package org.apache.catalina.authenticator;

import com.mapr.fs.jni.MapRConstants;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.StringTokenizer;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Realm;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.util.MD5Encoder;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.log4j.spi.LocationInfo;
import org.apache.naming.resources.ProxyDirContext;

/* loaded from: input_file:hadoop-hdfs-httpfs-2.5.1-mapr-1501/share/hadoop/httpfs/tomcat/lib/catalina.jar:org/apache/catalina/authenticator/DigestAuthenticator.class */
public class DigestAuthenticator extends AuthenticatorBase {
    private static Log log = LogFactory.getLog(DigestAuthenticator.class);
    protected static final MD5Encoder md5Encoder = new MD5Encoder();
    protected static final String info = "org.apache.catalina.authenticator.DigestAuthenticator/1.0";
    protected static final String QOP = "auth";
    protected static MessageDigest md5Helper;
    protected Map<String, NonceInfo> nonces;
    protected String opaque;
    protected int nonceCacheSize = 1000;
    protected String key = null;
    protected long nonceValidity = 300000;
    protected boolean validateUri = true;

    /* loaded from: input_file:hadoop-hdfs-httpfs-2.5.1-mapr-1501/share/hadoop/httpfs/tomcat/lib/catalina.jar:org/apache/catalina/authenticator/DigestAuthenticator$DigestInfo.class */
    private static class DigestInfo {
        private final String opaque;
        private final long nonceValidity;
        private final String key;
        private final Map<String, NonceInfo> nonces;
        private boolean validateUri;
        private String userName = null;
        private String method = null;
        private String uri = null;
        private String response = null;
        private String nonce = null;
        private String nc = null;
        private String cnonce = null;
        private String realmName = null;
        private String qop = null;
        private String opaqueReceived = null;
        private boolean nonceStale = false;

        public DigestInfo(String str, long j, String str2, Map<String, NonceInfo> map, boolean z) {
            this.validateUri = true;
            this.opaque = str;
            this.nonceValidity = j;
            this.key = str2;
            this.nonces = map;
            this.validateUri = z;
        }

        public String getUsername() {
            return this.userName;
        }

        public boolean parse(Request request, String str) {
            if (str == null || !str.startsWith("Digest ")) {
                return false;
            }
            String[] split = str.substring(7).trim().split(",(?=(?:[^\"]*\"[^\"]*\")+$)");
            this.method = request.getMethod();
            for (String str2 : split) {
                if (str2.length() != 0) {
                    int indexOf = str2.indexOf(61);
                    if (indexOf < 0) {
                        return false;
                    }
                    String trim = str2.substring(0, indexOf).trim();
                    String trim2 = str2.substring(indexOf + 1).trim();
                    if ("username".equals(trim)) {
                        this.userName = DigestAuthenticator.removeQuotes(trim2);
                    }
                    if ("realm".equals(trim)) {
                        this.realmName = DigestAuthenticator.removeQuotes(trim2, true);
                    }
                    if ("nonce".equals(trim)) {
                        this.nonce = DigestAuthenticator.removeQuotes(trim2);
                    }
                    if ("nc".equals(trim)) {
                        this.nc = DigestAuthenticator.removeQuotes(trim2);
                    }
                    if ("cnonce".equals(trim)) {
                        this.cnonce = DigestAuthenticator.removeQuotes(trim2);
                    }
                    if ("qop".equals(trim)) {
                        this.qop = DigestAuthenticator.removeQuotes(trim2);
                    }
                    if ("uri".equals(trim)) {
                        this.uri = DigestAuthenticator.removeQuotes(trim2);
                    }
                    if ("response".equals(trim)) {
                        this.response = DigestAuthenticator.removeQuotes(trim2);
                    }
                    if ("opaque".equals(trim)) {
                        this.opaqueReceived = DigestAuthenticator.removeQuotes(trim2);
                    }
                }
            }
            return true;
        }

        public boolean validate(Request request, LoginConfig loginConfig) {
            int indexOf;
            byte[] digest;
            NonceInfo nonceInfo;
            if (this.userName == null || this.realmName == null || this.nonce == null || this.uri == null || this.response == null) {
                return false;
            }
            if (this.validateUri) {
                String queryString = request.getQueryString();
                String requestURI = queryString == null ? request.getRequestURI() : request.getRequestURI() + LocationInfo.NA + queryString;
                if (!this.uri.equals(requestURI)) {
                    String header = request.getHeader(ProxyDirContext.HOST);
                    String scheme = request.getScheme();
                    if (header == null || requestURI.startsWith(scheme)) {
                        return false;
                    }
                    if (!this.uri.equals(scheme + "://" + header + requestURI)) {
                        return false;
                    }
                }
            }
            String realmName = loginConfig.getRealmName();
            if (realmName == null) {
                realmName = "Authentication required";
            }
            if (!realmName.equals(this.realmName) || !this.opaque.equals(this.opaqueReceived) || (indexOf = this.nonce.indexOf(MapRConstants.IP_PORT_SEPARATOR)) < 0 || indexOf + 1 == this.nonce.length()) {
                return false;
            }
            try {
                long parseLong = Long.parseLong(this.nonce.substring(0, indexOf));
                String substring = this.nonce.substring(indexOf + 1);
                if (System.currentTimeMillis() - parseLong > this.nonceValidity) {
                    this.nonceStale = true;
                    synchronized (this.nonces) {
                        this.nonces.remove(this.nonce);
                    }
                }
                String str = request.getRemoteAddr() + MapRConstants.IP_PORT_SEPARATOR + parseLong + MapRConstants.IP_PORT_SEPARATOR + this.key;
                synchronized (DigestAuthenticator.md5Helper) {
                    digest = DigestAuthenticator.md5Helper.digest(str.getBytes());
                }
                if (!DigestAuthenticator.md5Encoder.encode(digest).equals(substring)) {
                    return false;
                }
                if (this.qop != null && !"auth".equals(this.qop)) {
                    return false;
                }
                if (this.qop == null) {
                    return this.cnonce == null && this.nc == null;
                }
                if (this.cnonce == null || this.nc == null || this.nc.length() < 6 || this.nc.length() > 8) {
                    return false;
                }
                try {
                    long parseLong2 = Long.parseLong(this.nc, 16);
                    synchronized (this.nonces) {
                        nonceInfo = this.nonces.get(this.nonce);
                    }
                    if (nonceInfo != null) {
                        return nonceInfo.nonceCountValid(parseLong2);
                    }
                    this.nonceStale = true;
                    return true;
                } catch (NumberFormatException e) {
                    return false;
                }
            } catch (NumberFormatException e2) {
                return false;
            }
        }

        public boolean isNonceStale() {
            return this.nonceStale;
        }

        public Principal authenticate(Realm realm) {
            byte[] digest;
            String str = this.method + MapRConstants.IP_PORT_SEPARATOR + this.uri;
            synchronized (DigestAuthenticator.md5Helper) {
                digest = DigestAuthenticator.md5Helper.digest(str.getBytes());
            }
            return realm.authenticate(this.userName, this.response, this.nonce, this.nc, this.cnonce, this.qop, this.realmName, DigestAuthenticator.md5Encoder.encode(digest));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:hadoop-hdfs-httpfs-2.5.1-mapr-1501/share/hadoop/httpfs/tomcat/lib/catalina.jar:org/apache/catalina/authenticator/DigestAuthenticator$NonceInfo.class */
    public static class NonceInfo {
        private volatile long timestamp;
        private volatile boolean[] seen;
        private volatile int offset;
        private volatile int count = 0;

        public NonceInfo(long j, int i) {
            this.timestamp = j;
            this.seen = new boolean[i];
            this.offset = i / 2;
        }

        public synchronized boolean nonceCountValid(long j) {
            if (this.count - this.offset >= j || j > (this.count - this.offset) + this.seen.length) {
                return false;
            }
            int length = (int) ((j + this.offset) % this.seen.length);
            if (this.seen[length]) {
                return false;
            }
            this.seen[length] = true;
            this.seen[this.count % this.seen.length] = false;
            this.count++;
            return true;
        }

        public long getTimestamp() {
            return this.timestamp;
        }
    }

    public DigestAuthenticator() {
        setCache(false);
        try {
            if (md5Helper == null) {
                md5Helper = MessageDigest.getInstance("MD5");
            }
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            throw new IllegalStateException();
        }
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase, org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve
    public String getInfo() {
        return info;
    }

    public int getNonceCacheSize() {
        return this.nonceCacheSize;
    }

    public void setNonceCacheSize(int i) {
        this.nonceCacheSize = i;
    }

    public String getKey() {
        return this.key;
    }

    public void setKey(String str) {
        this.key = str;
    }

    public long getNonceValidity() {
        return this.nonceValidity;
    }

    public void setNonceValidity(long j) {
        this.nonceValidity = j;
    }

    public String getOpaque() {
        return this.opaque;
    }

    public void setOpaque(String str) {
        this.opaque = str;
    }

    public boolean isValidateUri() {
        return this.validateUri;
    }

    public void setValidateUri(boolean z) {
        this.validateUri = z;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    public boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException {
        Principal userPrincipal = request.getUserPrincipal();
        if (userPrincipal != null) {
            if (log.isDebugEnabled()) {
                log.debug("Already authenticated '" + userPrincipal.getName() + "'");
            }
            String str = (String) request.getNote(Constants.REQ_SSOID_NOTE);
            if (str == null) {
                return true;
            }
            associate(str, request.getSessionInternal(true));
            return true;
        }
        String header = request.getHeader("authorization");
        DigestInfo digestInfo = new DigestInfo(getOpaque(), getNonceValidity(), getKey(), this.nonces, isValidateUri());
        if (header != null && digestInfo.parse(request, header)) {
            if (digestInfo.validate(request, loginConfig)) {
                userPrincipal = digestInfo.authenticate(this.context.getRealm());
            }
            if (userPrincipal != null && !digestInfo.isNonceStale()) {
                register(request, response, userPrincipal, "DIGEST", digestInfo.getUsername(), null);
                return true;
            }
        }
        setAuthenticateHeader(request, response, loginConfig, generateNonce(request), userPrincipal != null && digestInfo.isNonceStale());
        response.sendError(401);
        return false;
    }

    @Deprecated
    protected String parseUsername(String str) {
        String nextToken;
        int indexOf;
        if (str == null || !str.startsWith("Digest ")) {
            return null;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str.substring(7).trim(), ",");
        while (stringTokenizer.hasMoreTokens() && (indexOf = (nextToken = stringTokenizer.nextToken()).indexOf(61)) >= 0) {
            String trim = nextToken.substring(0, indexOf).trim();
            String trim2 = nextToken.substring(indexOf + 1).trim();
            if ("username".equals(trim)) {
                return removeQuotes(trim2);
            }
        }
        return null;
    }

    protected static String removeQuotes(String str, boolean z) {
        return (str.length() <= 0 || str.charAt(0) == '\"' || z) ? str.length() > 2 ? str.substring(1, str.length() - 1) : "" : str;
    }

    protected static String removeQuotes(String str) {
        return removeQuotes(str, false);
    }

    protected String generateNonce(Request request) {
        byte[] digest;
        long currentTimeMillis = System.currentTimeMillis();
        String str = request.getRemoteAddr() + MapRConstants.IP_PORT_SEPARATOR + currentTimeMillis + MapRConstants.IP_PORT_SEPARATOR + getKey();
        synchronized (md5Helper) {
            digest = md5Helper.digest(str.getBytes());
        }
        String str2 = currentTimeMillis + MapRConstants.IP_PORT_SEPARATOR + md5Encoder.encode(digest);
        NonceInfo nonceInfo = new NonceInfo(currentTimeMillis, 100);
        synchronized (this.nonces) {
            this.nonces.put(str2, nonceInfo);
        }
        return str2;
    }

    protected void setAuthenticateHeader(Request request, Response response, LoginConfig loginConfig, String str, boolean z) {
        String realmName = loginConfig.getRealmName();
        if (realmName == null) {
            realmName = "Authentication required";
        }
        response.setHeader("WWW-Authenticate", z ? "Digest realm=\"" + realmName + "\", qop=\"auth\", nonce=\"" + str + "\", opaque=\"" + getOpaque() + "\", stale=true" : "Digest realm=\"" + realmName + "\", qop=\"auth\", nonce=\"" + str + "\", opaque=\"" + getOpaque() + "\"");
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase, org.apache.catalina.Lifecycle
    public void start() throws LifecycleException {
        super.start();
        if (getKey() == null) {
            setKey(generateSessionId());
        }
        if (getOpaque() == null) {
            setOpaque(generateSessionId());
        }
        this.nonces = new LinkedHashMap<String, NonceInfo>() { // from class: org.apache.catalina.authenticator.DigestAuthenticator.1
            private static final long serialVersionUID = 1;
            private static final long LOG_SUPPRESS_TIME = 300000;
            private long lastLog = 0;

            @Override // java.util.LinkedHashMap
            protected boolean removeEldestEntry(Map.Entry<String, NonceInfo> entry) {
                long currentTimeMillis = System.currentTimeMillis();
                if (size() <= DigestAuthenticator.this.getNonceCacheSize()) {
                    return false;
                }
                if (this.lastLog >= currentTimeMillis || currentTimeMillis - entry.getValue().getTimestamp() >= DigestAuthenticator.this.getNonceValidity()) {
                    return true;
                }
                DigestAuthenticator.log.warn(AuthenticatorBase.sm.getString("digestAuthenticator.cacheRemove"));
                this.lastLog = currentTimeMillis + 300000;
                return true;
            }
        };
    }
}
