package org.nuxeo.ecm.ui.web.auth.digest;

import java.util.Map;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.directory.Session;
import org.nuxeo.ecm.directory.api.DirectoryService;
import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo;
import org.nuxeo.ecm.platform.login.BaseLoginModule;
import org.nuxeo.ecm.platform.usermanager.UserManager;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/ecm/ui/web/auth/digest/DigestLoginPlugin.class */
public class DigestLoginPlugin extends BaseLoginModule {
    private static final Log log = LogFactory.getLog(DigestLoginPlugin.class);
    protected static final String REALM = "realm";
    protected static final String HTTP_METHOD = "httpMethod";
    protected static final String URI = "uri";
    protected static final String QOP = "qop";
    protected static final String NONCE = "nonce";
    protected static final String NC = "nc";
    protected static final String CNONCE = "cnonce";

    public Boolean initLoginModule() {
        return Boolean.TRUE;
    }

    public String validatedUserIdentity(UserIdentificationInfo userIdentificationInfo) {
        try {
            String storedHA1 = getStoredHA1(userIdentificationInfo.getUserName());
            if (StringUtils.isEmpty(storedHA1)) {
                log.warn("Digest authentication failed. Stored HA1 is empty");
                return null;
            }
            Map loginParameters = userIdentificationInfo.getLoginParameters();
            if (generateDigest(storedHA1, (String) loginParameters.get(HTTP_METHOD), (String) loginParameters.get(URI), (String) loginParameters.get(QOP), (String) loginParameters.get(NONCE), (String) loginParameters.get(NC), (String) loginParameters.get(CNONCE)).equals(userIdentificationInfo.getPassword())) {
                return userIdentificationInfo.getUserName();
            }
            log.warn("Digest authentication failed for user: " + userIdentificationInfo.getUserName() + " realm: " + ((String) loginParameters.get(REALM)));
            return null;
        } catch (Exception e) {
            log.error("Digest authentication failed", e);
            return null;
        }
    }

    public static String generateDigest(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws IllegalArgumentException {
        String str8;
        String md5Hex = DigestUtils.md5Hex(str2 + ":" + str3);
        if (str4 == null) {
            str8 = str + ":" + str5 + ":" + md5Hex;
        } else {
            if (!"auth".equals(str4)) {
                throw new IllegalArgumentException("This method does not support a qop: '" + str4 + "'");
            }
            str8 = str + ":" + str5 + ":" + str6 + ":" + str7 + ":" + str4 + ":" + md5Hex;
        }
        return DigestUtils.md5Hex(str8);
    }

    public static String encodeDigestAuthPassword(String str, String str2, String str3) {
        return DigestUtils.md5Hex(str + ":" + str2 + ":" + str3);
    }

    protected String getStoredHA1(String str) throws Exception {
        String digestAuthDirectory = ((UserManager) Framework.getService(UserManager.class)).getDigestAuthDirectory();
        DirectoryService directoryService = (DirectoryService) Framework.getLocalService(DirectoryService.class);
        if (directoryService.getDirectory(digestAuthDirectory) == null) {
            throw new IllegalArgumentException("Digest Auth directory not found: " + digestAuthDirectory);
        }
        Session open = directoryService.open(digestAuthDirectory);
        try {
            String directorySchema = directoryService.getDirectorySchema(digestAuthDirectory);
            DocumentModel entry = open.getEntry(str, true);
            return entry == null ? null : (String) entry.getProperty(directorySchema, open.getPasswordField());
        } finally {
            open.close();
        }
    }
}
