package org.eclipse.jetty.security.authentication;

import androidx.constraintlayout.core.motion.utils.TypedValues;
import com.miot.service.common.crypto.rc4coder.Coder;
import com.miot.service.common.miotcloud.impl.MiotCloudImpl;
import com.xiaomi.mipush.sdk.Constants;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Queue;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.atomic.AtomicInteger;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.util.k;
import org.eclipse.jetty.util.m;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.security.Credential;
import p6.a;
import q6.e;
import q6.l;

/* loaded from: classes2.dex */
public class DigestAuthenticator extends e {

    /* renamed from: h, reason: collision with root package name */
    private static final w6.c f21364h = w6.b.a(DigestAuthenticator.class);

    /* renamed from: d, reason: collision with root package name */
    SecureRandom f21365d = new SecureRandom();

    /* renamed from: e, reason: collision with root package name */
    private long f21366e = 60000;

    /* renamed from: f, reason: collision with root package name */
    private ConcurrentMap<String, a> f21367f = new ConcurrentHashMap();

    /* renamed from: g, reason: collision with root package name */
    private Queue<a> f21368g = new ConcurrentLinkedQueue();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class Digest extends Credential {
        private static final long serialVersionUID = -2484639019549527724L;
        final String method;
        String username = "";
        String realm = "";
        String nonce = "";
        String nc = "";
        String cnonce = "";
        String qop = "";
        String uri = "";
        String response = "";

        Digest(String str) {
            this.method = str;
        }

        @Override // org.eclipse.jetty.util.security.Credential
        public boolean check(Object obj) {
            byte[] digest;
            if (obj instanceof char[]) {
                obj = new String((char[]) obj);
            }
            String obj2 = obj instanceof String ? (String) obj : obj.toString();
            try {
                MessageDigest messageDigest = MessageDigest.getInstance(Coder.KEY_MD5);
                if (obj instanceof Credential.MD5) {
                    digest = ((Credential.MD5) obj).getDigest();
                } else {
                    messageDigest.update(this.username.getBytes("ISO-8859-1"));
                    messageDigest.update((byte) 58);
                    messageDigest.update(this.realm.getBytes("ISO-8859-1"));
                    messageDigest.update((byte) 58);
                    messageDigest.update(obj2.getBytes("ISO-8859-1"));
                    digest = messageDigest.digest();
                }
                messageDigest.reset();
                messageDigest.update(this.method.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(this.uri.getBytes("ISO-8859-1"));
                byte[] digest2 = messageDigest.digest();
                messageDigest.update(m.i(digest, 16).getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(this.nonce.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(this.nc.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(this.cnonce.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(this.qop.getBytes("ISO-8859-1"));
                messageDigest.update((byte) 58);
                messageDigest.update(m.i(digest2, 16).getBytes("ISO-8859-1"));
                return m.i(messageDigest.digest(), 16).equalsIgnoreCase(this.response);
            } catch (Exception e8) {
                DigestAuthenticator.f21364h.j(e8);
                return false;
            }
        }

        public String toString() {
            return this.username + Constants.ACCEPT_TIME_SEPARATOR_SP + this.response;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        final String f21369a;

        /* renamed from: b, reason: collision with root package name */
        final long f21370b;

        /* renamed from: c, reason: collision with root package name */
        AtomicInteger f21371c = new AtomicInteger();

        public a(String str, long j8) {
            this.f21369a = str;
            this.f21370b = j8;
        }
    }

    private int g(Digest digest, l lVar) {
        long H;
        int i8;
        synchronized (this) {
            H = lVar.H() - this.f21366e;
        }
        while (true) {
            a peek = this.f21368g.peek();
            if (peek == null || peek.f21370b >= H) {
                break;
            }
            this.f21368g.remove(peek);
            this.f21367f.remove(peek.f21369a);
        }
        try {
            a aVar = this.f21367f.get(digest.nonce);
            if (aVar == null) {
                return 0;
            }
            long parseLong = Long.parseLong(digest.nc, 16);
            if (parseLong > 2147483647L) {
                return 0;
            }
            AtomicInteger atomicInteger = aVar.f21371c;
            while (true) {
                i8 = atomicInteger.get();
                if (aVar.f21371c.compareAndSet(i8, (int) parseLong)) {
                    break;
                }
                atomicInteger = aVar.f21371c;
            }
            return parseLong <= ((long) i8) ? -1 : 1;
        } catch (Exception e8) {
            f21364h.d(e8);
            return -1;
        }
    }

    @Override // org.eclipse.jetty.security.authentication.e, p6.a
    public void a(a.InterfaceC0224a interfaceC0224a) {
        super.a(interfaceC0224a);
        String v8 = interfaceC0224a.v("maxNonceAge");
        if (v8 != null) {
            synchronized (this) {
                this.f21366e = Long.valueOf(v8).longValue();
            }
        }
    }

    @Override // p6.a
    public q6.e b(ServletRequest servletRequest, ServletResponse servletResponse, boolean z8) {
        if (!z8) {
            return new c(this);
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = httpServletRequest.getHeader("Authorization");
        boolean z9 = false;
        if (header != null) {
            try {
                w6.c cVar = f21364h;
                if (cVar.a()) {
                    cVar.e("Credentials: " + header, new Object[0]);
                }
                k kVar = new k(header, "=, ", true, false);
                Digest digest = new Digest(httpServletRequest.getMethod());
                String str = null;
                String str2 = null;
                while (kVar.hasMoreTokens()) {
                    String nextToken = kVar.nextToken();
                    char charAt = nextToken.length() == 1 ? nextToken.charAt(0) : (char) 0;
                    if (charAt != ' ') {
                        if (charAt != ',') {
                            if (charAt == '=') {
                                str2 = str;
                            } else if (str2 != null) {
                                if ("username".equalsIgnoreCase(str2)) {
                                    digest.username = nextToken;
                                } else if ("realm".equalsIgnoreCase(str2)) {
                                    digest.realm = nextToken;
                                } else if ("nonce".equalsIgnoreCase(str2)) {
                                    digest.nonce = nextToken;
                                } else if ("nc".equalsIgnoreCase(str2)) {
                                    digest.nc = nextToken;
                                } else if ("cnonce".equalsIgnoreCase(str2)) {
                                    digest.cnonce = nextToken;
                                } else if ("qop".equalsIgnoreCase(str2)) {
                                    digest.qop = nextToken;
                                } else if ("uri".equalsIgnoreCase(str2)) {
                                    digest.uri = nextToken;
                                } else if ("response".equalsIgnoreCase(str2)) {
                                    digest.response = nextToken;
                                }
                                str2 = null;
                            }
                            str = nextToken;
                        } else {
                            str2 = null;
                        }
                    }
                }
                int g8 = g(digest, (l) httpServletRequest);
                if (g8 > 0) {
                    e(digest.username, digest, servletRequest);
                } else if (g8 == 0) {
                    z9 = true;
                }
            } catch (IOException e8) {
                throw new ServerAuthException(e8);
            }
        }
        if (c.e(httpServletResponse)) {
            return q6.e.f22526j0;
        }
        String contextPath = httpServletRequest.getContextPath();
        if (contextPath == null) {
            contextPath = MiotCloudImpl.COOKIE_PATH;
        }
        httpServletResponse.setHeader("WWW-Authenticate", "Digest realm=\"" + this.f21393a.getName() + "\", domain=\"" + contextPath + "\", nonce=\"" + h((l) httpServletRequest) + "\", algorithm=MD5, qop=\"auth\", stale=" + z9);
        httpServletResponse.sendError(TypedValues.CycleType.TYPE_CURVE_FIT);
        return q6.e.f22528l0;
    }

    @Override // p6.a
    public boolean c(ServletRequest servletRequest, ServletResponse servletResponse, boolean z8, e.h hVar) {
        return true;
    }

    @Override // p6.a
    public String getAuthMethod() {
        return Constraint.__DIGEST_AUTH;
    }

    public String h(l lVar) {
        a aVar;
        do {
            byte[] bArr = new byte[24];
            this.f21365d.nextBytes(bArr);
            aVar = new a(new String(org.eclipse.jetty.util.d.c(bArr)), lVar.H());
        } while (this.f21367f.putIfAbsent(aVar.f21369a, aVar) != null);
        this.f21368g.add(aVar);
        return aVar.f21369a;
    }
}
