package com.sun.server.http.security;

import com.sun.server.realm.AuthenticationException;
import com.sun.server.realm.BadRealmException;
import com.sun.server.realm.NoSuchUserException;
import com.sun.server.realm.Realm;
import com.sun.server.realm.sharedpassword.SharedPasswordUser;
import com.sun.server.util.ServerTracer;
import com.sun.server.util.SimpleHashtable;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.Random;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/sun/server/http/security/DigestAuthentication.class */
public class DigestAuthentication extends HttpAuthenticator {
    private String secretKey;
    private final long NONCEEXPIRATION = 1800000;
    private transient SimpleHashtable nonceTable;
    private static ServerTracer tracer = new ServerTracer("DigestAuthentication");

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/sun/server/http/security/DigestAuthentication$NonceTableElement.class */
    public static class NonceTableElement {
        public long timeStamp;
        public String nonce;

        NonceTableElement() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/sun/server/http/security/DigestAuthentication$StaleNonceException.class */
    public static class StaleNonceException extends AuthenticationException {
        StaleNonceException(String str) {
            super(str);
        }
    }

    public DigestAuthentication(Realm realm) {
        super(realm, "Digest");
        this.NONCEEXPIRATION = 1800000L;
        this.nonceTable = new SimpleHashtable();
        byte[] bArr = new byte[16];
        new Random().nextBytes(bArr);
        this.secretKey = MD5Encoder.encode(bArr);
    }

    public String generateNonce(HttpServletRequest httpServletRequest) throws NoSuchAlgorithmException {
        String remoteAddr = httpServletRequest.getRemoteAddr();
        NonceTableElement nonceTableElement = (NonceTableElement) this.nonceTable.get(remoteAddr);
        if (nonceTableElement != null && nonceTableElement.nonce != null) {
            return nonceTableElement.nonce;
        }
        long currentTimeMillis = System.currentTimeMillis();
        String hash = MD5Digest.hash(new String(new StringBuffer(String.valueOf(remoteAddr)).append(":").append(currentTimeMillis).append(":").append(this.secretKey).toString()));
        NonceTableElement nonceTableElement2 = new NonceTableElement();
        nonceTableElement2.timeStamp = currentTimeMillis;
        nonceTableElement2.nonce = hash;
        this.nonceTable.put(remoteAddr, nonceTableElement2);
        return hash;
    }

    @Override // com.sun.server.http.security.HttpAuthenticator
    protected void sendError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        sendError(false, httpServletRequest, httpServletResponse);
    }

    private void sendError(boolean z, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletRequest.getRemoteAddr();
        try {
            httpServletResponse.setHeader("WWW-Authenticate", new StringBuffer("Digest realm=\"").append(getRealm()).append("\",\n").append("\tnonce=\"").append(generateNonce(httpServletRequest)).append("\",\n").append("\tdomain=\"").append(httpServletRequest.getRequestURI()).append("\",\n").append("\tstale=").append(z ? "true" : "false").append(",\n").append("\talgorithm=MD5").toString());
            httpServletResponse.sendError(401);
        } catch (NoSuchAlgorithmException unused) {
            throw new IOException("No MD5 support");
        }
    }

    private SharedPasswordUser getUser(String str) throws AuthenticationException {
        try {
            return (SharedPasswordUser) getRealm().getUser(str);
        } catch (BadRealmException unused) {
            throw new AuthenticationException(failureString("bad realm"));
        } catch (NoSuchUserException unused2) {
            throw new AuthenticationException(failureString("no such user"));
        } catch (ClassCastException unused3) {
            throw new AuthenticationException(failureString("can't get passphrase"));
        }
    }

    @Override // com.sun.server.http.security.HttpAuthenticator
    public Principal getAuthenticatedPrincipal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException {
        try {
            return validateDigestAuthenticationHeader(getAuthHeader(httpServletRequest, httpServletResponse), httpServletRequest.getMethod(), httpServletRequest.getRequestURI(), httpServletRequest.getRemoteAddr());
        } catch (StaleNonceException e) {
            sendError(true, httpServletRequest, httpServletResponse);
            throw e;
        } catch (AuthenticationException e2) {
            sendError(httpServletRequest, httpServletResponse);
            throw e2;
        }
    }

    public Principal validateDigestAuthenticationHeader(String str, String str2, String str3, String str4) throws AuthenticationException, IOException {
        if (str == null) {
            throw new AuthenticationException("No digest auth header");
        }
        DigestAuthResponse digestAuthResponse = new DigestAuthResponse(str);
        if (!str3.startsWith(digestAuthResponse.getURI())) {
            throw new AuthenticationException(failureString("Wrong URI"));
        }
        try {
            SharedPasswordUser user = getUser(digestAuthResponse.getUserName());
            try {
                String computeDigest = MD5Digest.computeDigest(digestAuthResponse.getUserName(), user.getPassword(), getRealm().getName(), str2, digestAuthResponse.getURI(), digestAuthResponse.getNonce());
                if (!computeDigest.equals(digestAuthResponse.getResponse())) {
                    if (tracer.isTracing()) {
                        debug(new StringBuffer("local  = ").append(computeDigest).toString());
                        debug(new StringBuffer("remote = ").append(digestAuthResponse.getResponse()).toString());
                    }
                    throw new AuthenticationException(failureString("Unrecognized password"));
                }
                NonceTableElement nonceTableElement = (NonceTableElement) this.nonceTable.get(str4);
                long currentTimeMillis = System.currentTimeMillis();
                if (nonceTableElement != null && currentTimeMillis - nonceTableElement.timeStamp <= 1800000 && nonceTableElement.nonce.equals(digestAuthResponse.getNonce())) {
                    return user;
                }
                this.nonceTable.remove(str4);
                throw new StaleNonceException(failureString("Invalid nonce"));
            } catch (NoSuchUserException unused) {
                throw new AuthenticationException(failureString("user does not exist"));
            } catch (NoSuchAlgorithmException unused2) {
                throw new AuthenticationException(failureString("MD5 algorithm is not available"));
            }
        } catch (AuthenticationException e) {
            throw e;
        }
    }

    private static void debug(String str) {
        tracer.trace(str);
    }
}
