package org.infinispan.client.rest.impl.okhttp.auth;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.Formatter;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import okhttp3.Authenticator;
import okhttp3.Headers;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.Route;
import okhttp3.internal.http.RequestLine;
import org.infinispan.client.rest.configuration.AuthenticationConfiguration;
import org.infinispan.client.rest.impl.okhttp.auth.AbstractAuthenticator;

/* loaded from: input_file:org/infinispan/client/rest/impl/okhttp/auth/DigestAuthenticator.class */
public class DigestAuthenticator extends AbstractAuthenticator implements CachingAuthenticator {
    private static final String CREDENTIAL_CHARSET = "http.auth.credential-charset";
    private static final int QOP_UNKNOWN = -1;
    private static final int QOP_MISSING = 0;
    private static final int QOP_AUTH_INT = 1;
    private static final int QOP_AUTH = 2;
    private final AtomicReference<Map<String, String>> parametersRef = new AtomicReference<>();
    private final Charset credentialsCharset = StandardCharsets.US_ASCII;
    private final AuthenticationConfiguration configuration;
    private String lastNonce;
    private long nounceCount;
    private String cnonce;
    private static final Pattern HEADER_REGEX = Pattern.compile("\\s([a-z]+)=\"?([\\p{Alnum}\\s\\t!#$%&'()*+\\-./:;<=>?@\\[\\\\\\]^_`{|}~]+)\"?");
    private static final char[] HEXADECIMAL = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

    public DigestAuthenticator(AuthenticationConfiguration authenticationConfiguration) {
        this.configuration = authenticationConfiguration;
    }

    public static String createCnonce() {
        byte[] bArr = new byte[8];
        new SecureRandom().nextBytes(bArr);
        return encode(bArr);
    }

    static String encode(byte[] bArr) {
        int length = bArr.length;
        char[] cArr = new char[length * QOP_AUTH];
        for (int i = QOP_MISSING; i < length; i += QOP_AUTH_INT) {
            int i2 = bArr[i] & 15;
            cArr[i * QOP_AUTH] = HEXADECIMAL[(bArr[i] & 240) >> 4];
            cArr[(i * QOP_AUTH) + QOP_AUTH_INT] = HEXADECIMAL[i2];
        }
        return new String(cArr);
    }

    public synchronized Request authenticate(Route route, Response response) throws IOException {
        String findHeader = findHeader(response.headers(), AbstractAuthenticator.WWW_AUTH, "Digest");
        Matcher matcher = HEADER_REGEX.matcher(findHeader);
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap(8);
        while (matcher.find()) {
            concurrentHashMap.put(matcher.group(QOP_AUTH_INT), matcher.group(QOP_AUTH));
        }
        copyHeaderMap(response.headers(), concurrentHashMap);
        this.parametersRef.set(Collections.unmodifiableMap(concurrentHashMap));
        if (concurrentHashMap.get("nonce") == null) {
            throw new IllegalArgumentException("missing nonce in challenge header: " + findHeader);
        }
        return authenticateWithState(route, response.request(), concurrentHashMap);
    }

    @Override // org.infinispan.client.rest.impl.okhttp.auth.CachingAuthenticator
    public Request authenticateWithState(Route route, Request request) throws IOException {
        Map<String, String> map = this.parametersRef.get();
        return authenticateWithState(route, request, map == null ? new ConcurrentHashMap() : new ConcurrentHashMap(map));
    }

    private Request authenticateWithState(Route route, Request request, Map<String, String> map) throws IOException {
        if (map.get("realm") == null) {
            return null;
        }
        String str = map.get("nonce");
        if (str == null) {
            throw new IllegalArgumentException("missing nonce in challenge");
        }
        if (havePreviousDigestAuthorizationAndShouldAbort(request, str, "true".equalsIgnoreCase(map.get("stale")))) {
            return null;
        }
        if (route == null || !route.requiresTunnel()) {
            String method = request.method();
            String requestPath = RequestLine.requestPath(request.url());
            map.put("methodname", method);
            map.put("uri", requestPath);
        } else {
            String str2 = request.url().host() + ":" + request.url().port();
            map.put("methodname", "CONNECT");
            map.put("uri", str2);
        }
        if (map.get("charset") == null) {
            map.put("charset", getCredentialsCharset(request));
        }
        return request.newBuilder().header(AbstractAuthenticator.WWW_AUTH_RESP, createDigestHeader(request, map)).tag(Authenticator.class, this).build();
    }

    private boolean havePreviousDigestAuthorizationAndShouldAbort(Request request, String str, boolean z) {
        String header = request.header(AbstractAuthenticator.WWW_AUTH_RESP);
        return (header == null || !header.startsWith("Digest") || z) ? false : true;
    }

    private void copyHeaderMap(Headers headers, Map<String, String> map) {
        for (int i = QOP_MISSING; i < headers.size(); i += QOP_AUTH_INT) {
            map.put(headers.name(i), headers.value(i));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private synchronized String createDigestHeader(Request request, Map<String, String> map) throws AbstractAuthenticator.AuthenticationException {
        String sb;
        String str;
        String sb2;
        String str2 = map.get("uri");
        String str3 = map.get("realm");
        String str4 = map.get("nonce");
        String str5 = map.get("opaque");
        String str6 = map.get("methodname");
        String str7 = map.get("algorithm");
        if (str7 == null) {
            str7 = "MD5";
        }
        HashSet hashSet = new HashSet(8);
        boolean z = QOP_UNKNOWN;
        String str8 = map.get("qop");
        if (str8 != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(str8, ",");
            while (stringTokenizer.hasMoreTokens()) {
                hashSet.add(stringTokenizer.nextToken().trim().toLowerCase(Locale.US));
            }
            if (request.body() != null && hashSet.contains("auth-int")) {
                z = QOP_AUTH_INT;
            } else if (hashSet.contains("auth")) {
                z = QOP_AUTH;
            }
        } else {
            z = QOP_MISSING;
        }
        if (z == QOP_UNKNOWN) {
            throw new AbstractAuthenticator.AuthenticationException("None of the qop methods is supported: " + str8);
        }
        String str9 = map.get("charset");
        if (str9 == null) {
            str9 = StandardCharsets.ISO_8859_1.name();
        }
        String str10 = str7;
        if ("MD5-sess".equalsIgnoreCase(str10)) {
            str10 = "MD5";
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str10);
            String username = this.configuration.username();
            String str11 = new String(this.configuration.password());
            if (str4.equals(this.lastNonce)) {
                this.nounceCount++;
            } else {
                this.nounceCount = 1L;
                this.cnonce = null;
                this.lastNonce = str4;
            }
            StringBuilder sb3 = new StringBuilder(256);
            Formatter formatter = new Formatter(sb3, Locale.US);
            formatter.format("%08x", Long.valueOf(this.nounceCount));
            formatter.close();
            String sb4 = sb3.toString();
            if (this.cnonce == null) {
                this.cnonce = createCnonce();
            }
            if ("MD5-sess".equalsIgnoreCase(str7)) {
                sb3.setLength(QOP_MISSING);
                sb3.append(username).append(':').append(str3).append(':').append(str11);
                String encode = encode(messageDigest.digest(getBytes(sb3.toString(), str9)));
                sb3.setLength(QOP_MISSING);
                sb3.append(encode).append(':').append(str4).append(':').append(this.cnonce);
                sb = sb3.toString();
            } else {
                sb3.setLength(QOP_MISSING);
                sb3.append(username).append(':').append(str3).append(':').append(str11);
                sb = sb3.toString();
            }
            String encode2 = encode(messageDigest.digest(getBytes(sb, str9)));
            if (z == QOP_AUTH) {
                str = str6 + ":" + str2;
            } else if (z != QOP_AUTH_INT) {
                str = str6 + ":" + str2;
            } else if (request.body() == null) {
                messageDigest.reset();
                str = str6 + ":" + str2 + ":" + encode(messageDigest.digest());
            } else {
                if (!hashSet.contains("auth")) {
                    throw new AbstractAuthenticator.AuthenticationException("Qop auth-int cannot be used with a non-repeatable entity");
                }
                z = QOP_AUTH;
                str = str6 + ":" + str2;
            }
            String encode3 = encode(messageDigest.digest(getBytes(str, str9)));
            if (z) {
                sb3.setLength(QOP_MISSING);
                sb3.append(encode2).append(':').append(str4).append(':').append(sb4).append(':').append(this.cnonce).append(':').append(z == QOP_AUTH_INT ? "auth-int" : "auth").append(':').append(encode3);
                sb2 = sb3.toString();
            } else {
                sb3.setLength(QOP_MISSING);
                sb3.append(encode2).append(':').append(str4).append(':').append(encode3);
                sb2 = sb3.toString();
            }
            String encode4 = encode(messageDigest.digest(getAsciiBytes(sb2)));
            StringBuilder sb5 = new StringBuilder(128);
            sb5.append("Digest username=\"");
            sb5.append(username);
            sb5.append("\", realm=\"");
            sb5.append(str3);
            sb5.append("\", nonce=\"");
            sb5.append(str4);
            sb5.append("\", uri=\"");
            sb5.append(str2);
            sb5.append("\", response=\"");
            sb5.append(encode4);
            sb5.append("\", ");
            if (z) {
                sb5.append("qop=");
                sb5.append(z == QOP_AUTH_INT ? "auth-int" : "auth");
                sb5.append(", nc=");
                sb5.append(sb4);
                sb5.append(", cnonce=\"");
                sb5.append(this.cnonce);
                sb5.append("\", ");
            }
            sb5.append("algorithm=");
            sb5.append(str7);
            if (str5 != null) {
                sb5.append(", opaque=\"");
                sb5.append(str5);
                sb5.append('\"');
            }
            return sb5.toString();
        } catch (Exception e) {
            throw new AbstractAuthenticator.AuthenticationException("Unsuppported digest algorithm: " + str10, e);
        }
    }

    public Charset getCredentialsCharset() {
        return this.credentialsCharset;
    }

    String getCredentialsCharset(Request request) {
        String header = request.header(CREDENTIAL_CHARSET);
        if (header == null) {
            header = getCredentialsCharset().name();
        }
        return header;
    }

    private byte[] getBytes(String str, String str2) {
        try {
            return str.getBytes(str2);
        } catch (UnsupportedEncodingException e) {
            return str.getBytes();
        }
    }

    public static byte[] getAsciiBytes(String str) {
        if (str == null) {
            throw new IllegalArgumentException("Parameter may not be null");
        }
        return str.getBytes(StandardCharsets.US_ASCII);
    }
}
