package org.apache.tomcat.websocket;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Map;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.naming.ResourceRef;
import org.apache.tomcat.util.security.MD5Encoder;

/* loaded from: input_file:BOOT-INF/lib/tomcat-embed-websocket-8.5.29.jar:org/apache/tomcat/websocket/DigestAuthenticator.class */
public class DigestAuthenticator extends Authenticator {
    public static final String schemeName = "digest";
    private SecureRandom cnonceGenerator;
    private int nonceCount = 0;
    private long cNonce;

    @Override // org.apache.tomcat.websocket.Authenticator
    public String getAuthorization(String str, String str2, Map<String, Object> map) throws AuthenticationException {
        String str3 = (String) map.get(Constants.WS_AUTHENTICATION_USER_NAME);
        String str4 = (String) map.get(Constants.WS_AUTHENTICATION_PASSWORD);
        if (str3 == null || str4 == null) {
            throw new AuthenticationException("Failed to perform Digest authentication due to  missing user/password");
        }
        Map<String, String> parseWWWAuthenticateHeader = parseWWWAuthenticateHeader(str2);
        String str5 = parseWWWAuthenticateHeader.get("realm");
        String str6 = parseWWWAuthenticateHeader.get("nonce");
        String str7 = parseWWWAuthenticateHeader.get("qop");
        String str8 = parseWWWAuthenticateHeader.get("algorithm") == null ? MessageDigestAlgorithms.MD5 : parseWWWAuthenticateHeader.get("algorithm");
        String str9 = parseWWWAuthenticateHeader.get("opaque");
        StringBuilder sb = new StringBuilder();
        if (!str7.isEmpty()) {
            if (this.cnonceGenerator == null) {
                this.cnonceGenerator = new SecureRandom();
            }
            this.cNonce = this.cnonceGenerator.nextLong();
            this.nonceCount++;
        }
        sb.append("Digest ");
        sb.append("username =\"" + str3 + "\",");
        sb.append("realm=\"" + str5 + "\",");
        sb.append("nonce=\"" + str6 + "\",");
        sb.append("uri=\"" + str + "\",");
        try {
            sb.append("response=\"" + calculateRequestDigest(str, str3, str4, str5, str6, str7, str8) + "\",");
            sb.append("algorithm=" + str8 + ",");
            sb.append("opaque=\"" + str9 + "\",");
            if (!str7.isEmpty()) {
                sb.append("qop=\"" + str7 + "\"");
                sb.append(",cnonce=\"" + this.cNonce + "\",");
                sb.append("nc=" + String.format("%08X", Integer.valueOf(this.nonceCount)));
            }
            return sb.toString();
        } catch (NoSuchAlgorithmException e) {
            throw new AuthenticationException("Unable to generate request digest " + e.getMessage());
        }
    }

    private String calculateRequestDigest(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws NoSuchAlgorithmException {
        StringBuilder sb = new StringBuilder();
        String str8 = "GET:" + str;
        sb.append(encodeMD5(str7.equalsIgnoreCase(MessageDigestAlgorithms.MD5) ? str2 + ":" + str4 + ":" + str3 : encodeMD5(str2 + ":" + str4 + ":" + str3) + ":" + str5 + ":" + this.cNonce));
        sb.append(":");
        sb.append(str5);
        if (str6.toLowerCase().contains(ResourceRef.AUTH)) {
            sb.append(":");
            sb.append(String.format("%08X", Integer.valueOf(this.nonceCount)));
            sb.append(":");
            sb.append(String.valueOf(this.cNonce));
            sb.append(":");
            sb.append(str6);
        }
        sb.append(":");
        sb.append(encodeMD5(str8));
        return encodeMD5(sb.toString());
    }

    private String encodeMD5(String str) throws NoSuchAlgorithmException {
        return MD5Encoder.encode(MessageDigest.getInstance(MessageDigestAlgorithms.MD5).digest(str.getBytes(StandardCharsets.ISO_8859_1)));
    }

    @Override // org.apache.tomcat.websocket.Authenticator
    public String getSchemeName() {
        return schemeName;
    }
}
