package org.eclipse.jetty.security.authentication;

import androidx.autofill.HintConstants;
import com.tencent.connect.common.Constants;
import ii.a;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.BitSet;
import java.util.Queue;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.ConcurrentMap;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import ji.c0;
import ji.f;
import ji.s;
import org.eclipse.jetty.http.o;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.util.r;
import org.eclipse.jetty.util.security.Credential;
import org.eclipse.jetty.util.v;

/* compiled from: TbsSdkJava */
/* loaded from: classes6.dex */
public class DigestAuthenticator extends e {
    public static final vi.e i = vi.d.f(DigestAuthenticator.class);
    public SecureRandom d = new SecureRandom();
    public long e = 60000;
    public int f = 1024;
    public ConcurrentMap<String, a> g = new ConcurrentHashMap();
    public Queue<a> h = new ConcurrentLinkedQueue();

    /* compiled from: TbsSdkJava */
    /* loaded from: classes6.dex */
    public static class Digest extends Credential {
        private static final long serialVersionUID = -2484639019549527724L;
        final String method;
        String username = "";
        String realm = "";
        String nonce = "";
        String nc = "";
        String cnonce = "";
        String qop = "";
        String uri = "";
        String response = "";

        public Digest(String str) {
            this.method = str;
        }

        @Override // org.eclipse.jetty.util.security.Credential
        public boolean check(Object obj) {
            byte[] digest;
            if (obj instanceof char[]) {
                obj = new String((char[]) obj);
            }
            String obj2 = obj instanceof String ? (String) obj : obj.toString();
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("MD5");
                if (obj instanceof Credential.MD5) {
                    digest = ((Credential.MD5) obj).getDigest();
                } else {
                    messageDigest.update(this.username.getBytes("ISO-8859-1"));
                    messageDigest.update(o.a);
                    messageDigest.update(this.realm.getBytes("ISO-8859-1"));
                    messageDigest.update(o.a);
                    messageDigest.update(obj2.getBytes("ISO-8859-1"));
                    digest = messageDigest.digest();
                }
                messageDigest.reset();
                messageDigest.update(this.method.getBytes("ISO-8859-1"));
                messageDigest.update(o.a);
                messageDigest.update(this.uri.getBytes("ISO-8859-1"));
                byte[] digest2 = messageDigest.digest();
                messageDigest.update(v.u(digest, 16).getBytes("ISO-8859-1"));
                messageDigest.update(o.a);
                messageDigest.update(this.nonce.getBytes("ISO-8859-1"));
                messageDigest.update(o.a);
                messageDigest.update(this.nc.getBytes("ISO-8859-1"));
                messageDigest.update(o.a);
                messageDigest.update(this.cnonce.getBytes("ISO-8859-1"));
                messageDigest.update(o.a);
                messageDigest.update(this.qop.getBytes("ISO-8859-1"));
                messageDigest.update(o.a);
                messageDigest.update(v.u(digest2, 16).getBytes("ISO-8859-1"));
                return v.u(messageDigest.digest(), 16).equalsIgnoreCase(this.response);
            } catch (Exception e) {
                DigestAuthenticator.i.e(e);
                return false;
            }
        }

        public String toString() {
            return this.username + "," + this.response;
        }
    }

    /* compiled from: TbsSdkJava */
    /* loaded from: classes6.dex */
    public static class a {
        public final String a;
        public final long b;
        public final BitSet c;

        public a(String str, long j, int i) {
            this.a = str;
            this.b = j;
            this.c = new BitSet(i);
        }

        public boolean a(int i) {
            synchronized (this) {
                try {
                    if (i >= this.c.size()) {
                        return true;
                    }
                    boolean z = this.c.get(i);
                    this.c.set(i);
                    return z;
                } catch (Throwable th) {
                    throw th;
                }
            }
        }
    }

    public boolean a(ServletRequest servletRequest, ServletResponse servletResponse, boolean z, f.k kVar) throws ServerAuthException {
        return true;
    }

    @Override // org.eclipse.jetty.security.authentication.e
    public void b(a.a aVar) {
        super.b(aVar);
        String initParameter = aVar.getInitParameter("maxNonceAge");
        if (initParameter != null) {
            this.e = Long.valueOf(initParameter).longValue();
        }
    }

    public ji.f c(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        if (!z) {
            return new c(this);
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String h = httpServletRequest.h("Authorization");
        boolean z2 = false;
        if (h != null) {
            try {
                vi.e eVar = i;
                if (eVar.isDebugEnabled()) {
                    eVar.debug("Credentials: " + h, new Object[0]);
                }
                r rVar = new r(h, "=, ", true, false);
                Digest digest = new Digest(httpServletRequest.getMethod());
                String str = null;
                String str2 = null;
                while (rVar.hasMoreTokens()) {
                    String nextToken = rVar.nextToken();
                    char charAt = nextToken.length() == 1 ? nextToken.charAt(0) : (char) 0;
                    if (charAt != ' ') {
                        if (charAt != ',') {
                            if (charAt == '=') {
                                str2 = str;
                            } else if (str2 != null) {
                                if (HintConstants.AUTOFILL_HINT_USERNAME.equalsIgnoreCase(str2)) {
                                    digest.username = nextToken;
                                } else if ("realm".equalsIgnoreCase(str2)) {
                                    digest.realm = nextToken;
                                } else if (Constants.NONCE.equalsIgnoreCase(str2)) {
                                    digest.nonce = nextToken;
                                } else if ("nc".equalsIgnoreCase(str2)) {
                                    digest.nc = nextToken;
                                } else if ("cnonce".equalsIgnoreCase(str2)) {
                                    digest.cnonce = nextToken;
                                } else if ("qop".equalsIgnoreCase(str2)) {
                                    digest.qop = nextToken;
                                } else if ("uri".equalsIgnoreCase(str2)) {
                                    digest.uri = nextToken;
                                } else if ("response".equalsIgnoreCase(str2)) {
                                    digest.response = nextToken;
                                }
                                str2 = null;
                            }
                            str = nextToken;
                        } else {
                            str2 = null;
                        }
                    }
                }
                int h2 = h(digest, (s) httpServletRequest);
                if (h2 > 0) {
                    c0 e = e(digest.username, digest, servletRequest);
                    if (e != null) {
                        return new ii.s(getAuthMethod(), e);
                    }
                } else if (h2 == 0) {
                    z2 = true;
                }
            } catch (IOException e2) {
                throw new ServerAuthException(e2);
            }
        }
        if (c.d(httpServletResponse)) {
            return ji.f.R0;
        }
        String l = httpServletRequest.l();
        if (l == null) {
            l = "/";
        }
        httpServletResponse.u("WWW-Authenticate", "Digest realm=\"" + this.a.getName() + "\", domain=\"" + l + "\", nonce=\"" + k((s) httpServletRequest) + "\", algorithm=MD5, qop=\"auth\", stale=" + z2);
        httpServletResponse.C(401);
        return ji.f.T0;
    }

    public String getAuthMethod() {
        return "DIGEST";
    }

    public final int h(Digest digest, s sVar) {
        long y0 = sVar.y0() - this.e;
        a peek = this.h.peek();
        while (peek != null && peek.b < y0) {
            this.h.remove(peek);
            this.g.remove(peek.a);
            peek = this.h.peek();
        }
        try {
            a aVar = this.g.get(digest.nonce);
            if (aVar == null) {
                return 0;
            }
            long parseLong = Long.parseLong(digest.nc, 16);
            if (parseLong >= this.f) {
                return 0;
            }
            return aVar.a((int) parseLong) ? -1 : 1;
        } catch (Exception e) {
            i.f(e);
            return -1;
        }
    }

    public long i() {
        return this.e;
    }

    public int j() {
        return this.f;
    }

    public String k(s sVar) {
        a aVar;
        do {
            byte[] bArr = new byte[24];
            this.d.nextBytes(bArr);
            aVar = new a(new String(org.eclipse.jetty.util.e.i(bArr)), sVar.y0(), this.f);
        } while (this.g.putIfAbsent(aVar.a, aVar) != null);
        this.h.add(aVar);
        return aVar.a;
    }

    public void l(long j) {
        this.e = j;
    }

    public void m(int i2) {
        this.f = i2;
    }
}
