package org.picketbox.http.authentication;

import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.picketbox.core.PicketBoxPrincipal;
import org.picketbox.core.authentication.AuthenticationInfo;
import org.picketbox.core.exceptions.AuthenticationException;
import org.picketbox.core.nonce.NonceGenerator;
import org.picketbox.core.nonce.UUIDNonceGenerator;
import org.picketbox.http.PicketBoxConstants;
import org.picketbox.http.authentication.credential.HTTPDigestCredential;
import org.picketbox.http.authentication.credential.HttpServletCredential;
import org.picketbox.http.config.HTTPAuthenticationConfiguration;
import org.picketbox.http.config.HTTPDigestConfiguration;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.internal.Digest;
import org.picketlink.idm.credential.internal.DigestCredentials;

/* loaded from: input_file:org/picketbox/http/authentication/HTTPDigestAuthentication.class */
public class HTTPDigestAuthentication extends AbstractHTTPAuthentication {
    protected String opaque = UUID.randomUUID().toString();
    protected String qop = PicketBoxConstants.HTTP_DIGEST_QOP_AUTH;
    protected long nonceMaxValid = 180000;
    protected NonceGenerator nonceGenerator = new UUIDNonceGenerator();
    protected ConcurrentMap<String, List<String>> idVersusNonce = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/picketbox/http/authentication/HTTPDigestAuthentication$NONCE_VALIDATION_RESULT.class */
    public enum NONCE_VALIDATION_RESULT {
        INVALID,
        STALE,
        VALID
    }

    public List<AuthenticationInfo> getAuthenticationInfo() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new AuthenticationInfo("HTTP DIGEST Authentication Credential", "Authenticates users using the HTTP DIGEST Authentication scheme.", HTTPDigestCredential.class));
        return arrayList;
    }

    public NonceGenerator getNonceGenerator() {
        return this.nonceGenerator;
    }

    public void setNonceGenerator(NonceGenerator nonceGenerator) {
        this.nonceGenerator = nonceGenerator;
    }

    public void setNonceMaxValid(String str) {
        this.nonceMaxValid = Long.parseLong(str);
    }

    public String getOpaque() {
        HTTPDigestConfiguration digestConfiguration;
        HTTPAuthenticationConfiguration authenticationConfig = getAuthenticationConfig();
        if (authenticationConfig != null && (digestConfiguration = authenticationConfig.getDigestConfiguration()) != null && digestConfiguration.getOpaque() != null) {
            this.opaque = digestConfiguration.getOpaque();
        }
        return this.opaque;
    }

    public void setOpaque(String str) {
        this.opaque = str;
    }

    private NONCE_VALIDATION_RESULT validateNonce(Digest digest, String str) {
        String nonce = digest.getNonce();
        List<String> list = this.idVersusNonce.get(str);
        if (list != null && list.contains(nonce)) {
            return this.nonceGenerator.hasExpired(nonce, this.nonceMaxValid) ? NONCE_VALIDATION_RESULT.STALE : NONCE_VALIDATION_RESULT.VALID;
        }
        return NONCE_VALIDATION_RESULT.INVALID;
    }

    @Override // org.picketbox.http.authentication.AbstractHTTPAuthentication
    protected boolean isAuthenticationRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader(PicketBoxConstants.HTTP_AUTHORIZATION_HEADER) != null;
    }

    @Override // org.picketbox.http.authentication.AbstractHTTPAuthentication
    /* renamed from: doHTTPAuthentication */
    protected Principal mo5doHTTPAuthentication(HttpServletCredential httpServletCredential) {
        HTTPDigestCredential hTTPDigestCredential = (HTTPDigestCredential) httpServletCredential;
        String id = hTTPDigestCredential.getRequest().getSession(true).getId();
        DigestCredentials m7getCredential = hTTPDigestCredential.m7getCredential();
        Digest digest = m7getCredential.getDigest();
        if (digest.getUsername() == null || digest.getRealm() == null || digest.getNonce() == null || digest.getUri() == null || digest.getDigest() == null) {
            return null;
        }
        if ((digest.getOpaque() != null && !digest.getOpaque().equals(getOpaque())) || !digest.getRealm().equals(getRealmName()) || !digest.getQop().equals(this.qop) || validateNonce(digest, id) != NONCE_VALIDATION_RESULT.VALID || getIdentityManager().getUser(digest.getUsername()) == null) {
            return null;
        }
        getIdentityManager().validateCredentials(m7getCredential);
        if (m7getCredential.getStatus().equals(Credentials.Status.VALID)) {
            return new PicketBoxPrincipal(digest.getUsername());
        }
        return null;
    }

    @Override // org.picketbox.http.authentication.AbstractHTTPAuthentication
    protected void challengeClient(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        String id = httpServletRequest.getSession().getId();
        String contextPath = httpServletRequest.getContextPath();
        if (contextPath == null) {
            contextPath = "/";
        }
        String str = this.nonceGenerator.get();
        List<String> list = this.idVersusNonce.get(id);
        if (list == null) {
            list = new ArrayList();
            this.idVersusNonce.put(id, list);
        }
        list.add(str);
        StringBuilder sb = new StringBuilder("Digest realm=\"");
        sb.append(getRealmName()).append("\",");
        sb.append("domain=\"").append(contextPath).append("\",");
        sb.append("nonce=\"").append(str).append("\",");
        sb.append("algorithm=MD5,");
        sb.append("qop=").append(this.qop).append(",");
        sb.append("opaque=\"").append(getOpaque()).append("\",");
        sb.append("stale=\"").append(false).append("\"");
        httpServletResponse.setHeader(PicketBoxConstants.HTTP_WWW_AUTHENTICATE, sb.toString());
        try {
            httpServletResponse.sendError(401);
        } catch (IOException e) {
            throw new AuthenticationException(e);
        }
    }

    @Override // org.picketbox.http.authentication.AbstractHTTPAuthentication
    public String getRealmName() {
        HTTPDigestConfiguration digestConfiguration;
        HTTPAuthenticationConfiguration authenticationConfig = getAuthenticationConfig();
        if (authenticationConfig != null && (digestConfiguration = authenticationConfig.getDigestConfiguration()) != null && digestConfiguration.getRealm() != null) {
            this.realmName = digestConfiguration.getRealm();
        }
        return this.realmName;
    }
}
