package org.nuxeo.ecm.ui.web.auth.digest;

import au.com.bytecode.opencsv.CSVReader;
import java.io.IOException;
import java.io.StringReader;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin;

/* loaded from: input_file:org/nuxeo/ecm/ui/web/auth/digest/DigestAuthenticator.class */
public class DigestAuthenticator implements NuxeoAuthenticationPlugin {
    protected static final String DEFAULT_REALMNAME = "NUXEO";
    protected static final long DEFAULT_NONCE_VALIDITY_SECONDS = 1000;
    protected static final String REALM_NAME_KEY = "RealmName";
    protected static final String BA_HEADER_NAME = "WWW-Authenticate";
    protected String realmName;
    protected long nonceValiditySeconds = DEFAULT_NONCE_VALIDITY_SECONDS;
    protected String accessKey = "key";
    private static final Log log = LogFactory.getLog(DigestAuthenticator.class);
    protected static final Pattern PAIR_ITEM_PATTERN = Pattern.compile("^(.*?)=([\\s\"]*)?(.*)(\")?$");

    public Boolean handleLoginPrompt(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        long currentTimeMillis = System.currentTimeMillis() + (this.nonceValiditySeconds * DEFAULT_NONCE_VALIDITY_SECONDS);
        try {
            httpServletResponse.addHeader(BA_HEADER_NAME, String.format("Digest realm=\"%s\", qop=\"auth\", nonce=\"%s\"", this.realmName, new String(Base64.encodeBase64((currentTimeMillis + ":" + DigestUtils.md5Hex(currentTimeMillis + ":" + this.accessKey)).getBytes()))));
            httpServletResponse.sendError(401);
            return Boolean.TRUE;
        } catch (IOException e) {
            return Boolean.FALSE;
        }
    }

    public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader("Authorization");
        if (StringUtils.isEmpty(header) || !header.toLowerCase().startsWith("digest ")) {
            return null;
        }
        Map<String, String> splitParameters = splitParameters(header.substring("digest ".length()));
        splitParameters.put("httpMethod", httpServletRequest.getMethod());
        Long.parseLong(new String(Base64.decodeBase64(splitParameters.get("nonce").getBytes())).split(":")[0]);
        UserIdentificationInfo userIdentificationInfo = new UserIdentificationInfo(splitParameters.get("username"), splitParameters.get("response"));
        userIdentificationInfo.setLoginParameters(splitParameters);
        return userIdentificationInfo;
    }

    public Boolean needLoginPrompt(HttpServletRequest httpServletRequest) {
        return Boolean.TRUE;
    }

    public void initPlugin(Map<String, String> map) {
        if (map.containsKey(REALM_NAME_KEY)) {
            this.realmName = map.get(REALM_NAME_KEY);
        } else {
            this.realmName = DEFAULT_REALMNAME;
        }
    }

    public List<String> getUnAuthenticatedURLPrefix() {
        return null;
    }

    public static Map<String, String> splitParameters(String str) {
        HashMap hashMap = new HashMap();
        CSVReader cSVReader = null;
        try {
            cSVReader = new CSVReader(new StringReader(str));
            try {
                for (String str2 : cSVReader.readNext()) {
                    Matcher matcher = PAIR_ITEM_PATTERN.matcher(str2);
                    if (matcher.find()) {
                        hashMap.put(matcher.group(1).trim(), matcher.group(3).trim());
                    } else {
                        log.warn("Could not parse item pair " + str2);
                    }
                }
                if (cSVReader != null) {
                    try {
                        cSVReader.close();
                    } catch (IOException e) {
                        log.error("Could not close reader", e);
                    }
                }
                return hashMap;
            } catch (IOException e2) {
                log.error(e2.getMessage(), e2);
                if (cSVReader != null) {
                    try {
                        cSVReader.close();
                    } catch (IOException e3) {
                        log.error("Could not close reader", e3);
                    }
                }
                return hashMap;
            }
        } catch (Throwable th) {
            if (cSVReader != null) {
                try {
                    cSVReader.close();
                } catch (IOException e4) {
                    log.error("Could not close reader", e4);
                }
            }
            throw th;
        }
    }
}
