package nl.knowledgeplaza.securityfilter;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.HashMap;
import java.util.Random;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.util.JSONUtils;
import net.sourceforge.jeuclid.context.typewrapper.TLIListTypeWrapper;
import nl.knowledgeplaza.util.ConfigurationProperties;
import nl.knowledgeplaza.util.StringUtil;
import org.apache.axiom.om.util.DigestGenerator;
import org.apache.axis2.description.WSDL2Constants;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.apache.log4j.spi.Configurator;
import org.apache.oltu.oauth2.common.OAuth;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/KpSecurityFilter-1.32-20160721.093306-20.jar:nl/knowledgeplaza/securityfilter/SecurityInterfaceDigest.class
  input_file:WEB-INF/lib/KpSecurityFilter-1.32-20161003.100632-21.jar:nl/knowledgeplaza/securityfilter/SecurityInterfaceDigest.class
 */
/* loaded from: input_file:WEB-INF/lib/KpSecurityFilter-1.32-20170509.115754-22.jar:nl/knowledgeplaza/securityfilter/SecurityInterfaceDigest.class */
public class SecurityInterfaceDigest extends SecurityInterface {
    public static final String SOURCECODE_VERSION = "$Revision: 1.13 $";
    static Logger log4j = Logger.getLogger(SecurityInterfaceDigest.class.getName());
    private String iRealm;
    private String iSecurityInterface;

    public SecurityInterfaceDigest(ConfigurationProperties configurationProperties, SecurityFilter securityFilter) throws ServletException {
        this.iRealm = null;
        this.iSecurityInterface = null;
        this.iRealm = configurationProperties.get2(this, "DigestRealm");
        if (this.iRealm == null) {
            this.iRealm = configurationProperties.get2(securityFilter, "DigestRealm");
        }
        if (log4j.isDebugEnabled()) {
            log4j.debug("DigestRealm=" + this.iRealm);
        }
        this.iSecurityInterface = configurationProperties.get2(securityFilter, WSDL2Constants.INTERFACE_PREFIX);
        if (log4j.isDebugEnabled()) {
            log4j.debug("SecurityInterface=" + this.iSecurityInterface);
        }
    }

    @Override // nl.knowledgeplaza.securityfilter.SecurityInterface
    public Principal authenticate(SecurityFilter securityFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Principal principal) throws ServletException {
        if (log4j.isDebugEnabled()) {
            log4j.debug("Is this request a DIGEST AUTHENTICATION login?");
        }
        if (log4j.isDebugEnabled()) {
            log4j.debug("Authorisation header = " + httpServletRequest.getHeader("Authorization"));
        }
        if (httpServletRequest.getHeader("Authorization") != null) {
            if (log4j.isDebugEnabled()) {
                log4j.debug("DIGEST AUTHENTICATION LOGIN!");
            }
            if (log4j.isDebugEnabled()) {
                log4j.debug("we are processing a login via DIGEST");
            }
            if (log4j.isDebugEnabled()) {
                log4j.debug("Authorization header: " + httpServletRequest.getHeader("Authorization"));
            }
            HashMap hashMap = new HashMap();
            try {
                String[] split = httpServletRequest.getHeader("Authorization").substring("Digest ".length()).split(TLIListTypeWrapper.SEPARATOR);
                for (int i = 0; i < split.length; i++) {
                    if (log4j.isDebugEnabled()) {
                        log4j.debug("Authorization parameter " + i + ": " + split[i].trim());
                    }
                    int indexOf = split[i].indexOf("=");
                    String trim = split[i].substring(0, indexOf).trim();
                    String trim2 = split[i].substring(indexOf + 1).trim();
                    if (trim2.startsWith(JSONUtils.DOUBLE_QUOTE) && trim2.endsWith(JSONUtils.DOUBLE_QUOTE)) {
                        trim2 = trim2.substring(1, trim2.length() - 1);
                    }
                    if (log4j.isDebugEnabled()) {
                        log4j.debug("Authorization parameter " + i + ": key=" + trim + ", value=" + trim2);
                    }
                    hashMap.put(trim, trim2);
                }
                try {
                    String password = securityFilter.getPassword(httpServletRequest, (String) hashMap.get("username"), null);
                    if (log4j.isDebugEnabled()) {
                        log4j.debug("Password=" + (password == null ? Configurator.NULL : StringUtil.prepad("", password.length(), '*')));
                    }
                    MessageDigest messageDigest = MessageDigest.getInstance(DigestGenerator.md5DigestAlgorithm);
                    messageDigest.update((hashMap.get("username") + ":" + hashMap.get(OAuth.WWWAuthHeader.REALM) + ":" + password).getBytes());
                    byte[] digest = messageDigest.digest();
                    MessageDigest messageDigest2 = MessageDigest.getInstance(DigestGenerator.md5DigestAlgorithm);
                    messageDigest2.update((String.valueOf(httpServletRequest.getMethod()) + ":" + hashMap.get("uri")).getBytes());
                    byte[] digest2 = messageDigest2.digest();
                    MessageDigest messageDigest3 = MessageDigest.getInstance(DigestGenerator.md5DigestAlgorithm);
                    String str = (String) hashMap.get("nonce");
                    if (log4j.isDebugEnabled()) {
                        log4j.debug("Retrieved NONCE from request =" + str);
                    }
                    String str2 = (String) hashMap.get("nc");
                    String str3 = (String) hashMap.get("cnonce");
                    String str4 = (String) hashMap.get("qop");
                    messageDigest3.update((String.valueOf(StringUtil.toHexString(digest).toLowerCase()) + (str == null ? "" : ":" + str) + (str2 == null ? "" : ":" + str2) + (str3 == null ? "" : ":" + str3) + (str4 == null ? "" : ":" + str4) + ":" + StringUtil.toHexString(digest2).toLowerCase()).getBytes());
                    String lowerCase = StringUtil.toHexString(messageDigest3.digest()).toLowerCase();
                    if (log4j.isDebugEnabled()) {
                        log4j.debug("Calculated response hash = " + lowerCase);
                    }
                    if (log4j.isDebugEnabled()) {
                        log4j.debug("Client's response hash = " + hashMap.get("response"));
                    }
                    if (lowerCase.equalsIgnoreCase((String) hashMap.get("response"))) {
                        SecurityFilterPrincipal securityFilterPrincipal = new SecurityFilterPrincipal((String) hashMap.get("username"), null);
                        if (log4j.isDebugEnabled()) {
                            log4j.debug("Authenticated as " + securityFilterPrincipal);
                        }
                        return securityFilterPrincipal;
                    }
                    if (log4j.isDebugEnabled()) {
                        log4j.debug("Calculated and client's hashes do not match, authentication failed!!!");
                    }
                } catch (NoSuchAlgorithmException e) {
                    if (!log4j.isInfoEnabled()) {
                        return null;
                    }
                    log4j.info(e);
                    return null;
                }
            } catch (Exception e2) {
                log4j.error("Authorization header not digest!!!", e2);
                if (log4j.isDebugEnabled()) {
                    log4j.debug("There is no (valid) DIGEST AUTHENTICATION header present, send header");
                }
                StringBuffer stringBuffer = new StringBuffer();
                Random random = new Random(System.currentTimeMillis());
                for (int i2 = 0; i2 < 64; i2++) {
                    int nextInt = random.nextInt("01234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ".length());
                    stringBuffer.append("01234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ".substring(nextInt, nextInt + 1));
                }
                if (log4j.isDebugEnabled()) {
                    log4j.debug("Generated NONCE = " + ((Object) stringBuffer));
                }
                httpServletResponse.addHeader("WWW-Authenticate", "Digest realm=\"" + this.iRealm + "\" , domain=\"" + httpServletRequest.getContextPath() + "\" , qop=\"auth\" , algorithm=MD5 , nonce=" + ((Object) stringBuffer) + StringUtils.SPACE + ", opaque=\"" + httpServletRequest.getSession().getId() + "\" ");
                httpServletResponse.setStatus(401);
                return SecurityFilter.AUTHENTICATION_IN_PROGRESS;
            }
        }
        if (log4j.isDebugEnabled()) {
            log4j.debug("AuthHeader is null. Is SecurityInterface=Digest? : " + this.iSecurityInterface);
        }
        if (this.iSecurityInterface == null || !this.iSecurityInterface.equals("Digest")) {
            return null;
        }
        if (log4j.isDebugEnabled()) {
            log4j.debug("There is no (valid) DIGEST AUTHENTICATION header present, send header");
        }
        StringBuffer stringBuffer2 = new StringBuffer();
        Random random2 = new Random(System.currentTimeMillis());
        for (int i3 = 0; i3 < 64; i3++) {
            int nextInt2 = random2.nextInt("01234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ".length());
            stringBuffer2.append("01234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ".substring(nextInt2, nextInt2 + 1));
        }
        if (log4j.isDebugEnabled()) {
            log4j.debug("Generated NONCE = " + ((Object) stringBuffer2));
        }
        httpServletResponse.addHeader("WWW-Authenticate", "Digest realm=\"" + this.iRealm + "\" , domain=\"" + httpServletRequest.getContextPath() + "\" , qop=\"auth\" , algorithm=MD5 , nonce=" + ((Object) stringBuffer2) + StringUtils.SPACE + ", opaque=\"" + httpServletRequest.getSession().getId() + "\" ");
        httpServletResponse.setStatus(401);
        return SecurityFilter.AUTHENTICATION_IN_PROGRESS;
    }

    @Override // nl.knowledgeplaza.securityfilter.SecurityInterface
    public boolean canHandleAuthication(SecurityFilter securityFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (this.iRealm == null) {
            if (!log4j.isDebugEnabled()) {
                return false;
            }
            log4j.debug("DIGEST not configured");
            return false;
        }
        if (log4j.isDebugEnabled()) {
            log4j.debug("Is this request a DIGEST AUTHENTICATION login?");
        }
        if (log4j.isDebugEnabled()) {
            log4j.debug("Authorisation header = " + httpServletRequest.getHeader("Authorization"));
        }
        if (httpServletRequest.getHeader("Authorization") != null) {
            return true;
        }
        if (log4j.isDebugEnabled()) {
            log4j.debug("AuthHeader is null. Is SecurityInterface=Digest? : " + this.iSecurityInterface);
        }
        return this.iSecurityInterface != null && this.iSecurityInterface.equals("Digest");
    }
}
