package org.apache.hc.client5.http.impl.auth;

import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.charset.UnsupportedCharsetException;
import java.security.MessageDigest;
import java.security.Principal;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Formatter;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.StringTokenizer;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.hc.client5.http.auth.AuthChallenge;
import org.apache.hc.client5.http.auth.AuthScheme;
import org.apache.hc.client5.http.auth.AuthScope;
import org.apache.hc.client5.http.auth.AuthenticationException;
import org.apache.hc.client5.http.auth.Credentials;
import org.apache.hc.client5.http.auth.CredentialsProvider;
import org.apache.hc.client5.http.auth.MalformedChallengeException;
import org.apache.hc.client5.http.auth.StandardAuthScheme;
import org.apache.hc.client5.http.protocol.HttpClientContext;
import org.apache.hc.client5.http.utils.ByteArrayBuilder;
import org.apache.hc.core5.annotation.Internal;
import org.apache.hc.core5.http.ClassicHttpRequest;
import org.apache.hc.core5.http.HttpEntity;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.HttpRequest;
import org.apache.hc.core5.http.NameValuePair;
import org.apache.hc.core5.http.message.BasicHeaderValueFormatter;
import org.apache.hc.core5.http.message.BasicNameValuePair;
import org.apache.hc.core5.http.protocol.HttpContext;
import org.apache.hc.core5.util.Args;
import org.apache.hc.core5.util.CharArrayBuffer;
import org.apache.naming.ResourceRef;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hc/client5/http/impl/auth/DigestScheme.class */
public class DigestScheme implements AuthScheme, Serializable {
    private static final long serialVersionUID = 3883908186234566916L;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) DigestScheme.class);
    private static final char[] HEXADECIMAL = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
    private static final int QOP_UNKNOWN = -1;
    private static final int QOP_MISSING = 0;
    private static final int QOP_AUTH_INT = 1;
    private static final int QOP_AUTH = 2;
    private transient Charset defaultCharset;
    private final Map<String, String> paramMap;
    private boolean complete;
    private transient ByteArrayBuilder buffer;
    private String lastNonce;
    private long nounceCount;
    private String cnonce;
    private byte[] a1;
    private byte[] a2;
    private String username;
    private char[] password;

    public DigestScheme() {
        this(StandardCharsets.ISO_8859_1);
    }

    public DigestScheme(Charset charset) {
        this.defaultCharset = charset != null ? charset : StandardCharsets.ISO_8859_1;
        this.paramMap = new HashMap();
        this.complete = false;
    }

    public void initPreemptive(Credentials credentials, String str, String str2) {
        Args.notNull(credentials, "Credentials");
        this.username = credentials.getUserPrincipal().getName();
        this.password = credentials.getPassword();
        this.paramMap.put("cnonce", str);
        this.paramMap.put("realm", str2);
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public String getName() {
        return StandardAuthScheme.DIGEST;
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public boolean isConnectionBased() {
        return false;
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public String getRealm() {
        return this.paramMap.get("realm");
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public void processChallenge(AuthChallenge authChallenge, HttpContext httpContext) throws MalformedChallengeException {
        Args.notNull(authChallenge, "AuthChallenge");
        this.paramMap.clear();
        List<NameValuePair> params = authChallenge.getParams();
        if (params != null) {
            for (NameValuePair nameValuePair : params) {
                this.paramMap.put(nameValuePair.getName().toLowerCase(Locale.ROOT), nameValuePair.getValue());
            }
        }
        if (this.paramMap.isEmpty()) {
            throw new MalformedChallengeException("Missing digest auth parameters");
        }
        this.complete = true;
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public boolean isChallengeComplete() {
        return !"true".equalsIgnoreCase(this.paramMap.get("stale")) && this.complete;
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public boolean isResponseReady(HttpHost httpHost, CredentialsProvider credentialsProvider, HttpContext httpContext) throws AuthenticationException {
        Args.notNull(httpHost, "Auth host");
        Args.notNull(credentialsProvider, "CredentialsProvider");
        AuthScope authScope = new AuthScope(httpHost, getRealm(), getName());
        Credentials credentials = credentialsProvider.getCredentials(authScope, httpContext);
        if (credentials != null) {
            this.username = credentials.getUserPrincipal().getName();
            this.password = credentials.getPassword();
            return true;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("{} No credentials found for auth scope [{}]", HttpClientContext.adapt(httpContext).getExchangeId(), authScope);
        }
        this.username = null;
        this.password = null;
        return false;
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public Principal getPrincipal() {
        return null;
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public String generateAuthResponse(HttpHost httpHost, HttpRequest httpRequest, HttpContext httpContext) throws AuthenticationException {
        Args.notNull(httpRequest, "HTTP request");
        if (this.paramMap.get("realm") == null) {
            throw new AuthenticationException("missing realm");
        }
        if (this.paramMap.get("nonce") == null) {
            throw new AuthenticationException("missing nonce");
        }
        return createDigestResponse(httpRequest);
    }

    private static MessageDigest createMessageDigest(String str) throws UnsupportedDigestAlgorithmException {
        try {
            return MessageDigest.getInstance(str);
        } catch (Exception e) {
            throw new UnsupportedDigestAlgorithmException("Unsupported algorithm in HTTP Digest authentication: " + str);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private String createDigestResponse(HttpRequest httpRequest) throws AuthenticationException {
        String requestUri = httpRequest.getRequestUri();
        String method = httpRequest.getMethod();
        String str = this.paramMap.get("realm");
        String str2 = this.paramMap.get("nonce");
        String str3 = this.paramMap.get("opaque");
        String str4 = this.paramMap.get("algorithm");
        if (str4 == null) {
            str4 = MessageDigestAlgorithms.MD5;
        }
        HashSet hashSet = new HashSet(8);
        boolean z = -1;
        String str5 = this.paramMap.get("qop");
        if (str5 != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(str5, ",");
            while (stringTokenizer.hasMoreTokens()) {
                hashSet.add(stringTokenizer.nextToken().trim().toLowerCase(Locale.ROOT));
            }
            if ((httpRequest instanceof ClassicHttpRequest ? ((ClassicHttpRequest) httpRequest).getEntity() : null) != null && hashSet.contains("auth-int")) {
                z = true;
            } else if (hashSet.contains(ResourceRef.AUTH)) {
                z = 2;
            } else if (hashSet.contains("auth-int")) {
                z = true;
            }
        } else {
            z = false;
        }
        if (z == -1) {
            throw new AuthenticationException("None of the qop methods is supported: " + str5);
        }
        String str6 = this.paramMap.get("charset");
        try {
            Charset forName = str6 != null ? Charset.forName(str6) : this.defaultCharset;
            String str7 = str4;
            if (str7.equalsIgnoreCase("MD5-sess")) {
                str7 = MessageDigestAlgorithms.MD5;
            }
            try {
                MessageDigest createMessageDigest = createMessageDigest(str7);
                if (str2.equals(this.lastNonce)) {
                    this.nounceCount++;
                } else {
                    this.nounceCount = 1L;
                    this.cnonce = null;
                    this.lastNonce = str2;
                }
                StringBuilder sb = new StringBuilder(8);
                Formatter formatter = new Formatter(sb, Locale.ROOT);
                Throwable th = null;
                try {
                    try {
                        formatter.format("%08x", Long.valueOf(this.nounceCount));
                        if (formatter != null) {
                            if (0 != 0) {
                                try {
                                    formatter.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                formatter.close();
                            }
                        }
                        String sb2 = sb.toString();
                        if (this.cnonce == null) {
                            this.cnonce = formatHex(createCnonce());
                        }
                        if (this.buffer == null) {
                            this.buffer = new ByteArrayBuilder(128);
                        } else {
                            this.buffer.reset();
                        }
                        this.buffer.charset(forName);
                        this.a1 = null;
                        this.a2 = null;
                        if (str4.equalsIgnoreCase("MD5-sess")) {
                            this.buffer.append(this.username).append(":").append(str).append(":").append(this.password);
                            String formatHex = formatHex(createMessageDigest.digest(this.buffer.toByteArray()));
                            this.buffer.reset();
                            this.buffer.append(formatHex).append(":").append(str2).append(":").append(this.cnonce);
                        } else {
                            this.buffer.append(this.username).append(":").append(str).append(":").append(this.password);
                        }
                        this.a1 = this.buffer.toByteArray();
                        String formatHex2 = formatHex(createMessageDigest.digest(this.a1));
                        this.buffer.reset();
                        if (z == 2) {
                            this.a2 = this.buffer.append(method).append(":").append(requestUri).toByteArray();
                        } else if (z) {
                            HttpEntity entity = httpRequest instanceof ClassicHttpRequest ? ((ClassicHttpRequest) httpRequest).getEntity() : null;
                            if (entity == null || entity.isRepeatable()) {
                                HttpEntityDigester httpEntityDigester = new HttpEntityDigester(createMessageDigest);
                                if (entity != null) {
                                    try {
                                        entity.writeTo(httpEntityDigester);
                                    } catch (IOException e) {
                                        throw new AuthenticationException("I/O error reading entity content", e);
                                    }
                                }
                                httpEntityDigester.close();
                                this.a2 = this.buffer.append(method).append(":").append(requestUri).append(":").append(formatHex(httpEntityDigester.getDigest())).toByteArray();
                            } else {
                                if (!hashSet.contains(ResourceRef.AUTH)) {
                                    throw new AuthenticationException("Qop auth-int cannot be used with a non-repeatable entity");
                                }
                                z = 2;
                                this.a2 = this.buffer.append(method).append(":").append(requestUri).toByteArray();
                            }
                        } else {
                            this.a2 = this.buffer.append(method).append(":").append(requestUri).toByteArray();
                        }
                        String formatHex3 = formatHex(createMessageDigest.digest(this.a2));
                        this.buffer.reset();
                        if (z) {
                            this.buffer.append(formatHex2).append(":").append(str2).append(":").append(sb2).append(":").append(this.cnonce).append(":").append(z ? "auth-int" : ResourceRef.AUTH).append(":").append(formatHex3);
                        } else {
                            this.buffer.append(formatHex2).append(":").append(str2).append(":").append(formatHex3);
                        }
                        byte[] byteArray = this.buffer.toByteArray();
                        this.buffer.reset();
                        String formatHex4 = formatHex(createMessageDigest.digest(byteArray));
                        CharArrayBuffer charArrayBuffer = new CharArrayBuffer(128);
                        charArrayBuffer.append("Digest ");
                        ArrayList arrayList = new ArrayList(20);
                        arrayList.add(new BasicNameValuePair("username", this.username));
                        arrayList.add(new BasicNameValuePair("realm", str));
                        arrayList.add(new BasicNameValuePair("nonce", str2));
                        arrayList.add(new BasicNameValuePair("uri", requestUri));
                        arrayList.add(new BasicNameValuePair("response", formatHex4));
                        if (z) {
                            arrayList.add(new BasicNameValuePair("qop", z ? "auth-int" : ResourceRef.AUTH));
                            arrayList.add(new BasicNameValuePair("nc", sb2));
                            arrayList.add(new BasicNameValuePair("cnonce", this.cnonce));
                        }
                        arrayList.add(new BasicNameValuePair("algorithm", str4));
                        if (str3 != null) {
                            arrayList.add(new BasicNameValuePair("opaque", str3));
                        }
                        for (int i = 0; i < arrayList.size(); i++) {
                            BasicNameValuePair basicNameValuePair = (BasicNameValuePair) arrayList.get(i);
                            if (i > 0) {
                                charArrayBuffer.append(", ");
                            }
                            String name = basicNameValuePair.getName();
                            BasicHeaderValueFormatter.INSTANCE.formatNameValuePair(charArrayBuffer, basicNameValuePair, !("nc".equals(name) || "qop".equals(name) || "algorithm".equals(name)));
                        }
                        return charArrayBuffer.toString();
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (formatter != null) {
                        if (th != null) {
                            try {
                                formatter.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            formatter.close();
                        }
                    }
                    throw th3;
                }
            } catch (UnsupportedDigestAlgorithmException e2) {
                throw new AuthenticationException("Unsupported digest algorithm: " + str7);
            }
        } catch (UnsupportedCharsetException e3) {
            throw new AuthenticationException("Unsupported charset: " + str6);
        }
    }

    @Internal
    public String getNonce() {
        return this.lastNonce;
    }

    @Internal
    public long getNounceCount() {
        return this.nounceCount;
    }

    @Internal
    public String getCnonce() {
        return this.cnonce;
    }

    String getA1() {
        if (this.a1 != null) {
            return new String(this.a1, StandardCharsets.US_ASCII);
        }
        return null;
    }

    String getA2() {
        if (this.a2 != null) {
            return new String(this.a2, StandardCharsets.US_ASCII);
        }
        return null;
    }

    static String formatHex(byte[] bArr) {
        int length = bArr.length;
        char[] cArr = new char[length * 2];
        for (int i = 0; i < length; i++) {
            int i2 = bArr[i] & 15;
            cArr[i * 2] = HEXADECIMAL[(bArr[i] & 240) >> 4];
            cArr[(i * 2) + 1] = HEXADECIMAL[i2];
        }
        return new String(cArr);
    }

    static byte[] createCnonce() {
        byte[] bArr = new byte[8];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
        objectOutputStream.defaultWriteObject();
        objectOutputStream.writeUTF(this.defaultCharset.name());
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.defaultCharset = Charset.forName(objectInputStream.readUTF());
    }

    public String toString() {
        return getName() + this.paramMap;
    }
}
