package org.devocative.wickomp.http.filter;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.digest.DigestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/devocative/wickomp/http/filter/WBaseHttpAuthFilter.class */
public abstract class WBaseHttpAuthFilter implements Filter {
    private static final Logger logger = LoggerFactory.getLogger(WBaseHttpAuthFilter.class);
    private static final String RQ_AUTH_HEADER = "Authorization";
    private static final String RS_AUTH_HEADER = "WWW-Authenticate";
    private AtomicBoolean processAuth = new AtomicBoolean(true);
    private WAuthMethod desiredAuthMethod = WAuthMethod.BASIC;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/devocative/wickomp/http/filter/WBaseHttpAuthFilter$EAuthResult.class */
    public enum EAuthResult {
        Ok,
        NoAuthHeader,
        NoAuthMethod,
        InvalidNonce,
        InvalidUser,
        InvalidPassword
    }

    public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        onRequest(httpServletRequest, httpServletResponse);
        if (!this.processAuth.get()) {
            logger.warn("HttpAuthFilter: Authentication Ignored!");
            onBeforeChainNoAuth(httpServletRequest, httpServletResponse);
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            onAfterChainNoAuth(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            process(httpServletRequest, httpServletResponse, filterChain);
        } catch (Exception e) {
            logger.error("HttpAuthFilter: general error", e);
            httpServletResponse.sendError(500, "General Error");
        }
    }

    public final WAuthMethod getDesiredAuthMethod() {
        return this.desiredAuthMethod;
    }

    public final void setDesiredAuthMethod(WAuthMethod wAuthMethod) {
        this.desiredAuthMethod = wAuthMethod;
    }

    protected abstract String calculateNonceForDigest(WHttpAuthBean wHttpAuthBean);

    protected abstract String getRealm(WHttpAuthBean wHttpAuthBean);

    protected abstract String generateUserHashForDigest(WHttpAuthBean wHttpAuthBean);

    protected abstract boolean authenticateByPasswordForBasic(String str, String str2);

    protected String getQop(WHttpAuthBean wHttpAuthBean) {
        return "auth";
    }

    protected final boolean isProcessAuth() {
        return this.processAuth.get();
    }

    protected final void setProcessAuth(boolean z) {
        this.processAuth.set(z);
    }

    protected String authenticateByOther(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return null;
    }

    protected void onRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
    }

    protected void onBeforeChainAuthenticated(WHttpAuthBean wHttpAuthBean, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
    }

    protected void onAfterChainAuthenticated(WHttpAuthBean wHttpAuthBean, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
    }

    protected void onBeforeChainNoAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
    }

    protected void onAfterChainNoAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
    }

    private void process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String authenticateByOther;
        WHttpAuthBean wHttpAuthBean = new WHttpAuthBean(httpServletRequest.getHeader(RQ_AUTH_HEADER));
        EAuthResult authenticate = authenticate(httpServletRequest, wHttpAuthBean);
        logger.info("HttpAuthFilter: User=[{}] RemoteAddress=[{}] AuthResult=[{}] AuthMethod=[{}]", new Object[]{wHttpAuthBean.getUsername(), httpServletRequest.getRemoteAddr(), authenticate, wHttpAuthBean.getAuthMethod()});
        if (authenticate == EAuthResult.NoAuthHeader && (authenticateByOther = authenticateByOther(httpServletRequest, httpServletResponse)) != null) {
            logger.info("HttpAuthFilter: authenticateByOther, user=[{}]", authenticateByOther);
            authenticate = EAuthResult.Ok;
            wHttpAuthBean = new WHttpAuthBean();
            wHttpAuthBean.setUsername(authenticateByOther);
        }
        if (authenticate == EAuthResult.Ok) {
            WHttpServletRequest wHttpServletRequest = new WHttpServletRequest(httpServletRequest);
            wHttpServletRequest.setAuthType(wHttpAuthBean.getAuthMethod().name()).setUserPrincipal(new WPrinciple(wHttpAuthBean.getUsername()));
            onBeforeChainAuthenticated(wHttpAuthBean, httpServletRequest, httpServletResponse);
            filterChain.doFilter(wHttpServletRequest, httpServletResponse);
            onAfterChainAuthenticated(wHttpAuthBean, httpServletRequest, httpServletResponse);
            return;
        }
        String str = null;
        switch (authenticate) {
            case NoAuthHeader:
                httpServletResponse.addHeader(RS_AUTH_HEADER, getRsAuthHeader(wHttpAuthBean));
                break;
            case NoAuthMethod:
                str = "Only HTTP Basic/Digest authentication supported!";
                break;
            case InvalidNonce:
                str = "Invalid login state. Retry!";
                httpServletResponse.addHeader(RS_AUTH_HEADER, getRsAuthHeader(wHttpAuthBean));
                break;
            case InvalidUser:
            case InvalidPassword:
                str = "Invalid username/password";
                httpServletResponse.addHeader(RS_AUTH_HEADER, getRsAuthHeader(wHttpAuthBean));
                break;
        }
        httpServletResponse.addHeader(RS_AUTH_HEADER, getRsAuthHeader(wHttpAuthBean));
        httpServletResponse.sendError(401, str);
    }

    private EAuthResult authenticate(HttpServletRequest httpServletRequest, WHttpAuthBean wHttpAuthBean) {
        if (!wHttpAuthBean.hasRequestAuth()) {
            return EAuthResult.NoAuthHeader;
        }
        switch (wHttpAuthBean.getAuthMethod()) {
            case BASIC:
                return authenticateBasic(wHttpAuthBean);
            case DIGEST:
                return authenticateDigest(httpServletRequest, wHttpAuthBean);
            default:
                return EAuthResult.NoAuthMethod;
        }
    }

    private EAuthResult authenticateBasic(WHttpAuthBean wHttpAuthBean) {
        return wHttpAuthBean.getUsername() == null ? EAuthResult.InvalidUser : authenticateByPasswordForBasic(wHttpAuthBean.getUsername(), wHttpAuthBean.getPassword()) ? EAuthResult.Ok : EAuthResult.InvalidPassword;
    }

    private EAuthResult authenticateDigest(HttpServletRequest httpServletRequest, WHttpAuthBean wHttpAuthBean) {
        String generateUserHashForDigest = generateUserHashForDigest(wHttpAuthBean);
        if (generateUserHashForDigest == null) {
            return EAuthResult.InvalidUser;
        }
        String md5Hex = "auth-int".equals(wHttpAuthBean.getQop()) ? DigestUtils.md5Hex(httpServletRequest.getMethod() + ":" + wHttpAuthBean.getUri() + ":" + DigestUtils.md5Hex(readRequestBody(httpServletRequest))) : DigestUtils.md5Hex(httpServletRequest.getMethod() + ":" + wHttpAuthBean.getUri());
        String calculateNonceForDigest = calculateNonceForDigest(wHttpAuthBean);
        return (wHttpAuthBean.hasQop() ? DigestUtils.md5Hex(new StringBuilder().append(generateUserHashForDigest).append(":").append(calculateNonceForDigest).append(":").append(wHttpAuthBean.getNonceCount()).append(":").append(wHttpAuthBean.getClientNonce()).append(":").append(wHttpAuthBean.getQop()).append(":").append(md5Hex).toString()) : DigestUtils.md5Hex(new StringBuilder().append(generateUserHashForDigest).append(":").append(calculateNonceForDigest).append(":").append(md5Hex).toString())).equals(wHttpAuthBean.getClientResponse()) ? EAuthResult.Ok : !calculateNonceForDigest.equals(wHttpAuthBean.getServerNonce()) ? EAuthResult.InvalidNonce : EAuthResult.InvalidPassword;
    }

    private String getRsAuthHeader(WHttpAuthBean wHttpAuthBean) {
        switch (getDesiredAuthMethod()) {
            case BASIC:
                return "Basic";
            case DIGEST:
                String calculateNonceForDigest = calculateNonceForDigest(wHttpAuthBean);
                String realm = getRealm(wHttpAuthBean);
                return String.format("Digest realm=\"%s\",qop=\"%s\",nonce=\"%s\",opaque=\"%s\"", realm, getQop(wHttpAuthBean), calculateNonceForDigest, getOpaque(realm, calculateNonceForDigest));
            default:
                throw new RuntimeException("Invalid desired authentication method: " + getDesiredAuthMethod());
        }
    }

    private String getOpaque(String str, String str2) {
        return DigestUtils.md5Hex(str + str2);
    }

    private String readRequestBody(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder();
        BufferedReader bufferedReader = null;
        try {
            try {
                ServletInputStream inputStream = httpServletRequest.getInputStream();
                if (inputStream != null) {
                    bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                    char[] cArr = new char[128];
                    while (true) {
                        int read = bufferedReader.read(cArr);
                        if (read <= 0) {
                            break;
                        }
                        sb.append(cArr, 0, read);
                    }
                } else {
                    sb.append("");
                }
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e) {
                        throw new RuntimeException(e);
                    }
                }
                return sb.toString();
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e2) {
                        throw new RuntimeException(e2);
                    }
                }
                throw th;
            }
        } catch (IOException e3) {
            throw new RuntimeException(e3);
        }
    }
}
