package sunlabs.brazil.handler;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Enumeration;
import java.util.Properties;
import org.apache.thrift.protocol.TType;
import org.eclipse.jetty.http.HttpHeaders;
import sunlabs.brazil.server.Handler;
import sunlabs.brazil.server.Request;
import sunlabs.brazil.server.Server;
import sunlabs.brazil.util.Format;
import sunlabs.brazil.util.Guid;
import sunlabs.brazil.util.regexp.Regexp;
import sunlabs.brazil.util.regexp.Regsub;

/* loaded from: classes3.dex */
public class DigestAuthHandler implements Handler {
    static char[] cnvt = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
    static Regexp digestRe = new Regexp("^[0-9a-f]+$");
    static Regexp re = new Regexp(" ([a-z]+)=((\"([^\"]*)\")|([^ ,]*))");
    MatchString isMine;
    String realm;
    Properties credentials = new Properties();
    boolean allowBogus = false;
    boolean isDynamic = false;
    long lastModified = 0;
    File credFile = null;

    public static String computeA1(String str, String str2, String str3) {
        return md5Digest(str + ":" + str2 + ":" + str3);
    }

    public static String computeA2(String str, String str2) {
        return md5Digest(str + ":" + str2);
    }

    public static String computeResponse(String str, String str2, String str3, String str4, String str5, String str6) {
        return md5Digest(str + ":" + str3 + ":" + str4 + ":" + str5 + ":" + str6 + ":" + str2);
    }

    public static Properties extractAuth(String str) {
        Properties properties = new Properties();
        Regsub regsub = new Regsub(re, str);
        while (regsub.nextMatch()) {
            String submatch = regsub.submatch(1);
            String submatch2 = regsub.submatch(4);
            if (submatch2 == null) {
                submatch2 = regsub.submatch(2);
            }
            properties.put(submatch.toLowerCase(), submatch2);
        }
        return properties;
    }

    public static String genResponseHeader(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        Properties extractAuth = extractAuth(str);
        String property = extractAuth.getProperty("realm");
        String property2 = extractAuth.getProperty("nonce");
        String property3 = extractAuth.getProperty("qop");
        String property4 = extractAuth.getProperty("opaque");
        String computeResponse = computeResponse(computeA1(str2, property, str3), computeA2(str4, str5), property2, str6, str7, property3);
        StringBuilder sb = new StringBuilder();
        sb.append("Digest username=\"");
        sb.append(str2);
        sb.append("\", realm=\"");
        sb.append(property);
        sb.append("\", nonce=\"");
        sb.append(property2);
        sb.append("\", uri=\"");
        sb.append(str5);
        sb.append("\", response=\"");
        sb.append(computeResponse);
        sb.append("\", qop=\"");
        sb.append(property3);
        sb.append("\", nc=\"");
        sb.append(str6);
        sb.append("\", cnonce=\"");
        sb.append(str7);
        sb.append("\"");
        sb.append(property4 == null ? "" : ", opaque=\" + opaque + \"");
        return sb.toString();
    }

    public static boolean isMd5Digest(String str) {
        return str.length() == 32 && digestRe.match(str) != null;
    }

    public static void main(String[] strArr) {
        if (strArr.length != 1) {
            System.out.println("usage: DigestAuthHandler [realm]");
            System.out.println("  A properties file is filtered to replace plaintext passwords with digested ones");
            System.exit(1);
        }
        Properties properties = new Properties();
        properties.load(System.in);
        Enumeration keys = properties.keys();
        int i = 0;
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            String property = properties.getProperty(str);
            if (!isMd5Digest(property)) {
                properties.put(str, computeA1(str, strArr[0], property));
                i++;
            }
        }
        properties.save(System.out, "Digested with realm: " + strArr[0]);
        System.err.println("" + i + " passwords digested");
        System.exit(0);
    }

    public static String md5Digest(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            for (int i = 0; i < str.length(); i++) {
                messageDigest.update((byte) (str.charAt(i) & 255));
            }
            byte[] digest = messageDigest.digest();
            char[] cArr = new char[digest.length * 2];
            int i2 = 0;
            for (int i3 = 0; i3 < digest.length; i3++) {
                int i4 = i2 + 1;
                char[] cArr2 = cnvt;
                cArr[i2] = cArr2[(digest[i3] >> 4) & 15];
                i2 = i4 + 1;
                cArr[i4] = cArr2[digest[i3] & TType.LIST];
            }
            return new String(cArr);
        } catch (NoSuchAlgorithmException unused) {
            return null;
        }
    }

    public static boolean responseOk(String str, String str2, Properties properties) {
        return computeResponse(str, computeA2(str2, properties.getProperty("uri")), properties.getProperty("nonce"), properties.getProperty("nc"), properties.getProperty("cnonce"), properties.getProperty("qop")).equals(properties.getProperty("response"));
    }

    @Override // sunlabs.brazil.server.Handler
    public boolean init(Server server, String str) {
        this.isMine = new MatchString(str, server.props);
        String property = server.props.getProperty(str + "credentials");
        Properties properties = server.props;
        StringBuilder sb = new StringBuilder();
        sb.append(str);
        sb.append("allowBogusIE");
        this.allowBogus = properties.getProperty(sb.toString()) != null;
        Properties properties2 = server.props;
        StringBuilder sb2 = new StringBuilder();
        sb2.append(str);
        sb2.append("isDynamic");
        this.isDynamic = properties2.getProperty(sb2.toString()) != null;
        try {
            server.log(5, str, "Loading credentials file " + property);
            InputStream resourceStream = ResourceHandler.getResourceStream(server.props, str, property);
            this.credentials.load(resourceStream);
            resourceStream.close();
        } catch (Exception e) {
            server.log(2, str, "Loading credentials file " + e);
            if (!this.isDynamic) {
                return false;
            }
        }
        if (this.isDynamic) {
            File file = new File(ResourceHandler.getResourcePath(server.props, str, property));
            this.credFile = file;
            this.lastModified = file.lastModified();
        }
        try {
            MessageDigest.getInstance("MD5");
            this.realm = server.props.getProperty(str + "realm", str);
            return true;
        } catch (NoSuchAlgorithmException unused) {
            server.log(2, str, "Can't find MD5 provider");
            return false;
        }
    }

    boolean matchUrl(Request request, String str) {
        String property = request.props.getProperty("url.orig", request.url);
        if (request.query.equals("")) {
            return property.equals(str);
        }
        boolean equals = (property + "?" + request.query).equals(str);
        if (equals || !this.allowBogus || !property.equals(str)) {
            return equals;
        }
        request.log(2, this.isMine.prefix(), "Allowing bogus IE authentication");
        return true;
    }

    void reject(Request request, String str) {
        request.addHeader(HttpHeaders.WWW_AUTHENTICATE, "Digest realm=\"" + this.realm + "\", qop=\"auth\", nonce=\"" + Guid.getString() + "\"");
        request.log(5, this.isMine.prefix(), str);
        request.sendResponse(Format.subst(request.props, str), "text/html", 401);
    }

    @Override // sunlabs.brazil.server.Handler
    public boolean respond(Request request) {
        if (!this.isMine.match(request.url)) {
            return false;
        }
        String str = request.headers.get("authorization");
        if (str == null) {
            reject(request, "Authentication Required");
            return true;
        }
        if (!str.startsWith("Digest")) {
            reject(request, "Invalid Authentication scheme");
            return true;
        }
        Properties extractAuth = extractAuth(str);
        if (!matchUrl(request, extractAuth.getProperty("uri"))) {
            reject(request, "Bad uri");
            request.log(2, this.isMine.prefix(), "Possible Digest Authentication breakin attempt!");
            return true;
        }
        String property = extractAuth.getProperty("username");
        if (property == null) {
            reject(request, "invalid authentication header: no username");
            return true;
        }
        String property2 = this.credentials.getProperty(property);
        if (property2 == null && this.isDynamic) {
            updateCredentials(request);
            property2 = this.credentials.getProperty(property);
        }
        if (property2 == null) {
            reject(request, "No user in credentials table: " + property);
            return true;
        }
        if (!isMd5Digest(property2)) {
            property2 = computeA1(property, this.realm, property2);
            request.log(3, this.isMine.prefix(), "Found plain password in auth file");
        }
        if (!responseOk(property2, request.method, extractAuth)) {
            reject(request, "Invalid credentials for " + property);
            return true;
        }
        request.props.put(this.isMine.prefix() + "username", property);
        return false;
    }

    void updateCredentials(Request request) {
        long lastModified = this.credFile.lastModified();
        if (lastModified > this.lastModified) {
            this.lastModified = lastModified;
            try {
                FileInputStream fileInputStream = new FileInputStream(this.credFile);
                this.credentials.load(fileInputStream);
                fileInputStream.close();
                request.log(3, this.isMine.prefix(), "re-reading credentials file");
            } catch (IOException e) {
                request.log(2, this.isMine.prefix(), "ERROR re-reading credentials file: " + e);
            }
        }
    }
}
