package org.apache.catalina.authenticator;

import java.io.IOException;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Realm;
import org.apache.catalina.connector.Request;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.http.parser.Authorization;
import org.apache.tomcat.util.security.ConcurrentMessageDigest;
import org.apache.tomcat.util.security.MD5Encoder;
import org.codehaus.plexus.PlexusConstants;
import org.dashbuilder.dataset.json.KafkaDefJSONMarshaller;
import org.sonatype.plexus.components.sec.dispatcher.SecUtil;

/* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-9.0.38.jar:org/apache/catalina/authenticator/DigestAuthenticator.class */
public class DigestAuthenticator extends AuthenticatorBase {
    protected static final String QOP = "auth";
    protected Map<String, NonceInfo> nonces;
    protected String opaque;
    private final Log log = LogFactory.getLog((Class<?>) DigestAuthenticator.class);
    protected long lastTimestamp = 0;
    protected final Object lastTimestampLock = new Object();
    protected int nonceCacheSize = 1000;
    protected int nonceCountWindowSize = 100;
    protected String key = null;
    protected long nonceValidity = 300000;
    protected boolean validateUri = true;

    /* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-9.0.38.jar:org/apache/catalina/authenticator/DigestAuthenticator$DigestInfo.class */
    public static class DigestInfo {
        private final String opaque;
        private final long nonceValidity;
        private final String key;
        private final Map<String, NonceInfo> nonces;
        private boolean validateUri;
        private String userName = null;
        private String method = null;
        private String uri = null;
        private String response = null;
        private String nonce = null;
        private String nc = null;
        private String cnonce = null;
        private String realmName = null;
        private String qop = null;
        private String opaqueReceived = null;
        private boolean nonceStale = false;

        public DigestInfo(String str, long j, String str2, Map<String, NonceInfo> map, boolean z) {
            this.validateUri = true;
            this.opaque = str;
            this.nonceValidity = j;
            this.key = str2;
            this.nonces = map;
            this.validateUri = z;
        }

        public String getUsername() {
            return this.userName;
        }

        public boolean parse(Request request, String str) {
            if (str == null) {
                return false;
            }
            try {
                Map<String, String> parseAuthorizationDigest = Authorization.parseAuthorizationDigest(new StringReader(str));
                if (parseAuthorizationDigest == null) {
                    return false;
                }
                this.method = request.getMethod();
                this.userName = parseAuthorizationDigest.get("username");
                this.realmName = parseAuthorizationDigest.get(PlexusConstants.REALM_VISIBILITY);
                this.nonce = parseAuthorizationDigest.get("nonce");
                this.nc = parseAuthorizationDigest.get("nc");
                this.cnonce = parseAuthorizationDigest.get("cnonce");
                this.qop = parseAuthorizationDigest.get("qop");
                this.uri = parseAuthorizationDigest.get("uri");
                this.response = parseAuthorizationDigest.get("response");
                this.opaqueReceived = parseAuthorizationDigest.get("opaque");
                return true;
            } catch (IOException e) {
                return false;
            }
        }

        /* JADX WARN: Type inference failed for: r0v53, types: [byte[], byte[][]] */
        public boolean validate(Request request) {
            int indexOf;
            NonceInfo nonceInfo;
            if (this.userName == null || this.realmName == null || this.nonce == null || this.uri == null || this.response == null) {
                return false;
            }
            if (this.validateUri) {
                String queryString = request.getQueryString();
                String requestURI = queryString == null ? request.getRequestURI() : request.getRequestURI() + "?" + queryString;
                if (!this.uri.equals(requestURI)) {
                    String header = request.getHeader(KafkaDefJSONMarshaller.HOST);
                    String scheme = request.getScheme();
                    if (header == null || requestURI.startsWith(scheme)) {
                        return false;
                    }
                    if (!this.uri.equals(scheme + SecUtil.PROTOCOL_DELIM + header + requestURI)) {
                        return false;
                    }
                }
            }
            if (!AuthenticatorBase.getRealmName(request.getContext()).equals(this.realmName) || !this.opaque.equals(this.opaqueReceived) || (indexOf = this.nonce.indexOf(58)) < 0 || indexOf + 1 == this.nonce.length()) {
                return false;
            }
            try {
                long parseLong = Long.parseLong(this.nonce.substring(0, indexOf));
                String substring = this.nonce.substring(indexOf + 1);
                if (System.currentTimeMillis() - parseLong > this.nonceValidity) {
                    this.nonceStale = true;
                    synchronized (this.nonces) {
                        this.nonces.remove(this.nonce);
                    }
                }
                if (!MD5Encoder.encode(ConcurrentMessageDigest.digestMD5(new byte[]{(request.getRemoteAddr() + ":" + parseLong + ":" + this.key).getBytes(StandardCharsets.ISO_8859_1)})).equals(substring)) {
                    return false;
                }
                if (this.qop != null && !"auth".equals(this.qop)) {
                    return false;
                }
                if (this.qop == null) {
                    return this.cnonce == null && this.nc == null;
                }
                if (this.cnonce == null || this.nc == null || this.nc.length() < 6 || this.nc.length() > 8) {
                    return false;
                }
                try {
                    long parseLong2 = Long.parseLong(this.nc, 16);
                    synchronized (this.nonces) {
                        nonceInfo = this.nonces.get(this.nonce);
                    }
                    if (nonceInfo != null) {
                        return nonceInfo.nonceCountValid(parseLong2);
                    }
                    this.nonceStale = true;
                    return true;
                } catch (NumberFormatException e) {
                    return false;
                }
            } catch (NumberFormatException e2) {
                return false;
            }
        }

        public boolean isNonceStale() {
            return this.nonceStale;
        }

        /* JADX WARN: Type inference failed for: r0v6, types: [byte[], byte[][]] */
        public Principal authenticate(Realm realm) {
            return realm.authenticate(this.userName, this.response, this.nonce, this.nc, this.cnonce, this.qop, this.realmName, MD5Encoder.encode(ConcurrentMessageDigest.digestMD5(new byte[]{(this.method + ":" + this.uri).getBytes(StandardCharsets.ISO_8859_1)})));
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-9.0.38.jar:org/apache/catalina/authenticator/DigestAuthenticator$NonceInfo.class */
    public static class NonceInfo {
        private final long timestamp;
        private final boolean[] seen;
        private final int offset;
        private int count = 0;

        public NonceInfo(long j, int i) {
            this.timestamp = j;
            this.seen = new boolean[i];
            this.offset = i / 2;
        }

        public synchronized boolean nonceCountValid(long j) {
            if (this.count - this.offset >= j || j > (this.count - this.offset) + this.seen.length) {
                return false;
            }
            int length = (int) ((j + this.offset) % this.seen.length);
            if (this.seen[length]) {
                return false;
            }
            this.seen[length] = true;
            this.seen[this.count % this.seen.length] = false;
            this.count++;
            return true;
        }

        public long getTimestamp() {
            return this.timestamp;
        }
    }

    public DigestAuthenticator() {
        setCache(false);
    }

    public int getNonceCountWindowSize() {
        return this.nonceCountWindowSize;
    }

    public void setNonceCountWindowSize(int i) {
        this.nonceCountWindowSize = i;
    }

    public int getNonceCacheSize() {
        return this.nonceCacheSize;
    }

    public void setNonceCacheSize(int i) {
        this.nonceCacheSize = i;
    }

    public String getKey() {
        return this.key;
    }

    public void setKey(String str) {
        this.key = str;
    }

    public long getNonceValidity() {
        return this.nonceValidity;
    }

    public void setNonceValidity(long j) {
        this.nonceValidity = j;
    }

    public String getOpaque() {
        return this.opaque;
    }

    public void setOpaque(String str) {
        this.opaque = str;
    }

    public boolean isValidateUri() {
        return this.validateUri;
    }

    public void setValidateUri(boolean z) {
        this.validateUri = z;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    protected boolean doAuthenticate(Request request, HttpServletResponse httpServletResponse) throws IOException {
        if (checkForCachedAuthentication(request, httpServletResponse, false)) {
            return true;
        }
        Principal principal = null;
        String header = request.getHeader("authorization");
        DigestInfo digestInfo = new DigestInfo(getOpaque(), getNonceValidity(), getKey(), this.nonces, isValidateUri());
        if (header != null && digestInfo.parse(request, header)) {
            if (digestInfo.validate(request)) {
                principal = digestInfo.authenticate(this.context.getRealm());
            }
            if (principal != null && !digestInfo.isNonceStale()) {
                register(request, httpServletResponse, principal, HttpServletRequest.DIGEST_AUTH, digestInfo.getUsername(), null);
                return true;
            }
        }
        setAuthenticateHeader(request, httpServletResponse, generateNonce(request), principal != null && digestInfo.isNonceStale());
        httpServletResponse.sendError(401);
        return false;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    protected String getAuthMethod() {
        return HttpServletRequest.DIGEST_AUTH;
    }

    protected static String removeQuotes(String str, boolean z) {
        return (str.length() <= 0 || str.charAt(0) == '\"' || z) ? str.length() > 2 ? str.substring(1, str.length() - 1) : "" : str;
    }

    protected static String removeQuotes(String str) {
        return removeQuotes(str, false);
    }

    /*  JADX ERROR: Failed to decode insn: 0x0024: MOVE_MULTI, method: org.apache.catalina.authenticator.DigestAuthenticator.generateNonce(org.apache.catalina.connector.Request):java.lang.String
        java.lang.ArrayIndexOutOfBoundsException: arraycopy: source index -1 out of bounds for object array[6]
        	at java.base/java.lang.System.arraycopy(Native Method)
        	at jadx.plugins.input.java.data.code.StackState.insert(StackState.java:49)
        	at jadx.plugins.input.java.data.code.CodeDecodeState.insert(CodeDecodeState.java:118)
        	at jadx.plugins.input.java.data.code.JavaInsnsRegister.dup2x1(JavaInsnsRegister.java:313)
        	at jadx.plugins.input.java.data.code.JavaInsnData.decode(JavaInsnData.java:46)
        	at jadx.core.dex.instructions.InsnDecoder.lambda$process$0(InsnDecoder.java:54)
        	at jadx.plugins.input.java.data.code.JavaCodeReader.visitInstructions(JavaCodeReader.java:81)
        	at jadx.core.dex.instructions.InsnDecoder.process(InsnDecoder.java:50)
        	at jadx.core.dex.nodes.MethodNode.load(MethodNode.java:156)
        	at jadx.core.dex.nodes.ClassNode.load(ClassNode.java:443)
        	at jadx.core.ProcessClass.process(ProcessClass.java:70)
        	at jadx.core.ProcessClass.generateCode(ProcessClass.java:118)
        	at jadx.core.dex.nodes.ClassNode.generateClassCode(ClassNode.java:400)
        	at jadx.core.dex.nodes.ClassNode.decompile(ClassNode.java:388)
        	at jadx.core.dex.nodes.ClassNode.getCode(ClassNode.java:338)
        */
    protected java.lang.String generateNonce(org.apache.catalina.connector.Request r7) {
        /*
            r6 = this;
            long r0 = java.lang.System.currentTimeMillis()
            r8 = r0
            r0 = r6
            java.lang.Object r0 = r0.lastTimestampLock
            r1 = r0
            r10 = r1
            monitor-enter(r0)
            r0 = r8
            r1 = r6
            long r1 = r1.lastTimestamp
            int r0 = (r0 > r1 ? 1 : (r0 == r1 ? 0 : -1))
            if (r0 <= 0) goto L1d
            r0 = r6
            r1 = r8
            r0.lastTimestamp = r1
            goto L29
            r0 = r6
            r1 = r0
            long r1 = r1.lastTimestamp
            r2 = 1
            long r1 = r1 + r2
            // decode failed: arraycopy: source index -1 out of bounds for object array[6]
            r0.lastTimestamp = r1
            r8 = r-1
            r0 = r10
            monitor-exit(r0)
            goto L37
            r11 = move-exception
            r0 = r10
            monitor-exit(r0)
            r0 = r11
            throw r0
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            r1 = r0
            r1.<init>()
            r1 = r7
            java.lang.String r1 = r1.getRemoteAddr()
            java.lang.StringBuilder r0 = r0.append(r1)
            java.lang.String r1 = ":"
            java.lang.StringBuilder r0 = r0.append(r1)
            r1 = r8
            java.lang.StringBuilder r0 = r0.append(r1)
            java.lang.String r1 = ":"
            java.lang.StringBuilder r0 = r0.append(r1)
            r1 = r6
            java.lang.String r1 = r1.getKey()
            java.lang.StringBuilder r0 = r0.append(r1)
            java.lang.String r0 = r0.toString()
            r10 = r0
            r0 = 1
            byte[] r0 = new byte[r0]
            r1 = r0
            r2 = 0
            r3 = r10
            java.nio.charset.Charset r4 = java.nio.charset.StandardCharsets.ISO_8859_1
            byte[] r3 = r3.getBytes(r4)
            r1[r2] = r3
            byte[] r0 = org.apache.tomcat.util.security.ConcurrentMessageDigest.digestMD5(r0)
            r11 = r0
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            r1 = r0
            r1.<init>()
            r1 = r8
            java.lang.StringBuilder r0 = r0.append(r1)
            java.lang.String r1 = ":"
            java.lang.StringBuilder r0 = r0.append(r1)
            r1 = r11
            java.lang.String r1 = org.apache.tomcat.util.security.MD5Encoder.encode(r1)
            java.lang.StringBuilder r0 = r0.append(r1)
            java.lang.String r0 = r0.toString()
            r12 = r0
            org.apache.catalina.authenticator.DigestAuthenticator$NonceInfo r0 = new org.apache.catalina.authenticator.DigestAuthenticator$NonceInfo
            r1 = r0
            r2 = r8
            r3 = r6
            int r3 = r3.getNonceCountWindowSize()
            r1.<init>(r2, r3)
            r13 = r0
            r0 = r6
            java.util.Map<java.lang.String, org.apache.catalina.authenticator.DigestAuthenticator$NonceInfo> r0 = r0.nonces
            r1 = r0
            r14 = r1
            monitor-enter(r0)
            r0 = r6
            java.util.Map<java.lang.String, org.apache.catalina.authenticator.DigestAuthenticator$NonceInfo> r0 = r0.nonces
            r1 = r12
            r2 = r13
            java.lang.Object r0 = r0.put(r1, r2)
            r0 = r14
            monitor-exit(r0)
            goto Lc2
            r15 = move-exception
            r0 = r14
            monitor-exit(r0)
            r0 = r15
            throw r0
            r0 = r12
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.catalina.authenticator.DigestAuthenticator.generateNonce(org.apache.catalina.connector.Request):java.lang.String");
    }

    protected void setAuthenticateHeader(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, boolean z) {
        String realmName = getRealmName(this.context);
        httpServletResponse.setHeader("WWW-Authenticate", z ? "Digest realm=\"" + realmName + "\", qop=\"auth\", nonce=\"" + str + "\", opaque=\"" + getOpaque() + "\", stale=true" : "Digest realm=\"" + realmName + "\", qop=\"auth\", nonce=\"" + str + "\", opaque=\"" + getOpaque() + "\"");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.catalina.authenticator.AuthenticatorBase, org.apache.catalina.valves.ValveBase, org.apache.catalina.util.LifecycleBase
    public synchronized void startInternal() throws LifecycleException {
        super.startInternal();
        if (getKey() == null) {
            setKey(this.sessionIdGenerator.generateSessionId());
        }
        if (getOpaque() == null) {
            setOpaque(this.sessionIdGenerator.generateSessionId());
        }
        this.nonces = new LinkedHashMap<String, NonceInfo>() { // from class: org.apache.catalina.authenticator.DigestAuthenticator.1
            private static final long serialVersionUID = 1;
            private static final long LOG_SUPPRESS_TIME = 300000;
            private long lastLog = 0;

            @Override // java.util.LinkedHashMap
            protected boolean removeEldestEntry(Map.Entry<String, NonceInfo> entry) {
                long currentTimeMillis = System.currentTimeMillis();
                if (size() <= DigestAuthenticator.this.getNonceCacheSize()) {
                    return false;
                }
                if (this.lastLog >= currentTimeMillis || currentTimeMillis - entry.getValue().getTimestamp() >= DigestAuthenticator.this.getNonceValidity()) {
                    return true;
                }
                DigestAuthenticator.this.log.warn(AuthenticatorBase.sm.getString("digestAuthenticator.cacheRemove"));
                this.lastLog = currentTimeMillis + LOG_SUPPRESS_TIME;
                return true;
            }
        };
    }
}
