byte) 58);
                messageDigest.update(map.get(URI).getBytes());
                byte[] convertToHexBytes2 = HexUtil.convertToHexBytes(messageDigest.digest());
                messageDigest.update(convertToHexBytes);
                messageDigest.update((byte) 58);
                messageDigest.update(map.get(NONCE).getBytes());
                messageDigest.update((byte) 58);
                messageDigest.update(convertToHexBytes2);
                if (MessageDigest.isEqual(HexUtil.convertToHexBytes(messageDigest.digest()), map.get(RESPONSE).getBytes())) {
                    return new HttpPrincipal(map.get(USERNAME), map.get(REALM));
                }
                return null;
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException("Unable to perform digest validation as MD5 is unavailable.", e);
            }
        } catch (IOException e2) {
            throw new IllegalStateException("CallbackHander not suitable for Digest authentication.");
        } catch (UnsupportedCallbackException e3) {
            throw new IllegalStateException("CallbackHander not suitable for Digest authentication.");
        }
    }

    private String createChallenge(boolean z) {
        StringBuilder sb = new StringBuilder();
        sb.append("realm=\"").append(this.realm).append("\",");
        sb.append("nonce=\"").append(this.nonceFactory.createNonce()).append("\"");
        if (z) {
            sb.append(",stale=true");
        }
        return sb.toString();
    }

    private Map<String, String> parseDigestChallenge(String str) {
        HashMap hashMap = new HashMap();
        HeaderParser headerParser = new HeaderParser(str);
        while (headerParser.hasNext()) {
            HeaderParser.Parameter next = headerParser.next();
            hashMap.put(next.key, next.value);
        }
        return hashMap;
    }

    private DigestContext getOrCreateNegotiationContext(InetSocketAddress inetSocketAddress) {
        DigestContext digestContext;
        synchronized (this.authentications) {
            digestContext = this.authentications.get(inetSocketAddress);
            if (digestContext == null) {
                digestContext = new DigestContext();
                this.authentications.put(inetSocketAddress, digestContext);
            }
        }
        return digestContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean requiredCallbacksSupported(Class[] clsArr) {
        return contains(NameCallback.class, clsArr) && contains(RealmCallback.class, clsArr) && contains(PasswordCallback.class, clsArr);
    }

    private static boolean contains(Class cls, Class[] clsArr) {
        for (Class cls2 : clsArr) {
            if (cls2.equals(cls)) {
                return true;
            }
        }
        return false;
    }
}
