package net.officefloor.web.security.scheme;

import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.security.MessageDigest;
import java.util.Properties;
import java.util.UUID;
import net.officefloor.frame.api.build.None;
import net.officefloor.server.http.HttpException;
import net.officefloor.server.http.HttpHeader;
import net.officefloor.server.http.HttpRequest;
import net.officefloor.server.http.HttpStatus;
import net.officefloor.server.http.ServerHttpConnection;
import net.officefloor.web.security.HttpAccessControl;
import net.officefloor.web.security.HttpAuthentication;
import net.officefloor.web.security.store.CredentialEntry;
import net.officefloor.web.security.store.CredentialStore;
import net.officefloor.web.security.store.CredentialStoreUtil;
import net.officefloor.web.session.HttpSession;
import net.officefloor.web.spi.security.AuthenticateContext;
import net.officefloor.web.spi.security.AuthenticationContext;
import net.officefloor.web.spi.security.ChallengeContext;
import net.officefloor.web.spi.security.HttpChallenge;
import net.officefloor.web.spi.security.HttpSecurity;
import net.officefloor.web.spi.security.HttpSecurityContext;
import net.officefloor.web.spi.security.HttpSecuritySourceContext;
import net.officefloor.web.spi.security.LogoutContext;
import net.officefloor.web.spi.security.RatifyContext;
import net.officefloor.web.spi.security.impl.AbstractHttpSecuritySource;
import net.officefloor.web.template.parse.WebTemplateParserConstants;
import net.officefloor.web.template.section.WebTemplateSectionSource;
import org.apache.commons.codec.binary.Hex;

/* loaded from: input_file:officeweb_security-3.14.0.jar:net/officefloor/web/security/scheme/DigestHttpSecuritySource.class */
public class DigestHttpSecuritySource extends AbstractHttpSecuritySource<HttpAuthentication<Void>, HttpAccessControl, Void, Dependencies, None> {
    public static final String AUTHENTICATION_SCHEME_DIGEST = "Digest";
    public static final String PROPERTY_REALM = "realm";
    public static final String PROPERTY_PRIVATE_KEY = "http.security.digest.private.key";
    private static final String SESSION_ATTRIBUTE_HTTP_SECURITY = "http.security.digest";
    protected static final String SECURITY_STATE_SESSION_KEY = "#" + DigestHttpSecuritySource.class.getName() + "#";
    private String realm;
    private String privateKey;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: net.officefloor.web.security.scheme.DigestHttpSecuritySource$1, reason: invalid class name */
    /* loaded from: input_file:officeweb_security-3.14.0.jar:net/officefloor/web/security/scheme/DigestHttpSecuritySource$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$net$officefloor$web$security$scheme$DigestHttpSecuritySource$ParameterState = new int[ParameterState.values().length];

        static {
            try {
                $SwitchMap$net$officefloor$web$security$scheme$DigestHttpSecuritySource$ParameterState[ParameterState.VALUE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$net$officefloor$web$security$scheme$DigestHttpSecuritySource$ParameterState[ParameterState.NAME.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$net$officefloor$web$security$scheme$DigestHttpSecuritySource$ParameterState[ParameterState.NAME_VALUE_SEPARATION.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$net$officefloor$web$security$scheme$DigestHttpSecuritySource$ParameterState[ParameterState.QUOTED_VALUE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$net$officefloor$web$security$scheme$DigestHttpSecuritySource$ParameterState[ParameterState.INIT.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* loaded from: input_file:officeweb_security-3.14.0.jar:net/officefloor/web/security/scheme/DigestHttpSecuritySource$Dependencies.class */
    public enum Dependencies {
        CREDENTIAL_STORE
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:officeweb_security-3.14.0.jar:net/officefloor/web/security/scheme/DigestHttpSecuritySource$Digest.class */
    public static class Digest {
        private static final byte[] COLON = WebTemplateSectionSource.OVERRIDE_SECTION_PREFIX.getBytes(AbstractHttpSecuritySource.UTF_8);
        private final MessageDigest digest;

        public Digest(String str) throws HttpException {
            this.digest = CredentialStoreUtil.createDigest(str);
            if (this.digest == null) {
                throw new HttpException(HttpStatus.INTERNAL_SERVER_ERROR, null, "Unable to create Digest for algorithm '" + str + "'");
            }
        }

        public void appendColon() {
            this.digest.update(COLON);
        }

        public void append(String str) {
            if (str == null) {
                return;
            }
            append(str.getBytes(AbstractHttpSecuritySource.UTF_8));
        }

        public void append(byte[] bArr) {
            this.digest.update(bArr);
        }

        public void append(InputStream inputStream) throws HttpException {
            try {
                int read = inputStream.read();
                while (read != -1) {
                    this.digest.update((byte) read);
                    read = inputStream.read();
                }
            } catch (IOException e) {
                throw new HttpException(e);
            }
        }

        public String getDigest() {
            return new String(Hex.encodeHex(this.digest.digest(), true));
        }
    }

    /* loaded from: input_file:officeweb_security-3.14.0.jar:net/officefloor/web/security/scheme/DigestHttpSecuritySource$DigestHttpSecurity.class */
    private class DigestHttpSecurity implements HttpSecurity<HttpAuthentication<Void>, HttpAccessControl, Void, Dependencies, None> {
        private final String realm;

        private DigestHttpSecurity(String str) {
            this.realm = str;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // net.officefloor.web.spi.security.HttpSecurity
        public HttpAuthentication<Void> createAuthentication(AuthenticationContext<HttpAccessControl, Void> authenticationContext) {
            HttpAuthenticationImpl httpAuthenticationImpl = new HttpAuthenticationImpl(authenticationContext, null);
            httpAuthenticationImpl.authenticate(null, null);
            return httpAuthenticationImpl;
        }

        @Override // net.officefloor.web.spi.security.HttpSecurity
        public boolean ratify(Void r5, RatifyContext<HttpAccessControl> ratifyContext) {
            HttpAccessControl httpAccessControl = (HttpAccessControl) ratifyContext.getSession().getAttribute(ratifyContext.getQualifiedAttributeName(DigestHttpSecuritySource.SESSION_ATTRIBUTE_HTTP_SECURITY));
            if (httpAccessControl != null) {
                ratifyContext.accessControlChange(httpAccessControl, null);
                return false;
            }
            HttpAuthenticationScheme httpAuthenticationScheme = HttpAuthenticationScheme.getHttpAuthenticationScheme(ratifyContext.getConnection().getRequest());
            return httpAuthenticationScheme != null && DigestHttpSecuritySource.AUTHENTICATION_SCHEME_DIGEST.equalsIgnoreCase(httpAuthenticationScheme.getAuthentiationScheme());
        }

        @Override // net.officefloor.web.spi.security.HttpSecurity
        public void authenticate(Void r7, AuthenticateContext<HttpAccessControl, Dependencies, None> authenticateContext) throws HttpException {
            SecurityState securityState;
            ServerHttpConnection connection = authenticateContext.getConnection();
            HttpSession session = authenticateContext.getSession();
            HttpRequest request = connection.getRequest();
            CredentialStore credentialStore = (CredentialStore) authenticateContext.getObject(Dependencies.CREDENTIAL_STORE);
            HttpAuthenticationScheme httpAuthenticationScheme = HttpAuthenticationScheme.getHttpAuthenticationScheme(request);
            if (httpAuthenticationScheme == null || !DigestHttpSecuritySource.AUTHENTICATION_SCHEME_DIGEST.equalsIgnoreCase(httpAuthenticationScheme.getAuthentiationScheme()) || (securityState = (SecurityState) session.getAttribute(authenticateContext.getQualifiedAttributeName(DigestHttpSecuritySource.SECURITY_STATE_SESSION_KEY))) == null) {
                return;
            }
            String str = securityState.nonce;
            Properties parseParameters = DigestHttpSecuritySource.this.parseParameters(httpAuthenticationScheme.getParameters());
            String property = parseParameters.getProperty("username");
            String property2 = parseParameters.getProperty("realm");
            String property3 = parseParameters.getProperty("response");
            String property4 = parseParameters.getProperty("opaque");
            String property5 = parseParameters.getProperty("uri");
            String property6 = parseParameters.getProperty("qop");
            String property7 = parseParameters.getProperty("cnonce");
            String property8 = parseParameters.getProperty("nc");
            if (securityState.opaque.equals(property4)) {
                if (property8 != null) {
                    try {
                        long j = 0;
                        for (int i = 0; i < Hex.decodeHex(property8.toCharArray()).length; i++) {
                            j = (j << 8) + r0[i];
                        }
                        if (securityState.nonceCount != j) {
                            return;
                        } else {
                            securityState.nonceCount++;
                        }
                    } catch (Exception e) {
                        throw new HttpException(e);
                    }
                }
                CredentialEntry retrieveCredentialEntry = credentialStore.retrieveCredentialEntry(property, property2);
                if (retrieveCredentialEntry == null) {
                    return;
                }
                byte[] retrieveCredentials = retrieveCredentialEntry.retrieveCredentials();
                String algorithm = credentialStore.getAlgorithm();
                String str2 = "";
                int indexOf = algorithm.indexOf(58);
                if (indexOf > 0) {
                    str2 = algorithm.substring(indexOf);
                    algorithm = algorithm.substring(0, indexOf);
                }
                String str3 = new String(retrieveCredentials, AbstractHttpSecuritySource.UTF_8);
                if (str2.equalsIgnoreCase("sess")) {
                    Digest digest = new Digest(algorithm);
                    digest.append(str3);
                    digest.appendColon();
                    digest.append(str);
                    digest.appendColon();
                    digest.append(property7);
                    str3 = digest.getDigest();
                }
                String name = request.getMethod().getName();
                Digest digest2 = new Digest(algorithm);
                digest2.append(name);
                digest2.appendColon();
                digest2.append(property5);
                if ("auth-int".equalsIgnoreCase(property6)) {
                    Digest digest3 = new Digest(algorithm);
                    digest3.append(request.getEntity().createBrowseInputStream());
                    digest2.appendColon();
                    digest2.append(digest3.getDigest());
                }
                String digest4 = digest2.getDigest();
                Digest digest5 = new Digest(algorithm);
                digest5.append(str3);
                digest5.appendColon();
                digest5.append(str);
                if ("auth".equalsIgnoreCase(property6) || "auth-int".equalsIgnoreCase(property6)) {
                    digest5.appendColon();
                    digest5.append(property8);
                    digest5.appendColon();
                    digest5.append(property7);
                    digest5.appendColon();
                    digest5.append(property6);
                }
                digest5.appendColon();
                digest5.append(digest4);
                if (digest5.getDigest().equals(property3)) {
                    HttpAccessControlImpl httpAccessControlImpl = new HttpAccessControlImpl(DigestHttpSecuritySource.AUTHENTICATION_SCHEME_DIGEST, property, retrieveCredentialEntry.retrieveRoles());
                    session.setAttribute(authenticateContext.getQualifiedAttributeName(DigestHttpSecuritySource.SESSION_ATTRIBUTE_HTTP_SECURITY), httpAccessControlImpl);
                    authenticateContext.accessControlChange(httpAccessControlImpl, null);
                }
            }
        }

        @Override // net.officefloor.web.spi.security.HttpSecurity
        public void challenge(ChallengeContext<Dependencies, None> challengeContext) throws HttpException {
            ServerHttpConnection connection = challengeContext.getConnection();
            HttpSession session = challengeContext.getSession();
            HttpRequest request = connection.getRequest();
            String algorithm = ((CredentialStore) challengeContext.getObject(Dependencies.CREDENTIAL_STORE)).getAlgorithm();
            String str = "";
            for (HttpHeader httpHeader : request.getHeaders()) {
                if ("ETag".equalsIgnoreCase(httpHeader.getName())) {
                    str = httpHeader.getValue();
                }
            }
            String timestamp = DigestHttpSecuritySource.this.getTimestamp();
            Digest digest = new Digest(algorithm);
            digest.append(timestamp);
            digest.appendColon();
            digest.append(str);
            digest.appendColon();
            digest.append(DigestHttpSecuritySource.this.privateKey);
            String digest2 = digest.getDigest();
            Digest digest3 = new Digest(algorithm);
            digest3.append(DigestHttpSecuritySource.this.getOpaqueSeed());
            String digest4 = digest3.getDigest();
            HttpChallenge challenge = challengeContext.setChallenge(DigestHttpSecuritySource.AUTHENTICATION_SCHEME_DIGEST, this.realm);
            challenge.addParameter("qop", "\"auth,auth-int\"");
            challenge.addParameter("nonce", "\"" + digest2 + "\"");
            challenge.addParameter("opaque", "\"" + digest4 + "\"");
            challenge.addParameter("algorithm", "\"" + algorithm + "\"");
            session.setAttribute(challengeContext.getQualifiedAttributeName(DigestHttpSecuritySource.SECURITY_STATE_SESSION_KEY), new SecurityState(digest2, digest4, null));
        }

        @Override // net.officefloor.web.spi.security.HttpSecurity
        public void logout(LogoutContext<Dependencies, None> logoutContext) throws HttpException {
            logoutContext.getSession().removeAttribute(logoutContext.getQualifiedAttributeName(DigestHttpSecuritySource.SESSION_ATTRIBUTE_HTTP_SECURITY));
        }

        /* synthetic */ DigestHttpSecurity(DigestHttpSecuritySource digestHttpSecuritySource, String str, AnonymousClass1 anonymousClass1) {
            this(str);
        }
    }

    /* loaded from: input_file:officeweb_security-3.14.0.jar:net/officefloor/web/security/scheme/DigestHttpSecuritySource$Mock.class */
    public static class Mock {
        protected static final String MOCK_NONCE = "dcd98b7102dd2f0e8b11d0f600bfb0c093";
        protected static final String MOCK_OPAQUE = "5ccc069c403ebaf9f0171e9517f40e41";
        protected static final SecurityState MOCK_SECURITY_STATE = new SecurityState(MOCK_NONCE, MOCK_OPAQUE, null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:officeweb_security-3.14.0.jar:net/officefloor/web/security/scheme/DigestHttpSecuritySource$ParameterState.class */
    public enum ParameterState {
        INIT,
        NAME,
        NAME_VALUE_SEPARATION,
        VALUE,
        QUOTED_VALUE
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:officeweb_security-3.14.0.jar:net/officefloor/web/security/scheme/DigestHttpSecuritySource$SecurityState.class */
    public static class SecurityState implements Serializable {
        private static final long serialVersionUID = 1;
        public final String nonce;
        public final String opaque;
        public int nonceCount;

        private SecurityState(String str, String str2) {
            this.nonceCount = 1;
            this.nonce = str;
            this.opaque = str2;
        }

        /* synthetic */ SecurityState(String str, String str2, AnonymousClass1 anonymousClass1) {
            this(str, str2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Properties parseParameters(String str) {
        ParameterState parameterState = ParameterState.INIT;
        int i = -1;
        String str2 = null;
        Properties properties = new Properties();
        for (int i2 = 0; i2 < str.length(); i2++) {
            switch (str.charAt(i2)) {
                case ' ':
                    switch (AnonymousClass1.$SwitchMap$net$officefloor$web$security$scheme$DigestHttpSecuritySource$ParameterState[parameterState.ordinal()]) {
                    }
                case '\"':
                    switch (AnonymousClass1.$SwitchMap$net$officefloor$web$security$scheme$DigestHttpSecuritySource$ParameterState[parameterState.ordinal()]) {
                        case WebTemplateParserConstants.SECTION /* 3 */:
                            i = i2 + 1;
                            parameterState = ParameterState.QUOTED_VALUE;
                            break;
                        case WebTemplateParserConstants.BEAN_COMMENT_OPEN /* 4 */:
                            properties.setProperty(str2.toLowerCase(), str.substring(i, i2));
                            parameterState = ParameterState.INIT;
                            break;
                    }
                case ',':
                    switch (AnonymousClass1.$SwitchMap$net$officefloor$web$security$scheme$DigestHttpSecuritySource$ParameterState[parameterState.ordinal()]) {
                        case WebTemplateParserConstants.LINK /* 1 */:
                            properties.setProperty(str2.toLowerCase(), str.substring(i, i2).trim());
                            parameterState = ParameterState.INIT;
                            break;
                    }
                case '=':
                    switch (AnonymousClass1.$SwitchMap$net$officefloor$web$security$scheme$DigestHttpSecuritySource$ParameterState[parameterState.ordinal()]) {
                        case WebTemplateParserConstants.PROPERTY /* 2 */:
                            str2 = str.substring(i, i2).trim();
                            parameterState = ParameterState.NAME_VALUE_SEPARATION;
                            break;
                    }
                default:
                    switch (AnonymousClass1.$SwitchMap$net$officefloor$web$security$scheme$DigestHttpSecuritySource$ParameterState[parameterState.ordinal()]) {
                        case WebTemplateParserConstants.SECTION /* 3 */:
                            i = i2;
                            parameterState = ParameterState.VALUE;
                            break;
                        case WebTemplateParserConstants.BEAN_COMMENT_CLOSE /* 5 */:
                            i = i2;
                            parameterState = ParameterState.NAME;
                            break;
                    }
            }
        }
        if (ParameterState.VALUE.equals(parameterState)) {
            properties.setProperty(str2.toLowerCase(), str.substring(i).trim());
        }
        return properties;
    }

    protected String getTimestamp() {
        return String.valueOf(System.currentTimeMillis());
    }

    protected String getOpaqueSeed() {
        return UUID.randomUUID().toString();
    }

    @Override // net.officefloor.web.spi.security.impl.AbstractHttpSecuritySource
    protected void loadSpecification(AbstractHttpSecuritySource.SpecificationContext specificationContext) {
        specificationContext.addProperty("realm", "Realm");
        specificationContext.addProperty(PROPERTY_PRIVATE_KEY, "Private Key");
    }

    @Override // net.officefloor.web.spi.security.impl.AbstractHttpSecuritySource
    protected void loadMetaData(AbstractHttpSecuritySource.MetaDataContext<HttpAuthentication<Void>, HttpAccessControl, Void, Dependencies, None> metaDataContext) throws Exception {
        HttpSecuritySourceContext httpSecuritySourceContext = metaDataContext.getHttpSecuritySourceContext();
        this.realm = httpSecuritySourceContext.getProperty("realm");
        this.privateKey = httpSecuritySourceContext.getProperty(PROPERTY_PRIVATE_KEY);
        metaDataContext.setAuthenticationClass(HttpAuthentication.class);
        metaDataContext.setAccessControlClass(HttpAccessControl.class);
        metaDataContext.addDependency(Dependencies.CREDENTIAL_STORE, CredentialStore.class);
    }

    @Override // net.officefloor.web.spi.security.HttpSecuritySource
    public HttpSecurity<HttpAuthentication<Void>, HttpAccessControl, Void, Dependencies, None> sourceHttpSecurity(HttpSecurityContext httpSecurityContext) throws HttpException {
        return new DigestHttpSecurity(this, this.realm, null);
    }
}
