package com.noelios.restlet.authentication;

import com.noelios.restlet.util.AuthenticationUtils;
import com.noelios.restlet.util.Base64;
import com.noelios.restlet.util.SecurityUtils;
import java.util.Iterator;
import java.util.logging.Logger;
import javax.security.auth.login.CredentialException;
import org.apache.batik.svggen.SVGSyntax;
import org.apache.log4j.spi.LocationInfo;
import org.apache.webdav.lib.methods.XMLResponseMethodBase;
import org.restlet.Guard;
import org.restlet.data.ChallengeRequest;
import org.restlet.data.ChallengeResponse;
import org.restlet.data.ChallengeScheme;
import org.restlet.data.Parameter;
import org.restlet.data.Reference;
import org.restlet.data.Request;
import org.restlet.data.Response;
import org.restlet.util.Engine;
import org.restlet.util.Series;

/* loaded from: input_file:com/noelios/restlet/authentication/HttpDigestHelper.class */
public class HttpDigestHelper extends AuthenticationHelper {
    private static String getHashedSecret(String str, Guard guard) {
        return Engine.getInstance().toMd5(str + ":" + guard.getRealm() + ":" + new String(guard.findSecret(str)));
    }

    private static boolean isNonceValid(String str, String str2, long j) throws CredentialException {
        try {
            String str3 = new String(Base64.decode(str));
            long parseLong = Long.parseLong(str3.substring(0, str3.indexOf(58)));
            if (str3.equals(parseLong + ":" + SecurityUtils.toMd5(parseLong + ":" + str2))) {
                return j > System.currentTimeMillis() - parseLong;
            }
            throw new CredentialException("nonce does not match secretKey");
        } catch (Exception e) {
            throw new CredentialException("error parsing nonce: " + e);
        }
    }

    public HttpDigestHelper() {
        super(ChallengeScheme.HTTP_DIGEST, true, true);
    }

    @Override // com.noelios.restlet.authentication.AuthenticationHelper
    public int authenticate(ChallengeResponse challengeResponse, Request request, Guard guard) {
        Series<Parameter> parameters = challengeResponse.getParameters();
        String firstValue = parameters.getFirstValue("username");
        String firstValue2 = parameters.getFirstValue("nonce");
        String firstValue3 = parameters.getFirstValue(XMLResponseMethodBase.Response.TAG_NAME);
        String firstValue4 = parameters.getFirstValue("uri");
        String firstValue5 = parameters.getFirstValue("qop");
        String firstValue6 = parameters.getFirstValue("nc");
        String firstValue7 = parameters.getFirstValue("cnonce");
        try {
            if (!isNonceValid(firstValue2, guard.getServerKey(), guard.getNonceLifespan())) {
                return 2;
            }
            if (AuthenticationUtils.anyNull(firstValue, firstValue2, firstValue3, firstValue4)) {
                return 0;
            }
            Reference resourceRef = request.getResourceRef();
            String path = resourceRef.getPath();
            if (resourceRef.getQuery() != null && firstValue4.indexOf(63) > -1) {
                path = path + LocationInfo.NA + resourceRef.getQuery();
            }
            if (!firstValue4.equals(path)) {
                return -1;
            }
            String hashedSecret = getHashedSecret(firstValue, guard);
            String md5 = Engine.getInstance().toMd5(request.getMethod() + ":" + path);
            StringBuffer append = new StringBuffer(hashedSecret).append(':').append(firstValue2);
            if (!AuthenticationUtils.anyNull(firstValue5, firstValue7, firstValue6)) {
                append.append(':').append(firstValue6).append(':').append(firstValue7).append(':').append(firstValue5);
            }
            append.append(':').append(md5);
            return firstValue3.equals(Engine.getInstance().toMd5(append.toString())) ? 1 : -1;
        } catch (CredentialException e) {
            return -1;
        }
    }

    @Override // com.noelios.restlet.authentication.AuthenticationHelper
    public void challenge(Response response, boolean z, Guard guard) {
        super.challenge(response, z, guard);
        if (z) {
            response.getAttributes().put("stale", "true");
        }
        Series<Parameter> parameters = response.getChallengeRequest().getParameters();
        StringBuffer stringBuffer = new StringBuffer();
        Iterator<String> it = guard.getDomainUris().iterator();
        while (it.hasNext()) {
            stringBuffer.append(it.next()).append(' ');
        }
        if (stringBuffer.length() > 0) {
            stringBuffer.delete(stringBuffer.length() - 1, stringBuffer.length());
            parameters.add("domain", stringBuffer.toString());
        }
        parameters.add("nonce", SecurityUtils.makeNonce(guard.getServerKey()));
        if (response.getAttributes().containsKey("stale")) {
            parameters.add("stale", "true");
        }
    }

    @Override // com.noelios.restlet.authentication.AuthenticationHelper
    public void formatCredentials(StringBuilder sb, ChallengeResponse challengeResponse, Request request, Series<Parameter> series) {
        Series<Parameter> parameters = challengeResponse.getParameters();
        Iterator<E> it = parameters.iterator();
        while (it.hasNext()) {
            Parameter parameter = (Parameter) it.next();
            sb.append(parameter.getName()).append('=');
            if (parameter.getName().equals("qop") || parameter.getName().equals("algorithm") || parameter.getName().equals("nc")) {
                sb.append(parameter.getValue()).append(SVGSyntax.COMMA);
            } else {
                sb.append('\"').append(parameter.getValue()).append('\"').append(SVGSyntax.COMMA);
            }
        }
        if (parameters.isEmpty()) {
            return;
        }
        sb.deleteCharAt(sb.length() - 1);
    }

    @Override // com.noelios.restlet.authentication.AuthenticationHelper
    public void formatParameters(StringBuilder sb, Series<Parameter> series, ChallengeRequest challengeRequest) {
        sb.append(", domain=\"").append(series.getFirstValue("domain")).append('\"');
        sb.append(", qop=\"auth\"");
        sb.append(", algorithm=MD5");
        sb.append(", nonce=\"").append(series.getFirstValue("nonce")).append('\"');
        if (series.getFirst("stale") != null) {
            sb.append(", stale=\"true\"");
        }
    }

    @Override // com.noelios.restlet.authentication.AuthenticationHelper
    public void parseResponse(ChallengeResponse challengeResponse, Request request, Logger logger, String str) {
        AuthenticationUtils.parseParameters(challengeResponse.getCredentials(), challengeResponse.getParameters());
    }
}
