package com.caucho.security;

import com.caucho.config.inject.HandleAware;
import java.io.Serializable;
import java.security.MessageDigest;
import java.security.Principal;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.PostConstruct;
import javax.servlet.ServletException;

/* loaded from: input_file:com/caucho/security/AbstractAuthenticator.class */
public class AbstractAuthenticator implements Authenticator, HandleAware, Serializable {
    private static final Logger log = Logger.getLogger(AbstractAuthenticator.class.getName());
    private static final SingleSignon NULL_SINGLE_SIGNON = new NullSingleSignon();
    protected com.caucho.server.security.PasswordDigest _passwordDigest;
    private Object _serializationHandle;
    private SingleSignon _singleSignon;
    protected String _passwordDigestAlgorithm = "MD5-base64";
    protected String _passwordDigestRealm = "resin";
    private boolean _logoutOnTimeout = true;

    public com.caucho.server.security.PasswordDigest getPasswordDigest() {
        return this._passwordDigest;
    }

    public void setPasswordDigest(com.caucho.server.security.PasswordDigest passwordDigest) {
        this._passwordDigest = passwordDigest;
    }

    public String getPasswordDigestAlgorithm() {
        return this._passwordDigestAlgorithm;
    }

    public void setPasswordDigestAlgorithm(String str) {
        this._passwordDigestAlgorithm = str;
    }

    public String getPasswordDigestRealm() {
        return this._passwordDigestRealm;
    }

    public void setPasswordDigestRealm(String str) {
        this._passwordDigestRealm = str;
    }

    public boolean getLogoutOnSessionTimeout() {
        return this._logoutOnTimeout;
    }

    public void setLogoutOnSessionTimeout(boolean z) {
        this._logoutOnTimeout = z;
    }

    public void addRoleMapping(Principal principal, String str) {
    }

    @PostConstruct
    public void init() throws ServletException {
        int indexOf;
        if (this._passwordDigest != null) {
            if (this._passwordDigest.getAlgorithm() == null || this._passwordDigest.getAlgorithm().equals("none")) {
                this._passwordDigest = null;
                this._passwordDigestAlgorithm = "none";
                return;
            }
            return;
        }
        if (this._passwordDigestAlgorithm == null || this._passwordDigestAlgorithm.equals("none") || (indexOf = this._passwordDigestAlgorithm.indexOf(45)) <= 0) {
            return;
        }
        String substring = this._passwordDigestAlgorithm.substring(0, indexOf);
        String substring2 = this._passwordDigestAlgorithm.substring(indexOf + 1);
        this._passwordDigest = new com.caucho.server.security.PasswordDigest();
        this._passwordDigest.setAlgorithm(substring);
        this._passwordDigest.setFormat(substring2);
        this._passwordDigest.setRealm(this._passwordDigestRealm);
        this._passwordDigest.init();
    }

    @Override // com.caucho.security.Authenticator
    public Principal authenticate(Principal principal, Credentials credentials, Object obj) {
        if (credentials instanceof PasswordCredentials) {
            return authenticate(principal, (PasswordCredentials) credentials, obj);
        }
        if (credentials instanceof HttpDigestCredentials) {
            return authenticate(principal, (HttpDigestCredentials) credentials, obj);
        }
        if (credentials instanceof DigestCredentials) {
            return authenticate(principal, (DigestCredentials) credentials, obj);
        }
        return null;
    }

    @Override // com.caucho.security.Authenticator
    public boolean isUserInRole(Principal principal, String str) {
        PasswordUser passwordUser = getPasswordUser(principal);
        if (passwordUser != null) {
            return passwordUser.isUserInRole(str);
        }
        return false;
    }

    @Override // com.caucho.security.Authenticator
    public void logout(Principal principal) {
        if (log.isLoggable(Level.FINE)) {
            log.fine(this + " logout " + principal);
        }
    }

    protected Principal authenticate(Principal principal, PasswordCredentials passwordCredentials, Object obj) {
        return authenticate(principal, passwordCredentials.getPassword());
    }

    protected Principal authenticate(Principal principal, char[] cArr) {
        char[] passwordDigest = getPasswordDigest(principal.getName(), cArr);
        if (passwordDigest == null) {
            return null;
        }
        Principal authenticateDigest = authenticateDigest(principal, passwordDigest);
        Arrays.fill(passwordDigest, 'a');
        return authenticateDigest;
    }

    protected Principal authenticateDigest(Principal principal, char[] cArr) {
        PasswordUser passwordUser = getPasswordUser(principal);
        if (passwordUser == null || passwordUser.isDisabled()) {
            return null;
        }
        if (!isMatch(cArr, passwordUser.getPassword()) && !passwordUser.isAnonymous()) {
            passwordUser = null;
        }
        if (passwordUser != null) {
            return passwordUser.getPrincipal();
        }
        return null;
    }

    protected Principal authenticate(Principal principal, HttpDigestCredentials httpDigestCredentials, Object obj) {
        String cnonce = httpDigestCredentials.getCnonce();
        String method = httpDigestCredentials.getMethod();
        String nc = httpDigestCredentials.getNc();
        String nonce = httpDigestCredentials.getNonce();
        String qop = httpDigestCredentials.getQop();
        String realm = httpDigestCredentials.getRealm();
        byte[] response = httpDigestCredentials.getResponse();
        String uri = httpDigestCredentials.getUri();
        if (response == null) {
            return null;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            byte[] digestSecret = getDigestSecret(principal, realm);
            if (digestSecret == null) {
                return null;
            }
            digestUpdateHex(messageDigest, digestSecret);
            messageDigest.update((byte) 58);
            for (int i = 0; i < nonce.length(); i++) {
                messageDigest.update((byte) nonce.charAt(i));
            }
            if (qop != null) {
                messageDigest.update((byte) 58);
                for (int i2 = 0; i2 < nc.length(); i2++) {
                    messageDigest.update((byte) nc.charAt(i2));
                }
                messageDigest.update((byte) 58);
                for (int i3 = 0; cnonce != null && i3 < cnonce.length(); i3++) {
                    messageDigest.update((byte) cnonce.charAt(i3));
                }
                messageDigest.update((byte) 58);
                for (int i4 = 0; qop != null && i4 < qop.length(); i4++) {
                    messageDigest.update((byte) qop.charAt(i4));
                }
            }
            messageDigest.update((byte) 58);
            digestUpdateHex(messageDigest, digest(method + ":" + uri));
            if (isMatch(response, messageDigest.digest())) {
                return principal;
            }
            return null;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected Principal authenticate(Principal principal, DigestCredentials digestCredentials, Object obj) {
        String nonce = digestCredentials.getNonce();
        String realm = digestCredentials.getRealm();
        byte[] digest = digestCredentials.getDigest();
        if (digest == null) {
            return null;
        }
        try {
            byte[] digestSecret = getDigestSecret(principal, realm);
            if (digestSecret == null) {
                return null;
            }
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            digestUpdateHex(messageDigest, digestSecret);
            messageDigest.update((byte) 58);
            for (int i = 0; i < nonce.length(); i++) {
                messageDigest.update((byte) nonce.charAt(i));
            }
            if (isMatch(digest, messageDigest.digest())) {
                return principal;
            }
            return null;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public char[] getPasswordDigest(String str, char[] cArr) {
        char[] passwordDigest;
        if (this._passwordDigest != null && (passwordDigest = this._passwordDigest.getPasswordDigest(str, cArr)) != null) {
            return passwordDigest;
        }
        char[] cArr2 = new char[cArr.length];
        System.arraycopy(cArr, 0, cArr2, 0, cArr.length);
        return cArr2;
    }

    protected byte[] getDigestSecret(Principal principal, String str) {
        PasswordUser passwordUser = getPasswordUser(principal);
        if (passwordUser == null || passwordUser.isDisabled()) {
            return null;
        }
        if (this._passwordDigest != null) {
            return this._passwordDigest.stringToDigest(passwordUser.getPassword());
        }
        String name = principal.getName();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.update((name + ":" + str + ":").getBytes("UTF8"));
            for (char c : passwordUser.getPassword()) {
                messageDigest.update((byte) c);
            }
            return messageDigest.digest();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected PasswordUser getPasswordUser(String str) {
        if (!log.isLoggable(Level.FINE)) {
            return null;
        }
        log.fine(this + " getPasswordUser() is not implemented for " + str);
        return null;
    }

    protected PasswordUser getPasswordUser(Principal principal) {
        return getPasswordUser(principal.getName());
    }

    public SingleSignon getSingleSignon() {
        if (this._singleSignon == null) {
            this._singleSignon = AbstractSingleSignon.getCurrent();
            if (this._singleSignon == null) {
                this._singleSignon = NULL_SINGLE_SIGNON;
            }
        }
        if (this._singleSignon != NULL_SINGLE_SIGNON) {
            return this._singleSignon;
        }
        return null;
    }

    private void digestUpdateHex(MessageDigest messageDigest, byte[] bArr) {
        for (byte b : bArr) {
            int i = (b >> 4) & 15;
            int i2 = b & 15;
            if (i < 10) {
                messageDigest.update((byte) (i + 48));
            } else {
                messageDigest.update((byte) ((i + 97) - 10));
            }
            if (i2 < 10) {
                messageDigest.update((byte) (i2 + 48));
            } else {
                messageDigest.update((byte) ((i2 + 97) - 10));
            }
        }
    }

    protected byte[] stringToDigest(String str) {
        if (str == null) {
            return null;
        }
        byte[] bArr = new byte[(str.length() + 1) / 2];
        for (int i = 0; i + 1 < str.length(); i += 2) {
            char charAt = str.charAt(i);
            char charAt2 = str.charAt(i + 1);
            int i2 = 0;
            if (charAt >= '0' && charAt <= '9') {
                i2 = 0 + (charAt - '0');
            } else if (charAt >= 'a' && charAt <= 'f') {
                i2 = 0 + (charAt - 'a') + 10;
            }
            int i3 = i2 * 16;
            if (charAt2 >= '0' && charAt2 <= '9') {
                i3 += charAt2 - '0';
            } else if (charAt2 >= 'a' && charAt2 <= 'f') {
                i3 += (charAt2 - 'a') + 10;
            }
            bArr[i / 2] = (byte) i3;
        }
        return bArr;
    }

    protected byte[] digest(String str) throws ServletException {
        try {
            return MessageDigest.getInstance("MD5").digest(str.getBytes("UTF8"));
        } catch (Exception e) {
            throw new ServletException(e);
        }
    }

    private boolean isMatch(char[] cArr, char[] cArr2) {
        int length = cArr.length;
        if (length != cArr2.length) {
            return false;
        }
        for (int i = 0; i < length; i++) {
            if (cArr[i] != cArr2[i]) {
                return false;
            }
        }
        return true;
    }

    private boolean isMatch(byte[] bArr, byte[] bArr2) {
        int length = bArr.length;
        if (length != bArr2.length) {
            return false;
        }
        for (int i = 0; i < length; i++) {
            if (bArr[i] != bArr2[i]) {
                return false;
            }
        }
        return true;
    }

    @Override // com.caucho.config.inject.HandleAware
    public void setSerializationHandle(Object obj) {
        this._serializationHandle = obj;
    }

    public Object writeReplace() {
        return this._serializationHandle;
    }

    public String toString() {
        return this._passwordDigest != null ? getClass().getSimpleName() + "[" + this._passwordDigest.getAlgorithm() + "," + this._passwordDigest.getRealm() + "]" : getClass().getSimpleName() + "[" + this._passwordDigestAlgorithm + "," + this._passwordDigestRealm + "]";
    }
}
