package nl.knowledgeplaza.securityfilter;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.HashMap;
import java.util.Random;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import nl.knowledgeplaza.util.ConfigurationProperties;
import nl.knowledgeplaza.util.StringUtil;
import oracle.net.ano.AnoServices;
import org.apache.log4j.Logger;
import org.apache.log4j.spi.Configurator;
import org.tbee.swing.jpa.searchComponent.JpaEntitySearchComponentJComboBoxJCheckBox;

/* loaded from: input_file:WEB-INF/lib/KpSecurityFilter-1.30.jar:nl/knowledgeplaza/securityfilter/SecurityInterfaceDigest.class */
public class SecurityInterfaceDigest extends SecurityInterface {
    public static final String SOURCECODE_VERSION = "$Revision: 1.9 $";
    private String iRealm;
    static Logger log4j = Logger.getLogger(SecurityInterfaceDigest.class.getName());
    public static final String SESSION_ATTRIBUTE_NONCE = SecurityInterfaceDigest.class.getName() + ".NONCE";

    public SecurityInterfaceDigest(ConfigurationProperties configurationProperties, SecurityFilter securityFilter) throws ServletException {
        this.iRealm = null;
        this.iRealm = configurationProperties.get2(this, "DigestRealm");
        if (this.iRealm == null) {
            this.iRealm = configurationProperties.get2(securityFilter, "DigestRealm");
        }
        if (log4j.isDebugEnabled()) {
            log4j.debug("DigestRealm=" + this.iRealm);
        }
    }

    @Override // nl.knowledgeplaza.securityfilter.SecurityInterface
    public Principal authenticate(SecurityFilter securityFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Principal principal) throws ServletException {
        if (this.iRealm == null) {
            if (!log4j.isDebugEnabled()) {
                return null;
            }
            log4j.debug("DIGEST not configured");
            return null;
        }
        if (log4j.isDebugEnabled()) {
            log4j.debug("Is this request a DIGEST AUTHENTICATION login?");
        }
        if (log4j.isDebugEnabled()) {
            log4j.debug("Authorisation header = " + httpServletRequest.getHeader("Authorization"));
        }
        if (httpServletRequest.getHeader("Authorization") != null) {
            if (log4j.isDebugEnabled()) {
                log4j.debug("DIGEST AUTHENTICATION LOGIN!");
            }
            if (log4j.isDebugEnabled()) {
                log4j.debug("we are processing a login via DIGEST");
            }
            if (log4j.isDebugEnabled()) {
                log4j.debug("Authorization header: " + httpServletRequest.getHeader("Authorization"));
            }
            HashMap hashMap = new HashMap();
            String[] split = httpServletRequest.getHeader("Authorization").substring("Digest ".length()).split(",");
            for (int i = 0; i < split.length; i++) {
                if (log4j.isDebugEnabled()) {
                    log4j.debug("Authorization parameter " + i + ": " + split[i].trim());
                }
                int indexOf = split[i].indexOf(JpaEntitySearchComponentJComboBoxJCheckBox.OPERATOR_EQUALS);
                String trim = split[i].substring(0, indexOf).trim();
                String trim2 = split[i].substring(indexOf + 1).trim();
                if (trim2.startsWith("\"") && trim2.endsWith("\"")) {
                    trim2 = trim2.substring(1, trim2.length() - 1);
                }
                if (log4j.isDebugEnabled()) {
                    log4j.debug("Authorization parameter " + i + ": key=" + trim + ", value=" + trim2);
                }
                hashMap.put(trim, trim2);
            }
            try {
                String password = securityFilter.getPassword(httpServletRequest, (String) hashMap.get("username"), null);
                if (log4j.isDebugEnabled()) {
                    log4j.debug("Password=" + (password == null ? Configurator.NULL : StringUtil.prepad("", password.length(), '*')));
                }
                MessageDigest messageDigest = MessageDigest.getInstance(AnoServices.CHECKSUM_MD5);
                messageDigest.update((hashMap.get("username") + ":" + hashMap.get("realm") + ":" + password).getBytes());
                byte[] digest = messageDigest.digest();
                MessageDigest messageDigest2 = MessageDigest.getInstance(AnoServices.CHECKSUM_MD5);
                messageDigest2.update((httpServletRequest.getMethod() + ":" + hashMap.get("uri")).getBytes());
                byte[] digest2 = messageDigest2.digest();
                String str = (String) httpServletRequest.getSession().getAttribute(SESSION_ATTRIBUTE_NONCE);
                httpServletRequest.getSession().removeAttribute(SESSION_ATTRIBUTE_NONCE);
                if (log4j.isDebugEnabled()) {
                    log4j.debug("Retrieved remembered NONCE (from session)=" + str);
                }
                MessageDigest messageDigest3 = MessageDigest.getInstance(AnoServices.CHECKSUM_MD5);
                messageDigest3.update((StringUtil.toHexString(digest).toLowerCase() + ":" + str + ":" + hashMap.get("nc") + ":" + hashMap.get("cnonce") + ":" + hashMap.get("qop") + ":" + StringUtil.toHexString(digest2).toLowerCase()).getBytes());
                String lowerCase = StringUtil.toHexString(messageDigest3.digest()).toLowerCase();
                if (log4j.isDebugEnabled()) {
                    log4j.debug("Calculated response hash = " + lowerCase);
                }
                if (log4j.isDebugEnabled()) {
                    log4j.debug("Client's response hash = " + hashMap.get("response"));
                }
                if (lowerCase.equalsIgnoreCase((String) hashMap.get("response"))) {
                    SecurityFilterPrincipal securityFilterPrincipal = new SecurityFilterPrincipal((String) hashMap.get("username"), null);
                    if (log4j.isDebugEnabled()) {
                        log4j.debug("Authenticated as " + securityFilterPrincipal);
                    }
                    return securityFilterPrincipal;
                }
                if (log4j.isDebugEnabled()) {
                    log4j.debug("Calculated and client's hashes do not match authentication failed.");
                }
            } catch (NoSuchAlgorithmException e) {
                if (!log4j.isInfoEnabled()) {
                    return null;
                }
                log4j.info(e);
                return null;
            }
        }
        if (log4j.isDebugEnabled()) {
            log4j.debug("There is no (valid) DIGEST AUTHENTICATION header present, send header");
        }
        StringBuffer stringBuffer = new StringBuffer();
        Random random = new Random(System.currentTimeMillis());
        for (int i2 = 0; i2 < 64; i2++) {
            int nextInt = random.nextInt("01234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ".length());
            stringBuffer.append("01234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ".substring(nextInt, nextInt + 1));
        }
        if (log4j.isDebugEnabled()) {
            log4j.debug("Generated NONCE (stored in session)=" + ((Object) stringBuffer));
        }
        httpServletRequest.getSession().setAttribute(SESSION_ATTRIBUTE_NONCE, stringBuffer.toString());
        httpServletResponse.addHeader("WWW-Authenticate", "Digest realm=\"" + this.iRealm + "\" , domain=\"" + httpServletRequest.getContextPath() + "\" , qop=\"auth\" , algorithm=MD5 , nonce=" + ((Object) stringBuffer) + " , opaque=\"" + httpServletRequest.getSession().getId() + "\" ");
        httpServletResponse.setStatus(401);
        return SecurityFilter.AUTHENTICATION_IN_PROGRESS;
    }
}
