package org.cipango.server.security.authentication;

import java.io.IOException;
import java.security.MessageDigest;
import java.util.ListIterator;
import javax.servlet.sip.SipServletResponse;
import org.cipango.server.SipRequest;
import org.cipango.server.security.SipAuthenticator;
import org.cipango.sip.Authenticate;
import org.cipango.sip.Authorization;
import org.cipango.sip.SipHeader;
import org.cipango.sip.labs.HexString;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;

/* loaded from: input_file:org/cipango/server/security/authentication/DigestAuthenticator.class */
public class DigestAuthenticator implements SipAuthenticator {
    private static final Logger LOG = Log.getLogger(DigestAuthenticator.class);
    private SipAuthenticator.AuthConfiguration _authConfiguration;
    protected long nonceValidity = 5000;
    protected long nonceSecret = System.currentTimeMillis();

    @Override // org.cipango.server.security.SipAuthenticator
    public UserIdentity authenticate(SipRequest sipRequest, boolean z, boolean z2) {
        try {
            Authorization authorization = getAuthorization(sipRequest, z);
            if (authorization == null) {
                LOG.debug("No authorization header found, send challenge", new Object[0]);
                send401(sipRequest, z, false);
                return null;
            }
            if (!checkNonce(authorization.getNonce())) {
                LOG.debug("Request is stale, nonce is too old", new Object[0]);
                send401(sipRequest, z, true);
                return null;
            }
            authorization.setMethod(sipRequest.getMethod());
            UserIdentity login = this._authConfiguration.getLoginService().login(authorization.getUsername(), authorization);
            if (login == null) {
                LOG.debug("Authentication failed or user unknown", new Object[0]);
                sipRequest.createResponse(403).send();
            } else {
                LOG.debug("Authentication succeed for {}", new Object[]{login});
            }
            return login;
        } catch (Exception e) {
            LOG.warn("Failed to authenticate", e);
            return null;
        }
    }

    @Override // org.cipango.server.security.SipAuthenticator
    public void setAuthConfiguration(SipAuthenticator.AuthConfiguration authConfiguration) {
        if (authConfiguration.getLoginService() == null) {
            throw new IllegalStateException("No LoginService for " + this + " in " + authConfiguration);
        }
        this._authConfiguration = authConfiguration;
    }

    private void send401(SipRequest sipRequest, boolean z, boolean z2) throws IOException {
        SipServletResponse createResponse;
        Authenticate authenticate = new Authenticate("Digest", this._authConfiguration.getRealmName(), newNonce(), z2, "md5");
        if (z) {
            createResponse = sipRequest.createResponse(407);
            createResponse.setHeader(SipHeader.PROXY_AUTHENTICATE.asString(), authenticate.toString());
        } else {
            createResponse = sipRequest.createResponse(401);
            createResponse.setHeader(SipHeader.WWW_AUTHENTICATE.asString(), authenticate.toString());
        }
        createResponse.send();
    }

    private Authorization getAuthorization(SipRequest sipRequest, boolean z) {
        ListIterator values = sipRequest.getFields().getValues(getAuthHeaderName(z).asString());
        while (values.hasNext()) {
            Authorization authorization = new Authorization((String) values.next());
            if (this._authConfiguration.getRealmName().equals(authorization.getRealm())) {
                return authorization;
            }
        }
        return null;
    }

    private SipHeader getAuthHeaderName(boolean z) {
        return z ? SipHeader.PROXY_AUTHORIZATION : SipHeader.AUTHORIZATION;
    }

    public synchronized boolean checkNonce(String str) {
        byte[] fromHexString = HexString.fromHexString(str);
        if (fromHexString.length != 24) {
            return false;
        }
        long j = 0;
        long j2 = this.nonceSecret;
        byte[] bArr = new byte[16];
        System.arraycopy(fromHexString, 0, bArr, 0, 8);
        for (int i = 0; i < 8; i++) {
            bArr[8 + i] = (byte) (j2 & 255);
            j2 >>= 8;
            j = (j << 8) + (fromHexString[7 - i] & 255);
        }
        byte[] bArr2 = null;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.update(bArr, 0, 16);
            bArr2 = messageDigest.digest();
        } catch (Exception e) {
            LOG.warn("Unexpected error", e);
        }
        for (int i2 = 0; i2 < 16; i2++) {
            if (fromHexString[i2 + 8] != bArr2[i2]) {
                return false;
            }
        }
        return System.currentTimeMillis() - j < this.nonceValidity;
    }

    protected synchronized String newNonce() {
        long currentTimeMillis = System.currentTimeMillis();
        long j = this.nonceSecret;
        byte[] bArr = new byte[24];
        for (int i = 0; i < 8; i++) {
            bArr[i] = (byte) (currentTimeMillis & 255);
            currentTimeMillis >>= 8;
            bArr[8 + i] = (byte) (j & 255);
            j >>= 8;
        }
        byte[] bArr2 = null;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.reset();
            messageDigest.update(bArr, 0, 16);
            bArr2 = messageDigest.digest();
        } catch (Exception e) {
            LOG.warn("Unexpected error", e);
        }
        for (int i2 = 0; i2 < bArr2.length; i2++) {
            bArr[8 + i2] = bArr2[i2];
        }
        return HexString.toHexString(bArr);
    }

    @Override // org.cipango.server.security.SipAuthenticator
    public String getAuthMethod() {
        return "DIGEST";
    }
}
