package org.bouncycastle.est;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cms.CMSAttributeTableGenerator;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;
import org.inferred.freebuilder.shaded.org.openjdk.tools.doclint.DocLint;

/* JADX WARN: Classes with same name are omitted:
  input_file:META-INF/bundled-dependencies/bouncy-castle-bc-2.8.0-rc-202105132206-pkg.jar:lib/bcpkix-jdk15on-1.68.jar:org/bouncycastle/est/HttpAuth.class
 */
/* loaded from: input_file:META-INF/bundled-dependencies/bcpkix-jdk15on-1.60.jar:org/bouncycastle/est/HttpAuth.class */
public class HttpAuth implements ESTAuth {
    private static final DigestAlgorithmIdentifierFinder digestAlgorithmIdentifierFinder = new DefaultDigestAlgorithmIdentifierFinder();
    private final String realm;
    private final String username;
    private final char[] password;
    private final SecureRandom nonceGenerator;
    private final DigestCalculatorProvider digestCalculatorProvider;
    private static final Set<String> validParts;

    public HttpAuth(String str, char[] cArr) {
        this(null, str, cArr, null, null);
    }

    public HttpAuth(String str, String str2, char[] cArr) {
        this(str, str2, cArr, null, null);
    }

    public HttpAuth(String str, char[] cArr, SecureRandom secureRandom, DigestCalculatorProvider digestCalculatorProvider) {
        this(null, str, cArr, secureRandom, digestCalculatorProvider);
    }

    public HttpAuth(String str, String str2, char[] cArr, SecureRandom secureRandom, DigestCalculatorProvider digestCalculatorProvider) {
        this.realm = str;
        this.username = str2;
        this.password = cArr;
        this.nonceGenerator = secureRandom;
        this.digestCalculatorProvider = digestCalculatorProvider;
    }

    @Override // org.bouncycastle.est.ESTAuth
    public void applyAuth(ESTRequestBuilder eSTRequestBuilder) {
        eSTRequestBuilder.withHijacker(new ESTHijacker() { // from class: org.bouncycastle.est.HttpAuth.1
            @Override // org.bouncycastle.est.ESTHijacker
            public ESTResponse hijack(ESTRequest eSTRequest, Source source) throws IOException {
                ESTResponse doRequest;
                ESTResponse eSTResponse = new ESTResponse(eSTRequest, source);
                if (eSTResponse.getStatusCode() != 401) {
                    return eSTResponse;
                }
                String header = eSTResponse.getHeader("WWW-Authenticate");
                if (header == null) {
                    throw new ESTException("Status of 401 but no WWW-Authenticate header");
                }
                String lowerCase = Strings.toLowerCase(header);
                if (lowerCase.startsWith(CMSAttributeTableGenerator.DIGEST)) {
                    doRequest = HttpAuth.this.doDigestFunction(eSTResponse);
                } else {
                    if (!lowerCase.startsWith("basic")) {
                        throw new ESTException("Unknown auth mode: " + lowerCase);
                    }
                    eSTResponse.close();
                    Map<String, String> splitCSL = HttpUtil.splitCSL("Basic", eSTResponse.getHeader("WWW-Authenticate"));
                    if (HttpAuth.this.realm != null && !HttpAuth.this.realm.equals(splitCSL.get("realm"))) {
                        throw new ESTException("Supplied realm '" + HttpAuth.this.realm + "' does not match server realm '" + splitCSL.get("realm") + "'", null, 401, null);
                    }
                    ESTRequestBuilder withHijacker = new ESTRequestBuilder(eSTRequest).withHijacker(null);
                    if (HttpAuth.this.realm != null && HttpAuth.this.realm.length() > 0) {
                        withHijacker.setHeader("WWW-Authenticate", "Basic realm=\"" + HttpAuth.this.realm + "\"");
                    }
                    if (HttpAuth.this.username.contains(":")) {
                        throw new IllegalArgumentException("User must not contain a ':'");
                    }
                    char[] cArr = new char[HttpAuth.this.username.length() + 1 + HttpAuth.this.password.length];
                    System.arraycopy(HttpAuth.this.username.toCharArray(), 0, cArr, 0, HttpAuth.this.username.length());
                    cArr[HttpAuth.this.username.length()] = ':';
                    System.arraycopy(HttpAuth.this.password, 0, cArr, HttpAuth.this.username.length() + 1, HttpAuth.this.password.length);
                    withHijacker.setHeader("Authorization", "Basic " + Base64.toBase64String(Strings.toByteArray(cArr)));
                    doRequest = eSTRequest.getClient().doRequest(withHijacker.build());
                    Arrays.fill(cArr, (char) 0);
                }
                return doRequest;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ESTResponse doDigestFunction(ESTResponse eSTResponse) throws IOException {
        eSTResponse.close();
        ESTRequest originalRequest = eSTResponse.getOriginalRequest();
        try {
            Map<String, String> splitCSL = HttpUtil.splitCSL("Digest", eSTResponse.getHeader("WWW-Authenticate"));
            try {
                String path = originalRequest.getURL().toURI().getPath();
                for (String str : splitCSL.keySet()) {
                    if (!validParts.contains(str)) {
                        throw new ESTException("Unrecognised entry in WWW-Authenticate header: '" + ((Object) str) + "'");
                    }
                }
                String method = originalRequest.getMethod();
                String str2 = splitCSL.get("realm");
                String str3 = splitCSL.get("nonce");
                String str4 = splitCSL.get("opaque");
                String str5 = splitCSL.get("algorithm");
                String str6 = splitCSL.get("qop");
                ArrayList arrayList = new ArrayList();
                if (this.realm != null && !this.realm.equals(str2)) {
                    throw new ESTException("Supplied realm '" + this.realm + "' does not match server realm '" + str2 + "'", null, 401, null);
                }
                if (str5 == null) {
                    str5 = MessageDigestAlgorithms.MD5;
                }
                if (str5.length() == 0) {
                    throw new ESTException("WWW-Authenticate no algorithm defined.");
                }
                String upperCase = Strings.toUpperCase(str5);
                if (str6 == null) {
                    throw new ESTException("Qop is not defined in WWW-Authenticate header.");
                }
                if (str6.length() == 0) {
                    throw new ESTException("QoP value is empty.");
                }
                String[] split = Strings.toLowerCase(str6).split(DocLint.SEPARATOR);
                for (int i = 0; i != split.length; i++) {
                    if (!split[i].equals("auth") && !split[i].equals("auth-int")) {
                        throw new ESTException("QoP value unknown: '" + i + "'");
                    }
                    String trim = split[i].trim();
                    if (!arrayList.contains(trim)) {
                        arrayList.add(trim);
                    }
                }
                AlgorithmIdentifier lookupDigest = lookupDigest(upperCase);
                if (lookupDigest == null || lookupDigest.getAlgorithm() == null) {
                    throw new IOException("auth digest algorithm unknown: " + upperCase);
                }
                DigestCalculator digestCalculator = getDigestCalculator(upperCase, lookupDigest);
                OutputStream outputStream = digestCalculator.getOutputStream();
                String makeNonce = makeNonce(10);
                update(outputStream, this.username);
                update(outputStream, ":");
                update(outputStream, str2);
                update(outputStream, ":");
                update(outputStream, this.password);
                outputStream.close();
                byte[] digest = digestCalculator.getDigest();
                if (upperCase.endsWith("-SESS")) {
                    DigestCalculator digestCalculator2 = getDigestCalculator(upperCase, lookupDigest);
                    OutputStream outputStream2 = digestCalculator2.getOutputStream();
                    update(outputStream2, Hex.toHexString(digest));
                    update(outputStream2, ":");
                    update(outputStream2, str3);
                    update(outputStream2, ":");
                    update(outputStream2, makeNonce);
                    outputStream2.close();
                    digest = digestCalculator2.getDigest();
                }
                String hexString = Hex.toHexString(digest);
                DigestCalculator digestCalculator3 = getDigestCalculator(upperCase, lookupDigest);
                OutputStream outputStream3 = digestCalculator3.getOutputStream();
                if (((String) arrayList.get(0)).equals("auth-int")) {
                    DigestCalculator digestCalculator4 = getDigestCalculator(upperCase, lookupDigest);
                    OutputStream outputStream4 = digestCalculator4.getOutputStream();
                    originalRequest.writeData(outputStream4);
                    outputStream4.close();
                    byte[] digest2 = digestCalculator4.getDigest();
                    update(outputStream3, method);
                    update(outputStream3, ":");
                    update(outputStream3, path);
                    update(outputStream3, ":");
                    update(outputStream3, Hex.toHexString(digest2));
                } else if (((String) arrayList.get(0)).equals("auth")) {
                    update(outputStream3, method);
                    update(outputStream3, ":");
                    update(outputStream3, path);
                }
                outputStream3.close();
                String hexString2 = Hex.toHexString(digestCalculator3.getDigest());
                DigestCalculator digestCalculator5 = getDigestCalculator(upperCase, lookupDigest);
                OutputStream outputStream5 = digestCalculator5.getOutputStream();
                if (arrayList.contains("missing")) {
                    update(outputStream5, hexString);
                    update(outputStream5, ":");
                    update(outputStream5, str3);
                    update(outputStream5, ":");
                    update(outputStream5, hexString2);
                } else {
                    update(outputStream5, hexString);
                    update(outputStream5, ":");
                    update(outputStream5, str3);
                    update(outputStream5, ":");
                    update(outputStream5, "00000001");
                    update(outputStream5, ":");
                    update(outputStream5, makeNonce);
                    update(outputStream5, ":");
                    if (((String) arrayList.get(0)).equals("auth-int")) {
                        update(outputStream5, "auth-int");
                    } else {
                        update(outputStream5, "auth");
                    }
                    update(outputStream5, ":");
                    update(outputStream5, hexString2);
                }
                outputStream5.close();
                String hexString3 = Hex.toHexString(digestCalculator5.getDigest());
                HashMap hashMap = new HashMap();
                hashMap.put("username", this.username);
                hashMap.put("realm", str2);
                hashMap.put("nonce", str3);
                hashMap.put("uri", path);
                hashMap.put("response", hexString3);
                if (((String) arrayList.get(0)).equals("auth-int")) {
                    hashMap.put("qop", "auth-int");
                    hashMap.put("nc", "00000001");
                    hashMap.put("cnonce", makeNonce);
                } else if (((String) arrayList.get(0)).equals("auth")) {
                    hashMap.put("qop", "auth");
                    hashMap.put("nc", "00000001");
                    hashMap.put("cnonce", makeNonce);
                }
                hashMap.put("algorithm", upperCase);
                if (str4 == null || str4.length() == 0) {
                    hashMap.put("opaque", makeNonce(20));
                }
                ESTRequestBuilder withHijacker = new ESTRequestBuilder(originalRequest).withHijacker(null);
                withHijacker.setHeader("Authorization", HttpUtil.mergeCSL("Digest", hashMap));
                return originalRequest.getClient().doRequest(withHijacker.build());
            } catch (Exception e) {
                throw new IOException("unable to process URL in request: " + e.getMessage());
            }
        } catch (Throwable th) {
            throw new ESTException("Parsing WWW-Authentication header: " + th.getMessage(), th, eSTResponse.getStatusCode(), new ByteArrayInputStream(eSTResponse.getHeader("WWW-Authenticate").getBytes()));
        }
    }

    private DigestCalculator getDigestCalculator(String str, AlgorithmIdentifier algorithmIdentifier) throws IOException {
        try {
            return this.digestCalculatorProvider.get(algorithmIdentifier);
        } catch (OperatorCreationException e) {
            throw new IOException("cannot create digest calculator for " + str + ": " + e.getMessage());
        }
    }

    private AlgorithmIdentifier lookupDigest(String str) {
        if (str.endsWith("-SESS")) {
            str = str.substring(0, str.length() - "-SESS".length());
        }
        return str.equals("SHA-512-256") ? new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512_256, DERNull.INSTANCE) : digestAlgorithmIdentifierFinder.find(str);
    }

    private void update(OutputStream outputStream, char[] cArr) throws IOException {
        outputStream.write(Strings.toUTF8ByteArray(cArr));
    }

    private void update(OutputStream outputStream, String str) throws IOException {
        outputStream.write(Strings.toUTF8ByteArray(str));
    }

    private String makeNonce(int i) {
        byte[] bArr = new byte[i];
        this.nonceGenerator.nextBytes(bArr);
        return Hex.toHexString(bArr);
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add("realm");
        hashSet.add("nonce");
        hashSet.add("opaque");
        hashSet.add("algorithm");
        hashSet.add("qop");
        validParts = Collections.unmodifiableSet(hashSet);
    }
}
