package org.apache.tomcat.websocket;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Map;
import org.apache.tomcat.util.buf.HexUtils;
import org.apache.tomcat.util.res.StringManager;

/* loaded from: input_file:BOOT-INF/lib/tomcat-embed-websocket-10.1.15.jar:org/apache/tomcat/websocket/DigestAuthenticator.class */
public class DigestAuthenticator extends Authenticator {
    public static final String schemeName = "digest";
    private static volatile SecureRandom cnonceGenerator;
    private int nonceCount = 0;
    private long cNonce;
    private static final StringManager sm = StringManager.getManager((Class<?>) DigestAuthenticator.class);
    private static final Object cnonceGeneratorLock = new Object();

    @Override // org.apache.tomcat.websocket.Authenticator
    public String getAuthorization(String str, String str2, String str3, String str4, String str5) throws AuthenticationException {
        validateUsername(str3);
        validatePassword(str4);
        Map<String, String> parseAuthenticateHeader = parseAuthenticateHeader(str2);
        String str6 = parseAuthenticateHeader.get("realm");
        validateRealm(str5, str6);
        String str7 = parseAuthenticateHeader.get("nonce");
        String str8 = parseAuthenticateHeader.get("qop");
        String str9 = parseAuthenticateHeader.get("algorithm") == null ? "MD5" : parseAuthenticateHeader.get("algorithm");
        String str10 = parseAuthenticateHeader.get("opaque");
        StringBuilder sb = new StringBuilder();
        if (!str8.isEmpty()) {
            if (cnonceGenerator == null) {
                synchronized (cnonceGeneratorLock) {
                    if (cnonceGenerator == null) {
                        cnonceGenerator = new SecureRandom();
                    }
                }
            }
            this.cNonce = cnonceGenerator.nextLong();
            this.nonceCount++;
        }
        sb.append("Digest ");
        sb.append("username =\"" + str3 + "\",");
        sb.append("realm=\"" + str6 + "\",");
        sb.append("nonce=\"" + str7 + "\",");
        sb.append("uri=\"" + str + "\",");
        try {
            sb.append("response=\"" + calculateRequestDigest(str, str3, str4, str6, str7, str8, str9) + "\",");
            sb.append("algorithm=" + str9 + ",");
            sb.append("opaque=\"" + str10 + "\",");
            if (!str8.isEmpty()) {
                sb.append("qop=\"" + str8 + "\"");
                sb.append(",cnonce=\"" + this.cNonce + "\",");
                sb.append("nc=" + String.format("%08X", Integer.valueOf(this.nonceCount)));
            }
            return sb.toString();
        } catch (NoSuchAlgorithmException e) {
            throw new AuthenticationException(sm.getString("digestAuthenticator.algorithm", e.getMessage()));
        }
    }

    private String calculateRequestDigest(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws NoSuchAlgorithmException {
        boolean z = false;
        if (str7.endsWith("-sess")) {
            str7 = str7.substring(0, str7.length() - 5);
            z = true;
        }
        StringBuilder sb = new StringBuilder();
        String str8 = "GET:" + str;
        sb.append(encode(str7, z ? encode(str7, str2 + ":" + str4 + ":" + str3) + ":" + str5 + ":" + this.cNonce : str2 + ":" + str4 + ":" + str3));
        sb.append(':');
        sb.append(str5);
        if (str6.toLowerCase().contains("auth")) {
            sb.append(':');
            sb.append(String.format("%08X", Integer.valueOf(this.nonceCount)));
            sb.append(':');
            sb.append(String.valueOf(this.cNonce));
            sb.append(':');
            sb.append(str6);
        }
        sb.append(':');
        sb.append(encode(str7, str8));
        return encode(str7, sb.toString());
    }

    private String encode(String str, String str2) throws NoSuchAlgorithmException {
        return HexUtils.toHexString(MessageDigest.getInstance(str).digest(str2.getBytes(StandardCharsets.ISO_8859_1)));
    }

    @Override // org.apache.tomcat.websocket.Authenticator
    public String getSchemeName() {
        return "digest";
    }
}
