package org.w3c.jigsaw.acl;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.Date;
import org.w3c.jigsaw.auth.AuthFilter;
import org.w3c.jigsaw.frames.HTTPFrame;
import org.w3c.jigsaw.http.Reply;
import org.w3c.jigsaw.http.Request;
import org.w3c.tools.resources.FramedResource;
import org.w3c.util.StringUtils;
import org.w3c.www.http.HttpChallenge;
import org.w3c.www.http.HttpFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:org/w3c/jigsaw/acl/SecurityLevel.class
 */
/* loaded from: input_file:WEB-INF/lib/jigsaw-2.2.6.jar:org/w3c/jigsaw/acl/SecurityLevel.class */
public class SecurityLevel {
    private int level;
    private long prev_date = 0;
    private String nonce = null;
    private String old_nonce = null;
    private AclFilter filter;
    private HttpChallenge challenge;
    private boolean lenient;

    public Principal getPrincipal(Request request, String str) {
        switch (this.level) {
            case 0:
                try {
                    return new BasicAuthPrincipal(request, this.lenient);
                } catch (InvalidAuthException e) {
                    return new HTTPPrincipal(request, this.lenient);
                }
            case 1:
                Date date = new Date();
                if ((date.getTime() - this.prev_date) / 1000 > this.filter.getNonceTTL()) {
                    synchronized (this) {
                        if ((date.getTime() - this.prev_date) / 1000 > this.filter.getNonceTTL()) {
                            this.prev_date = date.getTime();
                            updateNonce();
                        }
                    }
                }
                try {
                    return new DigestAuthPrincipal(request, this.nonce, this.old_nonce, str);
                } catch (InvalidAuthException e2) {
                    return new HTTPPrincipal(request);
                }
            case 2:
            default:
                Date date2 = new Date();
                if ((date2.getTime() - this.prev_date) / 1000 > this.filter.getNonceTTL()) {
                    synchronized (this) {
                        if ((date2.getTime() - this.prev_date) / 1000 > this.filter.getNonceTTL()) {
                            this.prev_date = date2.getTime();
                            updateNonce();
                        }
                    }
                }
                try {
                    return new DigestQopAuthPrincipal(request, this.nonce, this.old_nonce, str);
                } catch (InvalidAuthException e3) {
                    try {
                        return new DigestAuthPrincipal(request, this.nonce, this.old_nonce, str);
                    } catch (InvalidAuthException e4) {
                        return new HTTPPrincipal(request);
                    }
                }
        }
    }

    public HttpChallenge getChallenge(String str, Principal principal) {
        HttpChallenge httpChallenge;
        String stringBuffer;
        HttpChallenge httpChallenge2;
        switch (this.level) {
            case 0:
                this.challenge.setAuthParameter("realm", str);
                return this.challenge;
            case 1:
                if (!(principal instanceof DigestAuthPrincipal)) {
                    this.challenge.setAuthParameter("realm", str);
                    return this.challenge;
                }
                DigestAuthPrincipal digestAuthPrincipal = (DigestAuthPrincipal) principal;
                if (digestAuthPrincipal == null || !digestAuthPrincipal.isStale()) {
                    httpChallenge2 = this.challenge;
                } else {
                    httpChallenge2 = this.challenge.getClone();
                    if (httpChallenge2 != null) {
                        httpChallenge2.setAuthParameter("stale", "true", false);
                    } else {
                        httpChallenge2 = this.challenge;
                    }
                }
                httpChallenge2.setAuthParameter("realm", str);
                return httpChallenge2;
            case 2:
            default:
                if (!(principal instanceof DigestQopAuthPrincipal)) {
                    this.challenge.setAuthParameter("realm", str);
                    return this.challenge;
                }
                DigestQopAuthPrincipal digestQopAuthPrincipal = (DigestQopAuthPrincipal) principal;
                if (digestQopAuthPrincipal == null || !digestQopAuthPrincipal.isStale()) {
                    httpChallenge = this.challenge;
                } else {
                    httpChallenge = this.challenge.getClone();
                    if (httpChallenge != null) {
                        httpChallenge.setAuthParameter("stale", "true", false);
                    } else {
                        httpChallenge = this.challenge;
                    }
                }
                httpChallenge.setAuthParameter("realm", str);
                Request request = digestQopAuthPrincipal.getRequest();
                try {
                    MessageDigest messageDigest = MessageDigest.getInstance(this.filter.getAlgorithm());
                    messageDigest.update(request.getMethod().getBytes());
                    messageDigest.update(this.nonce.getBytes());
                    stringBuffer = StringUtils.toHexString(messageDigest.digest());
                } catch (NoSuchAlgorithmException e) {
                    stringBuffer = new StringBuffer().append("op").append(this.nonce).toString();
                }
                httpChallenge.setAuthParameter("opaque", stringBuffer);
                return httpChallenge;
        }
    }

    public void updateRequestStates(Request request, Principal principal) {
        switch (this.level) {
            case 0:
                request.setState(AuthFilter.STATE_AUTHUSER, principal.getName());
                request.setState(AuthFilter.STATE_AUTHTYPE, "Basic");
                return;
            case 1:
            case 2:
            default:
                request.setState(AuthFilter.STATE_AUTHUSER, principal.getName());
                request.setState(AuthFilter.STATE_AUTHTYPE, "Digest");
                request.setState(AuthFilter.STATE_AUTHCONTEXT, principal);
                return;
        }
    }

    public void updateReply(Reply reply, Request request) {
        switch (this.level) {
            case 0:
                return;
            case 1:
            case 2:
            default:
                if (request.hasState(AuthFilter.STATE_AUTHCONTEXT) && ((DigestAuthPrincipal) request.getState(AuthFilter.STATE_AUTHCONTEXT)).isStale()) {
                    reply.addAuthenticationInfo("nextnonce", this.nonce);
                    return;
                }
                return;
        }
    }

    private synchronized void updateNonce() {
        FramedResource resource = this.filter.getResource();
        if (resource instanceof HTTPFrame) {
            HTTPFrame hTTPFrame = (HTTPFrame) resource;
            try {
                MessageDigest messageDigest = MessageDigest.getInstance(this.filter.getAlgorithm());
                messageDigest.update(new Date().toString().getBytes());
                try {
                    messageDigest.update(hTTPFrame.getETag().getTag().getBytes());
                } catch (Exception e) {
                    messageDigest.update(hTTPFrame.getURLPath().getBytes());
                }
                byte[] digest = messageDigest.digest();
                if (this.nonce != null) {
                    this.old_nonce = this.nonce;
                }
                this.nonce = StringUtils.toHexString(digest);
                this.challenge.setAuthParameter("nonce", this.nonce);
            } catch (NoSuchAlgorithmException e2) {
            }
        }
    }

    private SecurityLevel(AclFilter aclFilter) {
        this.level = -1;
        this.filter = null;
        this.challenge = null;
        this.lenient = false;
        this.level = aclFilter.getSecurityLevel();
        this.filter = aclFilter;
        this.lenient = aclFilter.isLenient();
        switch (this.level) {
            case 0:
                this.challenge = HttpFactory.makeChallenge("Basic");
                this.challenge.setAuthParameter("realm", "");
                return;
            case 1:
                this.challenge = HttpFactory.makeChallenge("Digest");
                this.challenge.setAuthParameter("realm", "");
                this.challenge.setAuthParameter("domain", aclFilter.getResource().getURLPath());
                String algorithm = aclFilter.getAlgorithm();
                if (!algorithm.equalsIgnoreCase("md5")) {
                    this.challenge.setAuthParameter("algorithm", algorithm, false);
                }
                updateNonce();
                return;
            case 2:
            default:
                this.challenge = HttpFactory.makeChallenge("Digest");
                this.challenge.setAuthParameter("realm", "");
                this.challenge.setAuthParameter("domain", aclFilter.getResource().getURLPath());
                this.challenge.setAuthParameter("algorithm", aclFilter.getAlgorithm(), false);
                this.challenge.setAuthParameter("qop", "auth");
                updateNonce();
                return;
        }
    }

    public static SecurityLevel getSecurityLevel(AclFilter aclFilter) {
        return new SecurityLevel(aclFilter);
    }
}
